RALEIGH – Will companies be investing more resources – time, labor, money – in 2018 on risk management in 2018 as a result of cyber attacks and the rapid pace of change in technology that is proving to be so disruptive?
Mark Beasley, the founding director of the Enterprise Risk Management Initiative at NCSU’s Poole College of Management, is the man to ask.
NCSU and partner consulting firm Protiviti, which is based in San Francisco, published their latest report on Thursday about what executives consider the largest risk management threats.
In following up on WRAL TechWire’s report about the survey, our exclusive Q&A focuses on what might be the fallout from the findings and what findings had the biggest impact on Beasley who is is the Deloitte Professor of Enterprise Risk Management and the Director of the Enterprise Risk Management Initiative.
What struck you most about the findings?
It is interesting to see the significant bump up in concern about the potential impact of disruptive innovation on an organization’s business model.
That moved significantly higher for 2018 relative to prior years as respondents are noticeably more concerned that technological advancements (and the digital economy) might emerge that impact the core business strategy.
Moves like Amazon’s purchase of Whole Foods provide an example of disruptions that might impact the marketplace.
I’m also intrigued by risk #2 and risk #4 given both deal with culture. [The top 10 risks in the report are noted in this story]
Risk #2 suggests concerns about an organization’s resistance to change from its core business model.
Risk #4 suggests that there may be impediments within the organization that creates a reluctance for individuals to escalate significant risk concerns.
Both suggest a need to consider whether the organization’s culture might be one of its most significant risks.
Finally, I am surprised by the differing views about the risk landscape between boards of directors (who see the landscape as more risky than C-suite executives). Differences in viewpoints between boards and management warrant serious discussions to help both sides better understand their risk profiles.
Will these concerns impact on business investment and expansion/growth strategies for 2018?
It is hard to say.
A more important point may be that if these risks are not adequately considered as entities enter 2018, the lack of focus on these risks may impact the success of whatever business investment and expansion decisions they are making.
That is, a lack of robust focus on the risk horizon for 2018 may mean that the organization is “caught off guard” in regards to the success of their investment and growth decisions.
Will more resources have to be channeled to deal with these concerns – such as more money for cybersecurity, more money for training?
Potentially yes, for many organizations. In fact, our survey respondents indicate a greater likelihood to invest more in their risk management efforts in 2018 relative to 2017. Overall, most indicate a desire to strengthen the robustness of how they think about and monitor emerging risk exposures.
In regards to cyber risks, most are now realizing that it is no longer a matter of “if” a cyber event might impact the organization, but more a matter of “when”. Thus, they are realizing a need to think more robustly about how they will respond “when” the cyber event hits them. Many are wanting to be more proactively prepared for that likely reality.
