SlideShare a Scribd company logo
1 of 25
Download to read offline
EPFL Center + Foundation
GOVERNANCE OF
EMERGING RISKS
Guidelines for the governance of unfamiliar risks
March 2017
No part of this document may be quoted or
reproduced without prior written approval from IRGC
This presentation deck accompanies the main IRGC report and an appendix, available online:
https://www.irgc.org/risk-governance/emerging-risk/a-protocol-for-dealing-with-emerging-risks/
EPFL Center + Foundation
Introduction
• A risk is an uncertain (mostly negative) consequence of an event or an
activity with regards to something that humans value. Emerging risks are
‘new or familiar risks that become apparent in new or unfamiliar conditions’
• Emerging risks should be distinguished from familiar risks:
o Familiar risks are well understood by risk managers who know how to manage them
o Emerging risks on the other hand are primarily characterised by uncertainty
• Knowledge becomes the key concept for emerging risks
• The concept of emerging risk is relative, not absolute
• In emerging risk management, what matters most to an organisation is its
potential exposure
2
EPFL Center + Foundation
Characteristics of emerging risks
• IRGC suggests three categories of emerging risks:
Risks with uncertain impacts
Risks in complex,
interconnected systems
Risks resulting from changes
in context
High uncertainty and a lack
of knowledge about
potential impacts and
consequences (interactions
with risk-absorbing systems).
e.g., applications of
synthetic biology
Increasing complexity,
emerging interactions and
systemic dependencies
have the potential to lead to
non-linear impacts and
surprises.
e.g., systemic risks in
energy or ICT systems
Changes in context (social,
regulatory, natural etc.) may
alter the nature, probability
and magnitude of expected
impacts of previously
known risks.
e.g., antimicrobial resistance
3
EPFL Center + Foundation
Defining an appropriate process for
emerging risk governance
• The guidelines proposed by IRGC provide an overarching framework to
support senior managers address emerging risks.
• They help to organise how information and evidence are collected,
analysed and combined to design strategies for emerging risk governance.
• In particular, the IRGC guidelines:
o Provide guidance to organisations in anticipating and responding to emerging
risks
o Provide transparent and enforceable criteria for the evaluation of the effectiveness
of the emerging risk governance process
o Embed the emerging risk management process as a routine within the
organisation, drawing from existing processes
4
EPFL Center + Foundation
Emerging Risk Governance Guidelines
5
EPFL Center + Foundation
Step 1: Make sense of the present &
explore the future
7
Provide early warning
Identify:
• Potential threats or opportunities
to relevant assets and processes
• Contributing factors that create
fertile ground for risks and
opportunities to develop
(emerge, amplify or attenuate)
Make sense of signals that might
shape the future
Detect and explore current and
possible future evolutions that may
change the organisation’s
environment
Analyse these changes according
to their potential to represent a
threat and/or an opportunity
Filter and prioritise the detected
threats and opportunities that
require further attention in Step 2
Regularly update the selection of
risks and opportunities as new
information becomes available
Required
actions
List of threats and opportunities
that require further analysis and
exploration
Description of the context in which
these develop
Identification of the necessary or
sufficient conditions for the risk or
opportunity to materialise
List of threats and opportunities
that are irrelevant to the
organisation's objectives given
available information
Expected
outcomes
Key
objective
EPFL Center + Foundation
Step 1: Make sense of the present &
explore the future
8
Emerging risk conductor
Defines approaches and facilitates continuous
interactions among experts and between experts and
decision-makers
Experts and analysts
Detect signals, perform analyses and suggest
necessary characterisation
Senior decision-makers
Validate Step 1 outputs and decide which issues will be
further investigated and what resources will be
allocated to the process
Key participants
& responsibilities
• Diversity of information
• Scientific soundness of data collection, analysis
and prioritisation
• Data reliability and consistency
• Compatibility with existing and past or familiar
threats
Key success factors
EPFL Center + Foundation
Contributing factors to risk emergence
9
The human factor:
Behavioural and cultural
advancement
The overall context:
System complexity
The
decision-
maker
4. Varying susceptibility to risk
3. Positive feedback
2. Loss of safety margins
1. Scientific unknowns
7. Technological advances
6. Social dynamics
5. Conflicts of interests,
values and science
12. Malicious attacks
11. Perverse incentives
10. Information asymmetries
9. Communication
8. Temporal complications
Source: IRGC (2010). The Emergence of Risks: Contributing Factors. Geneva: International Risk Governance Council.
Report available online:
https://www.irgc.org/risk-
governance/emerging-risk/irgc-
concept-of-contributing-factors-to-
risk-emergence/
EPFL Center + Foundation
Anticipating vs. exploring uncertain
futures
10
Level 1 Level 2 Level 3 Level 4
Deep Uncertainty
Context
A clear enough
future
Alternate
futures (with
probabilities
A multiplicity of
plausible future
Unknown
futures
Familiar risks Emerging risks
Source: Walker, W. E., Marchau, V. A. W. J. & Swanson, D. (2010). Addressing Deep Uncertainty Using
Adaptive Policies: Introduction to Section 2. Technological Forecasting & Social Change, 77(6), 917–923.
EPFL Center + Foundation
Framing discussions of risk and innovation
• Innovation creates change
• This always carries risk, with the potential for harm as well as benefit
• It is difficult to ‘predict’ the future
• Complexity, uncertainty and ambiguity (different interpretations, or even
controversy)
• Often technological innovations and related risks develop in complex
systems
 Interdependent cascading failures may happen in a network of
interconnected system components, where a small localised initial failure
(which could result from an emerging risk) may trigger large perturbations
elsewhere
11
EPFL Center + Foundation
Step 2: Develop scenarios based on
narratives & models
