Perception and inaction
If failing to address long-term risks can place companies in peril, why do businesses fail to adequately address them?
To some extent, this is a product of behavioral biases and flawed incentives. Behavioral economists have demonstrated that we tend to excessively discount future risks, meaning that we underestimate their likelihood and don’t give them the attention they deserve. Incentive structures typically amplify this behavioral penchant for short-termism. For instance, since managers are measured and rewarded based on quarterly financial performance, there is a disincentive to invest in risk mitigation efforts that might pay off in the long term but impose costs in the near term.
The reluctance to take on long-term risks may also be a result of how they are perceived. “Leadership teams often view long-term, strategic risks as beyond their control,” says Tonny Dekker, EY Global Consulting Enterprise Risk Leader. “For risks that are driven by larger forces which management teams cannot control, such as geopolitics, managers may assume that there is little-to-nothing they can do to control or mitigate them.”
Four steps for managing long-term risks
But while it may be true that management teams cannot control the forces driving these risks, it doesn’t necessarily follow that there is nothing they can do to mitigate the risks themselves.
Here are four steps that leaders should take to address long-term risks:
1. Envision future states and scan for risks
Start with a scanning exercise to visualize future states and identify long-term risks. The EY Megatrends and similar forward-looking publications can provide a useful starting point for such an exercise. Ensuring that boards and management teams have cognitive and experiential diversity might similarly broaden thinking to identify risks that might otherwise be missed.
2. Map “trust journeys” to prioritize risks
Risk and trust are intertwined, since implementing risk mitigation measures is one way to boost trust. Dekker recommends that companies use a “trust journey” framework in their approach to long-term risks. “Start by identifying the stakeholders most pertinent to your business,” he says. “For an electric utility, this might be regulators, while for a professional services firm, it might be employees. Then, identify the risks that matter most to your most important stakeholders — which you should prioritize as the risks most critical to your business.”
3. Conduct risk assessments to quantify risks
Once you’ve identified the risks most pertinent to your stakeholders and business, the next step is to use analytics to estimate the potential impact of these risks. This should take into account correlations between risks and their overall correlation with time, both of which make such risks more likely than they might otherwise appear. Quantifying risks provides a basis for understanding their impact on your business as well as for efficiently allocating finite resources.
4. Build flexibility into strategic planning
These long-term risk assessments should inform your strategic planning. A key element of planning for long-term risks is to include optionality into plans, for instance, by building supply chains with redundancy and flexibility so that your global operations are more resilient to geopolitical risk.
The good news is that the COVID-19 pandemic has focused the attention of boards and stakeholders on risks over the horizon. Use the opportunity to give these issues the attention they merit.