Research Conducted by Protiviti and North Carolina State University’s ERM Initiative
Volatility in equity markets. Falling oil prices. Global terrorism. Escalating healthcare costs. Uncertainties in political regimes in certain parts of the world. Disruptive technological innovation. Expanding regulation and oversight. Shifts in expectations about China’s economy. Strong U.S. dollar. These and a host of other significant risk drivers are contributing to the risk dialogue in boardrooms and executive suites.
Entities in virtually every industry and country are reminded, all too frequently, that they operate in a risky world. Recent terrorism events, perceived adjustments in expectations about economic conditions in China, the rapidly increasing costs of healthcare, and continued concerns about cyberdata breaches vividly illustrate the realities that organisations of all types face risks that can suddenly propel them into global headlines, creating complex enterprisewide risk events that threaten reputation and brand. The rapid and steep decline in oil prices was not anticipated by many players in the energy industry, reminding everyone that they need to expect the unexpected. Boards of directors and executive management teams cannot afford to manage risks casually on a reactive basis, especially in light of the rapid pace of disruptive innovation and technological developments.
In their fourth annual survey, Protiviti and North Carolina State University’s ERM Initiative report on the top risks on the minds of global boards of directors and executives. Our respondent group, which includes 535 board members and C-suite executives from around the world, provided their perspectives about the potential impact over the next 12 months of 27 specific risks across these three dimensions:
- Macroeconomic risks likely to affect the organization’s growth opportunities
- Strategic risks the organisation faces that may affect the validity of its strategy for the pursuit of growth opportunities
- Operational risks that might affect key operations of the organisation in executing its strategy
Healthcare and Life Sciences Industry Group – Top Risks for 2016
Although the perceived risk level of general legal and regulatory compliance is trending downward for the industry group, it still remains the top overall risk for Healthcare and Life Sciences organisations. Our theory is that this downward trend is a result of a better understanding of the general direction of healthcare reform and what is, and is not, a compliance risk. However, the risk of regulatory changes and scrutiny remains high because, despite this better understanding, Healthcare and Life Sciences organisations continue to grapple with both their strategic and tactical approaches to mitigating these risks. Healthcare and Life Sciences organisations with robust, mature and demonstratively effective compliance programs are likely in a position of competitive advantage. They are much more able to detect and prevent instances of legal and regulatory noncompliance (presumably saving significant legal, investigatory and sanctions costs). In addition, in the event of one or more incidents of noncompliance, their compliance program will be considered a mitigating factor in the sanctioning phase of the resolution process.
There is no debating that Healthcare Providers face the daunting task of keeping pace with peers in the industry while also trying to perform in a more efficient and effective manner using technologies for maintaining or improving revenue and quality. The ability to utilise technologies with quality business analytics is becoming even more important as Healthcare Providers continue to observe margins shrink and fight hard to maintain a healthy revenue stream. Innovation in the Healthcare industry continues to push the boundaries of how care is provided. Providers that are unable to analyse and diagnose improvement opportunities will struggle to maintain a healthy revenue stream. Furthermore, those that implement and employ technologies for process improvement and efficiencies will have to invest in various technologies that are often disparate, do not communicate effectively (or at all) with other systems, and often lack good dashboards for executives to make informed decisions.
To further complicate matters, if not managed effectively, compliance risk may rise as new technologies and innovations are implemented, since Healthcare organisations tend to focus on implementation success versus risk management oversight of other consequences that may prevail. Also, better informed and more tech-savvy patients are creating pressures to evolve at a rapid pace. In turn, Healthcare Provider organisations are struggling to ensure their sensitive data is being accessed appropriately and is protected sufficiently. New cybersecurity and privacy/identity risks emerge on a seemingly daily basis and are top of mind for executive leadership across Healthcare Providers, Payers and Service organisations alike. The rise of cyber insurance has led to a false sense of security for some; however, the reputation damage from a significant breach may prove too great to put a price on. With looming government HIPAA audits and increased scrutiny on the horizon, these pressures will only continue to increase.
For further results and a copy of the overall survey report, visit www.protiviti.com/TopRisks.