12
Develop scenarios
of how an emerging risk or
opportunity could impact an
organisation and its objectives. This:
• Offers the possibility for
collaborative framing of existing
and future threats/opportunities
• Provides evidence and support
for future decisions concerning
the identified
threats/opportunities
• Updates the scenarios as new
information and knowledge
become available
Develop or use various types of
scenarios to explore and evaluate
the emerging risk that could affect
the organisation in the future
Begin to identify possible
bifurcations and intervention
points, to prepare the development
of management options
Update the scenarios as necessary,
taking into account the emergence
of new signals and the outcome of
strategic interactions with
stakeholders
Required
actions
Set of explorative scenarios. The
scenarios describe how the threats
and opportunities identified in Step 1
may have an impact on the
organisation. Particular attention
must be given to:
• The contributing factors
(amplifying or attenuating)
• Events or tipping points that may
accelerate, reduce or generally
affect the factors
• The consequences of each
scenario for the organisation
Familiarity with concepts
Expected
outcomes
Key
objective
EPFL Center + Foundation
Step 2: Develop scenarios based on
models & narratives
13
Experts in futures studies scientific & scenario-
building techniques
Facilitate interactions between contributors and ensure
the validity of the scenario development exercise
Emerging risk conductor
Ensures the coherence of the exercise with the threats
and opportunities de ned in Step 1 and the
organisation’s expectations
Decision-makers
Confirm their commitment, in particular by allocating
resources, providing reward and assigning
responsibilities
Key participants
& responsibilities
• Relevance to concerns and needs of decision-makers
• Credibility, to assess the scientific soundness of the
models and data used as well as the transparency of
the choices
• Comprehensibility and traceability, to describe the
clarity of the sequence of events and the ability of final
users to easily understand and follow the underlying
rationality
• Legitimacy, through openness of the process to various
stakeholders, promoting different values and political
orientations
• Creativity, to stimulate new ways of thinking and
dealing with the “unusual”
• Distinctness, to assess the ability of the scenarios to
jointly convey to decision-makers the diversity of
possible futures
Key success factors
EPFL Center + Foundation
Step 3: Generate risk management
options & formulate strategy
14
Design strategies for the
management of emerging risks
that are proactive, effective, cost-
efficient and adaptive in order to
deal adequately with the risks and
opportunities explored in Step 2
Identify and evaluate possible
emerging risk management options.
No option should be excluded
Define intervention points and
indicators. Consider the
organisation’s decision-making style,
resources and risk appetite
Identify thresholds of
irreversibility and thresholds of
acceptability
Communicate this process and the
decision that has been made in a
transparent manner
Include uncertainty: Being aware of
what is unknown
Required
actions
Management strategies for each
scenario: Provide a strategy for
each of the scenarios developed in
Step 2. The description of the
strategy, its expected performance
and the key trade-offs adopted by
decision-makers must be made
explicit
A final decision as to which
emerging risk management option(s)
will be implemented
Expected
outcomes
Key
objective
EPFL Center + Foundation
Step 3: Generate risk management
options & formulate strategy
15
Decision-makers at the strategic level
Select options and demonstrate leadership, especially
when it comes to challenging comfortable or routine
practices not suited to changing environments
Emerging risk conductor
Facilitates the decision-making process and ensures
that decisions are made
Key participants
& responsibilities • Flexibility for adaptation and adjustment to new
evidence when it becomes available
• Consistency with organisational values and culture
as well as with procedures
• Internal openness and transparency of the
process
• Clear prioritisation of actions, taking expected
impacts and available resources into account
• Revision of the strategy if context and conditions
change
Key success factors
EPFL Center + Foundation
Step 3: What to do and how
16
Generating the strategy options for implementation
• What strategy and options could respond to the emerging risk?
• When could these options be implemented? What would be the
intervention timing?
Evaluating the strategic options
• What criteria will be used to assess and evaluate the options to
provide the best response to the variety of possible futures?
• How will the performance of the management options be
evaluated?
Making robust decisions
• What decision-making approach will be chosen? How?
• What option or combination of options will be decided?
• What is the timing for implementation?
EPFL Center + Foundation
Step 3: Generate strategy and options
for implementation
17
Some of the factors that contribute to risk
emergence are controllable. In those
cases, an organisation can act to prevent a
risk from emerging (or amplifying) or can
reduce its consequences if it materialises.
1 Act on contributing
factors to risk emergence
Trying to avoid the risk can represent a
valuable management option in cases where
the risk evaluation results in reasoned
assumptions of unacceptable consequences.
Precautionary approaches should be chosen
on a case-by-case basis, in relation to a
desired level of protection against identified
potential risks.
2 Develop precautionary approaches
A reduction in exposure or vulnerability can
be a strategic option if an intervention is
considered too costly, inappropriate, or
impossible
For emerging but well identified risks:
reduce sensitivity to the risk by developing
redundancies, improving personnel training
or readjusting protection capabilities.
In the case of unexpected events: build
resilience
3 Reduce vulnerability
1
Act on contributing
factors to risk
emergence
2
Develop
precautionary
approaches
3
Reduce vulnerability
4
Modify risk appetite
in line with risk
5
Use risk governance
instruments for
familiar risks
6
Do nothing
Dealing with emerging risks requires that
organisations constantly align their risk
