3. Preamble
Inrecent years there has beenanincrease of volatility inthe marketplace. As a result, shareholders require companies topay
more attentiontomanaging the risks associatedwiththese swift changes. Riskmanagement is therefore rapidly becoming a
standarditemonthe management agenda andhas increasedinpriority.
Compare
This report provides a basis for understanding the riskareas
statedby the peer groupas a whole incomparisonwiththe
riskareas notedby Example.
This report is basedonthe analysis of publicly available
annual reports. The risks mentionedinthe annual reports
are categorizedintoa hierarchical risktree withthree levels.
The report describes the numbers of riskareas mentionedin
the annual reports andthe relative attentionfor the
categories. First onthe highest level inthe risktree (the main
categories), followedby a chapter per maincategory. There
we zoominonthe categories withinthe maincategory and
interesting findings onthe lowest level inthe tree, the risk
areas. See the next chapter for the complete risktree.
Many companies have a fiscal year that is not insync with
the calendar year. For this report the date of publicationof
the annual report is usedtoassignthe ‘year’ inthe
benchmark. While the financials inthe annual reports are
describing what has happened, the riskparagraphis typically
forwardlooking.
Data driven
The content of this report is data driven, basedonthe
analysis of over 50.000 annual reports. Newreports are
addedona daily basis. As a consequence, the information
presentedis dependent onthe date of generationof the
report. This report was createdonWednesday, May 10, 2017
at 8:48:39 AM.
More reports are available onwww.deloittewebshop.com
Example
This report is about the company Example Inc,
headquarteredinAmsterdamcomparedtothe peer group.
The company is listedat the DemoExchange under symbol
EXAMPLE.
www.deloittewebshop.com 3
RiskFocus 2017: Example Benchmark
4. Risk tree
The risks mentionedinthe annual reports are groupedina three level hierarchy. Onthe lowest level a riskarea is mentioned
or not. Fromthere the number of mentionedriskareas is groupedtothe category level, andthengroupedtothe maincategory
level.
For reading convenience MAIN CATEGORIES are inCAPS, category names are inbold, risk area names are italic.
STRATEGY
Acquisition
Acquisition Synergy
Acquisitions Alliances
Hostile takeover
Strategic Partnerships
Technology Strategy
External Factors
Competition
Competition Agreement
Cyber Terrorism
Economic Conditions
Epidemics
External Fraud
External Fraud Bribery
Factors Energy
Geopolitical
Government cuts
Hazards Man-made
Markets
Natural Disasters
Planning
Resource Planning
Scenario Planning
Timetable
Sustainability
Accidents
Air Pollution
Alternative Energy Sources
Clean Water
Climate Change
Environment
Waste Disposal
COMPLIANCE AND REPORTING
Compliance
Accounting Standards and Policies
Disability Laws
Financial Regulations
Government Regulations
Pronouncement Practices
Stock Exchange
Corporate Governance
Board Authorization Rights
Board Positions and Administration
Board Succession Planning
Conflict of Interest
Governance Practices
Management Strain
Shareholders
Ethics
Oversight
Unethical Practices
Whistle-blowers
Legal
Anti Bribery
Anti Kickback
Bankruptcy
Finance and Accounting
Intellectual Property
Lawsuits and Investigation
Privacy and security laws
Questionable Practices
4 www.deloittewebshop.com
RiskFocus 2017: Example Benchmark
5. OPERATIONS-SALES
Product Development
Approval
Design and Quality
Discontinuance Divestiture
Innovation R&D
Launch
Liability
Production
Testing
Timing
Sales and Marketing
Branding and Reputation
Cultural
Debt management
Distribution and Restriction of Units
Distribution and Sales
Distribution Availability
Distribution Resellers and Channels
Ecommerce or Internet Strategy
Investor Relations Capital or Stock
Investor Relations Disclosure
Investor Relations Market Disruptions
Investor Relations Pledges
Investor Relations Quotes
Investor Relations Valuation
Market Regulations
Market Research and Forecasting
Marketing Programs and Advertising
Public Relations
Sales and leasing Strategy
Sales Strategy Consumer Market Trends
Supply Chain
Delivery Tariffs
Planning
Production Inventory
Production Timeliness
Returns Cancellations
Returns Chargebacks
Returns Recall
Sourcing Components
Sourcing Materials
Sourcing Regulation
Sourcing Supplier
OPERATIONS-SUPPORT
Corporate Assets
Facilities and Equipment
Goodwill and Impairment
Intangible Assets
Physical Security
Utilization
Finance
Credit Rating
Credit Revolving
Hedging
Internal Control
Pensions
Taxation
Working Capital
Human Resources
Compensation
Corporate Culture
Departure and Succession Planning
Labor Disputes and Strikes
Labor Unions
Pension Plan
Recruitment
Retirement
Talent
Training and Development
Information Technology
Asset Management
Business Continuity Management
Change Management
Contracting and Outsourcing
ERP
Information Security
Operations
Physical and Environmental
Privacy and Data Protection
Problem Management
Project Management
Records Management
Technology Licensing
www.deloittewebshop.com 5
RiskFocus 2017: Example Benchmark
6. Executive summary
This report is about the risks mentionedinthe annual reports of Example comparedtothose
mentionedinthe peer group.
