Emerging risks are those that cannot yet be fully assessed but could, in the future, affect the viability of an organization’s strategy and business model. A risk savvy culture sometimes calls for an informal adhocracy to identify emerging risks in a timely manner.
When the National Association of Corporate Directors (NACD) published its Report of the NACD Blue Ribbon Commission – Risk Governance: Balancing Risk and Reward in 2009, it recommended 10 timeless principles to assist boards in strengthening their oversight of the company’s risk management. One principle was, “Consider emerging and interrelated risks: What’s around the next corner?” The NACD report noted that boards need to “look forward to understand elements in the environment – macroeconomic, political, technological, demographic, climatic/environmental – that may impact the conduct and effectiveness of the business in the future.”
A complaint we often hear from executives is that the risk assessment process is too static. But change never ceases.
Every organization has a risk assessment process, and most organizations apply that process periodically. With risk being disruptive, new developments arise often in the interim between periodic risk assessments. A complaint we often hear from executives is that the risk assessment process is too static. But change never ceases.
The term “adhocracy” (coined by Robert Waterman Jr.) has evolved to describe an organizational approach that cuts across normal bureaucratic lines to capture opportunities, solve problems and get results. An adhocracy structure is flexible, adaptable and susceptible to fresh points of view for looking at and sizing up the business environment. Timely identification of emerging risks between scheduled risk assessments may, in fact, depend more on adhocracy than formal processes because emerging risks are anticipatory and deal with issues that may not be on management’s radar. Ad hoc activities supplement established risk assessment and management processes and may even lend themselves better to the fluid world of emerging risks.
Smaller organizations find adhocracy easier than larger ones. But regardless of the company’s size, management should foster a risk savvy culture that facilitates the recognition and communication of emerging risks up, down and across the enterprise so that critical and creative thinking can flourish.
Following are seven suggestions on how management can accomplish this end.
Conduct Brainstorming Sessions
One of the most commonly applied expressions of adhocracy, brainstorming brings the right people together to focus on one or more issues of mutual interest. The Latin phrase “ad hoc” translates as “for this,” meaning “for this special purpose,” i.e., to identify emerging risks. While these activities may be carried out through a formal management risk (or other) committee, they may also be spontaneous, unplanned knowledge-sharing sessions to ascertain whether changes have occurred internally or externally that warrant closer attention.
Executives at one Fortune 500 company describe these activities as “taking a pause” to discuss risks in the business, particularly enterprise risks that present obstacles to the organization’s success in achieving its objectives. Brainstorming may focus on identifying extreme but plausible scenarios, such as a pandemic, a precipitous decline in the economy, a loss of a major customer, an unexpected spike in interest rates or emergence of highly restrictive trade policies in key markets.
Encourage a Cross-Functional, Cross-Unit Perspective
In a larger organization with different operating units, it is important to understand how support functions and units interact with each other and with outside parties. Ad hoc sessions should embrace a cross-functional, cross-unit view. For example:
- Is procurement operating independently of R&D, design engineering and finance in the pursuit of functional excellence? If so, significant exposure to excess and obsolete inventory can emerge.
- Do two or more operating units sell to the same customers? If so, customer concentrations should be monitored on a consolidated basis, not just for the individual units themselves.
- Is enterprise-wide business continuity exposure from units sourcing from the same supplier monitored over time?
Keep It Fresh
While emerging risks may be identified through established committees, monitoring processes and forward-looking key risk indicators, a constantly changing environment necessitates shaking things up to encourage people to think out of the box to avoid being constrained by rules and conventions. To illustrate:
- Providing new information on market developments – perhaps sourced from the organization’s various intelligence gathering functions – roots the dialogue in business realities and can elicit powerful insights as to possible emerging risks.
- To overcome the risk of undue influence from the blinders of cognitive bias, ad hoc (as well as formal) assessments should encourage dissenting points of view, ensure that all views are heard (and considered) from the right sources and stimulate creative thinking. Sometimes, this means holding back the smartest and most senior people in the group to avoid having them dominate the discussion.
