A CEO I once worked for used to regularly ask me, “Tell me what I don’t know.” In his view, he could read the Wall Street Journal or any number of other typical sources of intelligence and information about running organizations, just like me as his senior risk leader. What he was most concerned about, as are most CEOs, board members and other key risk stakeholders, are the things once described by Donald Rumsfeld, former Secretary of Defense, following 911. That is:
“There are known knowns. These are things that we know that we know. There are known unknowns. That is to say, there are things we know we don’t know, but there are also unknown unknowns. These are things we don’t know we don’t know.”
For many, myself included, this was a bit of mind-bender. Yet the essence of his ruminating is quite simple. He’s alluding to emerging risks, those things that are defined by the Risk Management Society (RIMS) as:
“Those issues that have not manifested themselves sufficiently to be managed using the tools commonly applied to more developed exposures. They are “those risks an organization has not yet recognized or those which are known to exist, but are not well understood.”
For leaders of all kinds, but especially for risk leaders, this area of the discipline is a black hole of possibilities, about which it is rarely immediately clear whether or not they require attention, let alone well-defined action. Some view these risks as “black swans” which by definition are things which didn’t exist, until they were discovered to exist. The unknown unknowns. But it is important not to ignore those risks we have some information and perhaps understanding about, even if they are remote or highly unlikely. This is true because they are often very destructive.
To understand these risks, let’s look at their common characteristics. First and logically, they are highly uncertain. As mentioned, their frequency is low but their impact is often very significant. They also have the potential to change quickly – even metastasize. They are risks that are difficult to drive a consensus about among subject matter experts. Because they may be completely unknown, they are typically not on anyone’s radar. Their qualitative characteristics are fuzzy at best. The ability to quantify them is usually non-existent. The relevance to the business, its strategy and objectives is also typically unclear at best. Most observers would say they are too futuristic to matter.
These risks are also hard to communicate. Because they are perceived as unlikely, possibly even irrelevant, they are viewed as deserving none of the limited time most executives have to address anything but the most pressing issues. Even so, they may be embedded in existing practices and procedures, thus right in front of many, but not recognized as a serious threat to success. Finally and not surprisingly, these risks are difficult to find owners for, since accountability for addressing raises personal risks. Acting on these often complex exposures implies redirecting time, resources and even priorities and thus can be expected to be met with substantial resistance.
In this increasingly volatile, uncertain, complex and ambiguous world we operate in, we are called upon to be better at anticipating, adapting, maneuvering, preparing for and responding to even (and especially) these unlikely but value-destroying risks that simply shouldn’t be ignored.
So what should risk leaders to in order to get ahead of emerging risks? Well here’s a simple five-step plan for moving forward.
- Build an emerging risk strategy and process into your overall risk management strategy
- Enhance your risk identification process to include low probability, high severity possibilities as they relate to strategic goals and objectives
- Assess risk interconnectedness of these compared to other identified risks to understand how they relate to and possibly exacerbate other key risks
- Answer key questions for these risks regarding their importance, relevance, likelihood, impact, immediacy and necessary response
- Enhance your risk monitoring and reporting processes to include specific key risk indicators tied directly to key performance indicators
As you plan your schedule for the upcoming RIMS Annual Conference, join me and risk leaders from Kroger and Express Employment Professionals as we explore ways to improve your understanding and increase your awareness of emerging risks and opportunities. That way, you’ll never be caught flat-footed by a CEO asking, “Tell me what I don’t know.” Here’s what we will cover:
- Examples and impact of past black swan events, and convey how these could translate and affect today’s business environment
- Industry advancements, such as technology that is reshaping the discipline
- Our thoughts on what the future of risk management will look like
- Ways to improve understanding and increase awareness of various types of emerging risks within your own organization
Our session, “Emerging risks soon to make the radar,” will be held on Tuesday, April 30 from 11am to 12 pm. See you then.
Jeff Rycroft, VP, Risk Management, Express Employment Professionals
Rob Quast, Director, Claims and Insurance, Kroger, Inc.