Protiviti - top risks for 2013

Nice piece of 'top risks' benchmarking for practitioners was pushed out this week by Protiviti - heavily US-centric, cross-industry (around 25% financial services, but all respondents are C-suite types), and the 'risks' are provided as a selection of 20 pre-written items, but the work has still got some mileage, even if I am far from convinved by the early statement that "...the first question an organisation seeks to answer in risk management is 'what are our most critical risks'" with no reference to their strategic objectives!

Let's take that as an editorial oversight, and pick through the highlights;

• Unsurprisingly, economic conditions and regulatory change/scrutiny are top of the financial services hitlist of 'top risks' (and indeed other industries)
• CROs and Chief Audit Executives were less likely to rate a risk "less significant" than their first-line counterparts - nest feathering or legitimate conservatism?
• Financial services considerably more likely to deploy additional resource to enhance risk management capabilities in the next year

There is also a "suggested questions for Boards" list at the back, which covers (albeit in a rather flannel-y fashion) the kind of items which emerged in the FSB's risk governance recommendations from earlier in the week, such as;

• Is the Board sufficiently involved in/informed of the risk assessment process regarding the implementation of strategy (mergers & acquisitions, new lines etc)?
• Is the MI around the Risk Profile sufficient?
• Is there an existing emerging risk management process?
• Is the risk profile consistent with risk appetite?

A decent piece to run through your NEDs at the very worst, and potentially of some use for your emerging risk/reverse stress testing activities for 2013.