In the European climate of rapid changes in its social, economic, technological and regulatory environment, businesses require solid risk management frameworks in order to maintain a competitive advantage.
Companies, understanding the importance of risk management, are including broader overviews of their collective risk perception in their annual reports. Of course, this has mainly begun in order to comply with International Accounting Standards and Financial Reporting Standards (IAS/IFRS) and to the effective application of Corporate Governance Codes required by the national Stock Exchanges for its listed companies. However, the level of disclosure is increasing – and including a good level of analysis of non-financial risks, partially due to the introduction of the Non-financial Reporting Directive (2014/95/EU) and to the relevance that non-financial risks and those connected to sustainability are having for consumers and institutional investors.
The annual reports, indeed, highlight that financial risks, including liquidity, credit and fluctuations of exchange rates/interest rates, are the most significant to organizations in Europe. As the majority of the companies are addressing their financial stakeholders, this — together with the above mentioned mandatory financial risks disclosure — can be considered the main reason behind the high rank of financial risks. The annual reports in this study also show that operational risks such as legal and compliance (concerning the threat resulting from violations of laws, regulations, codes of conduct, or organizational standards of practice) and – close to the bottom of the chart — human capital risk (connected to the importance of investing in people) are in the top 10 concerns of these organizations.
Further, uncertainty relating to the economic, political, financial and geopolitical environment, as well as growing regulatory risk, are worrying to EU companies.
Strategic risk is another key point in the annual reports; companies feel that failures in strategy design could be dangerous to business activity, while reputational risk – often connected to failure in the strategy process — is at the bottom of the top 10 European list.
As expected, due to the significant growth of digitalization, the introduction of GDPR and the occurrence of large-scale cyber attacks, the threat of cyber risk from both internal and external weaknesses is a key concern for companies in EU.
Managing health/safety & environmental risk, including topics such as sustainability, is also becoming a top priority for companies, with many now including sections on sustainability in their annual reports.