Executives and boards of directors rate regulatory changes and heightened regulatory scrutiny as the highest risk faced by their organizations for the third consecutive year in the annual risk survey conducted by North Carolina State University and Protiviti.

regulation stamp

In fact, this risk has topped the list in all three years of the “Executive Perspectives on Top Risks” survey, beginning in 2013.

In the 2015 survey, 277 board members and executives ranked the following as the top five organizational risks among 27 risk issues:

1. Regulatory change and heightened regulatory scrutiny

2. Economic conditions in domestic and international markets

3. Concerns about cyber threats disrupting core operations

4. Succession challenges and the ability to attract and retain talent

5. Organization’s culture failing to support timely risk identification and escalation

Although the 2015 survey seems to show that, in general, the business environment is “somewhat less risky” than in 2013 and 2014, chief financial officers expressed concern that risks are growing in magnitude and severity. CFOs and chief audit executives (CAEs) see a riskier environment for organizations than do other executives and boards of directors.

It’s important to remember that audit committees often request the involvement of CFOs and CAEs in their organizations’ risk management. Because of the experience and knowledge of these executives, their viewpoints “may be hugely informative to the rest of the management,” the survey said. “Understanding their concerns now is vital, before it is too late and the organization is forced to address a significant risk event anticipated by personnel on the front lines.”

Those surveyed represented organizations with revenues ranging from $10 billion or greater to less than $100 million. The survey also included executives and board members from public companies, privately held for-profit companies, and not-for-profit and governmental organizations.

All types and sizes of organizations were consistent in ranking regulatory risk as their No. 1 concern. For three of the sizes, it was the only risk that was perceived as having a possible “significant impact” on their organizations, scoring above 6 on a scale of 1-10.

The two categories of organizations with the largest revenues – $10 billion or greater and $1 billion to $9.99 billion – also saw cyber threats and succession challenges as possibly presenting a “significant impact” risk.