A CEO I once worked for used to say quite regularly, “tell me what I don’t know.” His view was he could read the Wall Street Journal or any number of other typical sources of intelligence and information about running organizations, just like me as his senior risk leader. What he was most concerned about, as are most CEOs, board members and other key risk stakeholders, were the things once described by Donald Rumsfeld in 2002 (Secretary of Defense from 2001 to 2006) right after 911. That is:
“There are known knowns. These are things that we know that we know. There are known unknowns. That is to say, there are things we know we don’t know, but there are also unknown unknowns. These are things we don’t know we don’t know.”
For many, myself included, this was a bit of a mind-bender. Yet the essence of his ruminating is really quite simple. He’s alluding to emerging risks, those things that are by one definition, articulated as:
“Those issues that have not manifested themselves sufficiently to be managed using the tools commonly applied to more developed exposures. They are “those risks an organization has not yet recognized or those which are known to exist, but are not well understood.”1
For leaders of all kinds, but especially for risk leaders, this area of the discipline is a black hole of possibilities, about which it is rarely immediately clear whether or not they require attention, let alone well-defined action. Some view these risks as “black swans” which by definition are things which didn’t exist, until they were discovered to exist. The unknown unknowns. But it is important not to ignore those risks we have some information and perhaps understanding about, even if they are remote or highly unlikely. This is true because they are often very destructive.
To understand these risks, let’s look at their common characteristics. First and logically, they are highly uncertain. As mentioned, their frequency is low but their impact is often very significant. They also have the potential to change quickly, even metastasize. They are risks that are difficult to drive a consensus about among subject matter experts. Because they may be completely unknown, they are typically not on anyone’s radar. Their qualitative characteristics are fuzzy at best. The ability to quantify them is usually non-existent. The relevance to the business, its strategy and objectives is also typically unclear at best. Most observers would say they are too futuristic to matter.
These risks are also hard to communicate. Because they are perceived as unlikely, possibly even irrelevant, they are viewed as deserving none of the limited time most executives have to address anything but the most pressing issues. Even so they may be embedded in existing practices and procedures, thus right in front of many, but not recognized as a serious threat to success. Finally and not surprisingly, these risks are difficult to find owners for, since accountability for addressing raises personal risks. Acting on these often complex exposures, implies redirecting time, resources and even priorities and thus can be expected to be met with substantial resistance.
In this increasingly VUCA (volatile, uncertain, complex and ambiguous) world we operate in, we are required to be better at anticipating, adapting, maneuvering, preparing for, and responding to even (and especially) these unlikely but value-destroying risks that simply should not be ignored.
So what should risk leaders do in order to get ahead of emerging risks? Well here’s a simple four step plan for moving forward.
- Build an emerging risk strategy and process into your overall risk management strategy
- Enhance your risk identification process to include low probability, high severity possibilities as they relate to strategic goals and objectives
- Assess risk interconnectedness of these compared to other identified risks in order to understand how they relate to and possibly exacerbate other key risks
- Answer the key questions for these risks regarding their: importance; relevance; likelihood; impact; immediacy; and necessary response
Enhance your risk monitoring and reporting processes to include specific key risk indicators tied directly to key performance indicators.
You may feel you don’t have the time or resources to take on these tasks, but I think we can agree that you don’t want to be left flat-footed when your CEO asks “tell me what I don’t know.”
1 Source: Risk Management Society
By: Christopher Mandel, RF, CPCU, ARM-E
SVP, Strategic Solutions, Sedgwick
Director, The Sedgwick Institute
Summary of Qualifications
Highly skilled risk and insurance professional with more than 30 years of experience designing, developing and implementing large, global corporate risk management programs for Fortune 500 firms. Thought leader in enterprise risk management, insurance and the alignment of risk stakeholder interests among internal audit, compliance, legal, control, planning, crisis management and business performance functionaries. Designed and implemented numerous risk and insurance programs for large, global corporates. Led and aligned small to mid-size teams toward successful delivery of multi-million dollar expense saving programs and captive insurance company profit centers solving unique risk financing problems and delivering tens of millions in net income.
Responsibilities
As SVP Strategic Solutions, Chris works collaboratively with senior management and ownership to “Tell the Sedgwick story” and represent Sedgwick as an “ambassador” within the broader risk and insurance industry space. Primarily responsible for developing, evolving and ensuring the execution of the company’s strategy for influencing the industry in an effective and cost efficient manner as well as identifying opportunities and people that can contribute to the success of Sedgwick and its subsidiaries.
As director of Sedgwick Institute, Chris is responsible for providing strategic and tactical leadership to internal and external resources used to deliver the Institute's mission and goals.
Business Experience
27 years of senior risk management leadership roles in large, often global enterprise
Has led staff from 4 to 35 executing the risk and insurance functions
Has held and currently hold numerous board positions for industry entities
Has provided consulting and advice to numerous firms as both a sr consultant for Marsh and by starting and running my own ERM consulting firm
ERM Experience
Designed, implemented and managed the ERM strategy for a Fortune 125 diversified financial services company whose program was rated "excellent" by S&P (its highest rating) from 2006-2010. Same program was recognized by receipt of the Alexander Hamilton Award for "excellence in ERM" in 2007.
Has taught four level of ERM and SRM for RIMS over the last 6 years.
Consulted through my own ERM consulting firm and a separate ERM partnership firm, for more than ten years.
Regular speaker across the globe, on ERM, SRM and related subjects.
Professional Affiliations
Member and RIMS Fellow (RF) of the Risk Management Society
Former president (2003) and board member of RIMS (1998-2004)
Member, Society of CPCU (the Institutes)
Member and Board Director of the Association of Responsible Alternatives to Workers Compensation (ARAWC)
Member, Associated Industries of Florida (AIF)
Member and Board Director for Captive Insurance Group of NJ
Faculty, International Center for Captive Insurance Education
Education
MBA - Finance, George Mason University
BS - Business Administration (Mgmt); Virginia Polytechnic Institute & State University
RF - RIMS Fellow, Risk Management Society
ARM-E - Insurance Institute of America
CPCU - American Institute of Property/Liability Underwriters
AIC - Insurance Institute of America
CCSA – Institute of Internal Auditors