As disruption and the unexpected have become the norm in many industries, clarity is needed around framing the boardroom risk conversation.
In 2009, in the wake of the great financial crisis, the National Association of Corporate Directors (NACD) published a report on the board’s risk governance process, recommending five risk categories for boards to differentiate risks for discussion purposes. Two categories — critical enterprise risks and emerging risks — are differentiated from normal, ongoing day-to-day business management risks, board approval risks and governance risks, with the idea of focusing the board’s dialogue with management on the risks most likely to threaten the viability of the company’s strategy and business model. This timeless concept is as relevant today as it was over a decade ago.
Another NACD report was published in 2018, focusing on the board’s oversight of disruptive risks. If there were any doubt that disruption is the order of the day, it was dispelled with the onset of an unprecedented airborne pandemic. The most important recommendation in the NACD report from 2018 is the first:
The board, CEO, and senior management need to develop an understanding of disruptive risks — those that could have an existential impact on the organisation — and consider them in the context of the organisation’s specific circumstances, strategic assumptions, and objectives.
Three risk classifications offer insights that may enable an understanding of disruptive risks:
White elephants are “extant, existential risks that are difficult to address … because they are … situations fraught with subjectivity, emotions, and loyalties … [the] classic ‘elephant in the room.’” Examples include irrational or unethical CEOs, flawed decision-making processes, unsafe products and working conditions, incentives to undertake recklessly risky bets, toxic workplaces and other dysfunctional behaviors and situations.
Gray rhinos are “highly probable, high impact threat[s]; [things] we ought to see coming.” With the lens of a long-term view, these risks loom on the horizon, and there is a general understanding that it’s a matter of when, not if, they will emerge — making robust response and contingency plans an imperative. Organisations often experience blind spots in evaluating gray rhino threats as they typically use the lens of relatively short time horizons (one to three years) when conducting risk assessments. Gray rhinos often receive short shrift because of the low probabilities assigned to them due to the constraints of short-termism on risk assessments, yet can cause considerable damage when they occur.
Black swans are highly improbable catastrophic events that few, if any, see coming. Often these events are described after the fact as having been predictable. Yet, before they occur, their causes and effects are not generally understood. Indeed, rare and extreme events equal uncertainty, which is exacerbated by blind spots with respect to randomness and particularly large deviations.
Outlier situations associated with normal, ongoing day-to-day business operations should be reported to senior management on an exception basis and, if deemed significant, escalated to the board. But the board’s primary focus should be on the critical enterprise risks and emerging risks — the disruptive risks — with emphasis on their unique disruptive characteristics.
Following is a short summary of takeaways for boards:
Address white elephants with focused attention and decisiveness.
The board should set the right tone in driving a commitment to sound governance, building trust within the organisation, nurturing and preserving brand image, and fostering a diverse, inclusive culture and ethical, responsible business behavior. Directors should ask tough questions when addressing “white elephant” situations and offer savvy, constructive advice on corrective action.
Encourage an agile and resilient culture and mindset that adapts to charging gray rhinos.
A number of current trends point to uncertainty and coming change: evolving customer preferences, digital transformation and acceleration, the future of work and the workplace, new market entrants, changing laws and regulations, emerging cyber threats, extreme weather events, increased focus on ESG performance and stakeholder expectations, and ever-changing geopolitical dynamics. Boards should guide companies to be ready to pivot through an agile and resilient culture by advising them to organise for speed; keep an eye on relevant trends and industry developments; deploy data-informed approaches to understanding customer behavior; incent necessary changes to processes, products and services; and invest in the talent that can make this all happen.
Be an early mover in responding to black swans.
Directors should encourage management to identify the most critical strategic assumptions, monitor the external environment for continued validity of those assumptions over time, use “early alerts” to trigger timely warnings of change, and build discipline into the culture to act before market opportunities and emerging risks become common knowledge.
Anticipate extreme but plausible scenarios.
The bar of plausibility for extreme events has lowered steadily over the years, and it’s not the “if” question but the “when” and “what if” questions that matter. Consider velocity, persistence, response readiness and uncompensated risks associated with the highest-impact scenarios to guide the sense of urgency in formulating response plans and adaptive strategies that mitigate the severity of outcomes.
Manage preconceived bias.
Decision-making quality is compromised when data is structured to fit a preconceived view, reliance is placed on the smartest or most dominant people in the room, the past is extrapolated into the future, false security is drawn from probabilities, the limitations of building consensus are ignored, and efforts are made to manage toward a singular view of the future. Groupthink, a blame culture and avoidance of difficult conversations enable bias to thrive.
Beware of short-termism.
While short-termism typically refers to an excessive focus on short-term results at the expense of long-term interests, it also creates blind spots. Executives and directors see a different picture looking out 10 years instead of one to three years. This explains why the annual risk profile published by the World Economic Forum is so different from traditional corporate risk assessments. The specter of threats seen so clearly 10 years out is that they can either occur suddenly without warning today or unforeseen developments can accelerate their occurrence. Fossil fuels-based companies are experiencing that phenomenon now.
Following are suggested questions that boards of directors may consider, in the context of the nature of the company’s operations:
- Do we understand the company’s most significant disruptive exposures — the things that could disrupt the business model, derail the strategy or destroy enterprise value that has taken decades to build?
- Do we understand the critical assumptions underlying our strategy and business model, and do we evaluate those assumptions using appropriate information from internal and external sources? Are scenario-planning and stress-testing processes used to challenge these assumptions, address “what if” questions, and identify sensitive external factors that should be monitored over time?
- Does the organisation have adaptive and experimental processes to address the opportunities and risks associated with disruptive change and to drive innovation in its operations and offerings?
- Are we satisfied with the quality and timeliness of our reports of forward-looking information about changing business conditions, opportunities and risks? Are early-warning indicators linked to external factors reported in a timely manner? If not, do we need to reset expectations with management?
- Is sufficient boardroom time regularly set aside to engage management in robust discussions about disruptive risks and their effects on the organisation’s strategy and business model? Are the takeaways from such conversations integrated with discussions of strategy-setting?
For more about framing the boardroom risk conversation, read the article here.
(Board Perspectives — Issue 142)