Article

How boards of directors can mitigate 3 pressing risks entering 2022

Cybersecurity, data privacy and talent and recruitment should have boards’ attention

Feb 01, 2022

Key takeaways

A risk assessment of your data can help companies shore up vulnerabilities involving third parties

Use labor market disruptions to rethink recruiting strategies, succession planning and team building

Operationalize compliance activities so that they are embedded in everyday processes

#
Risk consulting Audit Business risk consulting

RSM National Risk Consulting Leader John Brackett discusses risk and compliance issues for boards entering 2022 on Directors and Boards’ “Governance Mastery” video series.


Risks to businesses are evolving so fluidly that the list is never finite. But a snapshot of the risk landscape, especially at the start of a new year, can at least help boards of directors remain vigilant and organized in their oversight.

As the calendar flips to 2022, here is a closer look at three risks garnering widespread attention, including questions that boards should be asking about them and actions they can take in the coming year to help mitigate them.

Cybersecurity and data privacy

The topic of cybersecurity immediately suggests familiar threats of ransomware and phishing attacks. However, another threat more recently has come into focus: third-party risk. Companies have had vulnerabilities exposed through their electronic connections with vendors and suppliers. 

How boards can be proactive

Given how cybercrime has accelerated during the pandemic, boards should be well-versed in their organization’s data governance program—the strategy by which it manages the data used for business operations.

“Perform a risk assessment so you know what type of data you have,” says John Brackett, national risk consulting leader at RSM US LLP. “Rank sets of data by risk factors. Clearly, the higher-risk data that may be sensitive in nature—it could be PII (personal identifiable information) or proprietary data—you want to protect that the most.”

Boards also can evaluate the strength of the company’s efforts to enhance internal awareness of cyberthreats and train employees in best practices to combat social engineering risks, such as harmful emails.

“Sometimes,” Brackett says, “the weakest link is actually inside the organization.”

Questions boards should be asking

  • What are the information technology department’s processes for ensuring software is updated with critical protective capabilities?
  • What are the costs and benefits of various risk mitigation strategies, such as purchasing cyber insurance?
  • What new technologies are being implemented by the business and its third-party partners, and what risks are associated with those?

Talent recruitment and retention

Widespread labor shortages are hampering companies’ ability to capitalize on an economy that is expanding as the country recovers from the devastating pandemic.

The retirement of baby boomers, lingering challenges associated with the pandemic, and a “you only live once” philosophy among many younger workers are driving a structural shift in the labor market away from the conditions that prevailed since the 1980s.

Now, employers are wooing workers with improved pay, flexible work arrangements, advanced technology and by prioritizing enjoyable work experiences. And these changes are just the beginning of a significant shift in the American workforce.

How boards can be proactive

Brackett encourages boards to assess the so-called Great Resignation and see opportunities to make their companies into a great attraction, so to speak. Boards have a timely opportunity to talk with their C-suite executives about recruiting strategies, succession planning and team building.

“There are a lot of individuals out there today that are not looking for the career track that you or I may have experienced over our lives,” Brackett says. “Maybe they’re looking for a little more flexibility or variety, and there are individuals on a contract basis that could support your business operations. It’s a different recruiting opportunity for organizations today to find and train those people.”

And while many organizations say that people are their greatest asset, labor challenges are compelling some to accelerate digital transformation efforts. Companies are turning to robotic process automation and data analytics tools to increase efficiency and effectiveness. 

There are a lot of individuals out there today that are not looking for the career track that you or I may have experienced over our lives. Maybe they’re looking for a little more flexibility or variety, and there are individuals on a contract basis that could support your business operations. It’s a different recruiting opportunity for organizations today to find and train those people.
John Brackett, National risk consulting leader, RSM

Questions boards should be asking

  • What is the organization doing to attract new talent, and are there new ways to do so?
  • How can the company use the current environment to think about succession planning activities?
  • What technologies might the company invest in to alleviate the problems caused by labor issues?

Compliance

Compliance demands change every year, whether through new legislation at the federal, state or local level, or modified professional practices within specific industries. This increases the burden on businesses to stay updated on regulations and reshape compliance processes.

How boards can be proactive

Boards that understand the cost of noncompliance will more clearly see the investments necessary to mitigate risks. Brackett considers this a first step toward operationalizing compliance activities.

A chief compliance officer who understands compliance requirements can identify gaps between departments and shortcomings within processes—and pursue necessary enhancements.

“Embed those mitigating factors in the day-to-day processes employees follow to do their jobs,” Brackett says.

Board members can aid that effort by engaging in discussions with department managers at various levels of the organization. They would learn whether employees have the resources and processes they need to ensure compliance, efficiency and effectiveness.

“Create the right scorecard at the director level so that you place the most emphasis on those highest-risk areas of the organization from a compliance perspective,” Brackett says.

Questions boards should be asking

  • What are the costs of a noncompliance event?
  • How does the business operationalize compliance activities so that they are embedded in everyday processes?
  • Do employees in various departments have the necessary resources and processes to ensure compliance?

The last word

Battle-tested boards of directors know the importance of managing risks by repeatedly asking: Are we doing enough?  

Staying updated on the nature of emerging risks and investing thoughtfully in strategic mitigation measures will go a long way toward answering that pressing question in the affirmative.

Republished with permission from Directors and Boards, December 2021.

RSM contributors

Subscribe to Critical Insights for Board Members

We work to understand the responsibilities of public and private boards of governance and share our views on what matters—for board members and those who report into them.  Set your preferences today.