International Women’s Day: Risk Management Issues to Watch

A 2013 piece on the role of women in risk management remains the most controversial article we’ve ever run in Risk Management magazine and the one that received the most comments and letters to the editor, hands down. Many of those reader comments were…let’s just say less than kind or receptive.

Today, International Women’s Day, offers the perfect opportunity to revisit that article, Woman at Work: Why Women Should Lead Risk Management, and some of our more recent coverage of pressing issues like the wage gap and gender parity at the board level.

The significance of this conversation is ever clearer, given not only the political climate and regulatory concerns, but also the simple data about the bottom line. Just last year, the Peterson Institute for International Economics and EY found that almost a third of companies globally have no women in either board or C-suite positions, 60% have no female board members, 50% have no female top executives, and less than 5% have a female CEO. After analyzing 21,980 publicly traded companies from 91 countries and a wide range of industries, their report, Is Gender Diversity Profitable? Evidence from a Global Study, found that organizations with leadership that is at least 30% female could add up to 6 percentage points to its net margin.

“The impact of having more women in senior leadership on net margin, when a third of companies studied do not, begs the question of what would be the global economic impact if more women rose in the ranks?” said Stephen R. Howe Jr., EY’s U.S. chairman and Americas managing partner. “The research demonstrates that while increasing the number of women directors and CEOs is important, growing the percentage of female leaders in the C-suite would likely benefit the bottom line even more.”

While study after study comes to similar conclusions, a recent report from EY explored why businesses need gender diversity for the innovation to thrive. Five disconnects continue to hold businesses back from achieving gender diversity on their boards, the firm found:

  1. The reality disconnect: Business leaders assume the issue is nearly solved despite little progress within their own companies.
  2. The data disconnect: Companies don’t effectively measure how well women are progressing through the workforce and into senior leadership.
  3. The pipeline disconnect: Organizations aren’t creating pipelines for future female leaders.
  4. The perception and perspective disconnect: Men and women don’t see issues the same way.
  5. The progress disconnect: Different sectors agree on the value of diversity but are making uneven progress toward gender parity.

Check out some of our previous coverage of key issues regarding women in business and risk management specifically:
Equal Work, Unequal Pay: Risks of the Gender Wage Gap
The Wage Gap in the Boardroom
Is the Insurance Industry Improving for Women?
Boards Still Lagging on Gender Parity
Preparing for New Pay Equity Requirements

Executive Focus Shifting to Operational Risks in 2015, Study Finds

Board members and C-suite executives across industries perceive the global business environment in 2015 as somewhat less risky for organizations than in the past two years. In “Executive Perspectives on Top Risks for 2015,” consulting firm Protiviti and the Enterprise Risk Management Initiative at the North Carolina State Univeristy Poole College of Management found that this is far from bad news for risk managers, as organizations are actually more likely to invest additional resources for risk management. Internal challenges like succession, attracting and retaining talent, regulation and cybersecurity are drawing the most attention, according to the report.

“Our survey findings indicate that operational risk issues are keeping many senior executives up at night,” said Mark Beasley, Deloitte Professor of Enterprise Risk Management and NC State ERM Initiative director. Indeed, for the third consecutive year, regulatory changes and heightened regulatory scrutiny ranked as the number one risk on the minds of board members and corporate executives, with 67% indicating that it will “significantly impact” their organizations. More than half of global survey respondents indicated that insufficient preparation to manage cybersecurity threats is a risk that will “significantly impact” their organizations in 2015, pushing cyberrisk up three spots from last year to the third-greatest risk.

