Companies should avoid trying to be “ready for everything”, when it comes to risks in the current business environment, and instead focus on being “ready for anything”, according to the chair of one of the foremost risk advisory firms in the world.
The remarks came from Irene Dorner, chair of Control Risks, during a Board Agenda breakfast briefing in London this week to explore corporate resilience and risk management.
Dorner was reflecting on the way boardrooms currently are coming to terms with a corporate landscape afflicted by uncertainty.
But she said companies should be wary of compiling a list of risks and attempting to draft plans for all of them. Company approaches to the current geopolitical risks were “various”, she said.
“Some are doing it quite well; some are not doing it well. Some companies are spending an enormous amount of time making a long list of every conceivable thing that could possibly go wrong and then devising response plans to every one of them. And I have to say is that this is a really, really bad approach.
“In fact it’s probably a complete waste of time because no list will ever be complete and you are tempting yourself into a ‘tick-the-box’ mentality.”
Dorner warned that many boardrooms were “adrift” when it came to dealing with the current range of geopolitical risks. The pandemic and the invasion of Ukraine had prompted a range of boardroom concerns, said Dorner.
“We’re worried about what are we going to miss next? We’re worried about which current ‘investment darling’ is actually the next pariah state (and that can turn on a sixpence). Who are our allies? Who are our antagonists? And for how long will they be one or the other?”
Emerging risks
Dorner said the key risks companies face were cyber threats, security, deglobalisation, regulatory and operational. Smart companies, she added, were taking one of two risk approaches.
“First of all, they’re identifying emerging risks and monitoring them regularly.” These risks—once considered “unknown knowns” or “black swans”—are then observed at regular intervals, using a matrix judging how near they are in time and physical proximity.
In a second method, companies structure their reviews, or “scenarios”, around timeframes of two, five or ten years, and then stress test the business to see how it might respond given the scenario. “That’s the ‘prepare for anything’ version, as opposed to the ‘prepare for everything’,” said Dorner.
She advised there were advantages to this resilience approach. “Companies that can anticipate risks and respond to them better gain enormous competitive advantage over those who don’t or can’t.
“Self evident, you might think but, actually, perhaps not. If you’ve been in the boardroom, often you’re too busy thinking about all of the other things that ‘crowd out a company’s head’ rather than looking forward.
“The competitive angle was on dark display during the pandemic. There was a very, very small handful of companies who had, on their risk register, prolonged global pandemic; most did not. The companies that had rehearsed the impact of a global pandemic…came out of it quickly and efficiently. Those who hadn’t came out of it slowly and probably very expensively.”
In a panel discussion, Dorner went on to comment that boards are broadly in the “foothills” of building resilience by coming to terms with the current range of risks.
Carolyn Clarke, a panel member and co-founder of the risk advisory firm Brave Consultancy, observed that many companies, through new disclosure demands, had tackled financial resilience but may have paid less attention to “operational resilience”.
“It’s the operational factors that come back to haunt you,” she said, adding: “There’s huge diversity in terms of where we are. I think there’s also a degree of uncertainty at the moment which sounds wrong when we’re going through a conflict of a scale we haven’t seen for a long time.” Clarke added complacency may be an issue because organisations that survived Covid-19 could be thinking, “We’re kind of OK.”
Stakeholder capitalism
The panel also warned boards that the introduction of stakeholder capitalism makes risk management and resilience a much broader topic to address.
Liam Healy, senior vice president of Diligent, the boardroom software firm, said there had been a shift for companies from financial to non-financial metrics, including carbon emissions, which had broadened the risks to be considered.
He added that “cascading” the values underlying the new non-financial measures throughout a company, though not a perfect science, would “incorporate all stakeholders”, a move that was “incredibly important” and now a “lowest common denominator”, whatever the size of business.
Elsewhere, it was noted that boardroom skills fit for the current risk environment were critical. Gillian Karran-Cumberlege, a founder of Fidelio, the board advisory firm, said the two skills most in demand were digitisation and ESG.
But she added that the ever-changing risk landscape has also shifted attention to board education.
“The pace of change is so fast that we’re definitely seeing a focus on how boards keep refreshing their skills, whether it’s individually, whether it’s collectively.
“We certainly see that around climate change competence—that’s a big area.”
There are other knowledge issues. She said boards were still struggling to understand the full implications of artificial intelligence. “I don’t even think we’re in the foothills there. We’re way off the mark in terms of the governance structures that either companies put in place or boards exercise with regard to AI.”