OnRisk: The Top Eleven Risks for 2021

The Institute for Internal Auditors (IIA) recently published its second annual OnRisk report: ‘OnRisk – A Guide to Understanding, Aligning, and Optimizing Risk,” which identifies and defines key risks, as perceived by boards, management, and chief audit executives (CAEs). 

An insightful overview of eleven key risks that are universally critical to organizations in 2021, the report discusses how the three key players in an organization’s risk management align (or misalign) in their view of these risks. It offers a detailed look at the greatest challenges expected in 2021 and how aligning risk management can increase success.

The results presented in the report were compiled through surveys and interviews with board members, c-suite executives, and chief auditors. The data highlights that while these stakeholders recognize and understand how these key risks are aligned, their perspectives on the significance of each risk are not.

While management assigns higher relevance to operational risks such as talent management, culture, and business continuity and places less emphasis on governance, political and economic risks, these risks are considered highly significant by board members and CAE’s. This difference in perspective is not surprising given the different roles and responsibilities of each of these stakeholders.

If we learned nothing else in 2020, we certainly now know how quickly risks and priorities can change. We have seen how one significant event, like a pandemic, can lead to a change in how an organization perceives and prioritizes key risks. We have also seen that rapid change can solidify and validate the significance of well-known critical risks. 

Generally, the 2021 OnRisk report reflects trends that are similar to what we have all experienced in 2020. Some new risks made the list, some from the prior year’s report are modified or enhanced, and other undebatable critical risks have not changed. 

The report identified the following as the top eleven risks for 2021:

  1. Cybersecurity
  2. Third Party
  3. Board Information
  4. Sustainability
  5. Disruptive Innovation
  6. Economic and Political Volatility
  7. Organizational Governance
  8. Data Governance
  9. Talent Management
  10. Culture
  11. Business Continuity and Crisis Management

In the coming months, we will look more closely at each of these risks and considerations of how to evaluate their significance in your organization, as well as appropriate risk management and mitigation activities. Check back on Weaver.com for more to come on managing these key risks.

Of course, the identification and assessment of risk is just one part of the story.  Effective risk management requires ongoing evaluation of the appropriateness and effectiveness of risk monitoring and mitigation activities. 

For assistance in identifying, evaluating, and designing effective risk management activities in your organization, contact us. We would welcome the opportunity to speak with you!

© 2020



John Wauson

John Wauson

Partner-in-Charge, Risk Advisory Services


John Wauson, CPA, has 14 years of public accounting and risk advisory experience. With a dedication to client service, John…

Learn More