Top Ten Risk Management Lessons and Trends from 2009.


Rather than begin a topic from scratch I am going to expand on something I read recently on the Top Ten Risk Management Lessons and Trends from 2009.

In summary the identified top 10 were:

1. Social networking in the office must be managed.

I would concur that from a new risk perspective that social networking must be managed, both within the office and what is happening outside your office (don’t participate at your peril!).  However, contextually I don’t think the risk had a significant impact in 2009, however the take up of Facebook and Twitter and the mainstream acceptance of some parts of it were frightening.  This will continue through 2010 and beyond and most likely be replaced / enhanced by something else.  The key risk aspect of these mediums is reputation risk and with the movement of technology to the mobile type (aka iPhone, possible future iTablet) this risk is only going to be even further enhanced. Let’s just realise that a customer can now be upset with an organisation and “immediately tell the world”, in the days gone by they would have to wait to get home, log onto a PC and then “yell”.  This most likely eliminated the majority of people from raising negative comments on your service or organisation.  Think back even further and the only real way to complain was a letter which no-one ever saw!

2. Cyber risk will continue to be a hot topic

And will forever be a hot topic from a risk perspective.  The world just gets smarter ever day and there are plenty of people out there who are extremely smart people.  The online now means they no longer have to even get out of their PJs.

3.Don’t underestimate the impact of Baby Boomer retirement (focus was on knowledge transfer / loss risk)

I have been personally been on a crusade on this topic for a number of years and what annoys me the most is we seem to always need to analyse the topic to death rather than just make it the responsibility of every employee, give them the tools and make it happen.

4. Regulatory restraint will heat up

No shock here and this is really the number 1 risk for 2010 and beyond.

5. Government will increasingly privatize services traditionally provided by the government

I can see this happening in the US and UK but less so here in Australia.  The current government are going to be less likely to privatise and more likely to take some things back into government hands if signs signal major issues.

6. Your largest competitor may no longer be your biggest threat

We all know about this one – aka Sony and Apple, Google and Microsoft.  Some of the smaller nimbler players will have an impact forever now and it is going to be important for bigger organisations to consider how to stay in the game.

7. Workers’ compensation insurance buyers need to be concerned about more than price

I have no comment here and this probably would not be in my top 10.

8. Medical costs for both health insurance and workers’ compensation will continue to escalate

Same as number 7 and not in my top 10.

9. Employment litigation will continue to heat up

I have no evidence this was a major risk for organisations in 2009 but I can see this one increasing in 2010 and beyond as employment opportunities become more difficult and even more scrutinised.

10. Don’t assume you won’t get caught (aka Tiger Woods)

And the eternal risk of an organisation is things happening and people trying to hide what they have done.  In tougher economic times this always becomes a larger risk and must be a focus for organisations in 2010.  The focus needs to be on providing assurance over key activities/controls from a risk perspective, encouraging and rewarding escalation of incidents and issues, and management education of culture and behaviour.

And what would I add to this list to get to my top 10:

  • Human carelessness – although we all think we have moved to a world of computer automation humans are still involved in almost every process and the risk of human carelessness cross every day due to the expectation of multi-tasking and the merging of personal and work life (who here nows someone who has a personal and work twitter account and uses the same phone to update each?)
  • Innovation for innovations sake – I have this terrible fear that organisations try and change / innovate on everything just because it is fashionable rather than for a true customer purpose.  This type of innovation creates risks on the operations of the business as well as possible customer and employee frustration.


Scott North has extensive experience in enterprise risk management, internal audit, operational risk and compliance, risk strategy, scenario planning, technology risk, technology business analysis, systems design, financial accounting, and management accounting. Scott is a Fellow of the Australian Institute of Chartered Accountants with a Masters Degree from the University of Melbourne in Business and Information Technology. Scott is also a Fellow of the University of Melbourne.