What risks are most worrisome for company executives and how can legal departments, chief risk officers and others in a company best mitigate any potential harm?
These questions were asked and answered in Ropes & Gray's "Risky Business: Mitigating Exposure Through Comprehensive Risk Management" study, released Monday. The study, which Ropes & Gray conducted together with research service FT Remark, asked 300 senior-level executives across a number of industries to identify their top risks and reveal their readiness to handle legal and regulatory challenges.
Regulation and compliance landed on top of the list for respondents when it comes to risk factors they are most worried about. This was followed closely by sanctions and export controls, tax and intellectual property.
Interestingly, despite identifying regulation and compliance as risk factors that are of the greatest concern, for more than half of respondents (57 percent), these two areas of risk were identified as those they feel least prepared to address. This likely explains why nearly 80 percent of respondents said they currently allocate the most risk management resources to dealing with these risks and 55 percent said they intend to devote more in the next 12 months.
As for the risks respondents feel best prepared to deal with, 43 percent named corporate social responsibility and supply chain management, followed by enforcement/investigations and competition/antitrust risks.
Beyond just particular types of risks, respondents were also prompted to consider how location plays a part in corporate risk. Some 28 percent of executives named China as the market that's riskiest to overall business. This is more than double the number of execs who named the markets rated second-riskiest on the list, Brazil and the United Kingdom, which were tied at 13 percent. The United States came in a close fourth, with 11 percent citing it as the market that poses the most significant risk to their businesses.
Any of a number of players can take the lead when it comes to risk mitigation. It depends on a particular company's needs and the types of risks at issue, the report pointed out. Legal departments, for instance, are often responsible for risk mitigation when it comes to enforcement/investigations, sanctions/export controls and intellectual property risks. The chief risk officer may take charge of managing anti-corruption bribery/and anti-money laundering risks.
And while the approach to risk management seems to vary by company and the nature of the risk, setting the right tone from the top appears to be a common theme in addressing these dangers. "Our founders recognize the value of strong governance," Heather Mitchell, managing director and global general counsel for investments at The Carlyle Group, said in the report. "Once that tone is set, you have to identify the risks, and estimate their likelihood and then their potential impact on the business."
Mitchell added that risk awareness and responsiveness are "fundamental" to the company's corporate culture. "We're doing everything to make sure that our best practices are communicated throughout the organization. And we use that information not only to anticipate and mitigate risk, but to take advantage of risks if they offer an opportunity," she said.