Introduction

Emerging risks: what are they, and how to manage them

Emerging risks are characterized by a low probability of occurrence and a high impact; therefore, it is important to include them in the risk management of companies. 

Introduction

Organizations currently operate in an environment known as VUCA, i.e., characterized by volatility, uncertainty, complexity, and ambiguity, in which it is necessary to constantly adapt and transform to ensure the organization's long-term continuity and sustainability.

Because of this scenario, organizations of all sectors and sizes must include emerging risks in their risk management. Although their probability of occurrence may be low, if they materialize, they will generally have a high impact and may affect business continuity. 

Therefore, in addition to managing traditionally known risks, a good organizational practice and strategy is to manage emerging risks. Doing so serves, among other things, to anticipate events that may occur at some point and thus be prepared to face them and mitigate their impacts.

Some emerging risks to consider include climate change, pandemics, acts of terrorism, the development of new technologies, and economic crises between countries. Knowing global political, economic, regulatory, social, environmental, and technological trends is key to identifying these risks. 

In this ebook, you will learn more about these types of risks: what they are, what their main characteristics are, how you can identify them, examples of emerging risks, how to manage them, and some good practices and recommendations that will help you to increasingly include them in your risk management and prevent them from drastically affecting the continuity and permanence of your organization in the market in the future.

Emerging risks: what are they and how to manage them

Emerging risks: what they are and their characteristics

Emerging risks, according to ISO 31050, are those of which there is little knowledge or information and can have a high impact. In general, these risks are new or changing. Although their probability of occurrence is low, they can materialize at any time, hurt people, organizations, and states, and even cause an organization's closure. 

These are some of the characteristics of emerging risks:

  • Unforeseeable
  • Uncertain
  • Complex and changing
  • Emerge from global trends
  • Are caused by man or nature

1. Unpredictable

Although there may be known risks, for example, a terrorist act, a pandemic, or a natural disaster, it is not known exactly when, where, and how they will occur. Their materialization is unexpected and surprising for most people; an example is the recent pandemic generated by COVID-19, for which neither organizations nor governments were adequately prepared. 

2. Uncertainty 

Uncertainty is one of the main characteristics of these risks because, in addition to not knowing if and when they will occur, it is not known what their real impact will be, i.e., how much damage they may cause to aspects such as an organization's operation, liquidity, reputation, and survival. For this reason, they are not easy to assess. 

3. Complex and changing

They evolve rapidly and generate impacts in different areas of companies, as well as in people's lives and governments' development. 

They arise from global trends, whether political, economic, social, environmental, or technological. Monitoring these trends is key to identifying risks that could arise and have a high impact.

4. Arise from global trends

Be they political, economic, social, environmental, or technological trends, it is key to monitor these trends to identify risks that could occur and have a high impact.

In addition to these characteristics, emerging risks can be man-made and natural and cause large-scale events. 

Now that you know about emerging risks and their potential negative impact, is your company prepared to deal with them and respond to them in the best possible way? 

Read on to learn more about how you can identify and manage them. 


Identifying emerging risks

It is true that emerging risks can be difficult compared to other types of risks for which more information is available, but this does not mean that it is impossible. 

Some actions that can be implemented to identify emerging risks are: 

  1.  Constantly monitor and evaluate the organization's internal and external environment and stay updated on global trends, as well as existing and possible conditions of change. 
  2.  Deep knowledge of the industry and the market, including the entire supply chain for the company's production and operation. 
  3.  Consider and review lists of emerging risks presented by industry experts. Validate which risks are relevant to the organization. 
  4. Think and discuss the different areas, not only risk management, in which events with a low probability of occurrence but with high impact could affect the company's operation and continuity.
  5.  Perform analysis of possible scenarios to identify threats that could materialize and generate impacts on processes or assets. 

In addition, it should be remembered that different tools and methodologies exist to identify this type of risk based on the study and analysis of internal and external risk factors.

Emerging risk management

Although these types of risks are not generally known, taking them into account within risk management serves to establish a framework of action and procedures to respond to them in case they occur and thus mitigate their negative consequences on the operation and continuity of the business. 

Based on the four stages of risk management, risk identification is the first of these. Thus, once the emerging risks have been identified, the next step is their evaluation or assessment, control, and monitoring.

Evaluation or assessment

At this stage, the emerging risks identified must be assessed. However, as we have seen, most of these may be difficult to quantify and have a low probability and high impact. Hence, scenario analysis is a recommended tool for doing so.

Scenario analysis helps organizations assess the potential exposure to emerging risks and define how prepared they should be if risks materialize. 

To perform the scenario analysis, the following steps proposed by PricewaterhouseCoopers (PwC) can be followed:

  1. Engaging stakeholders on emerging risks.
  2. Discuss emerging risks and associated drivers.
  3. Estimating the probability and impact of emerging risks.
  4. Address scenarios and review their likelihood and impact.
  5. Develop proposals for emerging risks.
  6. Agree on actions and direction in the process.

The assessment of emerging risks is generally qualitative, with scales tailored to each organization's needs and characteristics, as well as its risk appetite and tolerance level. In addition, the rating scales used must consider the impact of emerging risks on the entire organization. 

Control

In this third stage of management, the strategies and actions to be implemented to prepare for the materialization of an emerging risk must be defined: how to act, what steps to follow, and who is responsible. This is to reduce the risks' impact as much as possible. 

Companies can, among other options for dealing with this type of risk, focus on prevention, reduce vulnerability, act directly on the factors that make the emerging risk possible, and even modify their risk appetite when a new risk appears. 

The strategies and actions to control these risks must be proactive, efficient, and adaptable to address the identified and assessed risks. 

Once the treatment strategies have been defined, they must be implemented and executed in the organization. 

Monitoring

This action must be permanent. It is essential to follow up on the emerging risks identified and the strategies implemented to prepare for their possible materialization. Also, monitor the environment and global trends to be aware of other risks that have not been considered and that may also affect the normal development of operations and their continuity. The constant updating of the emerging risks map is necessary for adequate management. 

In addition to these stages, for managing emerging risks, organizations must be agile and respond rapidly to situations that could impact and compromise their survival in the markets. In this sense, the design of the Business Continuity Plan is fundamental.

Best practices and recommendations

To stand out and survive in the VUCA (vulnerable, uncertain, complex, and ambiguous) environment in which organizations are immersed, it is increasingly necessary to include emerging risks, also called future risks or unknown risks, in strategic planning and risk management.

These are some good practices and general recommendations that will help you to do this in your organization:

  1. Permanently monitor the internal and external context of the organization to identify global trends and possible threats from the political, economic, sociocultural, technological, ecological, environmental, and legal aspects that may affect the normal operation of the business. 
  2. Speculate on possible scenarios and determine if this could be an emerging risk impacting the organization.
  3. Research, study, and keep up to date with what is happening in the market, as well as follow specialized risk publications, industry reports, and communications from national and international regulatory bodies. 
  4. Strengthen knowledge and acquire new knowledge to respond to the new challenges presented by the environment, as traditional risk management can often fall short in managing emerging risks due to their inherent characteristics, such as uncertainty and complexity. 
  5. Use technological tools for risk management. With Pirani and its Operational Risk Management System, organizations can simplify identifying, evaluating, controlling, and monitoring their risks, including emerging ones.

Create free account

 

Bibliographic reference

Nueva llamada a la acción

Try Pirani for free

And learn how we can help you make risk management in your organization a simpler and more efficient process.

 

 

Create free account