What are the main threats facing a modern organisation?

Risk can be strategic, operational or tactical and organisations need to identify the risks they face and to decide which to manage actively.

So, what is the overarching consensus on what those risks are?

World Economic Forum – global risks

Each year, the World Economic Forum (WEF) presents the results of their Global Risks Perception Survey. It collates the views of nearly 1,000 decision-makers from the public sector, private sector, academia and civil society.

The report categorises risk as follows:

  • Economic vulnerabilities
  • Geopolitical tensions
  • Societal and political strains
  • Environmental fragilities
  • Technological instabilities

Within the report, they present a chart that shows the top risks from each category plotted against impact and likelihood. Watch the video below to see how those risks have changed over time.

A full description of the video is available as alternate text in the downloads section.

Since 2009, many of these interconnected economic risks have become less prominent and those associated with technology (eg, cyber-attacks), and with the environment (eg, climate change), have become more so, both in terms of likelihood and impact. Weapons of mass destruction have been in the top five risks in terms of impact since 2013 though with a lower likelihood to the others.

Risks do vary by region, so while consideration of the risks as presented at a global level, any organisation with operations, supply chains or customers in other counties may wish to consider the risks at a more granular level.

The top five risks for selected regions according to the WEF report of 2018 were:

Latin America Sub-Saharan Africa South Asia
Failure of national governance Unemployment and underemployment Failure of national governance
Profound social instability Failure of national governance Unmanageable inflation
Unemployment and underemployment Energy price shock Unemployment and underemployment
Fiscal crises Failure of critical infrastructure Failure of regional and global governance
State collapse or crisis Fiscal crises Cyber-attacks

Some of these risks may be things that an organisation cannot control, but they can assess if/how they will have an impact on their operations and how they might respond in the event that the risk does arise (eg the impact of infectious disease). But it is not enough to look at each risk in isolation - they are interconnected.

‘The World Economic Forum’s Global Risks Report 2019 is a reminder to anyone charged with managing risk to always maintain a holistic view of their organisation… If business leaders don’t look at risk holistically, they won’t be prepared to respond to the connected risks of extreme weather, climate change, infrastructure failure, cyber-attacks and many others that can directly threaten their very survival.’

(Franklin 2019)

UK National Risk Register

The National Risk Register (NRR) for Civil Emergencies 2017 explains the risks of major emergencies that could affect the UK in the next five years and provides resilience advice and guidance.

While the focus of the NRR might be on the role of national and local government and on other Category 1 & 2 responders, the NRR can be used by other organisations or members of the public to plan for and respond to disruptive events. These include risks in the broad areas of foreign countries, natural hazards, diseases, major accidents, social risks and malicious attacks. The NRR document provided a coherent evaluation of risks, historic context and guidance on what actions can be taken.

The NRR represents the most comprehensive and systematic attempts at substantiating risk knowledge by government ministries (Hiscock and Jones 2017) and similar national-level risk registers have been developed elsewhere in the world. Additionally, in the UK, national-level tools such as the UK Climate Change Risk Assessment may also provide support.

In the UK, local-level risks can be accessed via Community Risk Registers eg West Midlands Community Risk Register

Problems

These risk reports and registers at the global, national and local level represent one of a number of tools available to organisations in assessing and managing risk. But there is some evidence that shows that organisations do not always incorporate or know how best to incorporate them into their own frameworks:

‘People and organisations will tend to ignore problems that are too complex to fit easily into current frameworks of accountability and behaviour.’

(Craig 2018)

In a study of East Anglia, Hiscock and Jones found that while the NRR was useful, it was:

‘Unable to support them in delivering actionable measures to develop risk resilience due to the absence of practical applications, case study approaches, and tools to progress organisational frameworks.’

(Hiscock and Jones 2017)

The risk reports provide an overview of the main threats posed to economic activity at a global, national or local level. Some of these risks will be relevant to an organisation, but the organisation will need to ascertain the extent to which these are applicable to their operations and what the significance is to their operations, activities, products, services and processes. This is clearly not a simple task.

So, is there a need for a greater synthesis of information, better collaboration and engagement in order to operationalise risk registers in business?

Your task

The NRR also produces a matrix of risks in much the same manner as the WEF risk report. See pages 9-10 at the following link:

Cabinet Office (2017) National Risk Register Of Civil Emergencieswork [online] available from https://www.gov.uk/government/publications/national-risk-register-of-civil-emergencies-2017-edition

How do the WEF Global risks compare to the UK National Risk Register? What similarities and differences can you see?

The board of a company has the overall accountability to ensure that risks are identified and managed to ensure the long-term sustainability of the business. Companies (ie those with share/stockholders) typically publish their approach to risk management and their priority risks in their Annual Report and Accounts.

Here is an example of such a report from Scottish Power a UK Utilities company. You can see the perceived risks listed on pages 10-13.

Using the company above or an annual report from another operating in either the water, energy, or food manufacturing sectors:

  • Identify the perceived risks
  • How do you think these risks compare to the risks identified in the material above?
  • What other issues do you think/know the company have taken into account in identifying the major threats posed to their operations?

References

Franklin (2019) Global Risks Report reminds us to take a holistic view of risk [online] available from https://www.zurichna.com/en/knowledge/articles/2019/01/global-risks-report-reminds-us-to-take-a-holistic-view-of-risk [07 May 2019]

Craig, C. (2018). How Does Government Listen to Scientists? Springer.

Hiscock, K., Jones, A. (2017) ‘Assessing the Extent to Which the UK’s National Risk Register Supports Local Risk Management’. Sustainability (Switzerland), 9 (11).

Share this article:

This article is from the free online course:

Business Continuity Management and Crisis Management: An Introduction

Coventry University