Risk distribution over main categories in 2016
Strategy Compliance and Reporting Operations-Sales Operations-Support
%
28.3%
23.1%
17% 18.6%
22.6%
31.3% 32.1%
27%
Example the peer group
In2016, the most remarkable difference inthe distributionof risks at the highest level inthe tree is in
the maincategory OPERATIONS-SALES.
Number of risk areas mentioned
2012 2013 2014 2015 2016
0
25
50
75
100
125
n
Example the peer group
In2016, fifty-three riskareas are reportedby Example, whichis higher thanthe average of thirty-nine
riskareas mentionedwithinthe peer group. Over the past five years, the total number of riskareas
mentionedby companies withinthe peer grouphas increasedfromthirty-three tothirty-nine.
6 www.deloittewebshop.com
RiskFocus 2017: Example Benchmark
7. Risk distribution over categories in 2016
Sustainability
Acquisition
Planning
ExternalFactors
Ethics
CorporateGovernance
Legal
Compliance
SupplyChain
ProductDevelopment
SalesandMarketing
HumanResources
CorporateAssets
Finance
InformationTechnology
0
5
10
15
20
25
%
Example the peer group
A remarkable difference betweenExample andthe peer grouponthe level of riskcategories is in
Product Development-relatedriskareas: 1.9% of the riskareas mentionedby Example fell inthis
category, while the share for the peer groupwas 8.5%.
Onthe level of riskcategories, Example andthe peer groupdiffer remarkably inthe category of
External Factors-relatedriskareas, whichfalls under STRATEGY: 17% of the riskareas mentionedby
Example fell inside this category, while the share for the peer groupwas 13.2%.
Onthe level of riskcategories, 9.4% of the riskareas mentionedby Example relatedtothe category
Finance under OPERATIONS-SUPPORT, whichis a remarkable difference withits peer group, for
whichthe share was 6.6%.
Onthe secondlevel inthe risktree (riskcategories), we see a remarkable difference between
Example andthe peer groupis inLegal-relatedriskareas at 3.8 and6.6 percent respectively.
www.deloittewebshop.com 7
RiskFocus 2017: Example Benchmark
8. Executive summary: Top 20
This table gives the top20 riskareas that the peer groupreports onandshows whether Example
reports onthemtoo.
The greenbar shows the percentage of the companies inthe peer groupthat mentionrisks within
that specific riskarea. Above the bar, the name of the riskarea andits parent category. The markon
the left side is anindicationthat Example reports onthat riskarea as well.
Finance: Working Capital
89.5%
Human Resources: Talent
85.5%
External Factors: Competition
84.9%
Compliance: Financial Regulations
79.5%
Legal: Intellectual Property
72.9%
Information Technology: Information Security
70.3%
Supply Chain: Sourcing Materials
69.7%
Product Development: Innovation R&D
69%
Corporate Governance: Management Strain
68.4%
Sales and Marketing: Sales Strategy Consumer Market Trends
66.1%
Sales and Marketing: Branding and Reputation
64.8%
External Factors: Economic Conditions
62.8%
Legal: Lawsuits and Investigation
62.3%
Product Development: Liability
62%
Sales and Marketing: Market Regulations
61.3%
External Factors: Geopolitical
59.6%
Supply Chain: Production Inventory
58.7%
Compliance: Pronouncement Practices
57.8%
Supply Chain: Sourcing Supplier
56.6%
Information Technology: Privacy and Data Protection
56.5%
Indicates that Example mentions the riskarea.
