Adaptive Governance & Challenge. “In the Commission’s view, this will require boards to build… adaptive governance, which we define as… active involvement by directors in setting and maintaining a boardroom culture that is centered on open discussion, constructive challenge…” (NACD, 2018).
- ERM Reaction: practice a challenge culture or contrarian view when risks are presented. Encourage boards to do the same. The goal is for the greater good of the organization.
Question Legacy Business Models. Allegiance to legacy business models with reluctance to question their future viability is a red flag according to board guidance (NACD, 2018).
- ERM Reaction: include business model risk analysis in your risk assessment.
Boards assess emerging risks. “The board should carry out a robust assessment of the company’s emerging and principal risks. The board should confirm in the annual report that it has completed this assessment, including a description of its principal risks, what procedures are in place to identify emerging risks, and an explanation of how these are being managed or mitigated. Principal risks should include, but are not necessarily limited to, those that could result in events or circumstances that might threaten the company’s business model, future performance, solvency or liquidity and reputation. In deciding which risks are principal risks companies should consider the potential impact and probability of the related events or circumstances, and the timescale over which they may occur.” UK Corporate Governance Code 2018.
- ERM Reaction: First, strengthen your emerging risks process. Two, include business model risk analysis in the process. Note, if you’re not in the UK you might be tempted to ignore this UK Guidance but it captures the growing pressure on boards over emerging risks and business models.
Exogenous Risks. “Boards have concerns about less controllable, exogenous risks.” 2019 NACD Corporate Governance Outlook.
- ERM Reaction: Convince the board how you’ve done this. Use black-swan or disruptive workshops to attempt to pull out these risks.
Trigger risks. “Trigger events or risk thresholds are not always clear in advance: even if their causes are relatively familiar, these risks may “develop in a non-linear manner,” as a result of “tipping points that might be detectable only in retrospect,” Board Oversight of Disruptive Risks (NACD, 2018).
- ERM Reaction: Identify which risks could be the tipping point or the trigger. Develop key risk indicators, risk drivers, or mind maps to help see the triggers. Managing/monitoring the non-trigger risk could be too late.
Assess vulnerability to Disruptive Risks. “Establish time on the board agenda, at least annually, for a substantive discussion of the company’s vulnerability to disruptive risks. Consider using approaches such as scenario planning, simulation exercises, and stress testing to inform these discussions.” NACD, 2018
- ERM Reaction: Just do it.
Skills to Navigate Disruptive Risks. Boards should invest in the skills—within the organization and on the board itself—needed to navigate disruptive risks. (NACD, 2018).
- ERM Reaction: lead or train your board on how to identify disruptive risks and link them to the business model. Ask them to include ERM and Board Risk Oversight training as part of the new board member onboarding/training.