By Adrian Tan ,
Consultant, Strategic Risk, Marsh Advisory, Asia
With the complexity and interconnectedness of the risk landscape in Asia, companies are increasingly aware that they could be blindsided by risk factors that they have not yet identified, prioritised, or acted upon. This enhanced visibility on risk exposures is vital for sustainable business growth and made possible with free online assessment tools such as the Marsh Risk Explorer .
According to aggregated data from over 100 companies in Asia who have completed the Risk Explorer exercise, we discovered fresh insights and lessons on risk preparedness. Here are four key observations and blind spots that organisations should take note of to enhance their resilience against risks arising from the rapidly changing business environment:
Based on insights gained from Risk Explorer, the vast majority of high-impact risks are found in the category of strategic and operational risks, such as the risk of IT system database corruption, cyberattack, supply chain disruption, and competition. Also of particular concern are emerging risk classes such as sustainability and climate change.
On the flip side, other risk categories like compliance risks and financial risks are usually well-managed by most companies. This is likely because risk management in these categories are driven by regulations.
The key observation is that, although operational and strategic risks potentially have higher impact, companies are less likely to have adequately and effectively implemented controls and action plans to mitigate such risks. This is potentially due to oversight or under-evaluation of the risks’ likelihood and severity.
It is perhaps no surprise that small-medium enterprises (SMEs) are found to be more likely to be caught off-guard by high impact risks compared to larger organisations, owing to resource limitations, a lack of priority assigned to mitigate high impact risks, and occasionally also ’double-hatting’ — where the people tasked with risk management are unable to focus on this responsibility because they also have other duties to juggle.
The larger pool of resources that larger companies typically possesses — such as financials and expertise — also helps them cushion the impact of a risk event. For SMEs, however, lack of preparedness for certain business risks could potentially derail the organisation from achieving its strategic and operational objectives.
The good news is that companies of any size can now holistically assess their risk exposure using tailored risk parameters with Risk Explorer. Companies will receive a report that maps the likelihood and impact of each risk factor, identifies insurable and non-insurable risks, and recommends possible actions for the most important risks and controls.
Matching the results of Risk Explorer to the companies’ profiles, we found that a company’s ability to implement risk control across the risk categories typically depended on whether there is a strong tone from the top and whether the organisation has relevant expertise, such as a risk manager or domain professionals with relevant capabilities, experience, and tools.
A tool like Risk Explorer gives business leaders a strategic overview of their company’s risk exposures, including non-insurable risks and peer benchmarking. In addition, companies can use the report to identify the risk areas that require more attention and support from management, including areas that may require collaboration with external parties such as subject matter experts.
Another observation from Risk Explorer is that, in companies where controls for high impact risk have not been fully implemented, there is usually limited business risk management processes in place.
The key lesson here is that, prior to implementing specific internal controls and establishing risk transference programs (such as cybersecurity insurance), companies should first focus on operationalising a robust enterprise risk management (ERM) framework and establishing a structured process to identify, prioritise, manage, monitor, and develop a clear report on risks — doing so can help companies gain a holistic view of their risk profiles and their current risk control environment.
Like the 100+ companies that have taken the Risk Explorer exercise, your company can gain free, fast, accurate, and actionable insight into your risk exposures and attain greater risk resilience.