appetite to changes in their environment, the
availability of new knowledge, and their
resources and capabilities to tolerate or cope
with potential risk losses.
4 Modify risk appetite in line with risk
EPFL Center + Foundation
Step 4: Implement the strategy
18
Implement strategy options
decided in Step 3
Creating supportive conditions for
the organisational, technical and
cultural shifts that may be required
for the effective deployment of risk
management options
Put in place the internal and
external communication
capacities required for a common
understanding of the objectives and
the rationale behind them
Allocate resources to match
operational capabilities with strategic
orientations
Clearly define roles,
responsibilities and incentives
according to the strategic options
adopted
Support strategy implementation by
ensuring adequate authority and
leadership in all phases and
enabling the creation of appropriate
risk cultures
Required
actions
• Translation of the strategic
objectives into individual and
collective objectives at the
various levels of the organisation
• Implementation of the decisions
made in Step 3
Expected
outcomes
Key
objective
EPFL Center + Foundation
Step 4: Implement the strategy
19
Strategic decision-makers (e.g. chief risk officer)
Endorse the responsibility of implementing the
strategy; appoint a dedicated team
Risk owner (if any)
Effectively manages the risk and opportunity for which
he/she is responsible, and is rewarded accordingly
Other relevant stakeholders
Translate the strategic decisions into concrete actions
Emerging risk conductor
Provides complementary knowledge or expertise
regarding the risks and opportunities considered
Key participants
& responsibilities • Transparency through effective and continuous
communication about the strategic objectives and
decisions at all levels of the organisation
• Including relevant stakeholders for the evaluation
of the strategy relevance and effectiveness, and
timely reaction to resolve conflicts and trade-offs
• Continuous monitoring through the early detection
of difficulties and conflicts (with bottom- up
reporting)
• Continuous interactions with the emerging risk
conductor to re-evaluate the relevance of the
strategy in light of new signals and knowledge, if
necessary
Key success factors
EPFL Center + Foundation
Step 5: Review risk development and
decisions
20
Monitor how emerging risks and
opportunities unfold
Review the relevance and
performance of the decisions made
and, if needed,
Update the strategy
Deploy monitoring capabilities for
the decision options described in
Step 3
Create the interaction space
required for the conductor and other
users of the guidelines to exchange
and communicate
Establish bridges with risk
management standards or
professional organisations, which
may help confer legitimacy to the
process
Required
actions
• Risks and opportunities can be
decommissioned, or become
accepted or sufficiently well
known for familiar risk
management measures to be
employed
• Risks and opportunities outside
of these options must remain the
subject of careful and
continuous monitoring,
analysis and revision
Expected
outcomesKey
objective
EPFL Center + Foundation
Step 5: Review risk development and
decisions
21
Senior managers
Review decisions about the organisation’s emerging
risk management, i.e. the design and implementation
of internal structures and processes
Business managers
Deploy the adopted risk management strategies
Emerging risk conductor
Creates interaction space for reflection and confidence
Key participants
& responsibilities
• Involvement of all internal stakeholders
• Open and transparent discussions
• Regular updates of strategic decisions based on
new information
Key success factors
EPFL Center + Foundation
The emerging risk conductor
• Emerging risk governance requires leadership, it requires a ‘risk
conductor’ to ensure the effective implementation of the guidelines
• Specifically, the risk conductor must have the mission and resources to
lead the process and to:
o Facilitate interactions among participants
o Validate technical frameworks and approaches adopted in the process
o Monitor performances and, if required, identify and correct weaknesses
o Promote necessary changes in attitude and behaviour
o Communicate to increase awareness and explain decisions
o Report on the potential impact of emerging risks
o Review
22
EPFL Center + Foundation
Conditions for success
23
Provide a supportive
environment
Tolerance for failure
Acknowledge
cognitive biases
Dialogue about the
challenges of investing
in emerging risk
governance
Communicate
Proactive attitude to
change
Creating meaningful
interactions between
stakeholders
Demonstrate that it is
effective and worth the
investment
The emerging risk
conductor must not be
a ‘prophet of doom’
EPFL Center + Foundation
Conclusion
• Frameworks for the governance of familiar risks are often not appropriate for
emerging risks: Need for internal processes to anticipate and respond to risk
• Create conditions for opportunity management as well as for risk management
• Innovation management and emerging risk management are interlinked
• At a broad strategic level, implementing these guidelines should result in four
distinct key capabilities:
o Proactive thinking
o Willingness to bear or to avoid risk
o Prioritising investments
o Internal communication
24
EPFL Center + Foundation
How IRGC developed its guidelines for
emerging risk governance
• Look at how practitioners do it: ENISA – EU Agency for Network and Information
Security, EFSA – European Food Safety Authority, Swiss Re SONAR, CEN workshop
agreement on managing emerging technology-related risks (Din_CWA 16649)
• Look at theoretical foundations in cultural theory of risk, dynamic capabilities in
strategic and innovation management, use of signals and early-warnings in technology
management, foresight and scenario development, robust decision-making, and strategy
implementation
• Previous IRGC work
o Factors contributing to risk emergence (2010)
o Improving risk management in industry (2011)
o Public sector governance of emerging risks (2013)
o On-going discussions with practitioners
and academics at workshops
25
EPFL Center + Foundation
www.irgc.org
http://irgc.epfl.ch
No part of this document may be quoted or
reproduced without prior written approval from IRGC
© EPFL International Risk Governance
Center and Foundation, 2015 - 2017

