An emerging risk is likely to mean something different depending on the organisation, but most risk leaders agree that it evolves in areas where the body of available knowledge is weak. It could be a known risk that has begun to change due to the development of a new context – for example, threats to health and safety in the midst of a global pandemic – or a new risk altogether.
To read more on emerging risk, take a look at our guide: Emerging Risks: How are businesses managing their blind spots?
While some companies like to put a timescale on emerging risks, so they can map when these threats or opportunities will start to impact the business, others believe that the uncertainty surrounding emerging risks make this too difficult.
In collaboration with risk leaders at leading organisations around the world, Risk Leadership Network has identified a number of key activities to help improve your emerging risk framework, which include:
1. Determine critical functions
In order to decide what functions of the business are vitally important, you have to consider which of these are critical to achieving both strategic and operational objectives. This forms the bedrock of any emerging risk approach, as a potential threat to one of these functions will represent an emerging risk for the business.
Considerations should include, but are not limited to:
Risk leaders have identified that one of the ways to improve their level of maturity is to specifically link the role of different functions back to strategic objectives in a way that key stakeholders across the business recognise.
2. Identify disruptors
Once you have identified what parts of the business are most central to the company’s strategy, the next step is to focus on the types of emerging risk that could affect these areas of the business.
Risk leaders using this maturity model have to consider the process they have in place to identify emerging risks – is this part of the “business-as-usual” risk management process, or is there a formal system in place to recognise and assess the potential threats that are out there?
Another key consideration for risk leaders is, who is involved in this process? While it may be useful to consult key stakeholders across the business on the emerging risks that they perceive, mining the insights of external experts could make a significant difference in terms of your organisation’s capability to identify disruptors.
It’s not enough to simply identify and register the emerging risks that could affect your company, given that these kinds of disruptors are likely to change over time. Monitoring them frequently to see how they develop is crucial.
Having access to both qualitative and quantitative data is a key component of reaching a higher level of maturity when it comes to monitoring emerging risks and setting the right indicators for each – and several members have highlighted that this monitoring should be embedded as part of other business monitoring taking place.
Indicators might also, for mature organisations, be reported consistently across business units and associated risks discussed within the context of the indicators.
This article is a small sample of the activities identified in Risk Leadership Network's new Emerging Risk Maturity Model.
Emerging Risk Maturity Model
To help companies benchmark their current framework for managing emerging risks and identify a clear path for better practice, Risk Leadership Network has developed an Emerging Risk Maturity Model.
See how it works in this short video:
Find out more about each of the five components of our Emerging Risk Maturity Model and discover how it's different to others that you might have seen before.
The Emerging Risk Maturity Model has been structured to support organisations at varying levels of emerging risk maturity. The full model is only available to members, but we are inviting emerging risk leads from other key organisations around the world to complete the self-assessment and receive the benchmark report, in order to enhance the benchmark for our members.