Ask 10 different risk management experts to define emerging risks, and you will likely receive different points of view. In this article, let's define emerging risks, discuss ways to identify them, and look at different ways to manage these risks.
What are Emerging Risks?
The International Risk Governance Council (IRGC) defines emerging risks as "new risks or familiar risks that become apparent in new or unfamiliar conditions."
The CRO Forum defines emerging risks as "risks which may develop or which already exist that are difficult to quantify and may have a high loss potential."
Characteristics of Emerging Risks
Emerging risks may have one or more of the following characteristics:
- Large scale events
- Often, arises from global trends
- Often, beyond our capacity of control
- Can cross geographic borders, industries, and sectors
- Difficult to quantify the impact
- Hard to predict
- Traditional risk management identification and assessment process may not work
Emerging risks are "new risks or familiar risks that become apparent in new or unfamiliar conditions." –CRO Forum
Why Emerging Risks May Be Unknown
Not in all cases, but emerging risks may be unknown. Why? First, the extent or nature of the potential loss is not known. Second, there may be insufficient information. Third, the organization may not have had time (or taken time) to fully analyze the risk.
Emerging Risk Examples
One way to better understand emerging risks is to see common examples. Here you go:
- Cybersecurity and cybercrime
- Disruptive technology
- Legislative and regulatory risks
- IT systems
- Talent and employees
- Business operational failures
- Natural catastrophes
- Climate change
How to Identify Emerging Risks
While emerging risks may be more difficult to identify (and in some cases, impossible to identify), there are practical steps that we can take to identify some of these risks. Here are some suggestions:
- Perform risk workshops aimed specifically at identifying emerging risks
- Use industry specific emerging risk checklists
- Ask stakeholders to tell you what you don't know
- Focus on high impact, low probability events
- Capture perspectives of industry and thought leaders
- Perform scenario analysis
- Consider cross-organizational impact and interdependencies
How to Manage Emerging Risks
Some people ignore emerging risks. Why? Well, because of a natural bias. Individuals are busy and don't want to think about things that have a remote possibility of occurring.
I get this. However, a little discipline can go a long way. Consider which of the emerging risks or combinations of risk have a decent chance of occurring. Add these risks to your risk register. Finally, assign the risk owners and ask them to develop response plans including contingency plans and fallback plans.
Additional risk mitigation steps include enhancing resilience through business continuity planning, diversification, and collaboration. Lastly, organizations should routinely identify and assess emerging risks and continuously devise strategies for both monitoring and managing these risks.