With all of the advancements in the risk management profession, increasing executive recognition of risk management value, and an abundance of apparent risks ahead, 2012 seems to be an ideal year to deepen and promote the integration of risk management and corporate decision making processes. The only logical conclusion…it must be a trap year for advancing the corporate risk management agenda.
Global risk events of 2011, including government overthrows, record natural disaster damage, slower emerging market growth, and sovereign debt struggles, set the context for 2012 enterprise risk assessments. Here are some observations on the business environment for some of the more volatile risk categories for this year:
- Financial Risks: From a U.S. perspective, financial risks have a relatively stable outlook compared with the potential volatility of other risk category uncertainties. Media references to $2 trillion in cash holdings among non-financial corporations tend to ignore debt is also at a record high. The overall corporate debt-to-cash ratio is holding steady at 3.65. Low-cost equity sources will remain as the Federal Reserve Board overtly signals their continued low-rate intentions. An Ernst & Young survey of global companies notes 68% of large cap companies indicate the credit availability outlook is stable to very positive. Exchange rate risks should be manageable as the dollar gains versus the euro and the ever-looming yuan battle does not materialize in 2012.
- Economic Risks: At this point in the business cycle, economists tend to look for every reason the economy will accelerate out of a recent recession. It is never a good sign when already subdued forecasts are downgraded at the turn of the new year. The Economist’s survey of business forecasters has the eurozone now teetering on a recession with credit downgrades and no sovereign debt solution ahead. U.S. growth is set at a tepid 2.1% rate for 2012 while much of the market analysis hedges toward lower growth prospects amid much uncertainty.
- Information Risks: Emerging risks for information vulnerability expand with the accelerating adoption of cloud technology, mobile computing, social networking, and near field communication payments. Recent high-profile hacking cases of the U.S. Chamber of Commerce, Stratfor, PlayStation Network, and social networks and shopping networks in Brazil, South Korea (35 million users), and China (over 100 million users), indicate growing information security challenges confront all online businesses and individuals worldwide.
- Litigation Risks: NERA’s review of securities litigation indicates the overall filing rate of class actions are holding steady as credit crisis-related suits wind down but M&A objections and suits against Chinese companies surge. Misleading accounting and breach of fiduciary duty allegations associated with earnings guidance now make up the majority of emerging lawsuits. While financial sector lawsuits have dwindled, the technology industry accounts for the most litigation filings. A three-year upward trend is particularly noteworthy for the energy sector. A growing base of litigation investment hedge funds raises concerns of greater lawsuit risks and uncertainties as they can potentially encourage more superfluous filings.
- Regulatory Risks: The SEC’s publishing of the Dodd-Frank implementation schedule adds more certainty to their oversight expectations for 2012, but, much like Sarbanes-Oxley, uncertainty over practical implementation, hard deadlines, and penalties remain. In this deadlocked election year, the Obama Administration adds more uncertainties as it promises to use federal agencies to enact more currently unknown requirements.
- Environmental Risks: Munich Re estimates the total economic cost of natural disasters reached a record $380 billion in 2011, far surpassing the previous $220 billion mark set in 2005. Japan’s earthquake and tsunami, the New Zealand quake, Thailand’s flooding, and over twelve separate billion-dollar-plus weather disasters in the U.S. contributed to what is considered a one in 1,000 years sequence of events. El Nino conditions are expected to continue in 2012 causing rain and cyclone events, but let’s hope the one-in-1,000 year odds now work to our benefit.
- Geopolitical Risks: Adding to the political uprisings that carry leadership uncertainty into 2012, Eurasia Group’s Ian Bremmer notes political transitions and elections will occur in nations representing nearly one-half of global GDP and four-fifths of the UN Security Council. Bremmer has agreement here that political transition risks will be overplayed as most policy changes will not occur until 2013 or beyond and the eurozone ambles through its debt struggles. However, that does not change the business obligation to rein in some potential long-term global strategies. For now, heed former CIA Director Michael Hayden’s warning that Iran poses the top threat in 2012 by causing uncertainty with its nuclear program, security threats, and oil transport.
These major considerations for the 2012 risk outlook show we are in another year of strategic planning amid a high degree of uncertainty. The principles of risk management should be at the core of corporate decision making.
Fortunately, it appears corporate executives agree with this sentiment more than ever. Some facts from Accenture’s 2011 Global Risk Management Study:
- 98% of companies across all industries and geographies consider risk management to be a higher priority for their company now than two years ago.
- 86% say their risk organization is a driver for managing business risks associated with increasingly volatile economic and financial environments.
- 91% note risk management is a key to enabling long-term profitable growth (49% state it is critical while 42% say it is important).
Corroborating the Accenture findings, a BDO survey finds board members are motivated as well. When asked what topics they would like to spend more time on, 55% of public company board members cited risk management (a higher percentage than any other topic area).
In a year when risk analysis points to many unknown risk factors ahead and management and board-level buy in for risk management value, add the following positive trends for advancing enterprise risk management implementation:
- a growing number of well-educated and highly-experienced risk management leaders;
- productive dialogues on risk standards;
- advancements in automated data collection;
- more software options for identifying, assessing, reporting, and managing risks; and
- greater insights from management consultants to enable risk-oriented organizational change.
All of these positive factors promise to help advance risk management practices in 2012. So where is the trap?
This point in the business cycle calls for bold corporate action to leap ahead of growth prospects. While the major surveys signal explicit support from corporate executives for building risk management strategies, anecdotal evidence and buried survey question responses show risk management still generally suffers from the following business manager perceptions:
- It is a wasted time-consuming exercise.
- It is a barrier to capitalizing on obvious business opportunities.
- It is an activity driven by regulatory compliance requirements.
At the end of this year, we are likely to hear more voices criticizing missed opportunities because of conservative strategies mired by low-risk appetite.
The relatively mature risk management programs in the financial services sector may have advanced past this trap, but young risk programs developing throughout other vertical markets are more susceptible to these image problems as they challenge long-established business decision processes.
The Accenture study states 80% of all companies either have an enterprise risk management program in place or plan to implement one in the next two years. About 16% are in the planning and implementation stage. If you take away the financial sector with nearly 100% existing ERM programs and the largest companies, these percentages drop quickly. In the BDO survey targeting public companies with revenues from $250 million to $750 million, less than half have a named individual to lead risk management efforts and two-thirds do not have a risk committee.
With many apparent uncertainties combined with risk managers seeking to make their mark, the value of risk management programs will be tested in 2012. This is an opportunity to elevate the role of risk managers and prove risk management is not about limiting growth opportunities, but enabling bold risk-informed strategic decisions.
Best wishes for a well-informed and calculated year of gambling.
For in-depth analysis of risk management trends, risk vendor resources, and risk categories access IMT's report "Enterprise Risk Management Vendor Taxonomy."