This is an adaptation of a post by Bleu Azur Consulting (https://bleu-azur-consulting.eu/2019/12/22/an-animal-kingdom-of-disruptive-risks-how-boards-can-oversee-black-swans-gray-rhinos-and-white-elepha...). The post was directed at large entities but organizations of any size can benefit.
Business leaders need to include disruptive risks in governance and oversight. These risks can have a major impact on a company's profitability, competitive position and reputation.
Disruptive risks fall into three categories:
- Black swans - "unknown unknowns". These are low probability, unpredictable risks "below the radar" of standard enterprise risk management.
- Gray rhinos - "known unknowns". These are moderately to highly predictable risks which get overlooked due to inertia.
- White elephants - "known knowns" ignored because of subjective rather than objective risk management.
It is imperative to respond to disruptive risks, but biases can distort decision making. These biases include:
- Hindsight - underestimating risks not experienced and overestimating those that previously occurred. (For example, almost all businesses insure against tangible property loss, but many still do not purchase cyber insurance, a more likely cause of loss today.)
- Optimism - overestimating positive, and underestimating negative outcomes.
- Confirmation - preference for information consistent with one's beliefs rather than objective assessments.
- Groupthink or herd mentality - failure to consider alternative views.
- Myopic, short term thinking ignoring long term consequences.
- Preference for status quo.
These biases can be countered by diversity, objective data, and use of independent experts.
Officers and directors should consider these ten questions:
- Does our culture and agenda support oversight of disruptive risks?
- What are scenarios that could kill the company?
- What scenarios could increase market value
- Have we stress tested our most critical assumptions?
- Do we have early warning indicators for emerging risks?
- What opportunities have we missed due to inaction?
- If we operate "business as usual" what could be our greatest regrets?
- Are we honestly facing issues related to undesirable behavior or dysfunctional culture? (A business' reputation is more important than protecting individuals.)
- Are we fighting fires without addressing root causes?
- Are we getting appropriate outside, forward looking information?
Here are five recommendations to enhance risk governance and oversight:
- Incorporate disruptive risks into the planning agenda.
- Ensure that enterprise risk management practices consider disruptive risks.
- Use scenario planning and analysis.
- Ensure that risk reports are effective; include market intelligence, performance and risk indicators, global and company specific "hot spots", early warning indicators and action triggers.
- Strengthen company culture to consider non-traditional views, question key assumptions and support continuous improvement.
Risks can provide opportunities as well as problems. Early recognition of "the next big thing" can avoid errors and give a company a competitive edge.When nothing is certain except uncertainty, it pays to be flexible.