Challenges Facing Risk Management: ESG, Supply Chain, Hackers, and More

Challenges Facing Risk Management: ESG, Supply Chain, Hackers, and More

Risk management is the process of identifying, assessing, response, and monitoring of threats to a company’s overall position in the marketplace and — ultimately — their total earnings. Risks stem from a range of sources, including technology, natural disasters, internal systems, legal liabilities, company branding, compliance needs, and more. Assessing them is important to every company, as visibility into weak points in processes or systems allows businesses to make informed decisions about where to invest in near-term decision-making while also preparing for long-term success. Identifying areas of risk exposure and creating plans to reduce issues is an important exercise that positions businesses well in their strategic planning and keeps unexpected costs in check.

Today’s top challenges facing risk management range from COVID-related impacts to maintaining cybersecurity best practices, plus the continued importance of developing processes that help your business identify the risks they know about — and uncover the ones they don’t. In this article we will outline the biggest challenges facing risk management today, how companies are currently responding to risk, how to discuss risk management concerns with senior management, and more.

What Are the Biggest Challenges in Risk Management Today?

Currently the top challenges in risk management are ESG risks that include climate, social, and regulatory issues, ongoing concerns about the global supply chain, plus the ever-present fraud, tech, and systems risks. Here are the top challenges to look for:

1: ESG Risks

ESG risks are the environmental, social, and governance-related risks that may influence a company. There are a lot of elements that fall into ESG, including climate change impacts and mitigation, environmental management practices, employee working and safety conditions, a company’s anti-bribery and corruption practices, and an organization’s overall compliance regarding industry-specific laws and regulations. When evaluating risk in this space, it’s useful to recall that every problem may also hold an element of opportunity. For example, the IMF reported last year that sustainability initiatives are a growth area in Asia. In addition, Fast Company shared that in 2021 ESG investments hit an all-time record at an estimated $120 billion — more than double the 2020 $50 billion commitments.

2: Supply Chain Issues

COVID’s disruption to the global supply chain continues to impact a range of industries. Marketplace reported on why industries are still facing snarls. Risk assessors need to factor in what those supply issues mean for them. It’s a good idea to understand if high-priority assets for your business have outside dependencies, and to build back-up plans. Unfortunately, supply chain risks aren’t going away any time soon.

3: Fraud Concerns

Those supply chain gaps have created holes that fraudulent companies are quick to fill. There has been deceit regarding PPE gear since COVID first emerged, and it continues into 2022. The New York Times recently reported on how consumers can find quality KN95 masks due to the prevalence of counterfeits. Due to an early outpouring of government assistance during the COVID outbreak in the United States, there was an increase in loans and loan forgiveness. Some scams pose as government agencies offering aid, and the FTC has a list of warning signs to look out for if your business has been approached with unsolicited outreach. It’s recommended that companies conduct fraud risk assessments, and review for both external and internal fraud.

4: Cyber Risk

Cyber risk is always top of mind when prioritizing issues amongst the many challenges facing risk management. The pandemic has exacerbated issues, with a mostly-remote workforce for many companies. This has elevated risk due to less device control and increased points of potential exploitation resulting from at-home assets being used by employees. As Forbes reports, work-from-home employees are at a greater risk of hacking than those in offices. Home connections are less secure, and the increase of online tools for team collaboration and productivity often have minimal login security settings. The prominence of remote teams has also slowed the roll-out of new technologies, which could expose companies to more security gaps.

5: Inadequate Processes

Risk assessments need to go beyond a standard checklist. It’s important to review the basics, but risk management must also suss out gaps and uncover information that teams are missing — working to determine what they don’t yet know. Make sure that your risk assessment process takes into account steps to investigate and probe for the potential concerns you aren’t even aware of yet, enabling you to uncover every issue.

What Are Some Challenges in Making Risk Management Decisions?

The most frequent challenges facing risk management decisions are usually the result of erroneous modeling, underestimating issues, or struggling to communicate concerns. One recurring mistake is mismeasuring known risk. If managers mistake the probability or size of the losses — or get other key data wrong — the probability for error is high. Another mistake is when known risks are not taken properly into account. Sometimes it may seem an issue is possible but implausible, so proper mediation is not put into place. Communication is also an issue. When risk managers struggle to communicate priority information from risk assessments to senior management effectively, the information is not properly used. Management may make decisions with inadequate information, or take a mistakenly optimistic position on an issue, because they don’t have a full picture of the situation.

How Are Companies Responding to Risk Management Challenges?

Companies are responding to today’s challenges by leveraging teams to conduct enterprise risk management evaluations, but most companies are still not doing enough. A study conducted in 2021 by the AICPA reported that 83% of the 400+ organizations they surveyed experienced a significant operational surprise in 2020 — far higher than the prior four years they ran the survey. Yes, 2020 is a unique year, but unexpected events are bad for business. The companies that are getting ahead of risk are using enterprise risk management to truly integrate risk management into day-to-day business operations and creating a culture of risk management. 

Unlocking Operational Risk Management: Empower the Front Line to Effectively Manage Risk

What Is the Best Way to Explain the Importance of Risk Management to Senior Executives?

The best senior executives understand risk management and fold it into their everyday practices. Risk can be communicated effectively to senior leadership when the risk managers take the needed time to explain the issue in clear business terms — detailing what the full risk is and what the impact could be. If the risks and costs are high, that will get senior management moving quickly. It’s most important to make sure that the leadership team has the information available to them, and at the end of the day they should be able to make the correct, informed decisions. If that’s not happening, then that’s a risk the business leader is taking on.

How Will Risk Management Evolve in the Future?

In the future, risk management will expand to become more a part of the day-to-day culture within companies. The challenges facing risk management and other areas of business due to the unexpected pitfalls of a global pandemic have shown companies across all industries how important it is to prepare for unexpected situations and to shore up business processes as much as possible. It’s critical to have risk identification, assessment, mitigation, and remediation efforts in place. AuditBoard’s risk management software can help your organization get started, or improve the processes you already have in place.