Society public and private company members across sizes and industries responding to the most recent Society / Deloitte Board Practices Quarterly survey: “Oversight of Geopolitical Risk” provided insights on the primary geopolitical risks companies are focused on, management responsibility, how the risks are included on board agendas and allocated across board committees, and ways in which companies are mitigating and/or managing these risks. Survey results are reported by company type (public/private) and market cap (public) in the Appendix.
Among the takeaways:
Global operations—The most common areas of non-US operations for public companies overall and for large-caps are Canada, Europe, and Asia, whereas Canada, Mexico, and East Asia are the most common for private companies.
Top geopolitical risks—Large- and mid-cap public companies and private companies identified (i) evolving global trade policy and (ii) supply chain disruptions and cyber incidents, as their top two geopolitical risks.
Geopolitical risk mitigation/management—Both public and private companies commonly engage in scenario planning and/or evaluating crisis management plans to help mitigate and/or manage their geopolitical risks (72% and 56%, respectively); however, the most prevalent risk mitigation/management tactic for public companies is developing/ enhancing risk factors and/or MD&A or other public disclosures, compared to expanding risk tracking/ monitoring mechanisms for private companies.
Management responsibility—Within public companies, geopolitical risk is commonly assigned to multiple individuals and/or functions by topic/risk, whereas a plurality of private company respondents reported that responsibility is not assigned to a specific individual, group of individuals, or function.
Board oversight structure—Primary oversight for geopolitical risk is most often allocated across multiple committees depending on the particular risk at both public and private companies.
Board/committee agendas—A majority of public companies indicated that some geopolitical risks are standalone board and/or responsible committee agenda items, while others are integrated into other agenda items, whereas a plurality of private companies integrate coverage/discussion of geopolitical risks into other relevant agenda items.
Management’s reporting to the board—Both public and private companies coalesce around providing information to the board on these five topics more so than others (although order of prevalence varies by company type and size): (i) impacts from changes in regulatory, compliance, and tax policies; (ii) cyber incidents; (iii) operational risks (outside of supply chain challenges); (iv) budget/forecast implications; and (v) impacts of changing global trade policies.
Board/management composition—Both mid-caps and private companies most often report that neither the board and/or management is assessing its composition for consideration of relevant skills, experience, or expertise in relation to geopolitical risks, whereas large-caps are evenly divided, with 38% indicating that both the board and management are assessing their composition for this purpose and 38% reporting the contrary.
Board education—Both public and private companies favor updates/deep dives from management or other internal experts at board and/or committee meetings over other education/information sources/channels to stay educated and informed on various geopolitical risks.
Responses tended to vary by company size and type. Small-cap findings were omitted from the report and the accompanying demographics reports due to limited respondent populations; however, members may access those results by emailing Randi Morrison.
Access additional resources on our Geopolitical Risk page.