This fast-moving world means companies are having to revisit risk disclosures (both public and private), what should be discussed at board level and what internal audit should review.
Traditionally the risk function focused on areas such as competitive landscape, reputational risk, key employees, regulation, currency fluctuation and financial performance. Internal audit focused on processes and procedures and financial robustness. Boards would keep a regular audit and measure KPIs against traditional risk as a board item near the bottom of the agenda. If you looked at one company's risk disclosures you could predict what a like-minded company would say.
The events of the last couple of years mean companies and institutions need to fundamentally revisit risk and where resource should be allocated to address it.
New risks include:
a) cyber attacks - how robust are the systems? The system may be secure at HQ but how secure are outlying entities, particularly those acquired and operating on different or transitional arrangements?
b) data transfer - GDPR means everyone is reviewing data transfer BUT it should not be a 'tick box' exercise. Policies and procedures should be looked at and challenged. Someone will be getting a big fine at some point.
c) brand reputation - this used to be about product but increasingly it is about culture. Ratner was always highlighted as the example not to follow but the new reality is the power of employees to use social media to criticise management style.
d) anti-trust - a traditional risk but worth noting the authorities are still active and launching investigation after investigation in the supply chains. Again it is those outliers as well as management style that need to be watched. A hot topic is information sharing - time to refresh that training?
e) protectionism - whether Trump introduces protectionism or not, the board should be reviewing trade rules and finding solutions to deal with changes and tariffs.
f) tax reform- every country is reviewing its tax legislation to 'capture' as much tax as possible. It is increasingly important to actively reorganise, and have a strategy around, treasury management and cash movements cross-border.
g) compliance regarding corruption and health and safety. Understanding your supply chain and how each supplier operates is a requirement. Modern Slavery disclosures are a requirement in the UK but auditing the supply chain including agents and distributors for anti-corruption policies and health and safety is also a part of internal audit these days. Any company in the supply chain that resists should be removed.
h) Brexit - like it or not, every board must have a regular review of the situation. There is risk and opportunity in Brexit. This includes tariffs, employee retention and acquisition and new regulation.
In this changing world make sure your company focuses on the right risks and your board is asked to review the right matters. Dust off your risk register.
Companies Step Up Disclosures Of Trump-Related Risks