A Look Ahead: Top Risks for 2010
Several key areas should be on all internal auditors’ watch lists for the coming year.
Todd Davies
Founder, Todd Davies & Associates
Technical & Policy Director, IIA-Australia
As the developed world pulls itself away from the abyss of the global financial crisis, many around the globe are breathing a sigh of relief. Having dodged a major bullet, organizations are now returning to business as usual. But if the crisis was a wake-up-call for the world, did business leaders and internal auditors pay attention or just hit the snooze alarm? What’s the next “black swan,” or significant unforeseen risk, and what should internal auditors be doing about it?
Surprisingly, there has been no wholesale view that the internal audit profession was culpable during the fallout of the economic crisis. But around the world regulators are turning their attention to auditing’s areas of interest and concluding that risk management processes missed the big picture. Foresight around strategic risk, structural breaks, and systemic risk, they say, was systematically absent. Accountabilities need to be put in place to make sure that risk management is exposing material risks rather than getting lost in the minutia. Moreover, organizations need independent assurance that risk management is functioning in this manner, and that assurance should be provided by internal auditors.
Since 2008, the CEOs of Australian listed companies have been required to report to the board of directors that their company’s material business risks have been fully understood and disclosed to the board in full. Moreover, they are required to attest that the status of those risks are reported accurately. Internal auditing is also expected to give an independent view on this reporting process and indicate whether the organization’s risk approach enables this, and the underlying risk framework, to be executed with appropriate rigor. Providing this view represents a new skill set for many internal auditors, and it sets a precedent that other countries are watching closely. The requirement also begs two key questions: Does internal auditing have any blind spots? And if so, what are they?
After only two months into the year, it seems that every relevant industry group, pundit, or blogger has already released a study on the top 10 risks for 2010. These studies by various opinion leaders help identify some of the blind spots internal auditors may face. Depending on the study, the authors might be stock market analysts (the people who were telling investors to buy shares just before the market went off the cliff), CEOs (the people who drove the companies off the cliff), and other “experts” (people advising the CEOs at the time). Because each group has its own blind spots, these reports collectively provide a more comprehensive view. And if it helps internal auditors avoid driving off a cliff or two, then it’s an exercise well worth doing.
What’s particularly interesting is the different skews that arise in each of the reports and approaches. The Corporate Executive Board (CEB’s) 2010 study of CEOs and senior executives top 10 risks for 2010 has a strong inward and reactive flavor, focusing on the adaptive capacity of the organization, particularly in dealing with the ramifications of downsizing during the global economic crisis. The study also highlights vulnerabilities that came to light during the crisis, such as third-party dependencies and fraud.
Ernst & Young’s Annual Global Risk study draws on the analyst community and presents a more holistic view, identifying changes in consumer attitudes and business model redundancy, as well as some of the issues raised in the CEB’s top 10 risks. And like the CEB research, this study tends to be lagging rather than leading in some respects. For example, the research highlights the risks of global financial shocks and the credit crunch as they were already unfolding, rather than signaling them well in advance.
The most useful study comes from the World Economic Forum. Its 2010 Global Risks report highlights risks of a potential systemic asset price collapse, global dependencies from economic growth in China, impacts of ecological degradation, redundancy as a result of job transfers to the developing world, and the inability of global governance to keep up with an interconnected global financial and regulatory system. Based on the CEB and Ernst & Young reports, many of these issues don’t appear to be showing up in mainstream corporate thinking, representing a risk to all organizations.
