Skip to main content

ERM, Protiviti Study Finds Greater Magnitude, Severity of Risks Expected for Businesses in 2017

Recent global uncertainties and their potential effects on businesses are top of mind for board members and executive management teams as they assess their risks for 2017, according to the results of the fifth annual survey of business executives by the global consulting firm Protiviti and the Enterprise Risk Management (ERM) Initiative at the North Carolina State University Poole College of Management.

Executive Perspectives on Top Risks for 2017, released December 8, assesses the concerns of 735 board members and executives across a variety of industries who participated in the global survey. The respondents rated the perceived severity of macroeconomic, strategic and operational risks to their businesses for the coming year.

Nearly three-quarters of the survey respondents (72 percent) indicated that uncertainties related to economic conditions may have a significant impact on their businesses in 2017 to a greater extent than in previous years. Cumulatively, the overall scores for the top 10 risks have increased since last year’s survey, with the economy being even more of a concern in markets outside the U.S.

“Our survey results support a shift we’ve seen in the focus of board members and c-suite executives towards risks associated with international and domestic economic conditions, regulatory scrutiny and cyber threats,” said Dr. Mark Beasley, Deloitte Professor of Enterprise Risk Management and NC State ERM Initiative director. This shift is especially highlighted for organizations in the Asia-Pacific and European regions. Interestingly, results indicate, however, that organizations are not planning to invest additional resources in enhancing their approaches to risk management over the next 12 months.”

The Top 10 Risks for 2017

Following are the top 10 risks identified in this annual risk survey, along with the percentages of respondents who identified each risk as having a “Significant Impact” on their business*.

  1. Economic conditions in markets we currently serve may significantly restrict growth opportunities for our organization. (72 percent)
  2. Regulatory changes and regulatory scrutiny may heighten, noticeably affecting the manner in which our products or services will be produced or delivered. (66 percent)
  3. Our organization may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt core operations and/or damage our brand. (60 percent)
  4. Rapid speed of disruptive innovations and/or new technologies within the industry may outpace our organization’s ability to compete and/or manage the risk appropriately, without making significant changes to our business model. (63 percent)
  5. Ensuring privacy/identity management and information security/system protection may require significant resources for us. (57 percent)
  6. Our organization’s succession challenges and ability to attract and retain top talent may limit our ability to achieve operational targets. (55 percent)
  7. Anticipated volatility in global financial markets and currencies may create significantly challenging issues for our organization to address. (53 percent)
  8. Our organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect our core operations and achievement of strategic objectives. (55 percent)
  9. Resistance to change may restrict our organization from making necessary adjustments to the business model and core operations. (54 percent)
  10. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in our existing customer base. (57 percent)

*Note, the Top Ten Risks are defined and weighted based on the index ranking, which was compiled on a 1-10 scale; this included significant impact (6-10), potential impact (5), and less significant impact (1-4).

“Executives are concerned about their companies’ ability to keep pace with the rapid speed of change, including disruptive innovations and new technologies within their industries,” said Patrick Scott, Protiviti executive vice president of Industry Groups. “While the effects may vary across industry groups in terms of different risk profiles, our study shows that no industry is immune to future uncertainty in a changing world.”

“The need for greater transparency around the nature and magnitude of the risks associated with executing an organization’s corporate strategy will continue to be high into next year,” said Jim DeLoach, a managing director with Protiviti. “Volatile markets, intensifying competition, demanding regulatory requirements, fear of catastrophic events and other dynamic forces are leading to an increasing imperative for management to identify and assess the organization’s key risk exposures and then design and implement effective capabilities to manage those exposures. This imperative sets a powerful context for strong board-level engagement and risk oversight in 2017.”

The survey was conducted in the fall of 2016. Respondents represent both U.S.-based and non-U.S. organizations across public and private sectors. The survey report also provides detailed insights broken out by size and type of company, respondent role and industry.

Resources Available

The “Executive Perspectives on Top Risks for 2017” report from Protiviti and the NC State Poole College ERM Initiative, along with an infographic and a podcast highlighting the survey results, are available for complimentary download at the ERM website. A complimentary 60-minute webinar exploring the implications of the survey results will be held December 15, 2016 at 10:00 a.m. PST, featuring NC State’s Dr. Mark Beasley and Protiviti’s Patrick Scott and Jim DeLoach.

About the NC State University Poole College ERM Initiative

The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques (

About Protiviti

Protiviti ( is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Through its network of more than 70 offices in over 20 countries, Protiviti and its independently owned Member Firms provide clients with consulting solutions in finance, technology, operations, data analytics, governance, risk and internal audit.

Protiviti has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.