Zach Wolff, director of ERM and SOX internal controls, ConEdison, shares insights with Don Pagach, director of research in the NC State ERM Initiative about how his organization engages business leaders across the company to identify potential issues that may reflect longer-term emerging enterprise-level risks.
Identifying Long-Term Risks
Most ERM programs engage their leadership team in risk identification and assessments tasks that are geared towards risks that might emerge over the next 2-3 years. While that provides valuable insights, there may be longer-term risks that are emerging but not on management’s ERM radar. Failing to also focus on longer-term potential issues may ultimately mean management is caught off guard by a developing risk that they may have overlooked. Zach describes a technique used at ConEdison to tease out potential longer-term developing risks.
Developing Watch Lists of Risks
ERM program leaders at ConEd are constantly scanning the environment for emerging risks throughout the year by using a number of external sources about emerging issues. In addition to that, each year about 300 (of the 14,000 employees) at ConEd are asked to complete a risk identification survey to pinpoint emerging issues that may evolve into long-term risks.
The survey contains two questions:
In the next two-to-ten years,
- What is changing in the external business environment that you believe we need to further consider?
- What are you doing in your business unit to transform the business and how is it changing your business in a way that might generate new risks?
Survey responses to these two questions are then compiled by the ERM program and mapped to other external sources of risks (for example, NC State/Protiviti’s Executive Perspectives on Top Risks Report)to see if others outside the company are focused on similar risk themes. ConEd ultimately uses this process to pinpoint a number of potential issues that may be emerging over longer-term horizons that should be on the company’s watch list.
Engaging Risk Liaisons
The ERM program leaders also engage risk liaisons across the business units. They ask the business unit leaders to look at the list of risks generated by the external scanning and risk surveys to obtain their thoughts and to have the risk liaisons sit down with their lead executive to assess whether the short list of potential longer-term risks might impact the business as an emerging risk.
Communicating Emerging Issues to Leadership
Once risk liaisons provide insights from their review and discussions, the ERM team categorizes the risks into themes or issues to reflect things that might be changing but are currently hard to know just yet how they might evolve. That short list of risks is presented to the executive leaders to obtain their insights about how the issues might represent potential risks that may escalate over the long term for the enterprise.
Interested in this topic? You may also like this article, Managing Long-term Risk: Preparing for 2032.
