Strategic intelligence: An integrated approach to ERM for a new era of emerging risks has been saved
Perspectives
Strategic intelligence: An integrated approach to ERM for a new era of emerging risks
On the audit committee’s agenda, October 2022
Introduction
Risks have become more interconnected, more interdependent, and as a result more complex than at any time in recent history. Supply chains have become vast networks of vendors and customers who are highly reliant on one another. Digital transformation spans ecosystems to deliver outcomes faster than ever. Low-probability events that can have a high impact have become more common and more consequential.
Risks are increasing in both variety and velocity as a result of these evolving shifts in the environment. Consider how rapidly risks are manifesting into adverse effects for many companies as a result of geopolitical volatility and uncertainty, supply chain disruptions, talent shifts, natural catastrophes, and issues involving data privacy and information security.
Compounding the risk landscape, companies are facing increasing pressure to manage a growing scope of risks as a result of rapidly evolving environmental, social, and governance (ESG) issues. Many companies are facing challenges in protecting and promoting a sense of trust among their stakeholders, protecting their brands and reputations, and fostering business resilience.
In this environment, there’s a growing recognition that traditional enterprise risk management (ERM) approaches may not be fit for purpose. Decentralized, siloed structures are not ideally positioned or equipped to respond to emerging risks in today’s dynamic marketplace because they often do not allow for integrated, synchronized risk management processes or decision-making.
Modern ERM challenges
Companies that rely principally on traditional approaches to ERM may face a variety of challenges in managing and mitigating emerging risks. Such companies often struggle with how to integrate risk management into their organizations and establish a risk-aware mindset. They may not understand how to prepare for one-off events that can be hard to foresee, and they may have difficulty identifying the risks that matter most to the organization’s strategy.
Some companies also face challenges in continually adapting and navigating emerging risks and trends. They may struggle with prioritizing and allocating resources to address the company’s most pressing risks and facilitating effective risk oversight through governance. Under limitations such as these, managing risk dynamically to keep pace with emerging risks may seem impossible.
Oversight of risk management at the board level often varies across companies as well. In some companies, oversight responsibility rests with the full board, but some boards assign responsibility to the audit committee, the risk committee, if one exists, or other committees. Some boards also distribute oversight responsibility for specific aspects of risk management to more than one committee.
According to the 2021 survey of audit committee members underpinning the Audit Committee Practices Report: Common Threads Across Audit Committees, 42% of respondents indicated their audit committees have responsibility for overseeing ERM, while 33% indicated this responsibility rests with the full board, and 20% said responsibility is assigned to a risk committee.1 Nearly half (46%) of participants said their audit committees discuss ERM at least quarterly, and approximately one-third (32%) expected to spend more time on ERM oversight in the coming year.2
Strategic intelligence and calculated risks
Companies that struggle with these types of risk management challenges may find value in an approach that leverages strategic intelligence, which is becoming more common among companies seeking an earlier sense of risk on the horizon before it manifests into adverse consequences.
Strategic intelligence gathers insights on a continually shifting risk landscape using predictive risk sensing tools such as AI, data analytics, and risk dashboards to proactively identify and evaluate shifts in market forces and other emerging trends or events that are relevant to the organization. A more dynamic approach to ERM leveraging strategic intelligence can help organizations develop a sharper vision of not only risks, but also opportunities, that may be developing on the horizon.
Scenario planning is a strategic intelligence tool that brings to life plausible risk events and provides an opportunity to plan and practice a response. Scenario planning provides a foundation for making stronger decisions during times of stress or uncertainty, but it can also be an incredibly valuable tool during the strategic planning process. Scenario planning exercises help leaders evaluate the risks to and from strategic choices and can provide a structured approach to stress-test strategic assumptions, which can help inform decisions balancing risks and rewards.
At its core, business is about taking calculated risks to create value. Calculated risks are actions and investments resulting from a company’s strategic and operational choices—new products, new market pursuits, pricing strategies, adoption of new technology, and research and development.
Strategic intelligence can inform not only risk management but also calculated risk-taking in the pursuit of generating value. By leveraging data, technology, and strategic intelligence, companies may identify strategic opportunities that might otherwise go unrecognized.
By leveraging strategic intelligence within ERM, companies can develop an important pathway for integrating risk management processes and a risk-aware mindset into core business operations. This integration can enable strategic intelligence to inform not only risk management but also the calculated risk-taking that is core to decision-making and the successful execution of strategic goals.
ERM oversight
To the extent the audit committee is responsible for overseeing the company’s approach to ERM, it can have an important role in holding management accountable for embracing a strategic intelligence approach to ERM to help identify emerging risks and remain focused on the risks that matter most to strategy. The audit committee’s engagement with respect to the company’s capabilities can have a significant effect on driving a risk-aware culture across the enterprise.
The audit committee can promote discussion regarding risk and provide input on and approve the organization’s risk appetite. The audit committee can invite subject-matter specialists, whether from within the company or with third parties, to committee meetings to promote regular discussion about the company’s ERM capabilities. The audit committee can also monitor the company’s risk management processes and obtain reasonable evidence regarding their design and operating effectiveness.
Given the rapid rate at which risks are emerging and evolving, a dynamic approach to ERM underpinned by strategic intelligence is no longer an aspiration for many companies. It is an imperative.
ESG: A case for strategic intelligence to help identify emerging risks
As a focus on ESG risks, opportunities, and performance intensifies across the marketplace, a dynamic approach to ERM powered by strategic intelligence can help integrate ESG into the business. Integration of ESG into ERM and management systems is becoming a critical tool for navigating changing stakeholder expectations, strategic ambition, and resilience.