8 www.deloittewebshop.com
RiskFocus 2017: Example Benchmark
9. STRATEGY
Relative attention
The maincategory STRATEGY is dividedintofour categories of risks.
Relative attention to the categories within STRATEGY in 2016
Acquisition External Factors Planning Sustainability
%
5.7% 5.8%
17%
13.2%
1.9%
0.4%
3.8% 3.7%
Example the peer group
The category under STRATEGY that got most attentionby Example was External Factors. Of all
mentionedriskareas, 17% were placedinthis category. The greatest difference was foundin
External Factors whichdifferedby 3.8%.
Trend
The chart belowgives insight inthe development of the different categories.
Relative attention to the categories within STRATEGY for Example
2012 2013 2014 2015 2016
0
5
10
15
20
25
%
Acquisition External Factors Planning Sustainability
In2016 the focus is still onExternal Factors relatedrisks. In2016 17% of the attentionwas placedin
this subcategory by Example.
www.deloittewebshop.com 9
RiskFocus 2017: Example Benchmark
10. Count of risk areas
Average risk count of STRATEGY risks per category in 2016
Acquisition External Factors Planning Sustainability
3
2.3
9
5.2
1
0.2
2
1.5
Example the peer group
The chart displays the average count of riskareas per category. In2016, the most remarkable
difference betweenExample andthe peer groupis seeninthe category External Factors.
Trend
Trend of the number of risks within the main category STRATEGY
2012 2013 2014 2015 2016
0
5
10
15
20
25
n
Example the peer group
Over the past five years, the number of riskareas concerning STRATEGY reportedonby Example
grewfrom3 to15. WithinExternal Factors, riskareas mentionedby Example are Government cuts,
Competition Agreement, EconomicConditions, Competition, Markets, Geopolitical, Cyber Terrorism,
Natural Disasters andEpidemics.
10 www.deloittewebshop.com
RiskFocus 2017: Example Benchmark
11. STRATEGY: Four categories
Acquisition
A more or less constant amount of attentionwas put intoriskareas withinthe Acquisition category;
nobig changes were detectedover the last five years for the peer group. The risktree under this
category consists of five riskareas andExample writes about three of those.
Topthree riskareas companies inthe peer groupmention:
StrategicPartnerships: 56.1%. Alsomentionedby Example.
Acquisitions Alliances: 55.3%. Alsomentionedby Example.
Technology Strategy: 44.9%. Example does not mentionthis riskarea.
External Factors
Over the last five years, we noticeda growthinthe number of External Factors relatedriskareas
mentionedwithinthe peer group. This category covers thirteenriskareas, out of whichnine were
mentionedby Example.
Topthree riskareas companies inthe peer groupmention:
Competition: 84.9%. Alsomentionedby Example.
EconomicConditions: 62.8%. Alsomentionedby Example.
Geopolitical: 59.6%. Example does not mentionthis riskarea.
Planning
Onaverage the number of riskareas reportedonfor Planning remainedstable withinthe peer group
over the past five years. The risktree under this category contains a total of three riskareas. Example
mentions one of them.
Topthree riskareas companies inthe peer groupmention:
Timetable: 7.1%. Example does not mentionthis riskarea.
Scenario Planning: 5%. Alsomentionedby Example.
Resource Planning: 3%. Example does not mentionthis riskarea.
Sustainability
Like previous years, about anaverage of 2.4 Riskareas per company fell withinthe Sustainability
category of risks for the peer group. Tworiskareas inthis category were reportedonby Example.
Topthree riskareas companies inthe peer groupmention:
Waste Disposal: 46.8%. Example does not mentionthis riskarea.
Environment: 39.4%. Alsomentionedby Example.
Accidents: 21.7%. Alsomentionedby Example.
www.deloittewebshop.com 11
RiskFocus 2017: Example Benchmark
12. COMPLIANCE AND REPORTING
Relative attention
COMPLIANCE AND REPORTING is split upinfour categories.
