Beat risk to the punch – before it beats you

To stay ahead, leading companies are using advanced data and analytics to identify and mitigate risks as they emerge.

To stay ahead, leading companies are using advanced data and analytics to identify and mitigate risks as they emerge.

OK, so the business world probably won’t be conquering time travel anytime soon, but it’s a familiar frustration for senior executives amid ever-increasing unpredictability: “How do I plan for what I can’t see?”

That is why more and more companies are focusing on ways to identify and plan for risks right as they emerge, leveraging advanced data and analytics (D&A) to more rapidly model scenarios and responses, and get ahead of the next “mission impossible.” Waiting and watching and reacting after the fact can be crippling, as the global pandemic so clearly demonstrated.

And the risk portfolio is expanding. As our world becomes more and more interconnected—technologically, financially, economically, socially, and environmentally—it also becomes vulnerable to multiplying risks, some of them unprecedented.

To respond and mitigate those risks, companies have new opportunities to harness advances in areas such as artificial intelligence (AI), intelligent forecasting, and data modeling and visualization. These evolving new data tools and capabilities can establish the framework for an iterative enterprise risk management (ERM) approach that can rapidly model potential threats—before or as they emerge, rather than after they have fully materialized. 

Start with data and analytics

To stay on top of both risks and opportunities, companies need to harness sophisticated new approaches to their foundational data, layering on advanced D&A methodologies that provide multidimensional surveillance of their internal systems while also monitoring how those systems interact with the outside world. For example, that might look like:

Internal data resources: Collecting data in real time—from customers, workers, and suppliers alike—across sources such as supply chain, customer behaviors, inventory, e-commerce, mobile apps, and human resources 

External data resources: Monitoring data from outside, such as government agencies, global organizations, and even social media, which can provide insights in areas ranging from reputational risks to crime rates in specific operating environments

AI: Using advanced technologies such as AI, machine learning, and predictive modeling to overlay the assembled data, curate and analyze it, and then suggest informed decisions on both risks and opportunities

Getting this foundation right can enable step-by-step advancement of ERM programs, as illustrated by one life sciences company in our recent risk management benchmarking study. By establishing a robust risk data taxonomy, the company improved its visibility and understanding of risk through ready access to data at an enterprise, country, and business-line level. This ability to view risk data at both an aggregated and disaggregated level now allows the company to handle risk management—and the related decisions—across all levels of the enterprise.

Add the power of human foresight

The qualitative data in people’s minds can be valuable in identifying risks and opportunities, and can be extracted through surveys, interviews, or group workshops. Four different approaches can help:

Postmortem assessment: Through the use of “prospective hindsight,” an internal group pretends an event has occurred, and then assesses how it could have happened and whether it offers potential for risk or opportunity.
As a real-world example, one company in our benchmarking survey identified the emergence of blockchain technology as a major threat to one of its core services. But as the assessment evolved, there was also recognition of a potential competitive opportunity. The company ultimately opted to invest in its own blockchain technology, enhancing its competitive position and capitalizing on the disruption in the market overall.

Expert elicitation: Some risks just have a “w-a-y out there” degree of uncertainty from the start—very rare or even unprecedented events that have little to no data to work with. Enter expert elicitation, which is a methodological synthesis of opinions about a highly unusual risk from an outside group of qualified experts. The goal here is to establish a scientific, forward-looking expert consensus, and provide at least some initial context and guidance.

This highly specialized approach is used by the World Economic Forum, for example, to develop its annual Global Risks Report. And note that its 2020 annual report—released in January 2020—listed an “infectious disease” event as among the least likely but most impactful potential risks, behind only the use of weapons of mass destruction.

Scenario analysis and wargaming: These interconnected methodologies offer two different approaches to validate the same outcome: potential responses to, and results of, hypothetical risks. These approaches are not focused on the past, but instead look at multiple possible “futures.” Scenario analysis creates storylines that model several potential risks and their related trends. Wargaming plays out those scenarios, with participants picking sides, going through rounds of iterative strategy responses, and creating future response plans for consideration.

Both approaches seek insight into the future based on uncertain developments, rather than historical patterns. For example, the Task Force on Climate-Related Financial Disclosures recommends scenario analysis for all companies to monitor the economic and financial impact of climate change (which ranked as both the most likely and most impactful risk in the 2020 and 2021 World Economic Forum reports).

System dynamics (SD) modeling: To understand the nonlinear behavior over time of a critical and risk-exposed system—for example, a business operating system such as financial reporting—this method is built on the input of specialized teams who understand how the critical system’s interactions work. SD modeling lays out the relationships between essential high-level factors such as stocks, flows, internal feedback loops, table functions, and time delays.

Ultimately, think of SD as the highest-level quantification tool in the four groups here—and also the most labor- intensive. But it is a highly effective way to analyze the most complex and high-stakes challenges. 

Align the organization

D&A and human foresight work best together when the right organizational structures are in place. Structures that foster a nimble work culture allow quantitative and qualitative information to flow more seamlessly—and are designed more as an organic feedback loop rather than a hierarchy, which can stymie information and ideas. This can be accomplished in two ways.

First is the idea of combining “command and control” with community. The command and control structure (CCS) describes the official authority structure, rules and hierarchy that shape interactions within an organization. The combination of CCS and an adaptive operating system (AOS)—which consists of flat relationships, groups, and a community structure—enables an organization to approach issues with agility and innovation.

The second approach is a focus on learning together as an organization. When viewed as a system and not a machine, an organization can be viewed as a “learning organization”—one in which people are responsible, curious, and working together to create results they all care about. Collectively, they stay in touch with emerging issues and problem-solve more quickly together than they would as individuals. 

Built to thrive

With the right combination of data-driven tools, human insight, and a system structure that keeps information flowing seamlessly, organizations can stay abreast of emerging risks and act upon them with agility. Given the vast number of interconnections and interdependencies in today’s world, coupled with the rapid pace of technological advancements, finding this sweet spot is critical to an organization’s ability to not simply survive, but to thrive. 


Joseph P Gyengo

Joseph P Gyengo

Principal, US Enterprise Risk Management Leader, KPMG US

+1 404 520 5327