More Related Content

What's hot

GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...
Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...
Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...Eric Campbell
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesGlobalStrategyTribe
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy   Feb 14 2011Integrating Risk Appetite With Strategy   Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixRisk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixEtQ, Inc.
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Enterprise Risk Management in Healthcare Organisations “Going Beyond Patient ...
Enterprise Risk Management in Healthcare Organisations “Going Beyond Patient ...Enterprise Risk Management in Healthcare Organisations “Going Beyond Patient ...
Enterprise Risk Management in Healthcare Organisations “Going Beyond Patient ...Hossam Elamir
 
Fundamentals Of Risk Management
Fundamentals Of Risk ManagementFundamentals Of Risk Management
Fundamentals Of Risk ManagementDr David Hancock
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management processMuizz Anibire
 
Risk management and IT technologies
Risk management and IT technologiesRisk management and IT technologies
Risk management and IT technologiesHadi Fadlallah
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 

What's hot (20)

GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk Management
 
Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...
Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...
Risk Appetite & Risk Tolerance: Improving their application from Abstract to ...
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy   Feb 14 2011Integrating Risk Appetite With Strategy   Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
The History of Risk Management
The History of Risk ManagementThe History of Risk Management
The History of Risk Management
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)
 
Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixRisk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk Matrix
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Enterprise Risk Management in Healthcare Organisations “Going Beyond Patient ...
Enterprise Risk Management in Healthcare Organisations “Going Beyond Patient ...Enterprise Risk Management in Healthcare Organisations “Going Beyond Patient ...
Enterprise Risk Management in Healthcare Organisations “Going Beyond Patient ...
 
Fundamentals Of Risk Management
Fundamentals Of Risk ManagementFundamentals Of Risk Management
Fundamentals Of Risk Management
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management process
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management Framework
 
Risk management and IT technologies
Risk management and IT technologiesRisk management and IT technologies
Risk management and IT technologies
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 

Similar to IRGC Guidelines for Emerging Risk Governance

Presentation manage risk
Presentation manage riskPresentation manage risk
Presentation manage riskMichael Curtis
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
 
Software IT risk-management
Software IT risk-managementSoftware IT risk-management
Software IT risk-managementgufranresearcher
 
IRGC Guidelines for Emerging Risk Governance, Marie-Valentine FLORIN
IRGC Guidelines for Emerging Risk Governance, Marie-Valentine FLORINIRGC Guidelines for Emerging Risk Governance, Marie-Valentine FLORIN
IRGC Guidelines for Emerging Risk Governance, Marie-Valentine FLORINGlobal Risk Forum GRFDavos
 
Risk Management Process.ppt
Risk Management Process.pptRisk Management Process.ppt
Risk Management Process.pptUday Nayakwadi
 
Assessment Of Risk Mitigation
Assessment Of Risk MitigationAssessment Of Risk Mitigation
Assessment Of Risk MitigationEneni Oduwole
 
NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5Future Managers
 
Development of a Compendium of Effective Structural Interventions for HIV Pre...
Development of a Compendium of Effective Structural Interventions for HIV Pre...Development of a Compendium of Effective Structural Interventions for HIV Pre...
Development of a Compendium of Effective Structural Interventions for HIV Pre...CDC NPIN
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementStephen Ong
 
About the IRGC Foundation
About the IRGC FoundationAbout the IRGC Foundation
About the IRGC Foundationirgc_risk
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
Risk management
Risk managementRisk management
Risk managementLepipi
 
Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...stuimrozsm
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is allPECB
 

Similar to IRGC Guidelines for Emerging Risk Governance (20)

Presentation manage risk
Presentation manage riskPresentation manage risk
Presentation manage risk
 
