The end of one year and the start of a new one provides a time to reflect; for individuals and organizations. A time to refocus, to review your strategy and to set out your plans for the coming year.
At the end of 2021 — another year where business interruption and volatility have been the watchwords, thanks largely to COVID-19’s continued presence — businesses look ahead to 2022. In particular, they are assessing the risks they face.
In a world where new threats come thick and fast (and from unexpected directions): what are the most prominent business risks you should plan for in 2022?
Identifying the key threats for the coming year is essential for GRC professionals preparing for 2022. What do these threats mean for your operations, and what should your key focus be? How equipped is your existing risk management framework to respond — and do you need to make changes to ensure you can prepare for these risks?
Integrated risk management (IRM) has been proven to deliver a robust and structured approach for risk mitigation. How can you use IRM to strengthen your risk management as part of your broader governance, risk and compliance (GRC) strategy?
What Are the Top 6 Business Risks in 2022?
There’s no shortage of predictions for the biggest strategic business risks at this time of the year. To save you some time, we’ve collated the top 6 risks and look at how they are evolving; the challenges organizations may face in mitigating them; and how an integrated, robust approach to risk management can make the difference between success and failure.
Risk 1: ESG
Environmental, social and governance (ESG) is perhaps the most significant risk facing organizations in 2022.
This is partly because ESG is multi-faceted and complex, covering a panoply of risks from carbon footprints to employee diversity and modern-day slavery. Partly because it’s a rapidly-evolving area, where risks change quickly and also because everything relating to environmental performance, social injustice and governance are high-profile — with transgressions often very public.
The risks related to ESG include:
- Transition risk; the risks inherent in any transition from one state to another. Moving towards renewable energy; putting in place more sustainable supply chains — any business transition comes with a certain degree of risk.
- The risk of not making the transition. Those left behind on the ESG journey — whether that’s on net-zero commitments, human resources issues like equal pay or a failure to deliver on governance requirements — face their own risks.
ESG ratings and scores are increasingly used to assess a business’s potential as an investment, supplier or partner. And the reputational damage possible via poor ESG practices can’t be underplayed.
- Perhaps ironically, a surfeit of regulations and legislation. Aon’s Global Risk Management Survey 2021 points out that “Complex and overlapping cyber regulations run the danger of actually creating more cyber risks, not fewer” as a glut of compliance obligations overwhelm boards and management, with the risk that “a ‘check the box’ mentality ends up replacing best cyber-security practices.”
Because ESG is such a broad topic, companies can struggle to organize their thinking and activity. Identifying first steps can be challenging when there are so many competing issues to consider, and faced by numerous compelling priorities, businesses can be paralyzed into inaction.
Taking a structured approach to risk management can make the difference on ESG, by integrating ESG data capture and analysis technology within a recognized risk mitigation framework.
Risk 2: Cybersecurity
Cyberattacks and threats are among the top 10 2022 risks identified by Aon and Protiviti.
As businesses digitized — and as the pandemic accelerated digitalization — cybercriminals rubbed their hands. A more digital world sees digital threats evolving at an unprecedented pace; there was a 64% increase in email threats in 2020, with 79% of organizations hit by their lack of preparedness.
Robust governance has to be central to any digital transformation project to reap the benefits and avoid the pitfalls. Mitigating the risks accompanying digitalization means tackling them methodically, systematically, devising a centralized, collaborative approach to manage threats and minimize vulnerabilities.
Whether you are navigating the creation of a hybrid workplace or introducing new customer technologies, cybersecurity will be critical in 2022.
Risk 3: Data Privacy
Data privacy will be a top-of-mind issue in 2022.
A proliferation of state laws is expected in the US, as other states follow California and Virginia in setting their data protection legislation.
The New York Times believes that there’s a risk of “too many state laws generating confusion” for consumers and those bound by the laws. This confusion can lead to indecision, unformed strategies or ineffective policies for organizations trying to respond to data privacy requirements.
