According to EY's Global Board Risk Survey 2023, geopolitical events, supply chain disruption and people and culture issues have risen on the list of factors that create the most risk for companies. The survey, which features responses from 500 global directors of organizations with revenues over $1 billion, provides insight on what boards can do to better oversee their organization's most significant risks, including adapting to emerging technology and challenging management to capitalize on changes in the business environment. We spoke to Kris Pederson, leader of EY Americas Center for Board Matters, about the biggest emerging risks and ways boards can strengthen their resilience.
Directors & Boards: Which risk areas did the report find to be most likely to have a major impact on public companies over the next 12 months?
Kris Pederson: Our 2023 EY Global Board Risk Survey results found that 60% of board director respondents agree emerging risks are insufficiently addressed in risk management frameworks. Among the risks that will have a major impact on organizations in the next 12 months are geopolitical events, supply chain disruptions, emerging technology and cyberattacks. This reflects new and heightened challenges companies face today. What's more, these risks are among the most difficult risks for a company to identify, track and manage.
Building resiliency — that is, the ability to anticipate, prepare for, respond to and adapt to a changing environment — must be a priority of boards as they help their companies mitigate these risks to garner trust and create sustainable long-term value. And it appears to be, as 61% of respondents agreed that enterprise resilience is more about adaptation than recovering back to normal. However, they need to strengthen their oversight to better support management in responding to risks and capitalizing on their opportunities.
DB: What steps can boards take to increase their resilience while dealing with emerging issues?
KP: For boards to achieve resilience while dealing with emerging issues, they will want to improve how they anticipate, prepare for and adapt to risks. We laid out five recommendations in the report.
Boards should review their governance and committee structures and consider, for example, whether they could strategically benefit by creating new committees, such as sustainability or technology/cyber. They also might assign responsibility and accountability for oversight of key risks to existing committees, such as compensation or audit. Boards should also be addressing geopolitical risk as part of their oversight remit to govern the elevated importance of geopolitics to corporate strategies and help executives manage geopolitical opportunities and risks. Appointing people with appropriate skills and experience to lead these committees could help boards address any capability gaps, as would a tailored board education program that draws on advice of independent experts.
Boards should encourage management to evaluate the organization's current risk, control and compliance approaches to identify inefficient, siloed processes. Management can use those findings to align the organization's risk management processes to achieve greater efficiency and effectiveness and create a consolidated risk report to the board for review and discussion.
Boards should advise management on trends in the business environment and support them with risk scenario planning. With management, they should consider using AI and advanced analytics to scan for risks and apply their analysis to scenarios to help management understand and report on the organization's risk exposure.
Boards should engage in the process for setting, reviewing and reporting on strategy and performance, and risk should be part of that discussion. Risk reporting and evaluation should be part of the daily decision-making, and boards can suggest that organizations embed key risk indicators in their strategy to serve as an early warning system, connecting risks with performance. Among other recommendations that boards can make, they can guide management to set high expectations for sensitivity analysis by their risk teams and integrate risk reporting in the strategic planning and performance management reporting.
The board's oversight remit should include geopolitical risk. As the latest EY Geostrategic Outlook observes, political volatility will elevate the importance of geopolitics in corporate strategies to its highest level in a generation. Boards should help executives manage geopolitical opportunities and risks by staying informed and making sure they are covered in the risk management process.
DB: Is the pressure for organizations to respond to social issues increasing and, if so, what are boards doing to make sure they meet stakeholder expectations while not alienating other constituencies?
KP: Absolutely, and subsequently we find boards extending their oversight on responses to sociopolitical issues. Sixty-six percent of our respondents agreed that addressing sociopolitical issues builds trust with employees and customers. However, 63% are wary about taking a strong position.
A formal process based on materiality analysis could help prevent missed opportunities and ensure the company isn't overstepping in areas that are not business-critical. The risks of misjudging these sensitive and complex topics are substantial, particularly when social media channels are an important expression of an organization's brand.
The temptation can be to quickly take a reactive position to a hot topic. But trust is created through both perception and action. So, acting in a way that isn't aligned with the organization's purpose or values or weighing in on a nonmaterial area erodes the trust that stakeholders have in a brand.
Boards can help their organizations build trust among stakeholders and raise their profiles around issues that matter most to them — those that are material to the business. Highly resilient boards also feel comfortable discussing sociopolitical issues, and they apply formal processes and frameworks that guide their response to emerging issues. They consult sufficient internal and external stakeholders to determine which issues to respond to.
DB: How do you define a “highly resilient board” and how are those boards behaving differently related to sustainability? What are they doing better than less resilient boards?
KP: The EY Global Board Risk Survey indicates that only 23% of boards are highly resilient. These boards thrive, pivot, adjust and prepare for potential and likely risk events — the gray rhinos —even if they are outside of their control. Although boards cannot predict which gray rhino is coming, they can set the tone for the organization to prepare for it by scenario planning for likely risks. To this end, highly resilient boards don't necessarily have all the answers, but they are more aware of critical gaps in their risk preparedness and they recognize the steps they need to take to close these gaps.
Highly resilient boards are more likely than their peers to be confident and satisfied with the various actions taken to address the organization's challenges. For example, more than half (56%) of highly resilient boards are confident they can respond to unexpected high-impact incidents, compared with 34% of less resilient boards. They are more likely to be highly effective in aligning risk and business strategy and they are not complacent. Overall, they also are more likely to be highly effective in aligning risk relating to talent, social issues, sustainability and technology with their organization's business strategy. Sixty-six percent of the respondents believe enterprises can only be resilient if they are environmentally sustainable. What's more is that highly resilient boards are willing to sacrifice short-term financial performance for ESG issues.