At the heart of our three-part report is a global survey of the perspectives of  over 2,000 risk and finance professionals on risk management in today’s ‘perma-crisis’ norm.

While over half of the respondents believe that risk cultures have been improving for the better post-pandemic, rapid disruption has presented several new challenges for risk and finance leaders. The purpose of the report is to dig deep into what is  being done and not to build  risk cultures  that facilitate the changes necessary for achieving objectives, including those related to environmental and social impacts.

Tick-box approaches and short-sighted views of risk were reported by respondents as obstacles to embedding risk management into decision making and strategy. 

Regulatory change and cybersecurity: the pressing concerns 

‘Regulatory, compliance, and legal’ risks were ranked the top risk priority overall, with ‘technology, data and cybersecurity’ coming in second. Respondents considered ‘climate change and its social and economic implications’ more through a compliance lens, having ranked it second to last. In North America, ‘technology, data and cybersecurity’ risks came first. 

Select image to enlarge (opens in a new tab)


A risk culture that serves as an early warning system for dealing with the breadth of threats is vital but not all respondents believed in their organisation’s ability to achieve this, with the lowest levels of confidence seen in the public sector. 

Select image to enlarge (opens in a new tab)


Behaviour change in practice 

Assessing how policies and controls influence behaviour is not easy. Risk reporting as part of an organisation’s budgeting and forecasting processes was also highlighted, with only two-thirds of respondents confirming that risks are included in their internal financial processes.

Only around 60% of respondents agreed risk is sufficiently discussed at all levels in their organisation. Those in roles not explicitly in charge of risk said that interpreting volatile macro and geopolitical issues critical to the organisation were underestimated challenges.



About ACCA's risk culture research partners


The leading UK association for everyone who has a responsibility for risk management and insurance in their organisation, Airmic has over 450 corporate members and more than 1,750 individual members.

Individual members are from all sectors and include finance, sustainability, information and technology, internal audit, and legal professionals, as well as risk and insurance professionals. With our partners, and in collaboration with affiliate associations and institutes, Airmic supports members through learning and research; a diverse programme of events; developing and encouraging good practice; and lobbying on subjects that directly affect our members and their professions. Above all, we provide a platform for professionals to stay in touch, to communicate with each other, and to share ideas and information. To learn more, visit www.airmic.com


Established in 2002, the Professional Risk Managers' International Association (PRMIA) is a non-profit, member-focused and member-driven professional association represented globally by more than 50 chapters in major cities around the world. PRMIA’s mission is to provide an open forum for the development and promotion of the risk profession through credentialing, learning and development programs, online thought leadership resources, and events. To learn more, visit www.prmia.org

ACCA will publish additional research on risk culture by industry throughout 2023.