top 10 risk concerns
Whilst the nature of key risks varies across
industry sectors, there is no doubt that increasing
business complexity, globalisation, market
competitiveness and a greater level of risk
awareness are all adding to the perception that
risk is now a stronger threat than ever before.
For example:

manufacturing organisations are concerned with business interruption (business
dependencies), systems (technology and disaster
recovery risks) and market environment (competitor
and demand/supply cyclicality).
 fi
nancial institutions are more concerned with computer crime (hacking
and viruses), brand and reputation, and corporate governance (directors’ liability,
culture and organisational structure and
performance issues).
The volatile business environment, the prevalence
of major loss events and the additional burden of
managing diverse and complex risk issues have all
added to an increased awareness and concern about risk across the business community. This is clearly evident from the survey with the level of importance of almost all key risk factors rating higher by respondents than in previous surveys.
 t he construction sector is worried about the human resources risk factors (attraction and retention of staff, succession planning), particularly driven by the lack of availability of labour.
Whilst the overall ranking of the key risks has changed marginally, the greatest upward change is a concern with threats to brand and image (social responsibility, compliance and business ethics
risks), which is the top risk concern for 2007/08.

At an industry level the key risk concerns of respondents
show a fairly predictable correlation to the unique
business characteristics, environmental factors and
areas of interest for each sector.
professional service organisations are primarily concerned with the loss of intellectual
property, which in part is driven by the tight labour
market and the movement of key staff.
 e
nergy and utilities are concerned about physical asset risks, systems and climate change.
TABLE 1 2003–2008 top 10 risk concerns
rank
change from
2006–07
to 2007–08
2003/04
2004/05
2005/06
2006/07
2007/08
1
brand + image
brand + image
corporate governance
corporate governance
brand + image
2
physical assets
corporate governance
systems
systems
systems
3
systems
regulatory
brand + image
human resources
corporate governance
 2
4
human resources
legal
human resources
brand + image
human resources
1
5
legal
systems
legal
legal
information management
1
6
corporate governance
human resources
liquidity
information management
business interruption
 2
7
market structure
liquidity
information management
lack of innovation
legal
 2
8
external dependency
physical assets
business interruption
business interruption
market environment
 2
9
liability
capital structure
capital structure
impact of regulation
lack of innovation
 2
10
liquidity
information management
lack of innovation
market environment
impact of regulation
1
TODAY. TOMORROW. READY.
14
 3
–
table 2 Risk Drivers Behind the Top 10 Risk Concerns
risk
key risk drivers
brand + image/loss of
reputation
ethics, compliance breaches, product quality, social responsibility and community relations
systems
netware, hardware, software, web based technology and disaster recovery
corporate governance
directors’ and officers’ liability, regulation and compliance, organisational
culture, business strategy and operational performance
human resources
employee injuries, workers’ compensation, absenteeism, staff attraction and retention, disputation, key personnel, succession planning and industrial disease
information management
operating, organising and monitoring knowledge management systems
business interruption
internal dependencies (property, machinery failure or loss, critical machinery or plant failure and other internal dependencies) and external dependencies
(suppliers, customers, supply-chain vulnerability)
legal
contracts and contract management, legislative and regulatory compliance
market environment
economic, country and political risks, competitor, demand/supply cyclicality,
earnings volatility, substitute markets
lack of innovation
failure to change/adapt
impact of regulation
accounting, regulatory and compliance reporting, tax
Aon commentary
“ It is not surprising that financial institutions are
increasingly concerned with crime risk and in particular
the rise of high-tech computer crime. Hacking, viruses
and criminal schemes such as phishing, pharming and
man-in-the-middle attacks are a direct threat to financial
institutions in terms of financial, reputational and
operational impact.”
“Infrastructure such as physical assets is undoubtedly
one of the key concerns for the energy and utilities sector.
However, what is often underestimated are the costs
associated with any unintended disruption. Whilst there
is a growing awareness of the issue there is still a large
gap in understanding the magnitude of the risk which
can be significantly higher than the infrastructure costs
themselves.”
Shane Boyd | Aon’s Head of Fraud Risk Services
Chris McMichael | Aon’s National Practice Leader
“The credit squeeze stemming from the US sub-prime
crisis demonstrates just how significant brand and
reputation risk is to the financial services sector. Questions
over lending practices, concerns with liquidity, increased
cost of capital and concerns around governance practices
are all part of the searching questions being directed at directors and executives of financial institutions all
around the globe. Add to this the inherent complexities in managing portfolios of increasingly sophisticated, high yielding risk-financing instruments, coupled with the
need to demonstrate effective governance to the watching
world, will see brand and reputation issues continue to be a dominant risk concern for financial institutions
through the economic cycle.”
for the Energy and Utilities sector
In the past two surveys we identified a trend away
from business assurance-type risk factors back towards
business growth-related risk concerns with ‘lack of
innovation’ emerging as a key risk concern. Interestingly,
whilst this remains one of the top 10 risk concerns
(ranked ninth overall) it is one of the only risk concerns
not to be assessed higher than in the previous year.
Tim Farren | Aon’s National Practice Leader
for Financial Institutions
15