Processes to Identify Risks
When and how are organizations identifying risks for their organizations?
While business leaders likely think about various types of risks as they engage in day-to-day activities, there is value in employing an organized structured approach to identify risks so that management is more likely to move risks from an “unknown” to “known” state.
In the 15th edition of The State of Risk Oversight Report, which we publish annually in collaboration with AICPA, asked a series of questions to better understand the process of how management actively seeks to identify potential risks on the horizon, including the frequency and scope of those activities.
2024 Insights from Data
- Over the past 15 years of this study, there has been a steady increase in the percentage of organizations that maintain an inventory of risks at the enterprise level. That is especially true for large organizations and public companies.
- Most organizations (49% full sample; 67% of large organizations and public companies) follow a dedicated process to identify risks on an annual basis, with just under one-third doing so more frequently than once a year.
- However, Most organizations do not have formal processes in place to prompt executives to consider long-term risks (e.g., risks five to ten years in the future).
- Most organizations (58% full sample; 78% of large organizations and 86% of public companies) have a standardized template that they use to identify risks, suggesting that the risk identification processes for those organizations are more structured than ad hoc.
- Among the different types of risks most frequently identified, emerging, strategic, market risks are least likely to be considered in the risk identification process. Most of the risk focus is on IT, operational, financial, and legal/compliance risks.
Discussion Items for Management and Board Consideration
The table below suggests 5 questions that risk leaders can use to prompt conversations with executives and boards about how to better identify potential risks on the horizon.
Related Tools
We’ve created two downloadable tools to help risk leaders identify and assess potential risks. Click on the resource name to view a detailed page where you can download the tool or template.