The euro-zone debt crisis and U.S. political uncertainty, combined with extreme and unexpected events, are continuing to create external risks that companies are grappling to overcome, according to a new PwC U.S. “Risk in Review” paper. The report, entitled “Coping with the unknown: Risk management strategies for an uncertain world,” is based on a survey of more than 1,000 executives and risk management leaders of Fortune 500 companies from around the world. The findings examine the critical challenge of coping with these unknown and potentially business crippling risks.
According to the report, companies are now more adept at managing internal risks thanks to well-developed enterprise risk management (ERM) programs. Yet these same ERM programs are less effective in dealing with external threats. The survey revealed that ‘black swan’ events, as known to risk management professionals, strike with no warning and will be among the greatest risks facing companies over the next 18 months. These events include those emanating from geopolitical events, economic developments, new technologies, talent and labor resources, global trade, commodity costs and terrorism. In the report, PwC discusses tools and techniques companies are using to deal with rising instability and risk management strategies that firms appear to be deploying effectively.
“According to our survey, more than 50% of companies feel they are not doing enough to manage external risks,” said Dean Simone, leader of PwC’s U.S. Risk Assurance practice. “Since these risks come from outside of the company, and usually without warning, management is often taken by surprise and may not be prepared to manage them effectively. To address these emerging risks, companies must look to new tools and take an innovative approach to understand their vulnerabilities and become more resilient.”
To address the evolving risk landscape, PwC recommends the following risk management strategies for coping with unpredictable, external risks:
Use “reverse stress-testing” to identify vulnerabilities: Rather than running a typical stress-testing scenario, companies are starting from a failure scenario and working backward to understand their organization’s level of resilience.
Manage crises as if they occur every day: Unpredicted risk events will happen, and companies must go beyond a disaster recovery mindset to ensure they can manage these events and assure business continuity. For some types of risk, this involves building buffers that provide the space needed to absorb shocks and respond to the crisis.
Enable a company-wide response to emerging threats: Threats on a scale that could endanger a firm’s viability tend to require firm-wide responses. Companies should be prepared to respond to an actual risk event that may require firm-wide integration of multiple departments.
Integrate risk management and strategic planning: Strategic risks that often jeopardize a firm’s survival are usually embedded within particular corporate strategies, therefore integration of strategy and risk is necessary to manage these risks effectively.
Do not focus exclusively on the downside of risk events: Firms must plan effectively for unexpected success, such as providing for better-than-expected product launches, or developing innovative ways to provide finance to reach new customers.
Among the most important resources for a risk management leader is inspecting early-warning capabilities, which can enable the identification and tracking of emerging risks. This horizon-scanning strategy must be part of an ongoing process. The report states that more companies are adopting an approach in which risk leaders meet frequently to address threats that go beyond ERM, and utilize scenario planning.
To download a full copy of the “Risk in Review” report, click here.