“How complicated and unpredictable the machinery of life really is.”
— Kurt Vonnegut

In the 18 months since the COVID-19 pandemic first shuttered the world, organizations have learned to embrace the unexpected. Board members, C-suite executives, and chief audit executives — the key players in risk management — now know that low likelihood/high impact risks must be given greater consideration. This realization has jolted boards into greater awareness of risk management weaknesses, energized senior management to build more nimble and resilient organizations, and positioned internal audit to deliver broader value.

Indeed, the pandemic has spawned changes in how we see our trusted institutions, the value and priorities we place on our time, and our commitments to long-held social contracts about work, diversity, and the health of the world around us. It is too early for definitive answers to which of these changes will be fleeting or permanent. However, one thing is certain. This once-in-a-century test of core social, business, political, and economic beliefs will forge changes both subtle and profound. While historic, the lingering pandemic and its related fallout is not the only factor likely to influence risk in 2022. Growth in social upheaval, a significant shift in regulatory attitudes at the federal level, continuing economic and political volatility, continuing effects of climate change, and the marked acceleration of environmental-, social-, and governance-related issues will combine to make the coming year one filled with unpredictability and opportunity.

“COVID-19 has been a wake-up call for organizations to create a plan for the unexpected. These ‘Hollywood type’ risk scenarios are now something that should be discussed to some extent within organizations.”
– C-suite, Technology

“Risk today has become very volatile and random. You see these things occurring globally in the news and there seems to be less correlation between the cause and effect.”
– Board, Retail

The OnRisk approach is grounded in an innovative methodology that uniquely brings together the perspectives of the major stakeholders in organizational governance — the board, executive management, and chief audit executives. Alignment of these stakeholders’ views on personal knowledge, organizational capability, and risk relevance is a significant step toward achieving strong risk management in support of effective governance.

The methodology employs qualitative interviews of 30 board members, 30 C-suite executives, and 30 CAEs from 90 different organizations. The research provides a robust look at risks facing organizations and allows for both objective data analysis and subjective insights based on responses from risk management leaders. Collective ratings for each group are assigned a value based on the percentage of respondents who rate particular aspects of each risk at a 6 or 7 on a 7-point scale. For example, if 7 in 10 board members rated their organizations’ risk management capability on data privacy at a 6 or 7, the score would be 70%.
Further details regarding the OnRisk methodology, how to use and leverage this report, and explanations of the Stages of Risk developed in conjunction with the OnRisk approach can be found later in this report.