Anticipating Unpredictable Risks
What framework and processes anticipate Black Swans’?
King III, the code of governance for South Africa, says that “the board should ensure that a framework and processes are in place to anticipate unpredictable risks.”
When the board delegates the authority to management to put this “framework” and these “processes” in place, what is the board expecting from management?
A number of unexpected catastrophes and shortages have dominated headlines this year. These events have been typical examples of the kinds of high-magnitude, low-frequency upheavals that Nassim Nicholas Taleb labeled black swans.
The Black Swan: The Impact of the Highly Improbable (Random House, 2007)
Taleb defines a black swan as: an event with the following three attributes.
- First, it is an outlier, as it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility.
- Second, it carries an extreme impact….
- Third, in spite of its outlier status, human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable.
Individual black swan events are impossible to predict, but they regularly occur and have a tremendous impact.
Some observers argue that the frequency of these events is increasing; others say global communication networks have simply made us more aware of them than we were in the past. In any case, with the rise of global business, it is likely that black swans carry increased risks for your company.
Are existing Risk Management Frameworks and processes the solution?
Typically management responds by using the existing Risk Management Framework and processes, but is this enough?
Existing Risk Management Frameworks and processes are used to:
- Are used to Identify potential business disruptions, map out their most likely effects, and develop mitigation plans and preventive actions to reduce the risk exposures;
- Are used to focus on the most frequently encountered risks – such as whether the enterprise is complying with regulations, suitably accounting for its activities, and operating in an ethical and legal manner;
- Are resourced to provide the capacity to address these most pressing risks.
Existing Risk Management Frameworks and processes are not geared to also monitor high-magnitude, low-frequency “disrupters” on a continuous or regular basis.
The resources required to monitor for Black Swans cannot be justified in the normal course of business, so what can be justified? One possible solution to this conundrum is disrupter analysis.
Disrupter Analysis
Disrupter analysis does not seek to predict black swans and is not meant to replace existing the existing Risk Management framework and processes. Disrupter analysis compliments the existing risk management solution.
Disrupter analysis is designed to periodically administer a stress test in order to assess its ability to withstand black swans.
The analysis is typically conducted by a separate, temporary team, working in conjunction with the existing risk management resources.
It consists of a four-step process:
1. Map the company using a number of factors:
- Geographic footprint
- Composition and construction of the supply chain, channel partners and customers – looking beyond first-order relationships
- Sources and concentrations of revenue, profit, and capital
- Go-to-market activities — including the business’s products, services, channels, and customers
- Industry structure and competitive dynamics, as well as the company’s position in both
2. Create a disrupter list, casting the net as wide as possible
- Catalogue possible catastrophic environmental, economic, political, societal, and technological events
- Categorize the events by the type of impact they might have on the business
- Limit the list to “catastrophes” – those events which encapsulate the black swan events that could threaten the company
3. Ask “what if” and determine the relative impact and consequences of a given catastrophe.
4. Design contingency plans. Typically, the analysis team generates mitigation options for each major “what if” insight. It looks for options that address multiple risks, and prioritizes them by the magnitude of risk exposure as well as the expense and ease of implementation.
No company can be completely prepared for every possible black swan event, but management can complement the day-to-day risk management with periodic disrupter analyses. These analyses can ensure that the company has adequately focused its attention on high-magnitude, low-frequency events and prepare itself for unexpected catastrophes.
GovN assists directors to apply the principles of King III
Contact us today
This post was based on an article by Matthew Le Merle. Matthew is a partner with Booz & Company based in San Francisco.
4 Comments for this entry
Anthony Fitzsimmons
Recent research shows that many so-called ‘black swans’ are not ‘black swans’ at all but the result of the operation of unrecognised risks.
“Roads to Ruin” is research commissioned by Airmic from London’s Cass Business school. I was one of the authors.
‘Roads to Ruin’ demonstrates that there is a large class of potentially devastating risks that escape standard risk analysis. You can find a brief description here. http://tinyurl.com/6cmhn5q This gives a very brief summary and has links to the report itself as well as the free Executive Briefing.
I have dubbed most of these risks ‘soft’ risks because they emerge from failures in relation to ‘soft’ skills. They are also ‘unknown knowns’ because they are often recognised in and below middle management but news of their existence does not percolate upwards due to informational barriers. See http://tinyurl.com/69rfnlt for more.
Real ‘black swans’ do happen. But much of what is currently called a ‘black swan’ would be predictable if the organisation’s leaders could have discovered and joined up what the organisation collectively knew but didn’t tell them about ‘soft risks’
The beginining of the solution lies in better risk analysis techniques. Until soft risk are systematically identified, there is no hope that they will be systematically managed down. Finding them requires radically different approaches and techniques that are not in the public domain.
Chairman, Reputability Ltd. Specialised in reputation and crisis risk and strategy
London, United Kingdom
julian du plessis
Hi Carolynn
May I please have a copy of this article.
You may be interested in a discussion going on in the LinkedIn Risk Managers group titled “How do you define risk velocity?”
Regards
Julian
Candor Governance Specialist
Hi Julian,
Here is a link to Matthew’s article:
http://www.strategy-business.com/media/file/sb64_11303.pdf
I started following the discussion on LinkedIn, thank you for this info!
Regards
Carolynn
regai tengani
Implementation of the framework in anticipation for unpredictable risks can be intricate if not well planned(allocation of resources – budget etc). Managers must be abreast with the information on internal & external business environment considering the magnitude of their current affairs / macro environmental factors.
Otherwise thank you for a worth article on ‘Black Swans’ – with the disrupter analysis on preparedness for the unexpected events and for sustainability in business while complementing the Risk Management Framework Systems and Processes.