- Giving license to longer-term thinking can unleash dialogue, resulting in envisioning very different risks to the business. For example, the World Economic Forum uses a 10-year horizon when conducting its annual risk study. A longer horizon is often a key distinction between proponents of sustainability issues versus those who give lip service to such issues due to short-termism. As illustrated by a recent global survey, a long-term perspective augments short-term risk awareness by revealing significant challenges that might be overlooked by a short-term assessment.
Pay Attention to Execution of the Strategy
The 2009 NACD report points out that boards need to pay attention to the risk of management failing to execute the approved strategy because of either unwillingness or lack of capabilities to execute. A more recent NACD survey also noted that almost 70% of directors believe that their boards must strengthen their understanding of the risks and opportunities affecting company performance. The organization’s monitoring of performance should not be limited to the traditional retrospective metrics that “keep score” against quality, cost, time, innovation, customer loyalty and employee satisfaction targets. Such metrics should be supplemented with anticipatory and forward-looking indicators and trending metrics linked to the most critical risks to executing the strategy.
Watch Out for Gray Rhinos
In 2018, the NACD issued a report on board oversight of disruptive risks and the importance of adaptive governance as a framework for overseeing such risks. Management should assess the velocity and persistence of significant risk events as well as the organization’s response readiness. Ad hoc sessions should carefully consider disruptive risk events that are high impact, high velocity and high persistence so that focused efforts are undertaken to develop and improve response plans.
Apart from the so-called black swans, the risks no one sees coming, these gray rhinos can be just as threatening if disregarded until it is too late, e.g., a major attack by macro hackers that takes out major infrastructure (the national energy system), the bursting of another financial bubble equivalent in magnitude to the 2008 housing collapse, the disruptive effect of digital innovation on business models, the impact of persistent inflation on operations, a catastrophic event caused by climate change, or a regional conflict (where currently tensions are high) with its disruptive effect on supply chains and trade policies. Management should play out these extreme but plausible scenarios to ascertain their impact, how the organization might respond and what can be done to be better prepared should they occur.
Expect the Board to Play a Part in Recognizing Emerging Risks
Boards should be resourceful in looking to external sources beyond management for insights on topics that matter – industry developments, technological advances, investor feedback, benchmarking against competitors and changes in the regulatory environment, among others. As there is no playbook for taking this initiative, this collective effort amounts to adhocracy at its finest. The 2009 NACD report states that the board is positioned to provide a value-added perspective on emerging risks because it is “inherently less insular than a management team might be on the issue.” This perspective is fostered by strong board dynamics in which directors engage senior management in an open and collaborative manner, retaining an independent mindset on the shareholders‘ behalf.
In summary, executive management and the board should foster a risk savvy culture that encourages a longer-term view, monitors what matters both internally and externally, and devotes efforts to assess the implications of change on the business – through either ad hoc activities or formal processes. Employees who are risk aware and able to visualize the big enterprise-wide picture should be empowered to take the initiative to “connect the dots” when new developments emerge, determine whether the entity’s risk profile has been altered in a significant way, and recommend to decision makers the best approach to capitalize on market opportunities and address emerging risks.
Questions for Executive Management and Boards
Following are some suggested questions that boards of directors may consider, based on the risks inherent in the company’s operations:
Are we apprised in a timely manner of significant changes in the enterprise’s risk profile? Are we enabling the collaboration and informal dialogue up, down and across the enterprise to promptly identify emerging risks? Does the exercise result in appropriate response plans on a timely basis?
- Are we satisfied with the sufficiency of our processes for continuously monitoring changes in the business environment to identify impacts on the assumptions and risks inherent in the corporate strategy?
- Are we looking out far enough when assessing risk to avoid constraining risk assessments with short-term thinking? Are the relationships between risks and interactions among operating units considered?
- Are we bringing enough creativity to risk assessments to stimulate fresh, unbiased thinking about emerging risks? Are the executive team and board appropriately engaged in these assessments?