Relative attention to the categories within COMPLIANCE AND REPORTING in 2016
Compliance Corporate Governance Ethics Legal
%
7.5%
5.2%
3.8%
5.8%
1.9%
0.9%
3.8%
6.6%
Example the peer group
The category under COMPLIANCE AND REPORTING that got most attentionby Example was
Compliance. Of all mentionedriskareas, 7.5% were placedinthis category. The greatest difference
was foundinLegal whichdifferedby 2.8%.
Trend
The chart belowgives insight inthe development of the different categories.
Relative attention to the categories within COMPLIANCE AND REPORTING for Example
2012 2013 2014 2015 2016
0
5
10
15
20
25
%
Compliance Corporate Governance Ethics Legal
Whencomparing 2016 with2015, the number one point of focus didnot change; Example is still
mentioning Compliance risks the most, at 7.5% in2016.
12 www.deloittewebshop.com
RiskFocus 2017: Example Benchmark
13. Count of risk areas
Average risk count of COMPLIANCE AND REPORTING risks per category in 2016
Compliance Corporate Governance Ethics Legal
4
2.1 2
2.3
1
0.3
2
2.6
Example the peer group
The chart displays the average count of riskareas per category. In2016, the most remarkable
difference betweenExample andthe peer groupis seeninthe category Compliance.
Trend
Trend of the number of risks within the main category COMPLIANCE AND REPORTING
2012 2013 2014 2015 2016
0
5
10
15
20
25
n
Example the peer group
Over the past five years, the number of riskareas concerning COMPLIANCE AND REPORTING
reportedonby Example increasedfrom4 to9. Example focussedespecially onthe four riskareas
under Compliance namedPronouncement Practices, Government Regulations, Financial Regulations
andAccounting Standards and Policies.
www.deloittewebshop.com 13
RiskFocus 2017: Example Benchmark
14. COMPLIANCE AND REPORTING: Four categories
Compliance
Nobig changes inthe Compliance subcategory of riskareas. Since we startedmeasuring, the
number of riskareas reportedby the companies withinthe peer groupwas stable around2.3 Risk
areas per company. Four of the sixriskareas were discussedby Example.
Topthree riskareas companies inthe peer groupmention:
Financial Regulations: 79.5%. Alsomentionedby Example.
Pronouncement Practices: 57.8%. Example does not mentionthis riskarea.
Accounting Standards and Policies: 29.3%. Alsomentionedby Example.
Corporate Governance
Corporate Governance is a stable topic for the companies withinthe peer group; Five years passed
andlittle change has beennoticedinthe average number of riskareas per company withinthis
category. Intotal, twoout of the sevenriskareas were discussedby Example.
Topthree riskareas companies inthe peer groupmention:
Management Strain: 68.4%. Example does not mentionthis riskarea.
Governance Practices: 49.4%. Alsomentionedby Example.
Board Positions and Administration: 40.8%. Alsomentionedby Example.
Ethics
For the last five years, a stable number of riskareas that fall withinthe Ethics category is detectedfor
the peer group. Risks inthis category are dividedintothree riskareas, one of themwas touchedby
Example.
Topthree riskareas companies inthe peer groupmention:
Unethical Practices: 15.1%. Example does not mentionthis riskarea.
Oversight: 12.3%. Alsomentionedby Example.
Whistle-blowers: 7.4%. Example does not mentionthis riskarea.
Legal
For the peer groupthe number of reportedriskareas about Legal grewby anaverage of 0.6 over the
past five years. The risktree under this category contains a total of eight riskareas. Example mentions
twoof them.
Topthree riskareas companies inthe peer groupmention:
Intellectual Property: 72.9%. Alsomentionedby Example.
Lawsuits and Investigation: 62.3%. Example does not mentionthis riskarea.
Privacy and security laws: 36.8%. Example does not mentionthis riskarea.
14 www.deloittewebshop.com
RiskFocus 2017: Example Benchmark
15. OPERATIONS-SALES
Relative attention
Inthe risktree, under the maincategory OPERATIONS-SALES, you'll findthree categories.
