The World Is a Zoo: Framing Risk in the Boardroom
As disruption and the unexpected have become the norm, in many industries, clarity is needed around how to frame boardroom risk conversations. To that end, NACD has published two reports: one in 2009 on the board’s risk governance process and another in 2018 on the board’s oversight of disruptive risks. In the latter report, the most important recommendation is the first:
“The board, CEO, and senior management need to develop an understanding of disruptive risks—those that could have an existential impact on the organization—and consider them in the context of the organization’s specific circumstances, strategic assumptions, and objectives.”
The following three risk classifications offer insights that may enable this understanding.
White elephants are “extant, existential risks that are difficult to address… because they are… situations fraught with subjectivity, emotions, and loyalties… [the] classic ‘elephant in the room.’” This kind of risk is often culture-related, and examples include irrational or unethical CEOs, flawed decision-making processes, unsafe products and working conditions, incentives to undertake recklessly risky bets, toxic workplaces, and other dysfunctional behaviors and situations.
Board Implications: Directors should set the right tone in driving a commitment to sound governance, building trust within the organization, nurturing and preserving brand image, and fostering a diverse, inclusive culture and ethical, responsible business behavior. Directors should ask tough questions when the above circumstances arise and offer constructive advice on corrective action.
Gray rhinos are “highly probable, high impact threat[s]; [things] we ought to see coming.” With the lens of a long-term view, these risks loom on the horizon, and there is a general understanding that it’s a matter of when, not if, they will emerge—making robust response and contingency plans imperative. The COVID-19 pandemic is an example. Unfortunately, organizations often experience blind spots when evaluating gray rhino threats as they typically use the lens of relatively short time horizons (one to three years) when conducting risk assessments. By contrast, the annual risk profile published by the World Economic Forum uses a 10-year horizon to produce results that are very different. Gray rhinos often receive short shrift because of the low probabilities assigned to them due to the constraints of short termism on risk assessments, yet can cause considerable damage when they occur.
Board Implications: A number of current trends point to uncertainty and coming change: evolving customer preferences; digital transformation and acceleration; the future of work and the workplace; new market entrants; changing laws and regulations; emerging cyber threats; extreme weather events; increased focus on environmental, social, and governance (ESG) performance and stakeholder expectations; and ever-changing geopolitical dynamics. Boards should guide companies to be ready to pivot through an agile and resilient culture by advising them to organize for speed; keep an eye on relevant trends and industry developments; deploy data-informed approaches to understanding customer behavior; incentivize necessary changes to processes, products, and services; and invest in the talent that can make this all happen.
Black swans are highly improbable catastrophic events that few, if any, see coming. Often, these events are described after the fact as having been predictable. Yet before they occur, their causes and effects are not generally understood. Indeed, rare and extreme events equal uncertainty, exacerbated by blind spots. For example, the financial crisis of 2008 was largely due to a presumption by the banking industry that US residential housing prices were unlikely to significantly decline in all major markets because such a systemic decline had never happened before.
Board Implications: Directors should encourage management to identify the most critical strategic assumptions, monitor the external environment for the continued validity of those assumptions (with an eye toward emerging extreme-but-plausible scenarios), use early alerts to trigger timely warnings of change, and build discipline into the culture to act before market opportunities and emerging risks become common knowledge. The objective: be an early mover in responding to the unexpected.
Questions to Ask to Prepare for Disruptive Risk
The board can also ask itself and management the following questions to understand and prepare for disruptive risks:
Do we understand the company’s most significant disruptive exposures—the things that could disrupt the business model, derail the strategy, or destroy enterprise value that has taken decades to build?
Do we understand the critical assumptions underlying our strategy and business model, and do we evaluate those assumptions using appropriate information from internal and external sources? Are scenario-planning and stress-testing processes used to challenge these assumptions, address “what if” questions, and identify sensitive external factors that should be monitored over time?
Does the organization have adaptive and experimental processes to address the opportunities and risks associated with disruptive change and to drive innovation in its operations and offerings?
Are we satisfied with the quality and timeliness of our reports of forward-looking information about changing business conditions, opportunities, and risks? Are early-warning indicators linked to external factors reported in a timely manner? If not, do we need to reset expectations with management?
Is sufficient boardroom time regularly set aside to engage management in robust discussions about disruptive risks and their effects on the organization’s strategy and business model? Are the takeaways from such conversations integrated into discussions of strategy-setting?
Jim DeLoach is managing director of Protiviti. DeLoach is the author of several books and a frequent contributor to NACD BoardTalk.