Regulatory policies pose top risk to India Inc in next 3 years

Mumbai: Regulatory policies pose the biggest risks for companies over the next three years, followed by cyber security and technology disruptions, a survey of over 100 top company executives has revealed.

The primary reason for this trend is that CXOs are considering regulatory compliance as a critical value protector exercise, the Deloitte India Risk Survey 2018 noted.

The survey showed a divide on the viewpoint of risk management amongst Indian organisations.

While 44 percent of businesses harness risks to find future opportunities and drive returns, 36 percent use risk management with an aim to drive compliance and prevent losses.

This insight is further substantiated with the fact that regulatory risk with 44 percent leads amongst the top three risk areas in the country, followed by cyber security with 31 percent and technology disruption at 25 percent, the study said.

Interestingly, the report shows that three years from now, there will be an expected shift in the trend.

Cyber security will take the lead with 36 percent amongst the top three risks for businesses, followed by technology disruption risk with 33 percent and regulatory risks at 31 percent.

The survey was conducted among over 100 top senior executives such as chief executive officers, chief financial officers, chief risk officers, business leaders and heads of internal audit.

Also, to get a fair understanding of the risk culture in the Indian organisations, the company gathered responses from organisations belonging to diverse set of industries, both private and public with a turnover of less than Rs 500 crore to Rs 7,500 crore.

"The changing trend demonstrates that with digital transformation, organisation will now need to redefine strategies as they become susceptible to multiple threats emerging through technology disruption," said Rohit Mahajan, president, risk advisory, Deloitte India.

He further said that the volatility and complexity of each of these risks will continue to increase.

"This essentially means that there needs to be shift from being risk averse to risk aware, with the power of innovation," added Mahanjan.

The report also stated that with the changing dynamics and the speed of business delivery, there is a growing demand for a dedicated chief risk officer (CRO) position.

The survey result indicates a positive trend in the industry where 64 percent of India organisations have designated CRO.

However, 39 percent of the organisations mentioned that risk management is the responsibility of each business/function and there is no separate CRO role.

In terms of risk management, the survey showed only 35 percent of the organisations had a high involvement of board or directors in risk management.

The findings also suggest that 12 percent of the organisations did not have a well-defined risk management strategy and 27 percent were unsure of the same.