February view of the top risks of 2011

It is now February 2011 and with 10 months left in the year we thought it prudent to cover what we see are the Top 10 risks for the rest of 2011.

1. Consumer sentiment shifts – Over the past few years we have seen that consumers can very quickly, and to be honest, very ruthlessly, shift from liking your product to disliking your product.  Consumer sentiment has seen the death of  many brands, as the consumer switches to alternative products.  The key to mitigating this risk is having an ability to be adaptive and quickly responding to the change in consumer sentiment.  Recent examples we have seen in this are Apple and the iPhone 4, the failures of Mother for Coca Cola, and the adaption of the fast food industry to incorporate healthier alternatives. Don’t be left holding the unsellable, continually, review, adapt and evolve!

2. Industry breaking new technologies – Quite simply the book industry is now experiencing the same evolution that occurred in the music industry and the movie industry.  But this type of industry breaking new technologies can and will occur in any industry.  Unlike the first risk, this one is not as easy to mitigate, instead the organisation needs to make active, not reactive, decisions on the future of the industry they are in and how they wish to either participate or not in that future.  Scenario planning is one technique to consider these types of risks.

3. Customer centricity – This risk surrounds the customer now being empowered to make more decisions on price, quality and product attributes.  The internet, through online research and shopping, has provided the customer with the power position.  Organisations need to always consider the customer at the centre of everything it does but the customer also wants to be protected in regards to privacy and security.  Therefore, the organisation needs to balance these two aspects.

4. Regulatory change – Where would a top 10 be without this old but secure favourite.  The global financial crisis has empowered governments all around the world to step into industries with regulations to ensure future viability.  And essentially the same consumers that wish to be the centre of everything, also demand their governments protect them in the event of corporate failures.  Therefore, organisations need to manage this risk with the same vigour and attention as they have in the past, and if they did not, well those organisations are probably not around any longer to read this post!

5. Data security and privacy – Another favourite for top 10 lists in risks however this risk is now enhanced through a consumer focus on speed and efficiency, which does not always lead to simple data security and privacy controls.  Organisations need to consider the full gambit of the consumer experience and the quest to appease the customer, with the need to protect their data and also ensure a secure physical and non-physical environment.  The traditional controls around risk management need to be reconsidered to providing more automated and monitoring controls than ever before.

6. External and internal fraud – Fraud has been around since the very first moment money exchanged hands.  Now with the online world exchanging billions of dollars this risk is in now way reducing.  Luckily a lot of organisations have been focused on this risk, hence it being number 6, but that does not mean you forget about it.  The fraudsters, both internal and external, are either one step ahead or only slight behind where you are.  Continue to ensure your fraud controls are in place but invest in technologies that continue to keep you, as best as you can, one step ahead of these highly organised fraud conglomerates.

7. 3rd party arrangements – The recent events of the failure of 3rd parties financially has only made this risk more evident to everyone.  It is not just the financial failure you need to concern yourself with, it is also the controls over service levels, the 3rd parties controls, their ability to deal with internal and external disasters, and the effectiveness and efficiency of their activities.  The key controls over this risk are actual very similar to the controls you place over your internal processes, it is just a 3rd party doing what you could do!

8. Outdated business processes –  Business processes age, just like technology and people.  If you leave a business process unattended or not reviewed for longer than 12 months (and in some cases 6 months, or even less) then you are destined to see a failure of some kind in that process.  Every business process needs an accountable owner and ongoing monitoring and review of these processes is necessary.  This risk can cause massive reputational and financial damage if left unattended.  Business process reviews through business efficiency teams are mandatory.  Techniques like six sigma, kaizen, etc are just ways of managing this risk.

9. Cost pressures – Post the global financial crisis (GFC) the world has seen a number of recessions and countries close to complete collapse.  This has placed extreme pressure on the costs of all organisations.  This risk is critical for organisations to manage but as this is something you should have been managing pre-GFC I am sure you have the right controls for this one.  Remember, cost management is important, but like everything it needs to be balanced against sound risk appetite decisions.

10. Lack of skilled resources – There were a number of risks that could have slotted in here, but this one is probably front of mind at the moment due to continual change every organisation experiences.  Therefore, skilled resources, who can work in ever changing environments are critical to a successful organisations.  Single points of failure need to be effectively managed so that workloads are shared and knowledge is a resource that is shared across the organisations.  If you manage your information and knowledge better through collaboration and knowledge sharing tools, then this risk is significantly reduced.