RMP.ppt
RMP.pptRMP.ppt
RMP.ppt
 
RMP.ppt
RMP.pptRMP.ppt
RMP.ppt
 
RMP.ppt
RMP.pptRMP.ppt
RMP.ppt
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential Steps
 
Software IT risk-management
Software IT risk-managementSoftware IT risk-management
Software IT risk-management
 
Rmp
RmpRmp
Rmp
 
IRGC Guidelines for Emerging Risk Governance, Marie-Valentine FLORIN
IRGC Guidelines for Emerging Risk Governance, Marie-Valentine FLORINIRGC Guidelines for Emerging Risk Governance, Marie-Valentine FLORIN
IRGC Guidelines for Emerging Risk Governance, Marie-Valentine FLORIN
 
risk management.pdf
risk management.pdfrisk management.pdf
risk management.pdf
 
Risk Management Process.ppt
Risk Management Process.pptRisk Management Process.ppt
Risk Management Process.ppt
 
Assessment Of Risk Mitigation
Assessment Of Risk MitigationAssessment Of Risk Mitigation
Assessment Of Risk Mitigation
 
NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5
 
Development of a Compendium of Effective Structural Interventions for HIV Pre...
Development of a Compendium of Effective Structural Interventions for HIV Pre...Development of a Compendium of Effective Structural Interventions for HIV Pre...
Development of a Compendium of Effective Structural Interventions for HIV Pre...
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk management
 
Foresight 4 Cybersecurity
Foresight 4 CybersecurityForesight 4 Cybersecurity
Foresight 4 Cybersecurity
 
About the IRGC Foundation
About the IRGC FoundationAbout the IRGC Foundation
About the IRGC Foundation
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
Risk management
Risk managementRisk management
Risk management
 
Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...Application of Q methodology in critical success factors of information secur...
Application of Q methodology in critical success factors of information secur...
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is all
 

Recently uploaded

call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town  DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Model Town  DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...Christina Parmionova
 
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
Yellow is My Favorite Color By Annabelle.pdf
Yellow is My Favorite Color By Annabelle.pdfYellow is My Favorite Color By Annabelle.pdf
Yellow is My Favorite Color By Annabelle.pdfAmir Saranga
 
2023 Ecological Profile of Ilocos Norte.pdf
2023 Ecological Profile of Ilocos Norte.pdf2023 Ecological Profile of Ilocos Norte.pdf
2023 Ecological Profile of Ilocos Norte.pdfilocosnortegovph
 
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...saminamagar
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26JSchaus & Associates
 
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMadurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
Stop throwing your old clothes and start donating
Stop throwing your old clothes and start donatingStop throwing your old clothes and start donating
Stop throwing your old clothes and start donatingSERUDS INDIA
 
Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Christina Parmionova
 
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...narwatsonia7
 
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Christina Parmionova
 
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...narwatsonia7
 
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1  gurgaon  🔝 >༒9540349809 🔝 genuine Escort Service 🔝...call girls in DLF Phase 1  gurgaon  🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...saminamagar
 
If there is a Hell on Earth, it is the Lives of Children in Gaza.pdf
If there is a Hell on Earth, it is the Lives of Children in Gaza.pdfIf there is a Hell on Earth, it is the Lives of Children in Gaza.pdf
If there is a Hell on Earth, it is the Lives of Children in Gaza.pdfKatrina Sriranpong
 
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...ResolutionFoundation
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证mbetknu
 
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdfMonastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdfCharlynTorres1
 

Recently uploaded (20)

call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town  DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Model Town  DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
 
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
Yellow is My Favorite Color By Annabelle.pdf
Yellow is My Favorite Color By Annabelle.pdfYellow is My Favorite Color By Annabelle.pdf
Yellow is My Favorite Color By Annabelle.pdf
 
2023 Ecological Profile of Ilocos Norte.pdf
2023 Ecological Profile of Ilocos Norte.pdf2023 Ecological Profile of Ilocos Norte.pdf
2023 Ecological Profile of Ilocos Norte.pdf
 
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26
 
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMadurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Madurai Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
Stop throwing your old clothes and start donating
Stop throwing your old clothes and start donatingStop throwing your old clothes and start donating
Stop throwing your old clothes and start donating
 
Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...
 
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
 
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
 
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
 
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
 
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1  gurgaon  🔝 >༒9540349809 🔝 genuine Escort Service 🔝...call girls in DLF Phase 1  gurgaon  🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in DLF Phase 1 gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
 
If there is a Hell on Earth, it is the Lives of Children in Gaza.pdf
If there is a Hell on Earth, it is the Lives of Children in Gaza.pdfIf there is a Hell on Earth, it is the Lives of Children in Gaza.pdf
If there is a Hell on Earth, it is the Lives of Children in Gaza.pdf
 
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证
 
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdfMonastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
Monastic-Supremacy-in-the-Philippines-_20240328_092725_0000.pdf
 

