46% of senior executives find it challenging to understand the risk exposure across all business units

The economic environment, cybersecurity and financial risks are among the top concerns for Hong Kong-listed companies, a KPMG and The Hong Kong Institute of Chartered Secretaries (HKICS) joint survey has found.

The report, ‘Risk Management: navigating change in Hong Kong’, surveyed 197 Hong Kong-based senior executives, assessing the extent to which they have embedded risk management in their businesses.

The economic environment was the top risk concern for Hong Kong-based senior management, while cybersecurity has emerged as one of the top five risks. Financial risk was cited as the second-highest concern in 2017, up from fifth place in 2015.

“Businesses continue to experience an escalating pace of change as a result of disruptive technologies, innovative business models, new forms of competition and a shifting geopolitical landscape,” said Jyoti Vazirani, partner, head of financial risk management, KPMG China.

“For companies listed in Hong Kong, business and regulatory imperatives have prompted many leaders to implement or enhance their existing enterprise wide risk management programs.”

The survey found many businesses have not fully integrated risk management into their decision-making process, and building up a holistic view of risk remains a key challenge.

Some 46% of the respondents find it challenging to understand the risk exposure across all business units, while more than a third of respondents are unsure of how risks impact the top strategic objectives.

Ivan Tam, president, HKICS, said: “The key themes emerging from the survey indicate that businesses need to refocus their risk resources in a more effective manner, and adopt a holistic and integrated approach to managing risk.”

In addition, the survey results note that both board director and executive management groups view the economic environment, financial risks and regulatory uncertainty as the top risks facing their organisations. Beyond those top three, there is a slight divergence between the board and executives on risk priorities.

Board directors are more likely to be concerned about the impact of an uncertain political environment on the long-term success of the business, as well as the adequacy of internal controls to protect against fraudulent or unethical behaviour. On the other hand, executives are focusing on cyber threats, the management of talent and their ability to deal with crisis scenarios.

“Given the rapidly changing environment, this means that risk assessments can no longer be just an annual exercise,” Vazirani added.

“Leading organisations are developing continuous and iterative risk assessment processes, and are using both structured and unstructured data to assess the impact of existing and emerging risks.”