Relative attention to the categories within OPERATIONS-SALES in 2016
Product Development Sales and Marketing Supply Chain
%
1.9%
8.5%
11.3% 11.3%
9.4%
11.5%
Example the peer group
The category under OPERATIONS-SALES that got most attentionby Example was Sales and
Marketing. Of all mentionedriskareas, 11.3% were placedinthis category. The greatest difference
was foundinProduct Development whichdifferedby 6.6%.
Trend
The chart belowgives insight inthe development of the different categories.
Relative attention to the categories within OPERATIONS-SALES for Example
2012 2013 2014 2015 2016
0
5
10
15
20
25
%
Product Development Sales andMarketing Supply Chain
Like previous year, the highest scoring category in2016 is Sales and Marketing.
www.deloittewebshop.com 15
RiskFocus 2017: Example Benchmark
16. Count of risk areas
Average risk count of OPERATIONS-SALES risks per category in 2016
Product Development Sales and Marketing Supply Chain
1
3.3
6
4.4
5 4.5
Example the peer group
The chart displays the average count of riskareas per category. In2016, the most remarkable
difference betweenExample andthe peer groupis seeninthe category Product Development.
Trend
Trend of the number of risks within the main category OPERATIONS-SALES
2012 2013 2014 2015 2016
0
5
10
15
20
25
n
Example the peer group
Over the past five years, the number of riskareas concerning OPERATIONS-SALES reportedonby
Example increasedfrom8 to12. The following sixriskareas under Sales and Marketing were
mentionedby Example: Distribution Resellers and Channels, Sales Strategy Consumer Market Trends,
Market Regulations, Branding and Reputation, Distribution Availability andDistribution and Sales.
16 www.deloittewebshop.com
RiskFocus 2017: Example Benchmark
17. OPERATIONS-SALES: Three categories
Product Development
Product Development is a recurring category of riskareas foundinthe filings. Onaverage 3.6 Risk
areas per company inthe last five years were mentionedfor the peer group. Intotal, one out of the
nine riskareas was discussedby Example.
Topthree riskareas companies inthe peer groupmention:
Innovation R&D: 69%. Alsomentionedby Example.
Liability: 62%. Example does not mentionthis riskarea.
Testing: 52.8%. Example does not mentionthis riskarea.
Sales and Marketing
Onaverage 4.5 Riskareas per company are mentioned, whichis a constant number for the category
Sales and Marketing for the peer group. The risktree under this category consists of twenty risk
areas andExample writes about sixof those.
Topthree riskareas companies inthe peer groupmention:
Sales Strategy Consumer Market Trends: 66.1%. Alsomentionedby Example.
Branding and Reputation: 64.8%. Alsomentionedby Example.
Market Regulations: 61.3%. Alsomentionedby Example.
Supply Chain
The riskarea count for Supply Chain didn't change a lot inthe last five years for the peer group. This
category covers elevenriskareas, out of whichfive were mentionedby Example.
Topthree riskareas companies inthe peer groupmention:
Sourcing Materials: 69.7%. Alsomentionedby Example.
Production Inventory: 58.7%. Alsomentionedby Example.
Sourcing Supplier: 56.6%. Example does not mentionthis riskarea.
www.deloittewebshop.com 17
RiskFocus 2017: Example Benchmark
18. OPERATIONS-SUPPORT
Relative attention
Inthe risktree, under the maincategory OPERATIONS-SUPPORT, you'll findfour categories.
Relative attention to the categories within OPERATIONS-SUPPORT in 2016
Corporate Assets Finance Human Resources Information Technology
%
1.9% 2.5%
9.4%
6.6% 7.5% 7.6%
13.2%
10.4%
Example the peer group
The category under OPERATIONS-SUPPORT that got most attentionby Example was Information
Technology. Of all mentionedriskareas, 13.2% were placedinthis category. The greatest difference
was foundinFinance whichdifferedby 2.8%.
Trend
The chart belowgives insight inthe development of the different categories.
Relative attention to the categories within OPERATIONS-SUPPORT for Example
2012 2013 2014 2015 2016
0
20
40
60
%
Corporate Assets Finance HumanResources InformationTechnology
In2016, the major amount of attentionof the company withinOPERATIONS-SUPPORT was placedinto
the subcategory Information Technology at 13.2%.
