Organisations urged to overhaul their approach with rapidly evolving threats on the horizon
Organisations worldwide are adapting to the rapidly evolving landscape of new and familiar risks, a trend that has intensified over the past 15 years. These risks, often termed “emerging risks,” are characterised by their speed, uncertainty, complexity, and significant impact. However, organisations’ methods of identifying and responding to these risks vary greatly.
A recent report from WTW has put a spotlight on these emerging risks, as well as what risk managers should be on the lookout for as we enter 2024.
The recent release of the ISO 31050 – guidance for managing emerging risks to enhance resilience – marks a pivotal moment in the management of these risks. This comes at a time when new regulatory standards and requirements are being implemented or considered in the United States and the United Kingdom. ISO 31050, published in November, aims to provide organisations with guidelines for applying the ISO 31000 risk management process to emerging risks, offering structured processes for identifying, assessing, and managing these risks, and incorporating resilience indicators.
The definition of “emerging risks” varies across organisations, influenced by factors such as time horizons, risk tolerance thresholds, and strategic objectives. The WTW Research Network adopts the International Risk Governance Council’s definition, which views emerging risks as either new or familiar risks in a novel or re-emerging context. This perspective emphasises the unassessed nature of such risks, making confident risk management challenging.
Approaching emerging risks
Organisations are encouraged to develop a nuanced approach to emerging risks, one that aligns with their risk maturity level, appetite, and overall risk framework. This approach should extend beyond risk management to encompass strategic change and innovation, fostering cross-departmental collaboration.
In the United Kingdom, the government’s draft regulations and the Financial Reporting Council’s (FRC) proposed updates to the Corporate Governance Code, both aiming to reform audit and corporate governance, are currently under a new consultation. These reforms, which initially included enhanced requirements for the management and reporting of emerging risks, have been paused. The outcome of this consultation, expected on Jan. 24, will clarify the future direction of these requirements.
The FRC’s 2018 introduction of emerging risks reporting lacked a clear definition, a gap that the 2023 consultation aimed to address. The proposed changes would require companies to report their emerging risks under a prescribed definition, describe their management procedures, and consider longer time horizons, emphasising a continuous and dynamic risk assessment process.
In the United States, regulatory changes are also underway. The Securities Exchange Commission’s 2020 rules shift the focus from the “most significant factors making the company risky” to “material risks.” These rules require risks to be organised by relevant headings and mandate a summary for disclosures exceeding 15 pages. The interpretation of these rules is still evolving, particularly regarding the treatment of emerging risks.
As organisations navigate these changes, they are increasingly recognising the value of an integrated and forward-looking approach to emerging risk management. While future regulations will likely bring more clarity, they will not negate the need for tailored approaches that align with individual organisational needs. Effective emerging risk management should provide leaders with insights and actions that offer a competitive advantage, regardless of regulatory requirements.
What are your thoughts on this story? Please feel free to share your comments below.
Keep up with the latest news and events
Join our mailing list, it’s free!
#Emerging #risks #radar #risk #managers #lookout