In an increasingly volatile corporate environment, businesses need to identify the high-risk situations that have the strong potential to disrupt and endanger their activities. Black Swan events, unexpected occurrences such as terrorist attacks or natural disasters can vastly affect a firm’s performance. Enterprise Risk Management (ERM) is one way to both avert a major crisis and ensure a firm can continue to operate smoothly as well as prevent catastrophes. As former United States Secretary of Defence, Donald Rumsfeld, once remarked, “There are known knowns; there are things we know that we know. There are known unknowns; that are to say, there are things that we now know we don't know. But there are also unknown unknowns – there are things we do not know we don't know.”
Considered the ultimate weapon in crisis anticipation, an effective ERM framework needs to be established effectively at all levels of a firm if it is to be capable of dealing competently with a wide range of risks. Circumstances that occur in one part of the world may pose threats to businesses in another. In the case of the 2008 financial crisis that began in the United States and spread rapidly to other Western countries, several economists such as Ann Pettifor and Nouriel Roubini, rightly predicted that the recession following the crisis would be the worst since the Great Depression of the 1930s. The average U.S. household lost a third of its net worth during the 2008 recession. Meanwhile the effects of the crisis continued and expanded beyond Western economies into other regions of the world. In the fourth quarter of 2008, GDP in Asia (excluding China and India) decreased by close to 15 per cent if compared to the same period the year before.
In recent times in addition to the on-going economic volatility in the U.S. and the looming financial crisis in Europe, events such as the Brexit vote in the United Kingdom in 2016, and the change in national political leadership in the U.S. in 2017, have also contributed to growing uncertainty in global markets. Furthermore, the increasing interconnectivity in those global markets may also go on to create a strong negative chain reaction and severely impact businesses.
To combat such threats effectively businesses often implement an ERM framework. The Casualty Actuarial Society (CAS) defines ERM as: "The discipline by which an organisation in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organisation's short- and long-term value to its stakeholders." The objective of implementing ERM thus seeks to provide a reasonable assurance that the organisation will achieve its business objectives and enhance value creation.
Types of risks
When building ERM frameworks organisations need to be concerned with three types of risk events: known risks, emerging risks and unexpected risks or Black Swan events. Known risks include operational, financial or strategic risks that firms can identify and analyse. They can then proceed to try to manage or to avoid the event as part of the company's annual risk management evaluation. Emerging risks, such as cyber-crime and climate change, are risks that firms may observe but the extent of which is not completely apparent. Black Swan events are unpredictable events that impact businesses and society at large and take place without warning, such as the 9/11 terrorist attacks in the U.S.
Unknown and unpredictable risks outside the risk management cycle are the most hazardous to organisations. Black Swans are also unknown events that act as an outlier risk, causing extreme impact outside of normal expectations. Such events can only be explained after they have occurred. Given the unforeseeable and unpredictable nature of Black Swans, they also tend to have a devastating impact on businesses facing the incident for the first time.
Examples of Black Swans can be seen throughout history, such as the emergence of World War II, the demise of the Soviet Bloc, the 9/11 terrorist attacks and the financial crisis of 2008. Businesses may elect to not try to predict Black Swan events, or even to understand the extent of the impact from the viewpoint of the management, but instead try to create robustness within the organisation to cope with such negative events and to gain positive opportunities from them. The impact of a Black Swan event depends on the nature of the organisation. What may be a Black Swan surprise for a turkey is not a Black Swan surprise for its butcher, as the saying goes. The objective should be to avoid being the turkey by identifying the areas of vulnerability in order to turn a looming Black Swan into a white swan.