Enterprise risk management (ERM) teams have traditionally struggled to encourage their organizations to act quickly on emerging risks that aren’t perceived as posing an immediate threat. And yet Gartner data shows 90% of senior business leaders agree that they need to act faster on these high-velocity risks.
Emerging risks have an uncertain trajectory due to their rapid evolution and nonlinear progression. Although risk committees struggle to reach a consensus on their potential impact, these risks are often left in “monitoring mode” — leaving risk committees powerless to act on them.
Risk committees are typically board committees comprising business leaders as well as a risk specialist, and are tasked in part at evaluating significant risk exposures. “Risk management leaders who report on risks to the committee typically assume that the best way to drive action on emerging risks is to provide precise and comprehensive analysis, but this actually has the opposite effect on decision makers,” says Matt Shinkman, Practice Vice President, Gartner.
“Risk leaders have tried to overcome the nebulous nature of emerging risks by presenting stakeholders with their own detailed analysis of the risk and potential impacts to the organization,” says Shinkman. “However, because emerging risks tend to be complex and often unpredictable, this naturally leads to a variety of viewpoints and conflicting opinions within the risk committee. The outcome is often an agreement to revisit the problem next time, with no concrete action taken.”
Why precision fails to drive action
Eighty-nine percent of respondents in the Gartner Q1 Emerging Risks Monitor believe that precise predictions from ERM will drive organizational action on emerging risks. This assumes that decision makers won’t fund risk management initiatives if they can’t quantify the risk impact, attach a specific time horizon to the risks and generally be able to measure emerging risks in a similar way to more established enterprise risks.
Gartner research shows that a precision-based approach has limited benefit. In fact, risk committees are prompted to take action or shift their previously held position only 3% of the time after receiving a precise analysis from the ERM team.
“Approaching emerging risks in the same manner as enterprise risks may seem attractive to ERM teams who are trying to speak in a language that the risk committee already understands,” Shinkman says. “However, the data shows that this approach ultimately fails to achieve the outcome ERM teams should want: Building real momentum to tackle the risk.”
Learn more: Risk Reporting That Drives Action
Less is more in tackling emerging risks
If precision doesn’t drive faster action on emerging risks, then what can? Just 16% of respondents to Gartner’s Q1 Emerging Risks Monitor indicated they use what’s called a “solution options” approach to framing conversations with the risk committee on emerging risks.
ERM teams that utilize a solution options approach recognize that not all emerging risks are theoretical, and that some of these risks are already impacting the organization. They work to identify this subset of emerging risks and focus on presenting options to the risk committee proportionate to the impact of the risk. Offering solutions requiring relatively little funding or disruption encourages decision makers to take action knowing that even if the analysis is off, the consequences will be relatively insignificant.
“ By identifying small actions that the risk committee can take on the most impactful emerging risks, ERM teams can aid the executive learning journey”
A solution options approach separates emerging risks into two distinct categories — those that need to be watched and those that require some action now. By using this strategy in conversations with the risk committee, Gartner found that it was 67% more likely that action would be taken as a result.
“A key insight we uncovered in our research is that risk managers will often have more success by asking for less,” says Shinkman. “By focusing on the emerging risks that are beginning to have small impacts on the organization today and encouraging action to address those impacts, ERM teams gain momentum in containing that risk.”
By identifying small actions that the risk committee can take on the most impactful emerging risks, ERM teams can aid the executive learning journey from uncertainty and paralysis to increased confidence in managing that risk. As an emerging risk becomes more impactful and eventually recognized as a true enterprise risk, ERM teams and the risk committee will both benefit from having already taken some steps in engaging with the problem.