IRGC Guidelines for Emerging Risk Governance

  • 1. EPFL Center + Foundation GOVERNANCE OF EMERGING RISKS Guidelines for the governance of unfamiliar risks March 2017 No part of this document may be quoted or reproduced without prior written approval from IRGC This presentation deck accompanies the main IRGC report and an appendix, available online: https://www.irgc.org/risk-governance/emerging-risk/a-protocol-for-dealing-with-emerging-risks/
  • 2. EPFL Center + Foundation Introduction • A risk is an uncertain (mostly negative) consequence of an event or an activity with regards to something that humans value. Emerging risks are ‘new or familiar risks that become apparent in new or unfamiliar conditions’ • Emerging risks should be distinguished from familiar risks: o Familiar risks are well understood by risk managers who know how to manage them o Emerging risks on the other hand are primarily characterised by uncertainty • Knowledge becomes the key concept for emerging risks • The concept of emerging risk is relative, not absolute • In emerging risk management, what matters most to an organisation is its potential exposure 2
  • 3. EPFL Center + Foundation Characteristics of emerging risks • IRGC suggests three categories of emerging risks: Risks with uncertain impacts Risks in complex, interconnected systems Risks resulting from changes in context High uncertainty and a lack of knowledge about potential impacts and consequences (interactions with risk-absorbing systems). e.g., applications of synthetic biology Increasing complexity, emerging interactions and systemic dependencies have the potential to lead to non-linear impacts and surprises. e.g., systemic risks in energy or ICT systems Changes in context (social, regulatory, natural etc.) may alter the nature, probability and magnitude of expected impacts of previously known risks. e.g., antimicrobial resistance 3
  • 4. EPFL Center + Foundation Defining an appropriate process for emerging risk governance • The guidelines proposed by IRGC provide an overarching framework to support senior managers address emerging risks. • They help to organise how information and evidence are collected, analysed and combined to design strategies for emerging risk governance. • In particular, the IRGC guidelines: o Provide guidance to organisations in anticipating and responding to emerging risks o Provide transparent and enforceable criteria for the evaluation of the effectiveness of the emerging risk governance process o Embed the emerging risk management process as a routine within the organisation, drawing from existing processes 4
  • 5. EPFL Center + Foundation Emerging Risk Governance Guidelines 5
  • 6. EPFL Center + Foundation Step 1: Make sense of the present & explore the future 7 Provide early warning Identify: • Potential threats or opportunities to relevant assets and processes • Contributing factors that create fertile ground for risks and opportunities to develop (emerge, amplify or attenuate) Make sense of signals that might shape the future Detect and explore current and possible future evolutions that may change the organisation’s environment Analyse these changes according to their potential to represent a threat and/or an opportunity Filter and prioritise the detected threats and opportunities that require further attention in Step 2 Regularly update the selection of risks and opportunities as new information becomes available Required actions List of threats and opportunities that require further analysis and exploration Description of the context in which these develop Identification of the necessary or sufficient conditions for the risk or opportunity to materialise List of threats and opportunities that are irrelevant to the organisation's objectives given available information Expected outcomes Key objective
  • 7. EPFL Center + Foundation Step 1: Make sense of the present & explore the future 8 Emerging risk conductor Defines approaches and facilitates continuous interactions among experts and between experts and decision-makers Experts and analysts Detect signals, perform analyses and suggest necessary characterisation Senior decision-makers Validate Step 1 outputs and decide which issues will be further investigated and what resources will be allocated to the process Key participants & responsibilities • Diversity of information • Scientific soundness of data collection, analysis and prioritisation • Data reliability and consistency • Compatibility with existing and past or familiar threats Key success factors
  • 8. EPFL Center + Foundation Contributing factors to risk emergence 9 The human factor: Behavioural and cultural advancement The overall context: System complexity The decision- maker 4. Varying susceptibility to risk 3. Positive feedback 2. Loss of safety margins 1. Scientific unknowns 7. Technological advances 6. Social dynamics 5. Conflicts of interests, values and science 12. Malicious attacks 11. Perverse incentives 10. Information asymmetries 9. Communication 8. Temporal complications Source: IRGC (2010). The Emergence of Risks: Contributing Factors. Geneva: International Risk Governance Council. Report available online: https://www.irgc.org/risk- governance/emerging-risk/irgc- concept-of-contributing-factors-to- risk-emergence/
  • 9. EPFL Center + Foundation Anticipating vs. exploring uncertain futures 10 Level 1 Level 2 Level 3 Level 4 Deep Uncertainty Context A clear enough future Alternate futures (with probabilities A multiplicity of plausible future Unknown futures Familiar risks Emerging risks Source: Walker, W. E., Marchau, V. A. W. J. & Swanson, D. (2010). Addressing Deep Uncertainty Using Adaptive Policies: Introduction to Section 2. Technological Forecasting & Social Change, 77(6), 917–923.
  • 10. EPFL Center + Foundation Framing discussions of risk and innovation • Innovation creates change • This always carries risk, with the potential for harm as well as benefit • It is difficult to ‘predict’ the future • Complexity, uncertainty and ambiguity (different interpretations, or even controversy) • Often technological innovations and related risks develop in complex systems  Interdependent cascading failures may happen in a network of interconnected system components, where a small localised initial failure (which could result from an emerging risk) may trigger large perturbations elsewhere 11
