Each December, Diligent compiles an outlook report detailing what to expect in the year ahead. The theme for 2023? Risk.
Read on for highlights of how risk stands to permeate every aspect of governance, audit, ESG and compliance in the year ahead.
Governance and Risk
For boards and management, heightened pressure around climate action dovetails with the SEC’s proposed rules about cybersecurity oversight, which may soon become law. When they do, companies will need to prepare for more disclosures about their cybersecurity policies and procedures. With fresh scrutiny on directors’ cybersecurity expertise, or lack thereof, boards will need to take their cyber savviness to the next level as well. At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it's clear that lines of communication - not to mention understanding - must be improved
Meanwhile, watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk. If new trade sanctions or customer preferences affect a region or supplier, does your company have alternatives in place to pivot as necessary?
Finally, if crypto and blockchain aren’t already on your board’s radar, it’s time to add them to the 2023 agenda. Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies.
Audit and Risk
Audit’s role in corporate governance and risk management has been evolving. Once strictly focused on finance and compliance, internal audit teams are now increasingly expected to help boards and executive management identify, prioritize, manage and mitigate interconnected risks across the organization.
In 2023, such risks will run the gamut: geopolitical volatility, talent management, DEI, ESG, IT security amid continued remote and hybrid work and business continuity amid the threat of large-scale operational and utility interruptions.
Risk’s time frame has been expanding as well. While companies still require a short-term view of imminent threats, they also need insight over the next 5-10 years into evolving challenges such as recession, war and supply chain issues.
Audit teams recognize their evolving responsibilities. But Diligent’s 2023 Outlook indicates that day-to-day activities still need to catch up.
ESG and Risk
Watch for continued war between Russia and Ukraine marking a turning point for ESG and risk, as countries and companies shift from Russian oil and gas to green energy solutions. Regulatory developments further solidify the ESG-risk connection, particularly new rules by the SEC, codification of the Corporate Sustainability Reporting Directive (CSRD) and a host of regulatory developments around the world covering:
- Which activities can be considered “green”
- Sustainable finance
- Reporting the representation of women and ethnic minorities on the board and in executive management
Compliance and Risk
Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
But this is just one of many developments at the intersection of compliance and risk. Companies will also need to keep their eye on:
- Third-party risk: Under the German Supply Chain Act and EU Supply Chain Directive, companies can be fined up to €8 million, or 2% of the average annual turnover if they make more than €400 million annually.
- New regulations for corporate misconduct: The U.S. Department of Justice is enacting one of the most elaborate overhauls of corporate enforcement in recent years.
- More calls for ESG-related disclosures: Investors and regulators want to see what companies are doing to fight modern slavery, greenwashing and human rights violations.
- “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Integrated Risk Management
Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary.
IRM plans will need to account for ESG as well. Even as companies tout sustainability in their mission statements, many organizations lag behind in putting these statements into action, and stakeholders are watching. To meet ESG goals while mitigating risk, companies will need real-time data.
They’ll also need visibility across the supply chain, especially as supply chain turmoil continues. According to a May 2022 report by Accenture, supply chain challenges arising from the COVID-19 pandemic and Russia’s invasion of Ukraine could result in a potential €920 billion cumulative loss to gross domestic product (GDP) across the Eurozone — or 7.7% of GDP — by 2023.
How can your company prepare for these risks and more in the year ahead? Download the full Diligent 2023 Outlook Report to find out.