18 www.deloittewebshop.com
RiskFocus 2017: Example Benchmark
19. Count of risk areas
Average risk count of OPERATIONS-SUPPORT risks per category in 2016
Corporate Assets Finance Human Resources Information Technology
1 1
5
2.6
4
3
7
4.1
Example the peer group
The chart displays the average count of riskareas per category. In2016, the most remarkable
difference betweenExample andthe peer groupis seeninthe category Information Technology.
Trend
Trend of the number of risks within the main category OPERATIONS-SUPPORT
2012 2013 2014 2015 2016
0
5
10
15
20
25
n
Example the peer group
Over the past five years, the number of riskareas concerning OPERATIONS-SUPPORT reportedonby
Example grewfrom8 to17. Example focussedespecially onthe sevenriskareas under Information
Technology namedPrivacy and Data Protection, Project Management, Operations, Physical and
Environmental, Information Security, Change Management andBusiness Continuity Management.
www.deloittewebshop.com 19
RiskFocus 2017: Example Benchmark
20. OPERATIONS-SUPPORT: Four categories
Corporate Assets
Over the last years, a stable amount of attentionwas paidtoriskareas withinCorporate Assets for
the peer group. One of the five riskareas was discussedby Example.
Topthree riskareas companies inthe peer groupmention:
Intangible Assets: 43.7%. Example does not mentionthis riskarea.
Goodwill and Impairment: 35.2%. Alsomentionedby Example.
Facilities and Equipment: 13%. Example does not mentionthis riskarea.
Finance
Nobig changes inthe Finance subcategory of riskareas. Since we startedmeasuring, the number of
riskareas reportedby the companies withinthe peer groupwas stable around2.7 Riskareas per
company. Five riskareas inthis category were reportedonby Example.
Topthree riskareas companies inthe peer groupmention:
Working Capital: 89.5%. Example does not mentionthis riskarea.
Internal Control: 49.7%. Example does not mentionthis riskarea.
Credit Revolving: 41.9%. Alsomentionedby Example.
Human Resources
Human Resources is a recurring category of riskareas foundinthe filings. Onaverage 3.1 Riskareas
per company inthe last five years were mentionedfor the peer group. Risks inthis category are
dividedintotenriskareas, four of themwere touchedby Example.
Topthree riskareas companies inthe peer groupmention:
Talent: 85.5%. Example does not mentionthis riskarea.
Recruitment: 51.3%. Example does not mentionthis riskarea.
Labor Disputes and Strikes: 37.9%. Example does not mentionthis riskarea.
Information Technology
Onaverage the number of riskareas reportedonInformation Technology for the peer grouphas
increasedby 1.4 risks over the past five years. Sevenriskareas inthis category were reportedonby
Example.
Topthree riskareas companies inthe peer groupmention:
Information Security: 70.3%. Example does not mentionthis riskarea.
Privacy and Data Protection: 56.5%. Example does not mentionthis riskarea.
Operations: 55.1%. Alsomentionedby Example.
20 www.deloittewebshop.com
RiskFocus 2017: Example Benchmark
21. Disclaimer
Deloitte uses a range of researchtechniques togather andverify its informationandanalysis. These
include primary research, in-house knowledge andexpertise, proprietary databases, andsecondary
sources suchas company websites, annual reports, SEC filings andpress releases.
Nopart of this publicationmay be reproduced, storedina retrieval systemor transmittedinany form
by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior
permissionof the publisher, Deloitte. The facts anddata of this report are believedtobe correct at
the time of publicationbut cannot be guaranteed. Please note that the data andfindings that Deloitte
delivers will be basedoninformationgatheredingoodfaithfrombothprimary andsecondary public
sources, whose accuracy we are not always ina positiontoguarantee. Deloitte does not draw
conclusions or has opinions about the data presentedintheir products, nor does Deloitte do
recommendations; the interpretationof the data is left tothe reader. As suchDeloitte canaccept no
liability whatever for actions takenbasedonany informationthat may subsequently prove tobe
incorrect.
www.deloittewebshop.com 21
RiskFocus 2017: Example Benchmark