In its annual board of directors risk survey report, EisnerAmpner found a surprising disconnect among risk managers at publicly traded companies in the US.

Aside from financial risk, the top risk area companies are most concerned with is risk to reputation, far ahead of other top responses.

However, despite so many companies being worried about reputational risk, the survey found that nearly 30% of companies were doing nothing to address the concern, despite many respondents also stating that implementing a risk program fell under their purview at their respective company.

One of the main reasons for the disconnect between companies worried about risk to reputation and a willingness to act on the risk is that many board members are unfamiliar with cybersecurity and social media, two large vectors of reputational risk. Because of their unfamiliarity, they are apprehensive to engage resources or spend time or money to address a risk that they may not fully understand.

This tension has the end result of companies operating with large gaps in their risk programs. Companies want to address reputational risk and cyber security, but lack of familiarity makes it easy to put off for yet another year.  As a result, less than 40% of the survey respondent publicly traded companies even have a fully implemented risk management program in place. Companies end up operating in a permanent quicksand of risk preparedness, a knowledge that something needs to be done to get out of the mess, but afraid to move in the wrong direction out of fear of sinking further.

This unfortunately misses a broad point of risk planning, which is that risk is interconnected. Whether it is risk to reputation, cyber security, supply chain, or vendors; a proactive and thoughtful risk program is preferable to none.

Topics: BCS, California, Certificate of Insurance, COI Tracking, ERM, INSURANCE CERTIFICATE AUDITING, Insurance Certificate Tracking, INTERNET, IPAD, Supply Chain Management, Uncategorized, Vendor Risk, Vendor Safety

Leave a Comment