Not only are seemingly isolated risk events such as cyberattacks, supply chain disruptions, and geopolitical conflicts becoming more common, but they also tend to ‘transfer’ their impacts onto one another and amplify knock-on effects. Companies that practise ERM are better positioned to recover from financial exposure, business interruption (BI), reputational damage, and other losses when a risk event occurs in today’s hyper-connected risk landscape.
Specifically, the phrase ‘grey rhino’ is used to describe these high probability, high impact risk events, which happen to be often neglected by organisations. A robust enterprise risk management approach can minimise the impact of grey rhino risk events and create the requisite conditions for recovery and growth following crises.
Conversely, organisations without an integrated ERM framework are more vulnerable to risk mitigation and recovery issues that accompany grey rhino risk events. They might also face difficulty mitigating longer-term risks such as climate, sustainability, reputational, and people risk, and incur significantly higher costs, including the cost of risk financing.
How does enterprise risk management work?
An example of emerging risks addressed by enterprise risk management is cyber risk. Once seen as primarily an IT and security issue, it is now recognised as an enterprise-wide risk that can threaten a company’s finances, reputation, and long-term growth prospects. Like other grey rhino risks, cyber risks are often intertwined with other risks and typically trigger other risk events and cause cascading effects spanning industries and geographies.
In order to attain cyber resilience, different functions of the company should be guided by an ERM framework to enable productive collaboration across teams and allow risk managers to accurately identify and quantify risk with tools and loss scenario modelling.
The resulting alignment on shared risk appetite, mitigation strategies, and spending priorities across cybersecurity technology, insurance, and incident management is an important outcome of implementing enterprise risk management and places the company on highly resilient footing amid escalating cyber risks.
Another key risk that ERM helps to address is business disruption risk. The potential causes of business disruption have multiplied, with cyber, geopolitical, geophysical disasters, supply chain, and inflation risks all potential triggers. An ongoing ERM process facilitates the timely, cost-efficient diversification and strengthening of supply chains, refining of operational processes, and obtaining appropriately-sized business interruption (BI) insurance cover to de-risk.
The holistic approach of enterprise risk management, which includes gap analysis and assessing BI declared values, stands in contrast to a siloed risk management approach where relying on a standalone emergency response plan, for instance, may be inadequate and result in significant loss and obstacles to recovery when a grey rhino risk event occurs.
A resilient workforce as a core pillar of ERM
It is also important for organisations to bear in mind that the foundation of successful enterprise risk management is workforce resilience. With a number of Asia’s economies facing manpower and population-related challenges, it is imperative that companies know the potential impact of people risk and take steps to improve diversity, equity, and inclusion (DE&I) within their organisations.
One key area of focus for building a resilient workforce through DE&I is by ensuring equitable access to benefits. Many employers in Asia have adapted to hybrid working and are going a step further to provide both on-site and virtual access to healthcare for all employees. Further progress in building workforce resilience can be made by developing a mental health strategy to foster mental wellbeing, and working with brokers and advisors to review their existing employee benefits program for more inclusive coverage.
ERM as a problem-solver and enabler of sustainable growth
In truth, many issues of public importance cannot be solved without corporate leadership that is committed to the enterprise risk management process and framework. As Asian countries begin to reopen their economies, organisations that adopt a robust approach to identifying, understanding, and preparing for the enterprise-wide impacts of systemic and emerging risks will position themselves well for sustainable growth, and anchor themselves as institutions of good governance in their respective industries and spheres of influence.