Regulatory policies pose the biggest risks for companies over the next three years, followed by cybersecurity and technology disruptions, a survey of over 100 top company executives has revealed.
The primary reason for this trend is that CXOs are considering regulatory compliance as a critical value protector exercise, the Deloitte India Risk Survey 2018 noted.
The survey showed a divide on the viewpoint of risk management amongst Indian organisations.
While 44 per cent of businesses harness risks to find future opportunities and drive returns, 36 per cent use risk management with an aim to drive compliance and prevent losses.
This insight is further substantiated with the fact that regulatory risk with 44 per cent leads amongst the top three risk areas in the country, followed by cybersecurity with 31 per cent and technology disruption at 25 per cent, the study said.
Interestingly, the report shows that three years from now, there will be an expected shift in the trend.
Cybersecurity will take the lead with 36 per cent amongst the top three risks for businesses, followed by technology disruption risk with 33 per cent and regulatory risks at 31 per cent.
The survey was conducted among over 100 top senior executives such as chief executive officers, chief financial officers, chief risk officers, business leaders and heads of internal audit.
Also, to get a fair understanding of the risk culture in the Indian organisations, the company gathered responses from organisations belonging to a diverse set of industries, both private and public with a turnover of less than Rs 500 crore to Rs 7,500 crore.
"The changing trend demonstrates that with digital transformation, organisation will now need to redefine strategies as they become susceptible to multiple threats emerging through technology disruption," said Rohit Mahajan, president, risk advisory, Deloitte India.
He further said that the volatility and complexity of each of these risks will continue to increase.
"This essentially means that there needs to be shift from being risk-averse to risk aware, with the power of innovation," added Mahajan.
The report also stated that with the changing dynamics and the speed of business delivery, there is a growing demand for a dedicated chief risk officer (CRO) position.
The survey result indicates a positive trend in the industry where 64 per cent of India organisations have designated CRO.
However, 39 per cent of the organisations mentioned that risk management is the responsibility of each business/function and there is no separate CRO role.
In terms of risk management, the survey showed only 35 per cent of the organisations had a high involvement of board or directors in risk management.
The findings also suggest that 12 per cent of the organisations did not have a well-defined risk management strategy and 27 per cent were unsure of the same.