The Top 10 Risks for 2015

The top 10 risks identified in the annual risk survey, along with the percentages of respondents who identified each risk as having a “Significant Impact” on their business, were:

1. Regulatory changes and heightened regulatory scrutiny may affect the manner in which our products or services will be produced or delivered (67%)

2. Economic conditions in markets we currently serve may significantly restrict growth opportunities for our organization (56%)

3. Our organization may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt our core operations and/or damage our brand (53%)

4. Our organization’s succession challenges and ability to attract and retain top talent may limit our ability to achieve operational targets (56%)

5. Our organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect our core operations and achievement of strategic objectives (51%)

6. Resistance to change may restrict our organization from making necessary adjustments to the business model and core operations (49%)

7. Ensuring privacy/identity management and information security/system protection may require significant resources for us (52%)

8. Our organization may not be sufficiently prepared to manage an unexpected crisis significantly impacting our reputation (46%)

9. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in our existing customer base (48%)

10. Our existing operations may not be able to meet performance expectations related to quality, time to market, cost and innovation as well as our competitors (46%)

The survey also identified differing perceptions of the current risk environment between boards of directors and members of the executive team. CEOs and boards of directors reported more optimism about risk issues, while CFOs and chief audit executives perceived a more risky business environment. “Given encouraging signs in the economy, we’ve observed an overall shift in focus from macroeconomic risks to operational risks, which had the greatest increase in risk scores from 2014. Notably, however, CEO respondents remained extremely focused on macro trends affecting their business,” Beasley said.

Check out the infographic below for more of the study’s key findings:

Protiviti Top Risks for 2015

Smaller Boards Mean Bigger Results, Study Finds

Small Boards Bigger Stockholder Returns

According to a new study by GMI Ratings, bigger isn’t always better in the boardroom. In research for the Wall Street Journal, analysts found that large companies with the smallest boards produced substantially better shareholder returns.

Based on a study of 400 companies with a market capitalization of at least $10 billion, those with small boards outperformed their peers by 8.5 percentage points, while those with large boards underperformed peers by 10.85 percentage points. The smallest board averaged 9.5 members, compared with 14 for the largest. The average size was 11.2 directors for all companies studied, GMI said. Their results were replicated across 10 different industries, from energy to healthcare.

Smaller boards tend to be “decisive, cohesive, and hands-on,” the WSJ noted, with more freedom to delve deep on operational issues and substantively debate issues. Further, as NYU finance professor David Yermack told the paper, small boards are more likely to dismiss CEOs for poor performance—a threat that declines significantly as boards grow.

Board Size and Shareholder Returns

While the details of causality are up for debate, the correlation is striking. Apple, which expressed firm plans to limit the board to 10 people, outperformed competitors in the technology sector by 37% between 2011 and 2014. Helmed by just seven directors, Netflix outperformed its industry peers by 32% during the same period. By contrast, pharmaceutical giant Eli Lilly, which has a board of 14, trailed its peers in the healthcare sector by 16%.

Reputational Risk Draws Increased Board Awareness, But Not Action

In its fifth annual board of directors survey, “Concerns About Risks Confronting Boards,” EisnerAmper surveyed directors serving on the boards of more than 250 publicly traded, private, not-for-profit, and private equity-owned companies to find out what is being discussed in American boardrooms and, in turn, what those boards are accomplishing as a result.

According to the report, reputation remains the top concern across a range of industries:

Most Important Risks

“The financial cost and damage to reputation from a cyber/privacy breach is growing exponentially,” said Nancy Brady, EisnerAmper’s director of IT risk services. “Directors have recognized the increasing risk companies face related to cyber/data security. Now they need to roll up their sleeves and, with the companies, address these risks.”

While reputational risk remained the top concern of respondents, the survey found that companies are not necessarily translating awareness into action. In fact, only 31% said they were concerned about crisis management.

“There were a surprising amount—close to a quarter of respondents—who had no plans, and others just informally ‘doing their best.’ This lack of formality to address the most significant risk identified existed across all organizations,” the report said. “When plans existed, they included both everyday operations—such as to keep a positive reputation and reduce the risk—and strategies to address a crisis affecting reputation.”

Despite the minimal plans in place, the directors surveyed seem to hold themselves and other company executives primarily responsible for the response to a reputational crisis. When asked who is responsible for executing such a plan, they reported:

responding to reputational risk crises

Respondents also showed improving confidence in the performance of the board, committees, external auditors and accounting departments.

How well is board addressing risks

Click here for the full report from EisnerAmper.