Get to know the emerging risks
Emerging risks are continuously arising. How to be sure that all risks have been already evaluated?
Let’s start dividing the sources of the risks:
a. Internally: get to know in detail all the company; think about the inventory of events that could have an impact within the key parts that integrates the company, such as: processes, shareholders, employees, technology, confidential information, cash, products or services, etc.
Look for the input of employees, of all levels (from the CEO to the lowest level). How do they perceive the company? If the company has a hotline, verify which have been the common denominators in the reports. Have they been solved?
b. Externally: which are the key elements that surround the company? And if they changed how can they impact the strategy? Examples: suppliers, clients, competitors, location of the company (where it’s established and/or operates), technology, natural environment (i.e. earthquakes, tornados, etc.)
Add to this the actual regulation the company needs to comply with, plus any new.
Look for the industry best practices in order to benchmark your company towards it. Also: check daily the news and/or monitor key factors that could affect the company.
c. A mixture of internal and external: check which have been for the last 3 years the observations of the Internal and External Auditor, Compliance and/or any other advisor. What have been repeated?
After you got the inventory, start evaluating each event by these two questions:
- In the case this event happens, what will be its impact on our business?
- Which is its probability of occurrence?
Events could lead to threats or weakness and therefore become emerging risks. Risks are dynamic; what yesterday was a low risk today can be a high risk or tomorrow a medium one.
By Mónica Ramírez Chimal, Partner of Asserto RSC, Mexico City