Risk management in uncertain times

29^th of April 2021
 

Companies are relatively familiar with known risks such as financial risks. From profitability and cash flow to the risk of fraud and corruption, financial risks are wide-ranging and critical. Not that dealing with these risks is easy, but we have seen how they happen and where the weaknesses lie. This can give us some clues on how we may mitigate them.

There are established control procedures, and businesses at times go beyond the necessary to adopt the best practice. Collectively, authorities and financial regulations are to prevent the worst of the damage from spreading to the rest of the world. Knowledge from past experiences helps us navigate risks.

Sadly, we know that emerging risks do not resemble what we have seen in the past.

Analysing the risk profile today

The World Economic Forum’s latest Global Risk Report gives an overview of emerging risks. ESG risks are top up on the scale both in likelihood and impact. Right next to Climate and loss of biodiversity are societal risks, linked to our basic needs such as water and food as well as the threat of diseases. Then come geopolitical and technological risks such as cyber.

Risks in high likelihood/impact categories have certain features: global, indiscriminate, and hard to contain once the crisis starts. Experts have been calling us to action for years, but due to the slow materialization or localized impact of these risks, we have been rather slow to respond. However, they are no longer slow or localized.

In the face of emerging risks, we need to reassess what we have built as our standard risk approach. Our preparation is mostly suited to risk events that have happened before, events we can evaluate, control and monitor to a degree. But this won’t prepare us for emerging risks.

Even the known risks are changing due to their interconnection with other risks. Risk types today only indicate where they originate: when it comes to their impact, they would affect us in many, often unpredictable ways.

Being imaginative about emerging risks

Preparing for emerging risks is not about scrapping everything and starting risk management from scratch. It must be done without compromising the defense against known risks. But it requires challenging the existing risk management from a fresh perspective. One practical way of doing so is scenario testing.

It may be worth thinking of a risk scenario for which the existing risk management is not built for. It should highlight where the scope and thus defense of the existing setup ends, and which perspectives and resources are lacking. This in turn helps shape the necessary defense to be built going forward.

Scenario testing should benefit from getting different perspectives across the organisation, and possibly stakeholders from outside. It may be worth inviting an independent observer or facilitator so that each participant has an opportunity to express views.

Scenario testing should benefit from getting different perspectives across the organization, and possibly stakeholders from outside.

You as a board member may wish to consider what role you wish to play in the process. In addition to offering support as the most senior part of the organisation, you may wish to take a more active role by participating in the process, bringing a much-needed long-term vision and strategic thinking as well as the depth and breadth of experience. Designated risk leaders such as the CRO, the highest level of management responsible for risk, may indeed be grateful to you for bringing perspectives beyond the existing risk management structure.

One may say that, at its operational level, risk management is the task for management while the role of the board of directors is to exercise oversight. Even so, when we are uncertain about what risks are coming our way, it can become a little theoretical to talk about the oversight of the effectiveness of risk management systems.

Certain board members – those involved in risk management as the audit or risk committee members and chairs – may wish to observe how the organisation prepares itself for the uncertain future. This is particularly so given the interest within Europe to emphasize the importance of sustainable corporate governance and the role of the board of directors, of which we expect to see more from the European Commission by mid-2021.

Conclusion

Emerging risks are not something we can avoid or mitigate, but we can improve our resilience and be better prepared to navigate them. This short article has discussed what could be the first step in preparing for future risk events as we think beyond the current crisis. In the forthcoming piece, we will have a detailed look into how we build our approach to emerging risks, including the role of the board of directors.

This article was originally created for DIF and published on the 4^th of March 2021  - see the original version from here.