No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Governance

Leverage the Power of Adhocracy to Identify Emerging Risks

Informal, Cross-Department Brainstorming Can Identify Those Charging Gray Rhinos and Other Risks Boards Often Fail to See Coming

by Jim DeLoach
January 11, 2022
in Governance, Risk
A rhino (symbol of risk) sits in profile in black and white.

Emerging risks are those that cannot yet be fully assessed but could, in the future, affect the viability of an organization’s strategy and business model. A risk savvy culture sometimes calls for an informal adhocracy to identify emerging risks in a timely manner.

When the National Association of Corporate Directors (NACD) published its Report of the NACD Blue Ribbon Commission – Risk Governance: Balancing Risk and Reward in 2009, it recommended 10 timeless principles to assist boards in strengthening their oversight of the company’s risk management. One principle was, “Consider emerging and interrelated risks: What’s around the next corner?” The NACD report noted that boards need to “look forward to understand elements in the environment – macroeconomic, political, technological, demographic, climatic/environmental – that may impact the conduct and effectiveness of the business in the future.”

A complaint we often hear from executives is that the risk assessment process is too static. But change never ceases.

Every organization has a risk assessment process, and most organizations apply that process periodically. With risk being disruptive, new developments arise often in the interim between periodic risk assessments. A complaint we often hear from executives is that the risk assessment process is too static. But change never ceases.

The term “adhocracy” (coined by Robert Waterman Jr.) has evolved to describe an organizational approach that cuts across normal bureaucratic lines to capture opportunities, solve problems and get results. An adhocracy structure is flexible, adaptable and susceptible to fresh points of view for looking at and sizing up the business environment. Timely identification of emerging risks between scheduled risk assessments may, in fact, depend more on adhocracy than formal processes because emerging risks are anticipatory and deal with issues that may not be on management’s radar. Ad hoc activities supplement established risk assessment and management processes and may even lend themselves better to the fluid world of emerging risks.

Smaller organizations find adhocracy easier than larger ones. But regardless of the company’s size, management should foster a risk savvy culture that facilitates the recognition and communication of emerging risks up, down and across the enterprise so that critical and creative thinking can flourish.

Following are seven suggestions on how management can accomplish this end.

Conduct Brainstorming Sessions

One of the most commonly applied expressions of adhocracy, brainstorming brings the right people together to focus on one or more issues of mutual interest. The Latin phrase “ad hoc” translates as “for this,” meaning “for this special purpose,” i.e., to identify emerging risks. While these activities may be carried out through a formal management risk (or other) committee, they may also be spontaneous, unplanned knowledge-sharing sessions to ascertain whether changes have occurred internally or externally that warrant closer attention.

Executives at one Fortune 500 company describe these activities as “taking a pause” to discuss risks in the business, particularly enterprise risks that present obstacles to the organization’s success in achieving its objectives. Brainstorming may focus on identifying extreme but plausible scenarios, such as a pandemic, a precipitous decline in the economy, a loss of a major customer, an unexpected spike in interest rates or emergence of highly restrictive trade policies in key markets.

Encourage a Cross-Functional, Cross-Unit Perspective

In a larger organization with different operating units, it is important to understand how support functions and units interact with each other and with outside parties. Ad hoc sessions should embrace a cross-functional, cross-unit view. For example:

  • Is procurement operating independently of R&D, design engineering and finance in the pursuit of functional excellence? If so, significant exposure to excess and obsolete inventory can emerge.
  • Do two or more operating units sell to the same customers? If so, customer concentrations should be monitored on a consolidated basis, not just for the individual units themselves.
  • Is enterprise-wide business continuity exposure from units sourcing from the same supplier monitored over time?

Keep It Fresh

While emerging risks may be identified through established committees, monitoring processes and forward-looking key risk indicators, a constantly changing environment necessitates shaking things up to encourage people to think out of the box to avoid being constrained by rules and conventions. To illustrate:

  • Providing new information on market developments – perhaps sourced from the organization’s various intelligence gathering functions – roots the dialogue in business realities and can elicit powerful insights as to possible emerging risks.
  • To overcome the risk of undue influence from the blinders of cognitive bias, ad hoc (as well as formal) assessments should encourage dissenting points of view, ensure that all views are heard (and considered) from the right sources and stimulate creative thinking. Sometimes, this means holding back the smartest and most senior people in the group to avoid having them dominate the discussion.
  • Giving license to longer-term thinking can unleash dialogue, resulting in envisioning very different risks to the business. For example, the World Economic Forum uses a 10-year horizon when conducting its annual risk study. A longer horizon is often a key distinction between proponents of sustainability issues versus those who give lip service to such issues due to short-termism. As illustrated by a recent global survey, a long-term perspective augments short-term risk awareness by revealing significant challenges that might be overlooked by a short-term assessment.

