In a world that is increasingly connected and evolving – where the value of global exports has increased exponentially, interest rates are negative, inequality and nationalism are rising, and fiscal debt is at levels never seen before – risk management functions need to rethink their approach. But how?
Traditional risk models were developed at a time when the world was vastly different – more stable, less connected and less complex – than it is today. At the time, there was no reason to consider the interdependencies between, or interconnectedness of, risks.
As a result, they under-present future risks, including for example, the 2008 global financial crisis and the 17 globally significant economic crises before it.
The new “best in class” risk management comprises of a combination of traditional risk management methodologies, understanding the networking of risks to determine the company’s exposures and adopting behavioral economic principles.
Past behavior is a poor predictor of the future when the forces sharing the future are fundamentally different to what has gone before.
In essence, traditional risk models use historic data to “predict” the future. This data is a poor fit for modelling the new, emerging trends encountered today. So organizations should also consider future trends/exposures in their risk models, including:
Unfunded social security
Unaffordable medical costs
High frequency trading
EU (€) uncertainty
Trust and truth
Slowdown of China
Brexit, Catalonia, Scotland
Have we considered the future, emerging developments never observed in the past in our risk modelling? Have we built causation pathways between those risks in manners that are more enriched than merely relying on past correlations? Because that is how we’ve been surprised in the past – and we can afford it no more.
- Dr Andries Terblanché
In order to identify new emerging risks, the discussion needs to extend beyond the risk management function or C-suite to include a diverse group of experts throughout the organization – those individuals with the deepest knowledge of the company, the greatest sector knowledge, up and down cycle experiences, and so on.
Interview them individually and collectively to identify the relevant risks. Consult them then to determine the interconnectedness of the risks in order to build a network of risks. Then consider how the future interconnectedness of risks differs from that of the past to create new risks.
Organizations are more globally connected than before. Risks are no longer isolated within an organization’s wall. In a network (of companies, e.g. banks), any risk or exposure to Company A poses one for Company B. The most connected ones – the most “globally significant” – have literally become “too big to fail”, due to the knock-on effect it would have as the risks spread to the rest of the network.
A company may not be able to control the risks that arise from outside the organization, but it is crucial to understand where those risks lie, what the potential impact is and which ones are sufficiently significant to warrant disclosure. The latter is increasingly important as the regulators are beginning to focus more on networks.
What scares me is, what if the biggest, most important thing we just completely missed? …if in fact the dominant structure isn’t organisations, but networks.
- Jim Collins
Within the organization, management needs to not only consider the severity and likelihood of the identified risks individually, but also how they connect to create a network of risks. Then the priority for the board/management lies within the:
This January at Davos, the World Business Council for Sustainable Development (WBCSD) launched its report: An enhanced assessment of risks impacting the food and agriculture sector. The report dives into how a dynamic risk assessment can improve companies’ risk practices and identify crucial aspects to continue creating long-term value.
In addition to the traditional measures of risk severity and likelihood, Dynamic Risk Assessment additionally considers risk interconnectedness (risks that link together) and velocity (expected speed with which risks will affect operations) to understand an organization’s systemic risk profile. It uses network theory and proven scientific methods to determine whether individual risks to a business can be expected to cluster together (interconnect) to form concentrations of risk events, and to determine where there is expected contagion between structural breaks and organizationally idiosyncratic risks.
The Board Leadership Center offers non-executive and executive board members and those working closely with them (including CROs and Heads of Internal Audit) a place within a community of board-level peers and access to topical seminars and ‘lunch and learn’ Board Academy sessions, invaluable resources and thought leadership, and lively and engaging networking opportunities.