Managing known risks is hard enough, but trying to spot new and emerging risks is a whole new challenge. However, identifying new risks that will have a significant impact on the business is nonetheless a crucial element of any risk management role.
At this point it’s worth addressing what we might mean about known and unknown risks and the words that Donald Rumsfeld made famous are perhaps an interesting place to start:
“Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.”
While these words at the time were often mocked by some as being a little ridiculous, these concepts have long been used by national security and intelligence professionals as part of an analysis technique created in 1955 by two American psychologists, Joseph Luft (1916–2014) and Harrington Ingham (1916–1995).
In this technique known unknowns refers to risks that you are aware of, such as BREXIT or driverless cars, whereas unknown unknowns are risks that arise from situations that wouldn’t normally occur to you. For example, prior to the invention of digital photography, manufacturers of photographic film such as Kodak probably didn’t foresee the risks to their business.
So where can risk professionals find such risks?
Traditionally, many organisations have relied on internal questionnaires issued by a central risk team to the first line of defence for their thoughts on what they see coming over the horizon.
However, for those organisations that have moved on from a situation where the 2nd line owned the risk to the modern day where the 1st line are now taking ownership, you wonder if there shouldn’t be a different process. Instead of sending questionnaires the 2nd line should perhaps be proactively engaging with the the risk owners and discussing what potential risks they may have considered, and/or heard of on the grape vine.
What the risk team could know already, if only they had the tools
There are a number of potential other sources of intelligence that risk owners and risk professionals could use to enhance their ability to spot new and developing risks. We are going to consider two key ones; internal data analysis and external news content.
First, we need to consider the data that sits within their own risk system. Providing they have a relatively modern risk management system where risks, incidents, near misses, and KRI’s are all connected, they can seek out insights from their own data. An obvious example might be the rise in a particular category of incidents. Capturing incident trends with an understanding of causes may reveal an underlying risk that hasn’t yet been covered, or even thought of.
Another source of information is news content taken from around the world that has been pre-filtered for your industry and sorted into risk categories. This can provide revealing insights on trends occurring elsewhere that may become a threat in your region or industry. This might be particularly relevant when considering geo-political, economic, technological or regulatory context for the development and execution of projects such as new products, outsourcing and new markets.
Xactium and RiskSpotlight have joined forces to help risk professionals spot developing risks. Xactium which is already adopted by the FCA to manage risk in the UK financial services market, is developing a reputation for innovation. As one of the first Enterprise Risk software vendors to embed artificial intelligence technology, Xactium has now embedded a categorised news feed content into the system in partnership with RiskSpotlight. The RiskSpotlight news feed provides access to tens of thousands of news articles categorised by the 126 core operational risks within the financial services industry. This combined offering is called Risk Radar.
Within Risk Radar a risk owner has visibility of context relevant news embedded within specific risk categories. So whenever undertaking risk assessments or other risk activity they can have visibility of potential new threats.
You may be interested in our 7th Annual Risk EMEA Summit. Will you be joining us?…