In many ways, the emergence of COVID-19 at the very end of 2019 was the appropriate ending to a decade jam-packed with enough political, economic, and natural disasters to keep any business executive awake at night. There was a volcanic eruption that shut down European airspace, a major earthquake in Haiti, and the biggest marine oil spill in history – and that was just 2010!
As the threat landscape continues to evolve, businesses must confront new external risks that could sink their operations. The current challenges presented by the COVID-19 pandemic, cyber attacks, geopolitical uncertainty, and rising temperatures around the world place an urgency on creating the proper risk management infrastructure to successfully combat the next epidemic, electronic attack, or trade war in the coming years. How businesses predict risk – and the impacts of those risks – is becoming more important than ever before.
Predicting and fully mitigating external risks is beyond the control of even the best managers and executives. Companies must be prepared to identify potential threats, assess their possible impacts, and develop a thorough approach to mitigate those risks should they materialize.
Business leaders are becoming more cognizant of the various outside challenges that threaten companies, but there are still many opportunities to build upon the existing frameworks and risk mitigations strategies that are currently being used. The difficulties of identifying and assessing external risk can be divided into three areas: limited time and resources encourage managers to emphasize threats within their control; the risks that have been identified are either too narrow or too broad to develop an comprehensive mitigation strategy; and an inclination among managers towards developing manageable, short-term risk strategies.
Lack of time and resources
Business leaders are typically constrained by the lack of time devoted to properly identifying/assessing risks and the absence of reliable information needed to support those decisions. As a result, available time and resources are usually allocated towards more preventable risks such as regulatory noncompliance and ethical misconduct.
External risks are many and broad
There are hundreds, if not thousands, of possible risk factors that can impact businesses. Risk managers need to accurately judge which of these risks are most threatening to their operations. A scope that is too narrow exposes companies to scenarios they did not test, and a scope too wide can leave them with surface-level mitigation strategies.
Managers improperly prioritize
Companies can suffer from ‘short-termism’ – the idea that managers are so focused on immediate gain that they neglect long-term value creation. Aside from the obvious strategy implications, short-termism can also inform risk management decisions. Why should managers focus on improbable, less-manageable external risks when prioritizing short-term operational risk could help boost quarterly earnings and pacify shareholders?
Categories of Risk
Immediate Impact Risks
Many natural and economic risks that have immediate and severe consequences are broadly predictable, even if their exact timing is not. Consider the annual risk of hurricanes on the southern US or the ongoing possibility of earthquakes on the west coast – even the COVID-19 pandemic was famously prophesied by Bill Gates and several infectious disease experts. Although preventing the occurrence of hurricanes, earthquakes, deadly pandemics, and similar threats is impossible, disastrous consequences are far from inevitable. It’s possible for businesses to arm themselves with access to data that can help predict the occurrence of events with more certainty and help determine the potential impact to their business. Without reliable mitigation strategies, companies will be ill-prepared to assess their exposure to short-term demand and supply shocks.
Long-Term Impact Risks
These risks usually include current geopolitical, cyber, and environmental threats that are expected to evolve in the next 5-10 years, and new trends that are currently inconsequential but could develop into major concerns moving forward. In the past decade alone, the climate emergency has challenged businesses to implement robust sustainability strategies, the resurgence of populism and nationalism has triggered economic uncertainty that could shrink global growth rates, and the continuing maturation of emerging markets has led to tougher, more frequent foreign investment decisions. The unexpected trajectory of long-term trends demands an exhaustive risk strategy that allows companies to better adapt to future threats and opportunities.
Solutions to Consider
Stress testing is a risk management tool that helps managers quantify the effects of major changes to one or two specific variables that would have immediate consequences. Major airlines, for example, may test the impact of increasing oil prices and financial institutions may test the impacts of a spike of unemployment or interest rates. It’s a basic sensitivity that analyzes if companies are critically exposed to dramatic microeconomic and macroeconomic changes.
However, stress testing is not a perfect solution to shield organizations from risk. There is no guarantee a risk manager will stress the necessary variables or install the proper mitigation strategy if risks suddenly materialize.
