In most companies, risk management practices, though not mature in scale as good or optimised, evidence is that risks that emerged were handled well enough. The pandemic provided a significant wake-up call for understanding the wide variety of risks and uncertainties. Uncertainty is the new norm, and therefore risk management has become more critical for the success of a business.
Risks and threats are precursors to the corporate crisis. Some risks are universal and pose a threat to every company, while others are relative and depend on the nature of an organisation's business or industry. No matter which risks or threats apply to a company, it is essential that they have a crisis management plan in place to deal with the crisis when the risk becomes a reality.
For those involved in the risk management, the pandemic warned them to make risk assessments more accurate and more responsive to the changing risk environment. It is necessary to ascertain the most relevant risks to gain perspective on the best ways to deal with them.
Each year, the IIA, ECIIA, Big-4 Audit, and consulting firms publish survey-based research reports on top risks to illuminate the upcoming year's risk horizon and outlook. One of the first questions to answer in risk management is, "What are our most critical risks?" The compilation of top business risks for 2022 will prenominate this prediction.
As it has for the last five years, cybersecurity tops nearly every list of the top risks for 2022. It reflects the constant struggle to keep up with cyber risk's evolving and vexing nature. The growing sophistication and variety of cyberattacks often have disastrous financial impacts. Hackers like extreme change situations when people become distracted, make fear-based decisions, and are prone to errors. As pandemic shifts into a new phase, it may be more chaotic and challenging. Cybersecurity risks continue to represent a significant concern for any organisation regardless of its size or industry.
Attracting and retaining cybersecurity specialists represents a significant challenge. Despite huge spending on cybersecurity over the years, the issues persist. This risk examines whether organisations are sufficiently prepared to manage cyber threats that cause disruption and reputational harm. It doesn't appear that cybersecurity will be receding as top risk anytime soon.
Talent management is identified as the next top risk. Finding, hiring, and retaining top talent is expected to remain one of the most significant risks facing companies in 2022. It is challenging to find the best talent with the different generational gaps in the workforce to match and mix experience and new knowledge.
Robert Half's survey said nearly half of workers plan to look for a new job in 2022, with Gen Z most likely to move. We hear about the Great Resignation, also known as the Big Quit, an economic trend in which employees voluntarily resign en masse, meaning the talent market will be more competitive than ever. While the virtualisation of work helps greater access to global talent, this has limitations. The onus is on companies attracting and retaining people by evidently endorsing that their contributions are valued by paying well and prioritising their well-being.
Environmental, social, and governance topics, known collectively as ESG, and reporting on such issues is considered a significant risk in 2022. ESG refers to parameters used to gauge how sustainability objectives guide business performance. Sustainability includes organisational governance, social sustainability, and environmental sustainability. Companies should anticipate emerging ESG requirements by understanding processes and controls and adopting sustainability frameworks.
ESG reporting is not yet mandated, but adoption is imminent. The stakes are too high, with the pressure exerted by regulators, investors, customers, third-party affiliates, and society. The benefits of getting it right outweigh the cost with increased opportunities for business. The IIA's On Risk 2022 mentions, "This risk examines the ability of organisations to reliably measure, evaluate, and accurately report on their environmental impacts."
Digital identity and data privacy risks are one of the biggest risks companies will face in 2022: the risk of having their data breached. It is as close as "it's not if you'll be breached; it's when." Due to a demanding regulatory environment, companies need to adequately protect sensitive data and comply with applicable laws and regulations. The legal exposure to personal rights and data privacy has given the sensitivity to data protection. Taking a piecemeal approach to technology is no longer enough; businesses must build integrated systems.
Risk is often considered inherently negative, but a more nuanced view perceives an equal opportunity for every risk. No one knows what 2022 will look like, but monitoring, modifying, and learning missions will matter the most.
Sundaresan Rajeswar is board member, Institute of Internal Auditors Qatar Chapter; he’s also in global IIA board's Advocacy Advisory Council for 2021-23.