Given all of the disparate and complex information on current risks, distilling it down to a short list is very difficult. Nonetheless five key themes stand out, each representing an important area for internal auditors to watch:
| Theme | Potential Risk Impacts | What to Look for |
| 1. Significant changes in the supply and demand for energy, combined with a global price on carbon emissions. |
Potential price spikes of energy in all forms. Reliability of existing energy supply and infrastructure. Phasing out of carbon-intensive energy sources. |
How dependent is the organization on different energy sources? What contingencies are in place if different energy sources are disrupted? And are these reliable if everyone else is also disrupted? What is the impact of a sustained increase of 100%–200% in the cost of energy? Are operations and business practices still viable? |
| 2. Redistribution — the developed world atrophies while the developing world grows rapidly. |
Aging workforce, stalling economic growth, and increasing health-care costs in developed countries. Young workforce and rapid growth in emerging economies. |
What are the organization's dependencies on traditional sources of revenue growth? What new competition sources are emerging? What will be the impacts of supply chain redistribution internationally? Are existing locations viable? What risks specific to emerging markets need to be factored into normal business operations? |
| 3. Population pressure on limited resources causes resources to be used more quickly than they can be replenished on a global basis. | Structural shift in supply/demand balance leading to increased competition for water, soft commodities, and hard commodities. |
Will the organization withstand a significant change in the price of key inputs? Is the organization able to become less resource intensive? Are the organization’s corporate social responsibility obligations understood? How will resource constraints shape consumer behaviors? Do the organization’s demand projections take these pressures into account? |
| 4. Structural currency rebalancing. | East/West balance changes globally, leading to permanent changes in exchange rates and the role of key currencies. |
What is the "balance of trade" within the organization? What materials are sourced and sold domestically and internationally? How will the organization be affected if a new standard takes over from the U.S. dollar? |
| 5. Climate change. |
Increased frequency and severity of weather events. Previously viable locations require changes to be viable, or they become unviable. |
Are the potential impacts of climate change understood? Have these impacts been analyzed by business unit and by site? |
Each of these five areas is significant by itself, but the risks gain even greater complexity if all are emerging at once, particularly when governments, corporations, and individuals change their policy and personal settings in response.
Organizations have a strong tendency to “repave the cow path” — that is, operating in an incremental manner rather than anticipating and responding to structural shifts. Although internal auditing is not meant to function as a crystal ball, it does play a key part in ensuring the organization has an appropriate basis for risk foresight and, if not, ensuring that one is put in place.
Any organization that was blindsided by the global economic crisis or that has not considered some of the issues highlighted by leading authorities most likely has an inadequate risk framework and faces high potential for value destruction. As regulators are well aware, foresight around strategic risk, structural breaks, and systemic risk was systematically absent during the crisis, and there’s every indication that the snooze alarm has been hit. When the next structural breaks occur, will internal auditors be culpable, or will they be seen as a trusted voice that helped the organization prepare for success in the face of change? This question should receive serious consideration from any audit practitioner interested in the viability of the profession and the clients it serves.
To comment on this article, e-mail the author at todd.davies@theiia.org.
Risks to Watch Closely
The risks highlighted aren't necessarily those that pose the greatest risk to the business environment in the short and medium term. That said, I will not rule out the opinion that they indeed require close, continuous monitoring, with clear concise reporting on their actual and likely potential impact on the achievement of business goals and objectives. I am also of the opinion that the identified themes constitute risk classifications that are too broad and as a result require much more detailed risk analysis than has been presented.
Posted By: Mark Otonglo
2010-05-17 5:07 AM
Climate change
I believe climate change is 2015 risk and in 2010 it is not change.See fact of world economy in 2008 and 2009 to believe this case
Posted By: Gholamhossein davani
2010-05-01 12:50 PM
top risks 2010
This is a listing of few ''common issues don’t appear to be showing up in mainstream corporate thinking''. Uniqueness of each organisation in terms of its mission and vision generates specific risks. A ''generalisation'' and identification of key risks will be purely hypothetical.
Posted By: suresh kumar manicketh
2010-04-17 9:23 PM
Top Risks for 2010
I believe that the 5 areas highlighted above are very relevant no matter where we are located around the world... Dont you feel that organisations are still exposed to risk arising from the recent financial crisis?
Posted By: Youveraj Nathoo
2010-03-31 3:21 AM
risks for 2010
I am more than a little skeptical that the biggest risks facing companies in 2010 are things like 'climate change', 'population pressure on resources', and 'energy price change', at least as a result of the phasing out of carbon. This article sounds more like a political agenda than a serious auditing paper. Lets focus on some of the real risks facing companies-- actual cases and the threat of cyber espionage, financial regulation and oversight burden and the rapidly changing rules landscape; and the risk of altered international relations with key trading partners.
Posted By: Robert Mullan
2010-03-15 11:31 AM
Top 10 Risks
Fantastic
Posted By: Jaime Humberto Leal Guajardo
2010-03-11 10:59 AM
Top Risks of 2010
Climate Change, top risk for 2010... Really ?
Posted By: K Andreatta
2010-03-11 10:36 AM
It is very helpful , since the the modern internal audit become risk-focussed
Posted By: Mutaz
2010-03-07 8:01 AM
Good staff.
Posted By: Mulenga Kambikambi
2010-02-24 6:29 AM
Feel free to provide feedback about this article. Your comment will display below.
To make something bold:
<strong>Text to bold</strong>
To make something italic:
<em>Text to italicize</em>
To make a hyperlink:
<a href="URL">Text to link</a>