In the decade prior to the 2008 financial crisis, banks were seeing “share prices increase almost 60% and balance sheets rising more than threefold”. When major banks conducted sensitivity on the housing market in 2007, they used this historic stability to steer their estimates. A sluggish market with minimal growth was commonly used as the worst-case scenario. Many companies simply overlook the possibility of a major oil spill off the US gulf coast, a catastrophic earthquake off the coast of Japan, or the bursting of a massive asset bubble in the United States.
In the late 1960s and early 1970s, Pierre Wack and his team at Shell invented a method of navigating uncertainty by creating assumptions about the future and how they would impact the oil industry. They called it scenario planning, and it has developed into a critical long-term risk management tool for businesses. The planning team at Shell crafted scenarios that recognized the possibility of an impending oil crash (which eventually happened in 1986) and that anticipated the fall of the Soviet Union (1991). Needless to say, it was an extremely successful exercise.
The COVID-19 pandemic, however, has forced businesses to reimagine how the world will evolve. In June, Peter Schwartz, SVP of Strategic Planning at Salesforce started to analyze the public health, economic, and socio-political trends that were emerging from the crisis and hypothesized what a ‘new normal’ could look like. He and his team formulated optimistic, realistic, and pessimistic scenarios concentrating on the severity of a second wave, strength of the economy, and the timeline of a potential vaccine. The pandemic has caused sweeping changes to how business is conducted, and the onus is on companies to anticipate which changes are here to stay, and then shift their strategy to embrace the ‘new normal’.
The Next Step: Convergence of AI and Big Data
With artificial intelligence and machine learning already transforming customer service, supply chains, and digital marketing, there is an opportunity for companies to leverage these technologies to identify and assess their risk landscape as well.
Risk intelligence has evolved. Managers no longer need to make important decisions based on ‘gut feel’ because there are significant amounts of data that can inform their predictions and assessments. Companies have access to global news headlines, social media trends, changes in customer behaviour, and countless other sources of information that are improving how companies identify warning signs of potential risk events. Risk management is moving away from manager intuition towards more data-driven processes.
Integrating a company’s “big data” into existing risk management infrastructures can help companies collect, document, and process incredible amounts of information that can be used to inform strategic decision making. However these volumes of data can be overwhelming for managers to understand, interpret and then create actionable insights. Machine learning – the ability for artificial intelligence algorithms to read, understand and interpret written text – can help accelerate the process, and allows companies to keep pace with their ever-changing business environment. And this is no longer science fiction: in the last 5 years, machines have matched and outpaced the ability of humans to correctly ingest and comprehend written data.
Companies are already demonstrating the effectiveness of using these technologies to better manage and respond to external risks. BlueDot, a Canadian startup, “uses natural language processing and machine learning to cull data from hundreds of thousands of sources…every 15 minutes, 24 hours a day”, to provide brief overviews of disease outbreaks around the world. By analyzing public health statements, demographics, and airline ticketing information, BlueDot correctly identified the threat of the novel coronavirus 9 days before the World Health Organization.
However, the biggest challenge will be overcoming the idea that big data provides a definitive risk management solution, rather than being just another tool in their processes. These technologies are still immature, and for every company that predicts the existence and spread of a new deadly virus, there is another whose projections aren’t as accurate. As more data becomes available and models adjust to accommodate new information, it will be easier for companies to see what lies ahead. Until then, managers will still need to understand and interpret the available information, and adapt their risk mitigation strategies accordingly.o.
- External risks are difficult to predict because they require a level of preparation and foresight that most managers are unwilling to complete. Whether it be time and resource constraints, incorrectly defining the appropriate scope of external risk, or focusing on more manageable short-term risks to boost earnings, businesses are exposing themselves by failing to correctly identify and assess external threats.
- Natural and economic disasters pose an immediate threat to businesses. Although their exact timing is unknown, these risks are generally predictable and companies are able to develop mitigation strategies to protect themselves against their impacts. Longer-term risks, however, require more adaptability. Managers must accurately identify and assess the important trends shaping their business environment and develop a flexible risk strategy to defend against multiple possibilities.
- Stress testing and scenario analysis are the most common methods used by companies to better identify and assess their resilience to short-term and long-term risk events. However, technology is providing another solution to risk management. Big data, combined with artificial intelligence and machine learning, is transforming how businesses can curate information and re-defining how quickly and effectively businesses can predict and assess the impact of external risk.