An unlucky risk to miss the Top 10 is Environmental Risk.  The recent events in Australia which have seen bushfires, cyclones and floods highlight the ever vulnerable nature of the human race to mother nature.  However, is it too early to call out this risk as being a risk that will be ever present.  For me, it is getting close, however all organisations disaster recovery methods and business continuity methods should be focused on managing this risk.  This has not changed in the last few years, but perhaps now it is just more evident as we experience an increase in changing weather patterns and more urbanisation.

The following site discusses some of the Top 10 IT Risk and Security Trends for 2011.  We agree with the majority of these as the top 10 but here is a brief summary of what we see are the top 5 in IT and Security Risks:

1. Business change  v technology change – As the world has evolved, technology and business change have become intertwined. Business change driven by the need to quickly expand markets, develop existing markets or enhance business are now conflicting with the processes of technology best practice change and process disciplines. This tension could result in costly business interruptions and system failures. To solve for this we must identify critical services where failure would cause significant, highly visible business outage, and enforce best practice and process disciplines in these areas using more adaptive methods (ie. the traditional waterfall methods are now becoming fast redundant).

2. Mobile computing -With the advancement of mobile technology in the past few years the operational risks associated with this platform have been left either untended or not considered.  This particular technology has been driven purely from a speed to market perspective and to a small subset of the online population.   Therefore errors in deliver or content have generally been accepted by the first user mentality.  However that small subset is fast approaching an active majority which will demand a higher level of quality and richer content.  Organisations need to consider alternative methods of delivery which segment the population (ie. Google Beta releases), allowing new versions to be issued with errors but accepted by the fast user population.  It is important though that communication occurs to make people understand the “beta” concept.  If beta cannot be performed for your industry, then consider methods which allow the flexibility but require some formalised testing process.  A balance needs to be determined which meets your risk appetite.

3. IT security and authentication – This is not a new risk, but perhaps more surprisingly a risk that is not the number 1 risk for online organisations.  IT security and authentication is now considered a basic requirement.  The next level of risk surrounds the increased level of customer data that your staff which to access from home, and also which customers want access to view and change.  Customer expectations on faster, more customer centric authentication, means there is a potential trade-off with customer and IT security to satisfy the customer expectations.  This risk needs to be actively managed with a level head, and a true consideration of customer privacy.  No one needs to mention recent examples of customer privacy issues, both in the online and non-online worlds.

4. Cloud computing – Probably the fast mover in the pack.  Cloud computing has moved extremely quickly from fringe consideration to almost part of executive vocabulary.   This risks associated with cloud computing extend from privacy aspects of customer data, performance of the providers, integration of processes, and the financial stability of providers.  Essentially all typical 3rd part risks, but no longer is it part of a process, it now is extending to your data – the life blood of your organisation.

5. Social networking – This is an interesting one to throw in the mix.  I say that because it is a medium that has such varying acceptance across the community.  Sites such as Facebook clearly have a large volume of users, but as with Twitter, the level of active users varys considerably.  These channels are also not renowned for their current level of online sales, but this will change.  The key question is when, and how, and then what role your organisation wants to play in participating in these areas.  Unlike Second Life, these types of real-time, interactive online social channels appear here to stay and thrive.  The key risk in these areas surround the controls over your reputation management, as regardless of whether you participate or not, people will use these technologies.    Of course, privacy risk is also important, and like any new area, social media is already a target for the online fraudster.

Hope you enjoyed our thoughts on the Top 10 Risks for February 2011.  Appreciate any feedback as it is just a guide.

Whilst your here though, what are your thoughts on these top 10, select from the list below.

[poll id=”2″]


Scott North has extensive experience in enterprise risk management, internal audit, operational risk and compliance, risk strategy, scenario planning, technology risk, technology business analysis, systems design, financial accounting, and management accounting. Scott is a Fellow of the Australian Institute of Chartered Accountants with a Masters Degree from the University of Melbourne in Business and Information Technology. Scott is also a Fellow of the University of Melbourne.

Read More

Related Articles

How to Ensure Your Sustainability Strategy Stays Clean

As we embrace the shift towards a greener economy, sustainability products are on the rise. However, with this growth, we've also seen an increase...

The Future of Australia’s Financial Services Industry: Embracing the Financial Accountability Regime

APRA and ASIC Spearhead a Revolutionary Change in the Financial Sector Introduction Today marks a significant milestone for the Australian financial services industry as the Australian...

Effective Risk Committees

Every Risk Moment Matters