If 2020 has shown us anything in business, it’s that emerging risks are hard to predict, but we still need to be prepared to address them. So, as entrepreneurs and business owners, you have two main questions to answer as you identify and prepare for emerging business risks: 1) What risks do you need to identify? and 2) How do you prepare for those risks?
When trying to identify and assess potential risks, companies face the challenge of addressing constantly emerging risks. “Emerging risk” can be defined as a risk which may develop, or already exist, that is difficult to quantify, and may have a high-loss potential. Businesses must determine which risks are the most relevant and important for their business to address. However, common across all industries is the fact that the risk landscape is continuously changing… fast.
The first step is to develop a risk framework. This is your opportunity to be proactive about the success of your company’s future. Start small and stay focused. Develop a formal, documented way of identifying, assessing, and reviewing emerging risks. And look to the future, not just what happened in the past. Determine where your business is going and what issues and problems you could encounter along the way. Be creative and think outside the box. Go down the rabbit hole and explore all possibilities. You’ll be glad you took the time to really delve into the realm of the “impossible.” Some examples of emerging risks may include:
Market: What key changes are occurring in the industry in which I operate? How do fluctuations in interest rates, credit spreads, and the housing market impact my operations? How could political instability or regulatory changes impact my business?
Technology: What new technology and innovation is emerging in the industry? What are the cyber security trends? How could a security breach impact my business and my customers?
Business Continuity: What events could interrupt operations? If interrupted, how will operations recover and how long will recovery take? What would I do if a key employee (or employees) unexpectedly left?
Once emerging risks are identified, they need to be evaluated. Incorporate them into your strategic (or business) plan just as you do with internal risks (weaknesses) and external risks (threats) and evaluate their potential consequences. With emerging risks, you will need to challenge your conventional thought process to consider what is logically most likely to happen in a very unexpected scenario.
Next, a mitigation strategy should be developed. “Mitigation strategy” is a plan to help lessen risk or loss to your organization in a situation. What can you do to keep your business running? Or avoid financial loss? Again, similar to internal and external risks, the mitigation strategies for emerging risks should take into account the company’s risk appetite and consider inherent risk (the risk before controls are in place) and residual risk (the risk after controls are in place).
Mitigation strategies are all about reducing risk to an acceptable level. Risks (and rewards) are weighted differently based on a company’s business goals, but when addressing risk mitigation strategies, business owners should generally consider the following:
Consumers’ needs: Your customers are the backbone of your business, so it’s important to understand their needs when assessing risk mitigation strategies.
Consideration of mitigation options using data: Use data and analytics to assess options and make informed decisions.
When to consult an expert: Always utilize your internal resources first, but given the uniqueness of emerging risks, you may not have the appropriate expertise or skillset on your team. While there is a cost when seeking external advice (financial, accounting, insurance, legal, cyber security, etc.), specialty firms understand the ins and outs of their respective field and their years of experience in handling your risk scenario can potentially save you money in the long run.
Finally, you should develop a response strategy for each emerging risk. The response strategy should align with the company’s risk willingness and business objectives. Some examples of response strategies may include:
Risk acceptance: Acknowledge that the potential loss from a risk is not great enough to warrant spending money to avoid it; accept and budget for it.
Risk transfer: Shift the risk to a third party through an insurance policy or contractual agreement.
Risk mitigation: Implement internal controls to reduce the impact and likelihood of a risk to an acceptable tolerance.
Risk avoidance: Completely eliminate the product or activity that creates exposure to the risk.
As the risk landscape changes, so should your assessment of key emerging risks that may impact your business. This isn’t a one-time or even a once a year planning strategy. It should be completed on an ongoing basis.
Although thinking about emerging risks isn’t always intuitive, formalizing how you identify emerging risks, and subsequently how you respond to, manage, and monitor those risks, will put you in a much better position to act strategically when the time comes – and the time will come.