Board support and oversight will be critical as companies prepare for risks in all forms to stay resilient for the long term.
- Today’s risk universe includes black swans and gray rhinos, highlighting the need for boards to better support their organizations in prioritizing resilience.
- This requires anticipating emerging and material risks as well as strengthening oversight of talent and culture.
- Helping to drive progress in sustainability performance beyond compliance and understanding risks from emerging technologies are critical as well.
From black swans to gray rhinos, the risk universe today is expansive, complex and interconnected. Black swan events — or unknown unknowns — are potentially catastrophic events that are rare, impossible to predict and outside our control. More plentiful and expected, gray rhinos — or the known unknowns — often charge at us in plain sight with a significantly wide impact. Boards should prioritize the latter and think more proactively about it in enterprise risk management.
Amid the usual suspects of financial, cybersecurity, reputation, compliance and competitive risks, companies are also facing increased pressure to deal with risks relating to climate change and sustainability, compliance, the supply chain and global geopolitics in recent years. The burden on boards and emphasis on governance have also increased accordingly.
According to the EY 2023 Global Board Risk Survey, which surveyed 500 global board directors from organizations with revenues of over US$1b, less than a quarter of the boards covered are considered highly resilient.
Highly resilient boards are confident and respond to unexpected high-impact incidents better. They are more likely to be highly effective in aligning risk and business strategy. Far from being complacent, these boards are cautious about gaps in their preparedness and aware of the evolving nature of the risks they face. By focusing on the following key areas, boards can better support their organizations in prioritizing resilience.
Anticipate Emerging and Material Risks
Enterprise resilience is more about adapting to the risks than recovering back to normal. This prioritizes the task of anticipating, preparing for and adapting to both emerging and material risks. To do this effectively, the board and management need to look beyond the obvious and near term as well as dedicate time to discuss changes and trends observed in the market.
Technologies — such as artificial intelligence (AI) and advanced analytics — to scan the horizon for black swans and gray rhinos can help. Applying quantitative analyses to specific scenarios can enable the board and management to better understand the organization’s full exposure to these risks. This can also allow them to better understand whether the current business strategy and model remain viable amid emerging risks and whether adaptation is needed.
Strengthen Oversight of Talent and Culture
Talent shortages, ongoing workforce transformation and the competing needs of a multigenerational workforce are longstanding issues that companies have had to deal with. The need for flexible working together with a misaligned culture is increasingly becoming central to the talent risks that organizations face. With fast-changing technologies, the workforce also needs to be equipped with future-ready skills.
The board needs to support the management to identify and meet the organization’s business-critical talent needs and create an organization that can adapt to changing expectations around culture, skills, and diversity, equity and inclusion. With improved knowledge, flexibility and oversight, it can help the management develop the human-centered culture needed to achieve this. It can also challenge the management to build a pipeline of leaders who live and breathe that culture.
Act on Climate Change
The connection between environmental sustainability and business resilience is indisputable and companies are facing heightened expectations from multiple stakeholders. These include investors, who want to know more about the organization’s environmental, social and governance (ESG) performance, against the short-term earnings and longer-term investments in sustainability. At the same time, authorities want transparency in sustainability disclosures and evolving standards like the recently released IFRS S1 and IFRS S2 by the International Sustainability Standards Board are giving less leeway for ambiguity in sustainability reporting.
Yet, this is also a valuable opportunity for companies to demonstrate their progress in sustainability performance beyond compliance. Highly resilient boards are both more aware of material sustainability issues and more comfortable with discussing them. That is usually the result of assigning and creating accountability over ESG risks — whether it is a committee that takes the lead or the whole board. Boards can also gain investor trust by overseeing robust processes for collecting, managing and disclosing trusted data to comply with regulations. Where talk does not translate into actions, the board should challenge the management on its plans and commitment. To discharge its roles well, improving board knowledge and skills in sustainability is vital.
Understand Risks from Emerging Technologies
With breakthroughs in generative AI technology, the advent of the metaverse and growing cyber threats, the goalposts in dealing with digital technologies are shifting fast.
As organizations invest more in digital technologies, the board and management will benefit from having the expertise to identify potential technology opportunities and risks. Of course, their job is not to be experts but to make sure the organization is balancing the speed of technology adoption with risk appetite and exposure.
To this end, the board should work more closely with the management to keep abreast of key investments in technology, digital transformation and cybersecurity. Cyber threats and digital risks are an enterprise-wide concern and this tone needs to come from the top. This means that driving the management to prioritize education and upskilling of employees on digital and recognizing that managing digital and technology risks is not just the remit of IT is key.
In an increasingly complex world, organizations need to be better prepared for long-term risks. Like in a zoo where one will need to stand back a little further to more clearly see the animals in the context of their environment, such clarity from the top and front is non-negotiable for boards.