Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

​Deloitte Shares a List of "Risk" Trends to Watch in 2017 and Beyond

Comments Views

​Rather than the list of top risks, the people at Deloitte suggest that there are a number of trends "that have the potential to significantly alter the risk landscape for companies around the world and change how they respond to and manage risk."

They share 10 in The Future of Risk: New Game, New Rules.

I like the way they start:

The risk landscape is changing fast. Every day's headlines bring new reminders that the future is on its way, and sometimes it feels like new risks and response strategies are around every corner. The outlines of new opportunities and new challenges for risk leaders — indeed, all organizational leaders — are already visible.

What you'll see is that risk's onset and consequences, and the entire nature of the risk discipline, are evolving. The good news? The strategic conversation around risk is changing too. For leaders today, risk can be used as a tool to create value and achieve higher levels of performance. It's no longer something to only fear, minimize, and avoid.

For the moment, let's put aside our differences about the meaning of words such as "risk" and "risk source."

The 10 trends they have listed merit consideration. As Deloitte suggests, we should all consider these trends. Do we agree with the facts as presented? Will they affect us and, if so, how? How should we respond?

Please read the report, which is fairly short, before coming back to this discussion.

The first trend is cognitive technologies, which is a fancy term that includes big data analytics, predictive analytics, AI, machine learning, and so on. Deloitte says it is about "using smart machines to detect, predict, and prevent risks in high-risk situations."

Broadly speaking, every organization should be watching and exploring ways to use new or advances in technology for this purpose.

But more might be done.

Machine learning and similar technologies may not only detect patterns and so on, analyze them, but actually make decisions and initiate action. Smart software, as well as machines, is starting to replace humans that perform repetitive analysis and response.

The second is "Controls become pervasive." Deloitte is not talking about internal controls, here. They are talking about controls automation. They could have easily rolled this into the first trend, since it's really about the use of technology for risk monitoring.

The third is quite different: It's about advances in behavioral science. I'm not sure what they expect to be different in 2017 and beyond, because the study of human behavior is not new at all. The key is whether the science will be used.

Deloitte then uses the term "vigilance" for its next trend. This is another fancy word; detection would have worked just as well, perhaps more accurately, but vigilance is more exciting and appealing to the consumer of Deloitte services.

Yes, more attention needs to be placed on risk monitoring and detection controls, especially with respect to cyber.

The next one is "risk transfer." Arguably, risk is never transferred. It can only be shared or mitigated. Also, preventive controls do not eliminate risk; they just reduce the level to hopefully acceptable levels, because there is always the possibility that the controls will fail. The only change in this area I am aware of is the emergence of (limited) cyber insurance.

Deloitte thinks that the fact that innovation outpaces regulation is a trend. I am not persuaded. However, the relaxation of regulation under President Trump would be a change — but may not be in effect long-term if he is not re-elected in four years.

Using risk management to drive performance is not a new thought. I have been pressing for it for a while myself. If it becomes a reality, that would certainly be an important trend.

"Collective risk management" is an interesting concept. However, laws and regulations can limit the sharing of information.

"Disruption dominates the executive agenda" is not new. I agree with Deloitte that it should be expected to increase this year and into the future.

Then Deloitte picks reputation risk — again, not really new. The change is that new technologies can help us address it.

Overall, a couple of points that should stimulate some thinking. But most of this should be ho-hum for most of us.

What do you think?​

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this blog post

comments powered by Disqus
  • CRMA-Launch-October-2021-Blog-1
  • All-Star-Conference-October-2021-Blog-2
  • IT-General-Controls-October-2021-Blog-3