Regulatory Scrutiny, Economic Conditions and Cyber Threats Rank as Top Risks, According to Research from Protiviti and NC State University’s ERM Initiative

Press Release

New survey of board members and executives worldwide sheds light on most pressing risk issues for organizations

MENLO PARK, Calif. – March 22, 2016 – More organizations are realizing that additional risk management sophistication is warranted given the fast pace in which complex risks are emerging, according to results of the fourth annual joint survey assessing the current risk environment by global consulting firm Protiviti and the Enterprise Risk Management (ERM) Initiative at the North Carolina State University Poole College of Management.

Released today, Executive Perspectives on Top Risks for 2016 ( summarizes the concerns of 535 board members, C-suite and other top-level executives around the world and across industries. In the survey, respondents rate the significance of 27 risk issues for the coming year, spanning three risk categories: macroeconomic, strategic and operational.

Regulatory change and heightened regulatory scrutiny is the number one risk cited by survey respondents for the fourth consecutive year, highlighting its dominance on the minds of board members and executives worldwide. The majority (60 percent) of respondents believe this risk will continue to have a significant impact on their organizations, indicating business executives remain highly concerned about the effect of the regulatory landscape on their strategic direction.

The Top 10 Risks for 2016

Following are the top 10 risks identified in the annual board member and executive risk survey, along with the percentages of respondents who identified each risk as having a “significant impact” on their business:

  1. Regulatory changes and regulatory scrutiny may heighten, noticeably affecting the manner in which products or services will be produced or delivered (60 percent)
  2. Economic conditions in markets currently served may significantly restrict growth opportunities for the organization (60 percent)
  3. The organization may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt its core operations and/or damage its brand (57 percent)
  4. The organization’s succession challenges and ability to attract and retain top talent may limit its ability to achieve operational targets (52 percent)
  5. Ensuring privacy/identity management and information security/system protection may require significant resources for the organization (53 percent)
  6. Rapid speed of disruptive innovations and/or new technologies within the industry may outpace the organization’s ability to compete and/or manage the risk appropriately, without making significant changes to its business model (51 percent)
  7. Resistance to change may restrict the organization from making necessary adjustments to the business model and core operations (49 percent)
  8. Anticipated volatility in global financial markets and currencies may create significantly challenging issues for the organization to address (50 percent)
  9. The organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect core operations and achievement of strategic objectives (45 percent)
  10. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in the organization’s existing customer base (46 percent)

“The results of our latest survey show that key stakeholders’ expectations regarding the need for greater transparency about the nature and magnitude of organizations’ risks continue to be high,” said Patrick Scott, Protiviti EVP of Industry Groups.

“Pressures from boards, volatile markets, intense competition, demanding regulatory requirements, new technologies and other dynamic forces are leading to increasing calls for management to design and implement effective risk management capabilities to identify and assess organizations’ key risk exposures, with the goal of reducing them to an acceptable level,” said Jim DeLoach, a managing director with Protiviti.

Two new risks made it onto this year’s top 10 list: the rapid speed of disruptive innovations and/or new technologies within the industry (#6) and anticipated volatility in global financial markets and currencies (#8). These newly identified concerns bumped two former risks off the top 10 list: concern over the ability to manage an unexpected crisis that could impact reputation (#8 in 2015) and the ability to meet performance expectations relative to competitors (#10 in 2015).

“Interestingly, we found boards of directors, CEOs and other members of the executive team report differing views of the top risk exposures facing their organizations,” said Dr. Mark Beasley, Deloitte Professor of Enterprise Risk Management and NC State ERM Initiative director. “The level of impact of risk concerns among board members is noticeably less risky compared to the executive team, who see the outlook for the next 12 months as more risky. These findings suggest there is a strong need for discussion and dialogue between management and the board to ensure the organization is focused on the right emerging risk exposures.”

About the Survey

The NC State-Protiviti survey was conducted in the fourth quarter of 2015. Respondents represent both U.S.-based and non-U.S. organizations and public and private companies. The survey report also provides detailed insights broken out by size of company, executive position and industry. It concludes with a discussion of the organizations’ plans to improve their capabilities for managing risk.

Resources Available

The Executive Perspectives on Top Risks for 2016 report from Protiviti and NC State, along with an infographic, a video and a podcast highlighting the data are available for complimentary download at and

Protiviti will host a complimentary one-hour webinar on March 23 at noon PDT featuring Protiviti’s Scott and DeLoach and NC State Poole College of Management Professor Beasley to discuss the survey data and risk management best practices. To register, please visit

About the NC State University Poole College ERM Initiative

The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques (

About Protiviti

Protiviti ( is a global consulting firm that delivers deep expertise, objective insights, a tailored approach, and unparalleled collaboration to help leaders confidently face the future. Protiviti and its independent and locally owned Member Firms provide clients with consulting and managed solutions in finance, technology, operations, data, digital, legal, governance, risk and internal audit through its network of more than 85 offices in over 25 countries.

Named to the 2022 Fortune 100 Best Companies to Work For® list, Protiviti has served more than 80 percent of Fortune 100 and nearly 80 percent of Fortune  500 companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

Ready to work with us?

Kathy Keller
Kathy Keller