  • 11. EPFL Center + Foundation Step 2: Develop scenarios based on narratives & models 12 Develop scenarios of how an emerging risk or opportunity could impact an organisation and its objectives. This: • Offers the possibility for collaborative framing of existing and future threats/opportunities • Provides evidence and support for future decisions concerning the identified threats/opportunities • Updates the scenarios as new information and knowledge become available Develop or use various types of scenarios to explore and evaluate the emerging risk that could affect the organisation in the future Begin to identify possible bifurcations and intervention points, to prepare the development of management options Update the scenarios as necessary, taking into account the emergence of new signals and the outcome of strategic interactions with stakeholders Required actions Set of explorative scenarios. The scenarios describe how the threats and opportunities identified in Step 1 may have an impact on the organisation. Particular attention must be given to: • The contributing factors (amplifying or attenuating) • Events or tipping points that may accelerate, reduce or generally affect the factors • The consequences of each scenario for the organisation Familiarity with concepts Expected outcomes Key objective
  • 12. EPFL Center + Foundation Step 2: Develop scenarios based on models & narratives 13 Experts in futures studies scientific & scenario- building techniques Facilitate interactions between contributors and ensure the validity of the scenario development exercise Emerging risk conductor Ensures the coherence of the exercise with the threats and opportunities de ned in Step 1 and the organisation’s expectations Decision-makers Confirm their commitment, in particular by allocating resources, providing reward and assigning responsibilities Key participants & responsibilities • Relevance to concerns and needs of decision-makers • Credibility, to assess the scientific soundness of the models and data used as well as the transparency of the choices • Comprehensibility and traceability, to describe the clarity of the sequence of events and the ability of final users to easily understand and follow the underlying rationality • Legitimacy, through openness of the process to various stakeholders, promoting different values and political orientations • Creativity, to stimulate new ways of thinking and dealing with the “unusual” • Distinctness, to assess the ability of the scenarios to jointly convey to decision-makers the diversity of possible futures Key success factors
  • 13. EPFL Center + Foundation Step 3: Generate risk management options & formulate strategy 14 Design strategies for the management of emerging risks that are proactive, effective, cost- efficient and adaptive in order to deal adequately with the risks and opportunities explored in Step 2 Identify and evaluate possible emerging risk management options. No option should be excluded Define intervention points and indicators. Consider the organisation’s decision-making style, resources and risk appetite Identify thresholds of irreversibility and thresholds of acceptability Communicate this process and the decision that has been made in a transparent manner Include uncertainty: Being aware of what is unknown Required actions Management strategies for each scenario: Provide a strategy for each of the scenarios developed in Step 2. The description of the strategy, its expected performance and the key trade-offs adopted by decision-makers must be made explicit A final decision as to which emerging risk management option(s) will be implemented Expected outcomes Key objective
  • 14. EPFL Center + Foundation Step 3: Generate risk management options & formulate strategy 15 Decision-makers at the strategic level Select options and demonstrate leadership, especially when it comes to challenging comfortable or routine practices not suited to changing environments Emerging risk conductor Facilitates the decision-making process and ensures that decisions are made Key participants & responsibilities • Flexibility for adaptation and adjustment to new evidence when it becomes available • Consistency with organisational values and culture as well as with procedures • Internal openness and transparency of the process • Clear prioritisation of actions, taking expected impacts and available resources into account • Revision of the strategy if context and conditions change Key success factors
  • 15. EPFL Center + Foundation Step 3: What to do and how 16 Generating the strategy options for implementation • What strategy and options could respond to the emerging risk? • When could these options be implemented? What would be the intervention timing? Evaluating the strategic options • What criteria will be used to assess and evaluate the options to provide the best response to the variety of possible futures? • How will the performance of the management options be evaluated? Making robust decisions • What decision-making approach will be chosen? How? • What option or combination of options will be decided? • What is the timing for implementation?
  • 16. EPFL Center + Foundation Step 3: Generate strategy and options for implementation 17 Some of the factors that contribute to risk emergence are controllable. In those cases, an organisation can act to prevent a risk from emerging (or amplifying) or can reduce its consequences if it materialises. 1 Act on contributing factors to risk emergence Trying to avoid the risk can represent a valuable management option in cases where the risk evaluation results in reasoned assumptions of unacceptable consequences. Precautionary approaches should be chosen on a case-by-case basis, in relation to a desired level of protection against identified potential risks. 2 Develop precautionary approaches A reduction in exposure or vulnerability can be a strategic option if an intervention is considered too costly, inappropriate, or impossible For emerging but well identified risks: reduce sensitivity to the risk by developing redundancies, improving personnel training or readjusting protection capabilities. In the case of unexpected events: build resilience 3 Reduce vulnerability 1 Act on contributing factors to risk emergence 2 Develop precautionary approaches 3 Reduce vulnerability 4 Modify risk appetite in line with risk 5 Use risk governance instruments for familiar risks 6 Do nothing Dealing with emerging risks requires that organisations constantly align their risk appetite to changes in their environment, the availability of new knowledge, and their resources and capabilities to tolerate or cope with potential risk losses. 4 Modify risk appetite in line with risk
