Traditional risk management can prove less effective when tackling complex and inter-connected risks. How can you identify, quantify and mitigate inter-related risks?

In an era defined by disruption, permacrisis and rapid transformations, organisations able to see risks yet to emerge and explore how these not only impact on their risk framework, but also how they are related can expect growth and greater strategic focus over longer time horizons. Organisations unprepared for disruption driven by unidentified interdependencies, meanwhile, could eventually fail through failing to respond to risk or seizing new opportunities.

With heightening geopolitical risk, and climate change amplifying diverse risk exposures, discovering, quantifying and mitigating against interconnected risks can be essential yet challenging.

Interconnectivity brings blind spots that can cause problems and failures through focusing on single risks. If something goes wrong and exceeds organisational resilience, it's rarely the tried and tested area of risk with numerous tightly defined controls and scenarios. It's something connected to the risk or just beyond the imagination.

In this insight, we offer practical tactics on revealing unseen co-dependencies, exposures and opportunities. We explore the smarter ways to identify and mitigate future risks your business could call on to thrive long into the future. Because it is through capturing complex risk interconnections that more organisations can look to boost their resilience in an uncertain world.

Managing inter-connected risk obstacles

We've seen a variety of businesses often struggling to get a handle on complex and connected risks. This challenge can be due to a range of barriers to achieving joined-up, future-focused risk governance, including:

  • Silos and/or organisational barriers between teams and individuals – These can manifest when, for example, a senior executive responsible for a given risk on the risk register believes their processes and controls around this are effective, without considering wider exposures. We've also come across situations where individuals who were either junior or in a different part of the business had concerns about the impact of one risk on another, but lacked the confidence, seniority, or forum to share both their concerns and ideas on potential risk management controls.
  • Limited views of risk – Understanding the realities of interconnected risk involves pushing to widen the risk perspective, potentially bringing in diverse expertise to capture the breadth of inter-related factors that could threaten the resilience of the business. Often, there is neither the internal appetite nor capability to generate a true picture of interconnected risk collaboratively.
  • Interconnected risk governance challenges – Where there is appetite, expertise and collaboration required to identify, quantify and put mitigation measures around risk interdependencies, the business can still face issues reviewing its interconnected risk processes, and ensuring this process is auditable from a risk governance best practice perspective.

By understanding any barriers to your organisation having a fit-for-purpose approach to interconnected risk management, you can then move to overcoming them through a range of qualitative and quantitative methodologies.

Methods to identify and manage interconnected risks

We suggest there are a range of tactics you can use to manage barriers to addressing interconnected risks within your organisation and it's risk management portfolio. Organisations considering the new ISO 31050 - Guidance for managing emerging risks to enhance resilience may find this a useful challenge to bring new perspectives to their risk approach. These should centre firstly on challenging assumptions. This process should bring unseen risk dependencies to the surface, encouraging collaboration across business functions, and working towards an elevated risk governance regime that offers the business a repeatable, but necessarily flexible, means of outsmarting complex risk connections.

Questionnaire

Issuing questionnaires to a wide range of stakeholders on current and emerging risks with a view to establishing how your organisation considers risk currently is a good place to start. Simple questionnaires can start to scaffold those risk connections on diverse teams' minds and begin to identify priority areas for further investigation.

A deeper dive into issues you've identified might happen in a new forum, or one-off workshops involving multiple stakeholders, including external experts as appropriate – for example on climate, legal or technological areas.

The atmosphere of deep-dive sessions should be open and supportive but also encourage challenge and a 'devil's advocate' perspective. You want to a build a true picture of risk connections and map related risks accurately, breaking down silos along the way, to see interconnected risks as they really are, rather than how you might like them to be.

Schematic

In the next stage of the process, you could need a schematic to articulate the interactions between risks. This representation can allow you to map and rank risks and their interconnections enabling you to start devising solutions to interconnected risk areas. This process might see a more formal ranking of risk interconnections in terms of urgency and impact, alongside scenario development and testing, plus longer-range horizon scanning.

Your scenario planning should also take into account the potential cost and investment choices required to transfer or mitigate risk sets. The aim should be to create a transparent means of building consensus across your organisation on the courses of action most likely to increase resilience. Your interconnected risk interrogation should be actionable, with outputs that define pathways for the business to optimise its risk finance or risk control investment.

Framework

You should also look to design a framework that lends itself to repeatability and review as new risks, interdependencies and risk conditions emerge, possibly led by a steering group or some other forum with stated responsibility for keeping on top of interconnected risks in a systematic way.

Competitive advantage from interconnected risk management

Long-range perspectives and ways forward on managing hitherto unexplored risk connections can help your organisation:

  • Discover risk connections and their influence on other risks by capturing 'bottom-up' perspectives to counter top-down risk perspectives, bolstering organisational resilience
  • Reveal potentially hazardous disparities between perceptions of risk and realities and expand the view of risks your organisation should be considering at a strategic level
  • Challenge the status quo constructively, breaking down silos and building shared understandings likely to better serve long-term growth
  • Create a clear basis for identifying improvements at an operational and strategic level, with evidential support to help decide the next steps on developing your risk approach
  • Interrogate the risks and opportunities of individual projects, whether this is a potential acquisition or assessing the effectiveness of your current climate and sustainability programme
  • Ensure your emerging risk stance is fit-for-purpose in the current and emerging risk environment.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.