Pay Attention to Execution of the Strategy

The 2009 NACD report points out that boards need to pay attention to the risk of management failing to execute the approved strategy because of either unwillingness or lack of capabilities to execute. A more recent NACD survey also noted that almost 70% of directors believe that their boards must strengthen their understanding of the risks and opportunities affecting company performance. The organization’s monitoring of performance should not be limited to the traditional retrospective metrics that “keep score” against quality, cost, time, innovation, customer loyalty and employee satisfaction targets. Such metrics should be supplemented with anticipatory and forward-looking indicators and trending metrics linked to the most critical risks to executing the strategy.

Watch Out for Gray Rhinos

In 2018, the NACD issued a report on board oversight of disruptive risks and the importance of adaptive governance as a framework for overseeing such risks. Management should assess the velocity and persistence of significant risk events as well as the organization’s response readiness. Ad hoc sessions should carefully consider disruptive risk events that are high impact, high velocity and high persistence so that focused efforts are undertaken to develop and improve response plans.

Apart from the so-called black swans, the risks no one sees coming, these gray rhinos can be just as threatening if disregarded until it is too late, e.g., a major attack by macro hackers that takes out major infrastructure (the national energy system), the bursting of another financial bubble equivalent in magnitude to the 2008 housing collapse, the disruptive effect of digital innovation on business models, the impact of persistent inflation on operations, a catastrophic event caused by climate change, or a regional conflict (where currently tensions are high) with its disruptive effect on supply chains and trade policies. Management should play out these extreme but plausible scenarios to ascertain their impact, how the organization might respond and what can be done to be better prepared should they occur.

Expect the Board to Play a Part in Recognizing Emerging Risks

Boards should be resourceful in looking to external sources beyond management for insights on topics that matter – industry developments, technological advances, investor feedback, benchmarking against competitors and changes in the regulatory environment, among others. As there is no playbook for taking this initiative, this collective effort amounts to adhocracy at its finest. The 2009 NACD report states that the board is positioned to provide a value-added perspective on emerging risks because it is “inherently less insular than a management team might be on the issue.” This perspective is fostered by strong board dynamics in which directors engage senior management in an open and collaborative manner, retaining an independent mindset on the shareholders‘ behalf.

In summary, executive management and the board should foster a risk savvy culture that encourages a longer-term view, monitors what matters both internally and externally, and devotes efforts to assess the implications of change on the business – through either ad hoc activities or formal processes. Employees who are risk aware and able to visualize the big enterprise-wide picture should be empowered to take the initiative to “connect the dots” when new developments emerge, determine whether the entity’s risk profile has been altered in a significant way, and recommend to decision makers the best approach to capitalize on market opportunities and address emerging risks.

Questions for Executive Management and Boards

Following are some suggested questions that boards of directors may consider, based on the risks inherent in the company’s operations:

Are we apprised in a timely manner of significant changes in the enterprise’s risk profile? Are we enabling the collaboration and informal dialogue up, down and across the enterprise to promptly identify emerging risks? Does the exercise result in appropriate response plans on a timely basis?

  • Are we satisfied with the sufficiency of our processes for continuously monitoring changes in the business environment to identify impacts on the assumptions and risks inherent in the corporate strategy?
  • Are we looking out far enough when assessing risk to avoid constraining risk assessments with short-term thinking? Are the relationships between risks and interactions among operating units considered?
  • Are we bringing enough creativity to risk assessments to stimulate fresh, unbiased thinking about emerging risks? Are the executive team and board appropriately engaged in these assessments?

Tags: Board Risk OversightEnterprise Risk Management (ERM)Risk Assessment
Previous Post

3 Steps to Practicing Self-Compassion

Next Post

Ethisphere Acquires informed360 Compliance Platform

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

frayed_white

New Year, Same ESG Challenges: Overstretched Boards Face Barrage of Global Regulation

by Helle Bank Jorgensen
January 25, 2023

Global economic uncertainty notwithstanding, 2023 is certain to bring a host of emerging risks for board directors to navigate. One...

tech fluency_n

Not Your Grandpa’s C-Suite: Improving Tech Fluency at the Top of the Organization

by Jim DeLoach
January 18, 2023

In our hyper-connected world, just about every company is a tech company. As commerce and technology become increasingly intertwined, it’s...

hottest takes

The Hottest Compliance Takes of 2022

by Staff and Wire Reports
December 14, 2022

Nobody was canceled for anything they wrote for our pages in 2022 — at least that we know of. But...

Next Post
ethisphere merger

Ethisphere Acquires informed360 Compliance Platform

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT