10 risk trends to watch in 2017
How comfortable would you be sharing a seat in the Board of Directors with an algorithm? That’s right—not a human being, not a flesh and blood board member you can discuss issues with over a drink or two, but a program designed to sift through large amounts of data and, like you, make high-level decisions for the good of the company and its stakeholders.
Such are the risks businesses face nowadays that a Hong Kong-based venture capital firm thought it a good idea to give one of its six board seats to a program that can help the humans make sound investment decisions.
This is just one of the emerging trends Deloitte has observed in the risk landscape, which is rapidly changing and is increasingly influenced by advances in technology.
In no particular order, here are the 10 risk trends that Deloitte advises businesses to watch out for in 2017 if they want to continue creating value and achieving higher levels of performance.
1. Cognitive technologies augment human decision-making
Developments in cognitive technologies, artificial intelligence, and data analytics are allowing organizations to try new ways of managing risks, such as using smart machines to detect, predict, and prevent risks. This is what Deep Knowledge Ventures did when it appointed the program VITAL to its board and put to use the algorithm’s ability to scan a wealth of data about prospective companies at a fraction of the time it would take a person to do so.
While this trend has obvious benefits, organizations have to remember to upskill employees so that they know how to maximize cognitive technologies and extract insights from the data. Businesses also have to be prepared to deal with issues such as the backlash against automated decision-making and the possibility of mistaken predictions.
2. Controls become pervasive
Smart devices with sensor, communication, and computing capabilities are giving organizations greater power to detect risk events and take immediate actions, paving the way for real-time, pervasive risk management.
Fujitsu, for example, has developed tags that, when worn by employees, can detect whether a worker has changed location, has fallen down, or is experiencing extreme temperature. This kind of monitoring capability can enhance operations and improve risk-related decision-making, but the very tools that will help organizations—such as the Internet of Things—are the same ones that could expose businesses to more cyber risks. Organizations will also have to deal with possible privacy concerns from employees, customers, and business partners due to the pervasive monitoring.
3. Behavioral science informs risk insights
Social science graduates will be pleased to know that there is growing demand for their skills in the business world as leaders turn to behavioral science to figure out what drives risky behavior, how cognitive biases lead people to wrongly assess risk, and how risky behaviors can be detected and modified, among other things.
A mobile risk management company called Mi3 Security recently hired a behavioral science expert with a background in cyber crime profiling and psychology to act as a technical solutions and business adviser to the CEO.
Bringing these experts on board could improve systems for monitoring high-risk individuals in sensitive roles and help executives overcome the influence of cognitive biases in decision-making.
But organizations also run the risk of alienating employees who see behavioral interventions as an impingement on free will, and of seeing slow [or no] return on investments in organizing complex behavioral interventions.
4. Vigilance and resilience complement prevention as leading practices
As more and more organizations accept the idea that they cannot eliminate risks altogether, the focus will shift to vigilance (detecting patterns that may indicate risk events) and resilience (the capacity to quickly contain and mitigate the impact of risk events). Activities such as monitoring emerging threats, identifying anomalies in business processes, and preparing for risk-related workplace disruptions will grow in importance.
This became particularly relevant to Metro Manila when scientists revealed that the West Valley Fault, which runs through six cities in the capital and nearby provinces, is due for a major movement any time. This prompted a slew of disaster-preparedness exercises especially in central business districts. Hopefully individual businesses followed suit with their own preparations, by establishing more robust business continuity plans and partnerships with other organizations that can facilitate disaster recovery, among other things.
5. Risk transfer broadens in scope and application
Risk transfer instruments such as insurance will play a bigger role as organizations face greater risk events, such as natural disasters, political unrest and cyberattacks. Innovations in the financial industry are also giving birth to novel financial instruments that transfer and monetize risk.
London-based Willis SecureNet, for example, has developed insurance covers that are specific to risks of terrorism in the higher education sector.
While these instruments may help organizations achieve business continuity and more predictable performance, there is also the risk of becoming “over-insured” or purchasing insurance in noncritical areas. Organizations would do well to establish risk-sensing mechanisms to identify emerging risks and determine if instruments could be used to transfer the key risks.
6. Innovation leads, regulation follows
Innovation will continue to drive regulatory agenda as Deloitte sees no break in the rapid pace of development of new business models and technologies. We’re seeing this now in the way the Land Transportation Franchising and Regulatory Board and even Congress continue to work on a regulatory framework that can adequately capture the way ridesharing services operate. As 2016 wound down, a bill was filed in Congress calling for an end to these service providers’ rate surges, which alarmed LTFRB during the holidays.
A healthy dialogue between businesses and regulatory bodies can help reduce regulatory risks. Leaders should also have a clear idea of their organization’s risk appetite when considering projects that lie outside the realm of current regulations. This will ensure that the organization is prepared to incur losses due to investments in projects that operate in legal gray areas that may eventually become prohibited.
7. Risk becomes a performance enabler
As risks become more measurable and tangible, organizations are better able to calibrate their risk-taking behavior in a bid to balance risks and rewards. Instead of being viewed as something to be feared or avoided, risk then becomes a value driver.
To succeed in this balancing act, organizations can use risk dashboards, visualizations, and scenario analysis that help leaders make risk-informed decisions. Fostering a risk-intelligent culture will also empower employees to take on informed risks.
At the Management Association of the Philippines (MAP), the most appreciated talks are those from executives who failed and are willing to share their experiences. I also had the opportunity to speak with former Arthur Andersen CEO Joe Berardino who was very honest about how his organization got it all wrong in the case of Enron. This counterintuitive approach of talking openly about failures provides an alternative way of driving home the point that it’s important to take risks: While it can lead to failure, it can also be a path to innovation.
8. The networked economy demands collective risk management
With businesses becoming increasingly connected to each other and to their customers, risk has become a shared concern. In light of this, organizations are approaching risk management in a more open, collaborative manner.
Companies such as United Airlines, Microsoft, and Google have instituted “bug bounty” programs that engage the public and reward those who find vulnerabilities or potentially dangerous security flaws. While crowdsourcing allows organizations to tap a broader pool of skills, it also opens up a business to bad actors who may deliberately feed inaccurate data to sabotage operations.
9. Disruption dominates the executive agenda
It has become increasingly crucial for business leaders to prioritize risks that threaten to disrupt their fundamental assumptions about their organization’s strategies—think the way drones could change the package delivery industry or how Amazon Go will impact the retail sector once it launches in earnest.
In this environment, where startups can easily disrupt incumbents, organizations need to revisit their approach to corporate strategy development to introduce more agility, adaptability, and responsiveness to emerging threats. Leaders can also employ tools and techniques such as real-time monitoring, stress testing, and war-gaming to drive higher levels of sophistication in managing risk.
10. Reputation risks accelerate and amplify
Not too long ago, Facebook faced a barrage of criticism for the proliferation of fake news on its News Feeds, with some critics going as far as to say that these unchecked falsities influenced the results of national elections here and abroad. While the social media giant has rolled out a string of changes to address the problem, it continues to be hounded by negative publicity: The German government is considering passing a law that would penalize Facebook for every fake news that is posted on the platform.
In this hyper-connected, 24/7 news cycle world, reputations can rise or fall in a heartbeat. Organizations will have to develop new capabilities for proactive brand-related crisis management and continually scan media sources to monitor reputation risk. Business leaders may also want to consider developing an external ambassador program to nurture external brand advocates.
As these trends show, risks continue to grow in number and gravity. But the tools available to organizations to address, and even take advantage of, these threats are also becoming more sophisticated and more intelligent. Some of these new technologies and apps may feel like Big Brother, the watchful figurehead in George Orwell’s dystopian novel Nineteen Eighty-four, or the “precogs” at the center of the movie Minority Report who were able to catch pre-crime felons. So we all need to be cautious and vigilant in 2017, but also be daring and innovative in this new world of opportunities.
The author is the Managing Partner & CEO of Navarro Amper & Co., the local member firm of Deloitte Southeast Asia Ltd. – a member firm of Deloitte Touche Tohmatsu Limited – comprising Deloitte practices operating in Brunei, Cambodia, Guam, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam.
