Reputation becomes the top strategic risk
Company reputation and the fallout from reputational damage are the highest priority strategic risk for large companies, according to the results of a global survey report by Deloitte.
Reputational risk was ranked third among strategic risk concerns three years ago, according to companies surveyed. Also back in 2010, brand and economic trends were identified by senior executives as the key strategic risks, though both have fallen since. In some industry sectors, reputation has risen from outside the top five strategic risk concerns to the top of the list. In the energy and resources sector, for example, reputation ranked only 11th on the list of strategic risks in 2010, though three years later has risen to the top spot.
The rise of reputation risk as the key strategic risk is mirrored by executives listing social media, which has transformed reputation management as the biggest technology disrupter and threat to their business model. Nearly 50 percent listed this above other technologies such as analytics, mobile applications, and cyber-attacks.
“The rise of reputation as the prime strategic risk is a natural reaction to recent high profile reputational crises, as well as the speed of digital and social media and the potential loss of control that accompanies it,” explained Henry Ristuccia, Deloitte Global Leader, Governance, Risk and Compliance. “The time it takes for damaging news to spread is quicker, it goes to a wider audience more easily, and the record of it is stored digitally for longer. Even in an environment where economic conditions remain tough and technology threatens business models, this is why companies place reputation at the top of their strategic risk agenda.”
“Several reputational episodes in the past three years have really brought this issue into focus for every industry. Indeed, the only sector where reputation hasn’t risen as a strategic risk factor is financial services where it was already no. 1 following the financial crisis and subsequent fallout.”
Strategic risk now firmly on the boardroom agenda
Attention and investment in strategic risk management at senior management levels continues to grow according to the Deloitte survey. More than 80 percent of companies say they explicitly manage strategic risk rather than just limiting their focus to traditional risk areas such as operational, financial, and compliance risk. However, there remains work to be done to tie strategic risk management to strategy, with only 13 percent of executives surveyed stating that their risk management program supports their business strategy ‘very well’.
Boards and senior executives are increasingly involved in strategic risk management also. Two-thirds of companies surveyed stated that their CEO, board or board risk committee now has oversight when it comes to managing strategic risk.
The ultimate owner of strategic risk management varies significantly geographically and across industry sectors. In Europe, only nine percent of companies state that their CEO primarily determines the company’s approach to strategic risk, compared to 23 percent globally. Likewise, in the energy sector, only 10 percent of CEOs are responsible, while in the technology sector CEOs are more hands-on with 33 percent determining the strategic risk approach.
“No single preferred approach to owning strategic risk management is evident at present, except that it is now being handled at the CEO and board-level,” continued Ristuccia. “Across two-thirds of companies there is an almost even split between the CEO, board or board-level risk committee on ultimate responsibility for this. What really matters though is the fact that strategic risk is being owned by the CEO and the board in the first place – the idea of strategic risk is now firmly established at the highest level.”
“The large variation in approach across regions and sectors suggests company culture and external events may well influence how companies manage strategic risk. The dominant founder/CEO model often prevalent in the technology sector is reflected by the higher number of CEOs holding ultimate responsibility for strategic risk in this sector, for example. In contrast, risk committees dominate in the energy sector – perhaps a result of several high profile risk and reputation issues for companies in that sector.”
Overall, 61 percent of companies believe their strategic risk programs are performing at least adequately in supporting business strategy development and execution. However, only 13 percent of companies rate their risk management programs as being five out of five in terms of supporting the development and execution of business strategy. Confidence in this aspect is also lower in Europe, the Middle East and Africa.
Companies view technology as both an opportunity and a strategic risk
Perhaps surprisingly, companies identified data mining and analytics, normally seen as beneficial to a business, as the second most concerning technology threat. Together, the top five technology threats to the business were social media (47 percent), data mining and analytics (44 percent), mobile applications (40 percent), cloud computing (38 percent), and cyber-attacks (36 percent).
“The risks of social media are well-known, but concern about how new technologies affect the core business model is also top-of-mind,” explained Ristuccia. “Cyber-attacks and the transformative power of apps and cloud computing present obvious risks, though some may find it surprising to see analytics and ‘Big Data’ in this list. Companies recognize the potential of this data, but appear concerned about how to grasp it properly. The key question is how to examine the data to find meaningful and relevant takeaways for business strategy.”
Other key findings from the survey include:
The findings in the Deloitte Strategic Risk report are based on a global survey conducted by Forbes Insights, on behalf of Deloitte Touche Tohmatsu Limited (DTTL), of over 300 respondents from the Americas (33 percent), Europe/Middle East/Africa (33 percent), and Asia/Pacific (34 percent). Nearly all respondents were C-level executives (263), board members (22), or specialized risk executives (21). Surveyed companies came from all five major industry sectors: consumer/industrial products, life sciences/healthcare, technology/media/telecommunications, energy/resources, and financial services; and all had annual revenues in excess of $1 billion (or equivalent).
Additional detailed insights were obtained from personal interviews with executives from eight leading companies, with a balanced mix of representation from major industries and global regions.
•Date: 8th October 2013 • World •Type: Article • Topic: Enterprise risk management
To submit news stories to Continuity Central, e-mail the editor.
Want an RSS newsfeed for your website? Click here