Overdriving your headlights on climate risk
Over the years, my husband has taught me many things about automobiles and driving. One key concept he covered was that of "overdriving your headlights." This is a situation in which your braking distance exceeds the reach of your headlights. The result is that by the time you see something in the road, it’s too late to avoid running into it.
It’s also a feature of traditional enterprise risk management.
We in the sustainability community often bemoan the tyranny of short-termism in our corporations, but we don’t often appreciate the extent to which it has been institutionalized in systems throughout the business. From extreme reliance on contract labor to short-changing security under the pressure of time-to-market, there are embedded systems ripe for disruption and ready (or at least needing) to be infused with a longer-term perspective. And one of these is the approach to enterprise risk assessment.
Back in 2014, and rather ahead of the curve (if I do say so myself), a strong collaboration sprung up between my team and that of my company’s chief risk officer. She is a visionary woman who recognized that we had aligned missions but dissimilar approaches using inconsistent terminologies, taxonomies and criteria for defining "risk."
We took a number of steps to align our work, starting with meeting regularly to learn about each other’s domain. We collaborated in our materiality assessment, helping to harmonize our nomenclature. We created a model that described the relationship between the frameworks we were using to evaluate risk — including endogenous versus exogenous risk, system boundaries and, especially, time horizons. We provide input to each other’s strategies. And we put people on each other’s extended teams.
The risk assessment team was guided by a large, well-known external consulting firm who brought in a classic evaluation framework that used a basic 2D matrix of impact versus probability of occurrence. Obviously, probability can be very dependent on the time window, as can consequences.
Unfortunately, as with most companies, our headlights were aimed squarely at the next three to five years. The rubric for rating likelihood significantly discounted anything more than two or three years out and reduced essentially to zero anything that wasn’t highly probable within five years.
So, what do we do? Well, for a start, we might consider using variable timeframes. That is, instead of asking "How likely is this to happen in the next two years?" we might ask "How likely is this to happen before we can be ready for it?" Yes, that involves understanding what "ready" means.
Good idea, right? A good starting point to encourage some scenario planning and envisioning of the future we want to have!
Last year, COSO issued a document providing guidance on the incorporation of ESG into enterprise risk management. It suggests considering a number of additional assessment criteria, including "velocity" — that is, how fast is it coming at you — which it says is "best understood by studying longer temporal horizons than is usually associated with enterprise risk management." No kidding! They also suggest adaptability, complexity and persistence (no, climate change is not a single event that will happen once and then go away).
While it’s taken too long, it’s exciting to see the evolution of risk frameworks that include long-term, unquantifiable — and, to many, unfamiliar — risks. Yes, they create a complicated, many-dimensional matrix, but some leading companies are making the effort.