By working with risk leaders of various maturity levels around the world to develop our Emerging Risk Maturity Model, we've found that there are three key attributes of a mature, optimised emerging risk framework. Has your organisation implemented any of these steps?
To read more on emerging risk, take a look at our guide: Emerging Risks: How are businesses managing their blind spots?
In many cases, emerging risks will develop as a result of external events, making it common for businesses to develop blind spots, have optimism bias or become complacent, especially if they are only scanning their risk environment internally.
Therefore, it is a good idea to consult external stakeholders and experts for two purposes:
to understand additional contexts that may determine what your critical processes are; and
be aware of external disruptors that the business may otherwise be blind to.
It is very easy to develop tunnel vision when thinking about the potential risks and opportunities that could impact the business – experts outside of the business may be able to think more objectively and have knowledge that doesn’t already exist within the organisation (check out the discussions members are having with peers in other organisations and sectors during our member meetings).
2. Implement an ongoing review process
It’s not enough to identify your disruptors and consider them once – periodic review is necessary to ensure you are keeping on top of how emerging risks are transforming.
As with principal risks, key risk indicators can be leveraged to help the business continuously monitor and respond to emerging risks.
The thresholds you set for your emerging risk indicators also need to be reviewed regularly. As the business grows, the potential impact and likelihood of an emerging risk materialising may also shift; consequently, the indicators you set initially will have to evolve over time.
Several members are also framing their emerging risk discussions around the velocity of these risks or trends as well as how vulnerable or prepared the business is to respond to them, which will also evolve over time too. They have affirmed that this approach helps them to better engage the board and senior leaders in emerging risk discussions.
3. Collect a varied range of data
In order to paint the most accurate picture of how emerging risks will develop, a wide range of data sources – both quantitative and qualitative – should be taken into account.
For example, when you consider an emerging risk such as climate change, average temperature rise across the whole world may be a numerical figure you continue to monitor, particularly as a significant rise could have an influence on adverse weather conditions and other potential scenarios.
Equally, qualitative data – such as insights from major news outlets, expert bodies, and social media – is also important to get an understanding of how this emerging risk may evolve.
We've worked Risk Leadership Network members – practising risk leaders across various sectors – to develop our Emerging Risk Maturity Model.
The model is intended to work alongside strategic and operational risk management processes that are already in place, helping risk practitioners to monitor, report and respond to emerging risks.
The iterative model focuses in particular on how businesses can identify critical processes (both strategic and operational) before considering the potential disruptors that may interfere with these processes.
The Emerging Risk Maturity Model is only available for Risk Leadership Network members, but we are inviting emerging risk leads from selected companies to take part in the self-assessment. If you'd like to take part, please request to participate here.