Once in a while it’s a good exercise to think about and prepare for the risks that are rare.
When it comes to protecting the company there is still no way to prepare, despite best efforts, for every single risk that might materialize. However, preparing for black swan events can save a lot of time and money if they occur. At a spring meeting of the NeuGroup’s Corporate ERM group, on member led a session on ways to identify and establish ownership of black swan risks, and how to integrate these methods into the broader ERM process.
First, said this member, was defining black swan risks. By their very nature, black swan events are hard to predict and not likely to happen. However, beyond this, there is a lot of variety in how they may be defined. For this ERM practitioner, they are events that challenge one or more of the organization’s critical assumptions. For another member, they involve the interdependence of risks and the compounded effect one adverse event can have either on or in combination with others. As in the cyber security session, finding potential black swans involves some creativity in imagining the main event and also the dominoes it could topple.
Second, challenge all assumptions. One member’s internal audit department facilitated an executive workshop with Deloitte to identify black swan risks. Participants included executives from corporate strategy, sales, marketing, legal, and numerous other departments, who were able to challenge their macro assumptions in order to assess vulnerabilities, identify risk scenarios, and determine how to integrate black swan risks into business plans.
Think about the what-ifs. As the presenting member suggested, black swan risks are low probability, but they are still possible, and they could have catastrophic consequences on the company. Nonetheless, members need to think about things that could conceivably happen and that could challenge overall plans or hinder long-term viability of the company.
Sometimes a black swan scenario indicates a market change that requires a business model adjustment. In its workshop, the presenter company’s workshop participants were asked to figure out why certain companies failed, such as Encyclopedia Britannica and Blockbuster. They did not succumb to black swan events per se, but rather failed to keep up with a digitizing environment that nullified their key business assumptions. When considering black swan risks, it’s important to make sure the right factors are considered. As one member pointed out said: “What are you thinking about when you’re [doing your company’s business], and are these the things that you should be thinking about if you want to stay ahead of your vulnerabilities?”
Black swan vulnerability vs. faulty business model
This all points to the meeting’s recurring theme of the importance of incorporating ERM into strategic planning. If ERM has information on a fatal flaw in the company’s operating model, strategic planners need to know. And while planning for black swan risks is in itself a worthwhile endeavor, it is also a creative way to think about the business model as a whole and consider how different parts of the organization interact. Sometimes a risk mitigation mindset can lead to a more efficient model.