Staying resilient in a multi-risk world
The Trendline
by Olivia Dobson and Patrick Roberts,
In a world marked by rising geopolitical tensions, conflict and economic fragility, low risk options for commercial expansion and investments are disappearing fast. This leaves both strategic leaders and risk management professionals with a difficult landscape to navigate in 2024.
Say you are a tech firm building new data centres in Asia. Or an extractives company seeking access to critical minerals in sub-Saharan Africa. Or a manufacturer looking to nearshore operations to Latin America or Central Europe. Long-term stability in your operating environment is a key objective for such ventures. But with the existing global risk context rapidly evolving, along with new threats to business emerging from political polarisation, societal unrest, climate change and advancements in technology, what do you do when everywhere you look has a slew of downside risks?
These are the types of questions we are increasingly being asked. As once-predictable locations face increasing volatility and many growth opportunities involve expansion into new, more inherently risky locations, the bare fact is that the world has become more uncertain and companies can no longer simply try to avoid risk.
Four recommendations to enhance decision-making
Against this backdrop, risk management strategies must keep up with the evolving landscape to ensure the long-term resilience of investments and operations. This is a significant challenge, but there are approaches you can take that will help you make the right decisions.
The fundamental tenet is that you have to make data count. The time of rooting critical commercial decisions in subjective opinions has passed. In this new paradigm, applying robust quantitative approaches across the risk management process is at the core of effective decision-making in the face of complex threat profiles. The depth and breadth of our 190+ global risk indices, covering political, environmental and structural risks at national and subnational levels, forms a comprehensive base from which you can begin to build out tailored resilience strategies.
Using key stages of the best practice risk management process outlined in ISO 31000, we’ve mapped out four areas of focus to put your organisation on the front foot.
Focus area 1. Identify evolving and emerging threats
Starting with risk identification, constantly monitoring for the emergence of new threats – both internal and external – that could impact on business objectives is a vital first step towards maintaining adequate resilience. The growing importance of proactively managing these emerging risks has been highlighted by the recent publication of a dedicated ISO technical standard ISO/TS 31050 - Guidance for managing emerging risks to enhance resilience. With drivers of risk becoming increasingly interconnected, the breadth of Verisk Maplecroft’s datasets provides a comprehensive view of the external risk context, allowing organisations to understand new threats appearing in geographies where they were not previously present.
Focus area 2. Quantitatively measure emerging risks and their impacts to business activities and objectives
Key to implementing this is having access to the right data sources to properly quantify risks and permit meaningful comparisons. This can seem daunting at first, but most organisations have more useful data than they realise that can help identify threats, vulnerabilities and capacity to adapt. The challenge is consolidating it in one place.
Concurrently, AI and data science techniques are driving constant improvements to forward-looking datasets. We have recently developed predictive models examining irregular government changes, civil unrest and interstate tensions to help our clients get ahead of these events and plan for where they are most likely to occur. The role of climate change in influencing the emerging risk landscape is also a key consideration and we offer an enhanced suite of climate risk data to provide insight into a range of future climate scenarios and how these risks evolve through time.
Additional techniques, such as scenario analysis and horizon scanning, are also valuable tools to develop a better understanding of the consequences of risks and their impacts, enabling companies to build a sophisticated understanding of their exposures to new or escalating issues.
Focus area 3. Estimate cost-effectiveness of risk mitigation options
Historically, practitioners have generally focused on the risk analysis stage of the risk management process. However, with low-risk prospects in increasingly short supply, risk analysis remains important but cannot provide the answers you need in isolation. When there are no ‘good’ choices, the focus inevitably shifts to the risk treatment stage of the process. Here, the important question becomes: “where is it most cost-effective to reduce risk to an acceptable level?”
Popular, qualitative approaches to risk and resilience are not well suited to answering this question. A quantitative approach is needed for effective decision-making. Risk exposure at each site should be modelled with and without risk mitigations in order to accurately estimate what residual risk levels can be achieved in different locations and at what cost (see Figure 2).
Where risks are increasing in an existing operating or investment environment, this picture can help inform decisions to remain or divest. When considering new locations for assets, which new markets to enter or which suppliers to partner with, this knowledge can inform due diligence and help assess project viability.
Focus area 4. Track the effectiveness of implemented mitigations
Once implemented, the performance of each risk treatment should be measured to understand if the initial evaluation was accurate. Particularly in the context of new, unfamiliar emerging risks, this information is vital to actively build internal knowledge and inform future decision-making around tackling similar threats.
Reaping the benefits
As the saying goes, ‘what gets measured gets managed’. Implementing these focused recommendations brings numerous advantages for an organisation.
- Identify practicable actions based on a comprehensive understanding of your risk exposure. Driving an organisation to implement better systems for capturing and consolidating data on operational disruptions and combining it with data on external risks gives a more complete picture of strengths and vulnerabilities. By providing accurate estimates of the financial benefits of different risk mitigations, a quantitative approach makes it easy to justify spending on these wherever they are cost-effective. Measuring the actual impact of those mitigations completes a virtuous loop, enabling the effectiveness of the whole risk management programme to be assessed and continuously improved.
- Improve decision-making. Applying a data-driven approach to risk management provides a consistent understanding of risk across the whole organisation, which helps align decision-making at the business unit level with the overall corporate risk appetite.
- Identify operational and investment possibilities that others may not. Finally, and perhaps most importantly, a quantitative approach triggers a shift away from viewing risk management as a compliance activity towards seeing it as a business enabler. A richer understanding of risks and risk treatments allows a company to exploit opportunities that would otherwise appear too risky to contemplate. Ultimately, risk should be part of any strategic discussion. As the world becomes a riskier place, the ability to identify these opportunities will increasingly become a key success factor for all businesses.