As with 2022’s other key risks, a disciplined approach to tackling data privacy threats is essential. The range of laws to be complied with, and the growth in rigor around data protection, make this an area where siloed or one-time-only strategies won’t cut it. Data compliance needs to be consistent, meticulous and integrated.
Risk 4: Rapidly Changing Regulatory Environment
“Regulatory/legislative changes” continue to be a significant risk, with the speed of change in regulation keeping GRC professionals on their toes as never before.
The aftermath of COP26 is likely to see a raft of new regulations relating to carbon footprints and net-zero commitments. Cyber threats and data privacy concerns, as above, are increasing, and new regulations here are also on the cards.
Keeping pace with your regulatory obligations and implementing strategies to deliver the data and reporting required is a serious undertaking. You need to stay ahead of complex, evolving topics and the regulations that govern them. A systematic approach enables you to benchmark governance practices against your peers and gives you confidence in your data and analytics.
Risk 5: Economic and Political Instability
Another common theme across lists of 2022’s biggest risks. Economic volatility — as a result of the pandemic’s ongoing fallout or political activity — and the other impacts of that political instability pose significant threats in 2022.
Migrant crises and increased political polarization are among the risks noted by Dun & Bradstreet that are set to increase “the risk of political disruptions in the pandemic’s aftermath.”
Economic and political volatility may feel out of organizations’ hands — but there is much they can do to mitigate the risks they pose. Building a robust organization with the capacity to withstand economic shocks; keeping clear oversight of your global entities and their risk profiles in case you need to respond quickly to changing political circumstances — these will stand you in good stead in an unstable world.
A holistic view of risk across your entire organization gives you the insight you need to be agile and deal swiftly with an evolving landscape.
Risk 6: Supply Chain Risks
Forbes has highlighted the need for “sustainable, resilient operations” as its number 1 business trend for 2022. “Business interruption” is the second risk on Aon’s list. And Dun & Bradstreet identify “supply chain difficulties” as number 5 in their most recent quarterly risk report.
In a globally interconnected world, supply chain resilience is crucial. Any of our top 5 risks can impact your supply chain:
The discovery of unethical practices at a supplier
- A cyberattack
- A data breach
- Suppliers falling foul of new regulatory imperatives
- Political turmoil in a supplier’s country
The start of the pandemic demonstrated starkly how fragile our supply chains are, with essential goods running short. Fail to prepare for bumpy conditions in 2022, and you’ll run the risk of a broken supply chain.
How IRM Can Help To Prepare Your Organization for 2022’s Biggest Risks
Taking an IRM approach to business risks gives organizations a head start on 2022’s biggest threats.
When risks are coming at you left, right and center, you need to focus on the priorities. You need to maximize efficiency and remove duplication.
With a consolidated view of your governance, risk and compliance strategies, you are far better placed to identify, respond to and mitigate the risks that threaten your operations. An IRM strategy equips audit and compliance teams with a 360-degree vision of incoming threats. It assures them that the data they rely on is comprehensive and accurate.
It enables them to sell the need for investment in risk management to the board, by presenting data clearly and in a strategic context. Risk is a loaded and often negative word, but organizations can turn threats into opportunities for improvement by identifying risks in good time and tackling them proactively.
The Journey Towards IRM
What does an IRM approach entail? What does it demand of the business? The journey to IRM isn’t always a quick or simple one — but when it comes to your ability to tackle risk, it’s well worth making.
- IRM enables informed leadership decisions and drives improved business performance.
- It allows organizations to tackle threats head-on, proactively anticipating risk and preparing for it before threatening business continuity.
- Internal audit and GRC professionals are well-placed to lead the charge on IRM, presenting a business case for an integrated risk approach, defining what IRM means for your organization and managing the implementation of IRM.
2022 may bring enhanced and new risks — and doubtless some that aren’t even on our collective radar. But taking a best practice approach to governance, risk and compliance, and using IRM principles to build your risk mitigation strategy, will position you well to withstand the shocks of a new year.
Read more about best practices in governance, risk, audit and compliance.