By Maximilian Clarke

Many organisations’ risk management practices are worryingly incompetent and are being outpaced by an era of catastrophic “black swan" events, stresses a new PwC paper.

Black swans turn grey: the transformation of risk suggests that businesses need to be more agile and innovative if they are to combat such catastrophic, major-impact black swan events as terrorist attacks, tsunamis or oil spills, by updating and innovating archaic practices to achieve wider risk resilience.

“The risk landscape is changing, and established risk management approaches need to be updated to keep pace,” comments Richard Sykes, PwC governance, risk and compliance leader. “Many organisations currently have the wrong focus. They major on financial and operational risks and crucially regard risk and strategy as separate rather than seeing risk-taking as a key source of value creation. But the world where risk events could be predicted — and their impacts controlled — is fast disappearing.

“By their nature, black swan events should only occur at unpredictable intervals. Yet recent experience suggests events that fit this definition are happening more frequently. Rather than being infrequent outlier events, it seems they are now part of a faster-changing and more uncertain world, which makes it hard for businesses to understand where new risks are going to come from.”

The paper suggests that enterprise risk management (ERM), the practice currently used by most major corporations, can actually hamper the organisational agility in the personal behaviours and sense of responsibility that businesses need by encouraging a box-ticking, process-led approach. This could lead front-line staff to see risk as separate from their own business decisions. An approach that puts risks in separate compartments and fails to cover all of them is no longer fit for purpose. Large organisations now have blind spots from which high-impact risks can emerge to damage or even destroy their business.

Comprehensive risk management practice, on the other hand, makes companies distinctive, more appealing to prospective clients and gives competitive edge. When properly embedded it helps protect reputation and enhance resilience, while providing a clear view of the board’s attitude to integrity, risk and safety. To help achieve these objectives, the paper suggests questions organisations should ask themselves, such as “does the board have people with enough industry expertise” or “are the CEO and board setting the right behavioural example and risk-aware culture” and “do rewards encourage risk-based thinking and behaviour?”

Armoghan Mohammed, PwC risk partner, adds:

“By understanding today’s risk landscape, organisations can progress from managing specific risks to achieving wider resilience. What is needed is a new, more flexible and holistic approach to risk management that develops a risk aware culture and fosters an explicit focus on risk appetite. This will provide a clearer ownership of risks at leadership levels — with risk awareness and accountability shared across the organisation through a common risk culture. It can also give a higher market rating. There’s growing evidence that businesses that are seen to truly embed a risk-aware culture and behaviours are valued more highly by the markets.

“Crucially, ultimate responsibility for driving and embedding this change lies not with the risk function, but with the board. It’s their duty to embed the right risk culture and behaviours, supported by an appropriate rewards structure. The resulting awareness and scrutiny of risk at all levels in every business decision will help to protect the organisation’s reputation — and further enhance its resilience in an uncertain world.”

Join us on
Follow @freshbusiness