An Effective ERM Program
Many companies have established ERM programs that have been battle-tested. Recent major events have revealed contrasting examples where some companies were caught by surprise while others were flexible enough to change positions to thrive through risk events. Many of these risk events were too pervasive and too large for a single entity to manage them alone. In the article, PWC argues that risks that span beyond the capacity of an enterprise are systemic and therefore require a collaboration of partner companies who work together to effectively mitigate those risks. Businesses must continuously seek out information related to changing conditions, assess the risk’s impact, and adapt their change management programs accordingly. For companies to survive through crises, risk managers should extend their ERM systems to incorporate “emerging” (systemic) risk into risk management processes. Partnering with others outside the organization can strengthen the organization’s ability to recognize broader, emerging systemic risks.
Incorporating Emerging Risk in the ERM Process
The problem companies face with preparing and planning for unknown risks (better known as “black swans”) is the fact that they are indeed unknown. Understanding the unknown is made more difficult as there is no information of the impact or likelihood of such events. The authors suggest that to be able to effectively respond to emerging risks when they materialize, business managers must adopt a systemic approach outlined by the following key steps:
- Identify relevant emerging risks.
- Assess the significance of each risk, how the risk is interconnected with other risks, and determine their implications to the business.
- Determine strategies for risk responses while considering collaboration with external entities.
- Continuously monitor emerging risks through the use of qualitative and quantitative indicators.
Expecting the Unknown
Companies that allocate resources to the risk management budget limit the ability of risk management programs to hone in on risks that are unexpected. Similarly, risk managers tend to focus on risks that impact performance targets. However, the authors argue that unknown risk can be predictable. A method for accomplishing this is to use extrapolations from variations in historical statistics.
Expanding Existing ERM Systems to Account for Emerging Risk
The financial crisis of 2008 brought to light the interconnectedness of risks that were seemingly unrelated. The companies that continued to be successful were those that were analyzing its risk portfolio to identify recent trends and increased risk exposures. For example, some companies realized that their risk tolerances were exceeded with respect to mortgage-backed securities. Their response was to sell these securities and used the funds to purchase expensive insurance against losses. Many companies that were reactively managing risks ended up in a position whereby it was too late to adequately respond.
Embedding emerging risks into the risk culture of organizations requires managers to consider engaging relevant external parties as necessary. However, collaborating with other parties brings upon new risk in and of itself. The authors present an approach to mitigating collaborative risk associated with the third step in incorporating emerging risks. Companies must integrate emerging risk disciplines into the overall business management strategy.
For management to expand their existing ERM program, a good place to start is to make a list of potential emerging risk threats that are relevant to their business. The authors provide a non-exhaustive list of global, emerging risks that have recently come to fruition.
By adopting a proactive approach to risk management and collaborating with important partners to synergistically manage risks, companies can turn emerging risks into emerging opportunities. Examples of the top opportunities for business growth that came out of the survey included new product development, mergers and acquisitions, and new strategic alliances.
Business managers using the traditional ERM approach to managing risk are assuming that the status quo hasn’t or isn’t changing. Companies need better foresight and change agility management strategies to effectively mitigate emerging risks. By anticipating change and extremely adverse events that cause rapid change, an enterprise places itself in a better position to capitalize on rare opportunities.