This article was first published in the May 2015 international edition of Accounting and Business magazine.

The world has become an increasingly complex place to do business. National economies are linked in ways that could only have been imagined 20 years ago. The pressures of globalisation, including the international convergence in markets, currencies and business practices, continue to change the way companies operate at home and outside their national borders. 

To analyse future risks and opportunities in a globalised business environment, leaders must not only understand the risks of operating within their own markets, but also how their businesses will be affected by complex international political, economic and regulatory issues, as well as potential disruptions in supply. 

And there are many new risks on the horizon, according to leading authorities. Institute of Risk Management (IRM) experts point to the impact of falling oil and gas prices on political and social disruption in oil-producing countries, which, ‘if not successfully managed’, says IRM fellow Mark Boult, ‘will impact the world’. Meanwhile the Conference Board of Canada estimates that in Alberta alone total business investment could be cut by C$12bn in 2015, leading to a potential recession in the province; it also expects total pre-tax profits from all Canadian corporations to drop by C$25bn from record 2014 levels of C$275bn.

UK and EU dialogue

On the political front, UK companies are encouraged to keep a close eye on the evolving dialogue between the UK and the EU. José Morago, IRM chairman and group risk director at Aviva, notes: ‘The potential risk of a UK exit from the EU could bring even bigger strategic, operational and legal risk challenges to many international companies than those raised by Scottish independence.’

And according to Mark Butterworth, IRM member and managing director at Condie Risk, the 2014 UK Corporate Governance Code and Financial Reporting Council (FRC) guidance on risk management will significantly upgrade the ‘weaponry of shareholder activism in 2015’. Butterworth says this will consequently require greater corporate governance and risk management education at board level. ‘Boards need to identify governance gaps and plug them fast – whether that’s through acquiring new skills, qualifications or experience. What is expected from boards is going to be raised quite fast this year.’

However, with the interdependencies between markets and the known contagion in the financial system, business risks are clearly not limited to geographic or political borders. 

In its recent survey of 516 global business and risk consultants, underwriters, senior managers and claims experts, Allianz SE identifies the major business concerns for the coming year that are likely to impact all companies.

The single most highly ranked risk concerned business interruption and the supply chain. This was followed by natural catastrophes; fire/explosion; changes in legislation and regulation; cybercrime, IT failures, espionage, data breaches; and in sixth place, loss of reputation or brand value.  

Executives from both the UK and the US rated business interruption and supply chain risks as the most important for the coming year. However, UK companies ranked the loss due to business reputation as the second most important, whereas their American counterparts saw natural disasters as their second biggest risk. US executives are far less concerned about loss of reputation or brand value, ranking this sixth of their top 10 concerns. 

Concerns around business risks also varied according to market maturity, with emerging economies and more volatile regions showing greater concern about natural disasters and market stagnation than developed economies. The study also demonstrates that country risk profiles change yearly, making risk assessment more difficult, and leaving companies more exposed. 

For example, risks associated with political and social upheaval and cybercrime are of greater concern in 2015 than 2014, whereas companies are less worried about the impact of disruptive technological change or the effect austerity programmes are having on local economies. 

As the global risk environment changes, local and international regulatory and standard-setting bodies are responding in a variety of ways. For example, in the UK these changes have been recognised by local regulators such as the FRC. Its updated version of the UK Corporate Governance Code aims to ‘enhance the quality of information investors receive about the long-term health and strategy of listed companies, and raises the bar for risk management’.

The public statements issued by the FRC’s CEO, Stephen Haddrill, also echo the intent of the International Integrated Reporting Framework, developed by the International Integrated Reporting Council to ‘catalyse a more cohesive and efficient approach to corporate reporting that communicates the full range of factors that materially affect the ability of an organisation to create value over time’. In reference to the updated FRC code, Haddrill comments: ‘The changes to the code are designed to strengthen the focus of companies and investors on the longer-term sustainability of value creation.’

In December 2011, the Committee of Sponsoring Organisations of the Treadway Commission (COSO) – the US-based risk management think-tank – released its revised Internal Control – Integrated Framework. The newly proposed framework is intended to build on its earlier version to reflect the changes in the operating and risk environments that have occurred over the past 20 years – more specifically, to make the ‘existing framework and related evaluation tools more relevant in the increasingly complex business environment, so that organisations worldwide can better design, implement and assess internal control’.

In the autumn of 2013, the US Office of the Comptroller of the Currency (OCC) required US banks and credit unions to step up their third-party risk assessment/due diligence process. The new guidance, Third Party Relationships, recognised changes in the global risk environment, pointing to increased operational, compliance, reputational, strategic and credit risks associated with entering into business relationships with outside vendors. 

Improved transparency

More recently, comments before the Committee on Banking, Housing and Urban Affairs of the US Senate, by Valerie Abend, senior critical infrastructure officer in the OCC, foreshadow regulatory changes to come for telecoms, energy and retailers. She notes: ‘The OCC strongly supports efforts to ensure other sectors have commensurate standards and improved transparency as it relates to the cybersecurity in these sectors.’ 

She adds that the financial services industry and retailers have important interdependencies. ‘We have seen a number of attacks on large retailers in which credit card and other information from millions of consumers was compromised. In response, financial institutions compensate customers for fraudulent charges and replace credit and debit cards, and monitor account activity for fraud at significant cost. We would support efforts to even the playing field between banks and merchants to ensure that both contribute to efforts to make affected consumers whole.’ 

As regulation and standards evolve to try to match the increased complexity of the global risk environment, the question remains: are companies also ready for the current state of global risk? A recent report by North Carolina State University with the American Institute of Certified Public Accountants says no. 

According to its most recent survey published mid-2014, despite the fact that over 55% of the 445 executives who responded thought that the volume and complexity of business risks have both substantially increased in the past five years, only 20% of them described the level of their organisation’s risk management as ‘mature’ or ‘robust’.

Perhaps of more concern is that 38.2% of the executives reported that their company did no formal assessments of emerging strategic, market or industry risks. The authors call for organisations to strengthen their underlying processes for identifying and assessing key risks, and integrating risk oversight with strategic planning efforts.

As to how companies should build an organisation that will be resilient in the face of emerging global risks, there are many recommendations available. For example, for companies concerned about disruption in the supply chain, all of the major accountancy firms offer a wide range of risk management services. At the same time, organised bodies such as the IRM and COSO offer guidance around risk management for the enterprise as a whole, or for certain specific risk factors. 

In the autumn of 2014, COSO again announced its intention to rethink and revise its guidance around risk management with the update of the 2004 Enterprise Risk Management – Integrated Framework. The revisions are now being developed by PwC, under the direction of the COSO board.

Ramona Dzinkowski is a Canadian economist and journalist