Climate-related initiatives offer a salient example. To meet increasing stakeholder expectations for action to reduce greenhouse gas (GHG) emissions and drive business resilience, companies often need more defined, disciplined approaches—using established infrastructure—for determining climate-related objectives and targets, identifying and understanding risk considerations, performing scenario analysis to inform choices and risk responses, and determining reporting and monitoring activities.
As the landscape shifts from voluntary to regulatory disclosure, companies may need to adopt a more proactive rather than reactive approach across the enterprise to tackling significant environmental and social risks and opportunities such as climate change. As expectations escalate, materiality has become a central focus as it relates to organizational priorities and performance disclosure—and not just materiality as it relates to financial statements. Companies are facing expectations to consider the impacts of sustainability topics on the company’s enterprise value as well as the company’s impacts on the economy, the environment, and people.
Determinations with respect to materiality can help highlight how some ESG risks can be drivers of traditional risk, such as GHG emissions as a driver of financial, legal, or reputational risks, and other risks that merit stand-alone attention, such as physical climate risks that require separate considerations, responses, and monitoring. In connection with strategy, this materiality lens helps to underpin both risk mitigation and opportunities to be seized.
As with risks more generally, it’s important for companies to focus on how to adapt, mitigate, or accept the identified risks and implement management processes to support beneficial outcomes. A carefully considered strategy and road map to address threats before they manifest is important for helping build increased stakeholder confidence.
A dynamic approach to ERM rooted in strategic intelligence can provide a mechanism for companies to help identify risks under various plausible scenarios to help chart a course for pursuing carbon-related targets. At the same time, this approach can also help identify opportunities that companies may consider pursuing—perhaps new business models, new products or services, new markets, new methods, or other avenues to generating value.
More broadly than climate-related matters, ERM can help enable ESG to become more operational and aligned with existing and emerging risk topics, as well as more dynamic, flexible, and informed by cross-industry knowledge and an outside-in perspective. It can also help ESG management become more embedded in existing models, tools, and technologies; more connected to their stakeholders; and more collaborative.
A risk-intelligent, integrated operating model is centered on strategy while utilizing governance and infrastructure mechanisms that are already in place, with business operations at the core. Companies can be enabled to consider multiple risk domains—financial, operational, regulatory, reputational, extended enterprise, technological, talent, and strategic—in such a model because risk management processes can be integrated into business operations at multiple functions and levels throughout the enterprise.
A leading example of ERM
To help grasp how a strategic intelligence approach to ERM can provide a more dynamic approach to risk management, consider an example that is familiar to many people: high-performance car racing. What kinds of cars have the best brakes? High-performance race cars. Why? So they can go fast with confidence in an effort to win the race.
Operating in a highly regulated industry, high-performance race teams are often highly organized operations with characteristics common to many businesses. Many successful race teams use extensive data analysis and scenario planning to evaluate a multitude of risks and opportunities that can lead to a checkered flag at the finish line—vehicle design, driver capabilities and techniques, track and weather conditions, competitive factors, equipment, and much more.
Advanced risk management systems help many race teams excel at taking calculated risks to win while also managing and mitigating the right risks at the right time to do so safely. These teams leverage technology, data, risk sensing, and analytics, and they demonstrate agility and iterative learning while performing scenario planning, simulations, and testing to refine their methods and processes. Successful teams often exhibit a culture of partnership to get the job done, and they communicate effectively—with the result a more effective, integrated view of risk and reward. Through extensive practice, analytics, simulations, and iterative learnings, the race team develops a high level of effectiveness, which gives the driver confidence to push the speed envelope as far as possible to win the race.
While many of these tools, techniques, and capabilities aren’t new, often times in corporate settings they aren’t being applied together in such a purposeful and coordinated way. It represents a modernized, foundational approach that can help organizations create risk-intelligent enterprises focused on both preventing loss and creating value.
Concluding insights
Strategic intelligence is gaining momentum among companies that are seeking an improved view of emerging risks on the horizon, both those that represent threats as well as those that portend opportunity. Audit committees can encourage the use of cutting-edge tools and technologies that can help companies develop a more dynamic approach to ERM as a way to help protect the enterprise and drive value, particularly during times of transition and uncertainty.
Simply put, a dynamic approach to ERM, integrated with the business and with ESG-related initiatives, can become a catalyst for positive change. By asking management important questions about how they are elevating their approach to ERM and integrating ESG into the business, audit committees can help improve the likelihood of strategic success, operational efficiency, reputational resilience, and strategic risk management. It can help companies more comprehensively explore the vast possibilities that exist on the horizon and identify both risks to be managed and opportunities to be seized.
Questions for audit committees to consider:
- To what extent are ERM and risk intelligence integrated into business processes across the enterprise? Where could the company benefit from improved integration?
- How is the company’s approach to ERM enabling the C-suite to understand strategic and emerging risks? Where does the company have blind spots?
- How is the company integrating an understanding of strategic and emerging risks into business operations? As an example, how do business operations across the enterprise consider risks related to ESG issues?
- How could the company leverage strategic intelligence within its existing infrastructure and governance framework to gain an improved understanding of emerging risks on the horizon?
- How could an improved use of strategic intelligence illuminate business opportunities on the horizon with respect to emerging risk, such as risks related to ESG factors?
- How could strategic intelligence improve decision-making across the enterprise with respect to both threats to strategy and opportunities to create value?
Endnotes
1 Deloitte’s Center for Board Effectiveness and Center for Audit Quality, Audit Committee Practices Report: Common Threads Across Audit Committees, January 2022.
2 Ibid.
Recommendations
On the Audit Committee's Agenda
Top of mind topics for audit committee members
Emerging fraud risks to consider: ESG
On the audit committee’s agenda, July 2022