Three ways to improve your emerging risk management framework

An emerging risk is likely to mean something different depending on the organisation, but most risk leaders agree that it evolves in areas where the body of available knowledge is weak. It could be a known risk that has begun to change due to the development of a new context – for example, threats to health and safety in the midst of a global pandemic – or a new risk altogether.

While some companies like to put a timescale on emerging risks, so they can map when these threats or opportunities will start to impact the business, others believe that the uncertainty surrounding emerging risks make this too difficult.

In collaboration with risk leaders at leading organisations around the world, Risk Leadership Network has identified a number of key activities to help improve your emerging risk framework, which include:

1. Determine critical functions

In order to decide what functions of the business are vitally important, you have to consider which of these are critical to achieving both strategic and operational objectives. This forms the bedrock of any emerging risk approach, as a potential threat to one of these functions will represent an emerging risk for the business.

Considerations should include, but are not limited to:

1. Customer base(s)
2. Resources
3. Supply chains
4. Stakeholder expectations

Risk leaders have identified that one of the ways to improve their level of maturity is to specifically link the role of different functions back to strategic objectives in a way that key stakeholders across the business recognise.

2. Identify disruptors

Once you have identified what parts of the business are most central to the company’s strategy, the next step is to focus on the types of emerging risk that could affect these areas of the business.

Risk leaders using this maturity model have to consider the process they have in place to identify emerging risks – is this part of the “business-as-usual” risk management process, or is there a formal system in place to recognise and assess the potential threats that are out there?

Another key consideration for risk leaders is, who is involved in this process? While it may be useful to consult key stakeholders across the business on the emerging risks that they perceive, mining the insights of external experts could make a significant difference in terms of your organisation’s capability to identify disruptors.

Don’t forget, while the word “disruption” often has negative connotations in most contexts, the term “disruptor” could refer to an opportunity that the business can take advantage of.

3. Collect and monitor indicator information

It’s not enough to simply identify and register the emerging risks that could affect your company, given that these kinds of disruptors are likely to change over time. Monitoring them frequently to see how they develop is crucial.

Having access to both qualitative and quantitative data is a key component of reaching a higher level of maturity when it comes to monitoring emerging risks and setting the right indicators for each – and several members have highlighted that this monitoring should be embedded as part of other business monitoring taking place.

Indicators might also, for mature organisations, be reported consistently across business units and associated risks discussed within the context of the indicators.

This article is a small sample of the activities identified in Risk Leadership Network's new Emerging Risk Maturity Model.