  • 17. EPFL Center + Foundation Step 4: Implement the strategy 18 Implement strategy options decided in Step 3 Creating supportive conditions for the organisational, technical and cultural shifts that may be required for the effective deployment of risk management options Put in place the internal and external communication capacities required for a common understanding of the objectives and the rationale behind them Allocate resources to match operational capabilities with strategic orientations Clearly define roles, responsibilities and incentives according to the strategic options adopted Support strategy implementation by ensuring adequate authority and leadership in all phases and enabling the creation of appropriate risk cultures Required actions • Translation of the strategic objectives into individual and collective objectives at the various levels of the organisation • Implementation of the decisions made in Step 3 Expected outcomes Key objective
  • 18. EPFL Center + Foundation Step 4: Implement the strategy 19 Strategic decision-makers (e.g. chief risk officer) Endorse the responsibility of implementing the strategy; appoint a dedicated team Risk owner (if any) Effectively manages the risk and opportunity for which he/she is responsible, and is rewarded accordingly Other relevant stakeholders Translate the strategic decisions into concrete actions Emerging risk conductor Provides complementary knowledge or expertise regarding the risks and opportunities considered Key participants & responsibilities • Transparency through effective and continuous communication about the strategic objectives and decisions at all levels of the organisation • Including relevant stakeholders for the evaluation of the strategy relevance and effectiveness, and timely reaction to resolve conflicts and trade-offs • Continuous monitoring through the early detection of difficulties and conflicts (with bottom- up reporting) • Continuous interactions with the emerging risk conductor to re-evaluate the relevance of the strategy in light of new signals and knowledge, if necessary Key success factors
  • 19. EPFL Center + Foundation Step 5: Review risk development and decisions 20 Monitor how emerging risks and opportunities unfold Review the relevance and performance of the decisions made and, if needed, Update the strategy Deploy monitoring capabilities for the decision options described in Step 3 Create the interaction space required for the conductor and other users of the guidelines to exchange and communicate Establish bridges with risk management standards or professional organisations, which may help confer legitimacy to the process Required actions • Risks and opportunities can be decommissioned, or become accepted or sufficiently well known for familiar risk management measures to be employed • Risks and opportunities outside of these options must remain the subject of careful and continuous monitoring, analysis and revision Expected outcomesKey objective
  • 20. EPFL Center + Foundation Step 5: Review risk development and decisions 21 Senior managers Review decisions about the organisation’s emerging risk management, i.e. the design and implementation of internal structures and processes Business managers Deploy the adopted risk management strategies Emerging risk conductor Creates interaction space for reflection and confidence Key participants & responsibilities • Involvement of all internal stakeholders • Open and transparent discussions • Regular updates of strategic decisions based on new information Key success factors
  • 21. EPFL Center + Foundation The emerging risk conductor • Emerging risk governance requires leadership, it requires a ‘risk conductor’ to ensure the effective implementation of the guidelines • Specifically, the risk conductor must have the mission and resources to lead the process and to: o Facilitate interactions among participants o Validate technical frameworks and approaches adopted in the process o Monitor performances and, if required, identify and correct weaknesses o Promote necessary changes in attitude and behaviour o Communicate to increase awareness and explain decisions o Report on the potential impact of emerging risks o Review 22
  • 22. EPFL Center + Foundation Conditions for success 23 Provide a supportive environment Tolerance for failure Acknowledge cognitive biases Dialogue about the challenges of investing in emerging risk governance Communicate Proactive attitude to change Creating meaningful interactions between stakeholders Demonstrate that it is effective and worth the investment The emerging risk conductor must not be a ‘prophet of doom’
  • 23. EPFL Center + Foundation Conclusion • Frameworks for the governance of familiar risks are often not appropriate for emerging risks: Need for internal processes to anticipate and respond to risk • Create conditions for opportunity management as well as for risk management • Innovation management and emerging risk management are interlinked • At a broad strategic level, implementing these guidelines should result in four distinct key capabilities: o Proactive thinking o Willingness to bear or to avoid risk o Prioritising investments o Internal communication 24
  • 24. EPFL Center + Foundation How IRGC developed its guidelines for emerging risk governance • Look at how practitioners do it: ENISA – EU Agency for Network and Information Security, EFSA – European Food Safety Authority, Swiss Re SONAR, CEN workshop agreement on managing emerging technology-related risks (Din_CWA 16649) • Look at theoretical foundations in cultural theory of risk, dynamic capabilities in strategic and innovation management, use of signals and early-warnings in technology management, foresight and scenario development, robust decision-making, and strategy implementation • Previous IRGC work o Factors contributing to risk emergence (2010) o Improving risk management in industry (2011) o Public sector governance of emerging risks (2013) o On-going discussions with practitioners and academics at workshops 25
  • 25. EPFL Center + Foundation www.irgc.org http://irgc.epfl.ch No part of this document may be quoted or reproduced without prior written approval from IRGC © EPFL International Risk Governance Center and Foundation, 2015 - 2017