In a cover story for the National Association of Corporate Directors Directorship Magazine, James Lam – independent director on the RiskLens board, leader of the risk committee for the E*TRADE board, and FAIRCON18 keynoter– writes that board directors generally believe that business-disrupting (and even business-killing) risks are much more important now than five years ago, but only a minority of the directors have confidence in corporate management to handle such risks.
James identifies three threatening creatures of “An Animal Kingdom of Disruptive Risks”, as his article is titled:
- Black swans: Outlier events that few see coming.
- Grey rhinos: Megatrends that everyone sees coming but some organizations are too mired in inertia to react.
- White elephants: No-win, highly emotional situations, for instance, a company dragged down by a CEO’s “Me-Too” or other scandal, in which doing nothing is usually the easiest choice but leads to the worst outcome.
These are risks that mostly fall outside the scope of traditional enterprise risk management, writes James (author of Implementing Enterprise Risk Management and other standard ERM books) so boards need to find other ways to think around the corner. He has some suggestions:
- Incorporate disruptive risks discussion into the board agenda.Ensure that fundamental ERM practices are effective, and the organization isn’t missing critical interdependencies due to risk management by silo.
- Consider scenario planning “akin to tabletop exercises for cyber-risk events, except much broader in scope.”
- Ensure board-level risk metrics and reports are effective, including “quantitative analyses of risk impacts to earnings and value, key risk metrics measured against risk appetite, and forward- looking information on emerging risks.”
- Strengthen board culture and governance, for instance by putting in place procedures to remove a problem CEO before a crisis in the C-suite.
For more advice from James for boards in a time of business disruption, read An Animal Kingdom of Disruptive Risks in the NACD's Directorship Magazine.
Watch the video of James Lam's keynote speech to the 2018 FAIR Conference: A Risk Committee Chair’s View of ERM and Cybersecurity Oversight (FAIR Institute membership required).