Aon | Professional Services Practice
Understanding Risk – Professional Service Firms and Aon’s GRMS 2023 Results
Release Date: February 2024The Professional Services Practice’s Keith Tracey summarizes the Aon’s GRMS 2023 results, compares them to the GRMS 2021 and other surveys and comments on the value of surveys and how professional service firms can use them to make better decisions about enterprise risk management.
Aon has published the results of the 2023 Global Risk Management Survey. Aon’s commentary on the results identified:
- Cyber is still the biggest concern.
- Resilience is a Boardroom discussion as regulators continue to apply pressure.
- Human capital challenges are being recognized.
The results from Professional Service Firm (PSF) respondents have also been published.
Risks Identified in PSF Survey
Looking at movements since the 2021 results, 9 of the top 10 risks appear again, albeit in a slightly different order.
Separate responses about future risks displayed increased concerns around AI and geopolitical volatility. Regulatory changes also moved up the agenda.
Observations on 2023 Results
- Business interruption is down from 4, but of course it is a consequence that might be the result of a ransomware attack, a pandemic, or a flood, for example.
- Pandemics do not appear, but perhaps business continuity worked and professional service firms’ resilience proved to be strong. There could also be a mix of recency or optimism bias.
- Workplace and talent issues are appearing in most surveys. This no doubt reflects concern about the ability to innovate and respond to competition in a world where new skills are of rising importance.
Headline Results from Other Risk Surveys
It is the season for risk surveys, which come from many different perspectives. There are themes that are consistent with the Aon results.
- Cyber risks routinely top the list.
- Talent shortage is now a ubiquitous concern. Why is this risk becoming so prominent now? COVID period baby boomers’ retirements could be an issue. One accountancy magazine speculated about a misunderstanding of the profession amongst the young.
- Technology, disruption, and the future growth of AI are frequent inclusions. On the latter, the concerns are very wide ranging, two examples being ethics and its use by cyber criminals.
- Perceptions of financial and economic uncertainty consistently appear.
- General political uncertainty, and growing disinformation fueled by social media, are concerns in this year of elections.
What are the Value of Surveys?
So, what does one do with all this information.
Why pay attention to the results?
- In a world of uncertainty surveys can provide useful information about the broader risk landscape and add practical value by complementing identification and mitigation efforts.
- Emerging risks and trends are revealed.
- Insights into the nature of risk can be extracted.
How does risk manifest itself?
- Direct risks to business operations.
- Risks arising from a changing business environment.
- Fundamental external uncertainty.
These manifestations of risk are clearly connected and frequently become cumulative. A cyber-attack is an external threat to the business. Tolerance should be low, and IT architecture, security protections and training can limit or eliminate the threat. The source is thus external, but its manifestation could arise from internal human error, and the nature of attacks is continually evolving.
Actions? Responses?
- There is now more attention being paid to the interconnectivity of risks. Links between pandemics, business interruption and cyber security, being a clear example. Risk management requires a degree of systems thinking where interdependencies are considered, mapped, and assessed. Risk management can usefully identify the firm’s critical systems and dependencies to be ready for a crisis.
- Take steps to improve the scope of risk identification by seeking seek broad inputs. Tools, such as scenarios, horizon scanning and root cause analysis, can be invaluable.
- Use each risk in Aon’s top 10 as a heading and conduct a roundtable: work back to root causes and forward to consequences. Look for dependencies. Economic slowdown is a cause, and the risk lies primarily around financial risk, but also involves possible loss of competitiveness due to reductions in investment.
- Absorbing lessons from past events is essential. The COVID crisis is an example. Professional service firms tended to have rigorous business continuity plans and with the assistance of technology systems client service continued to function.
Final Thoughts
- A multiskilled response is a critical success factor. It was suggested at a 2022 Swiss Re Conference when building resilience, historians, political economists, and psychologists may have a place at the table.
- Creating a safe internal environment for challenge and creating resourceful employees is an important line of defense.
- How good are we at recognizing the top risks? Surveys focus on the past and thereby often miss the next big one. Many surveys up until 2020 did not have pandemics in the top 10 risks. This makes continuity, incident response and crisis management planning vital.
Contact
The Professional Services Practice at Aon values your feedback. If you have any comments or questions, please contact Keith Tracey.
Keith Tracey
Managing Director
London
About Aon
Aon plc (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Our colleagues provide our clients in over 120 countries and sovereignties with advice and solutions that give them the clarity and confidence to make better decisions to protect and grow their business.
©2024 Aon plc. All rights reserved.
Aon is not a law firm or accounting firm and does not provide legal, financial or tax advice. Any commentary provided is based solely on Aon’s experience as insurance practitioners. We recommend that you consult with your own legal, financial and/or insurance advisors on any commentary provided herein. All descriptions, summaries or highlights of coverage described herein are for general informational purposes only and do not amend, alter or modify the actual terms and conditions of any relevant policy. Coverage is governed only by the terms and conditions of such policy. Insurance coverage in any particular case will depend upon the type of policy in effect, the terms, conditions and exclusions in any such policy, and the facts of each unique situation. No representation is made that any specific insurance coverage would apply in the circumstances outlined herein. Please refer to the individual policy forms for specific coverage details.
The information contained in this document and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity.
Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the article or any part of it and can accept no liability for any loss incurred in any way whatsoever by any person who may rely on it.
Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates.