I have always found these reports make interesting reading. What about you, have you read any of the earlier editions?
In particular there are two aspects of these WEF reports that get my attention;
- they provide a better perspective on where the horizon is located than many similar scanning exercises, and
- they regularly take a critical perspective on the risk management process and practice.
My last post explored things that have changed in the past 5-8 years as a way on seeking to understand the immediate future. The WEF risk report seeks to look out towards a 10 year horizon, and this being the 10th edition takes some retrospectives on what risks were flagged in the past 10 years.
A feature of this edition is the discussion around risks and trends – how they interact.
“A global risk is an uncertain event or condition that, if it occurs, can cause significant negative impact for several countries or industries within the next 10 years”(p8)
“A trend is defined as a long-term pattern that is currently taking place and that could amplify global risks and/or alter the relationship between them.”(p8)
Interesting to note that risk is all about the downside, probably the way most organisations actually look at the issue. Normally minimal concern with upside risk.
Important to note that these trends the WEF highlight are not risks – they are certainties, they are issues in risk management parlance. The trends can have both positive or negative impacts (such as emerging technology changes and the “Internet of Things”) but the interaction of this trend with increasing interconnectedness of computer systems creates new vulnerabilities and alters the evolution of the risk of massive cyber attack and subsequent infrastructure failures. This is the scary horizon and the result of emergence and complexity in action.
There is also an interesting lesson that we can abstract from the global/international level down to our internal silos and the role of our entity in an extended value chain.
“Global risks transcend border and spheres of influence and require stakeholders to work together, yet these risks also threaten to undermine the trust and collaboration needed to adapt to the challenges of the new global context.”(p8)
In 2015 (and the future) we need to view risk as interconnected things. They span multiple silos, organisation, countries – these significant areas of risk cannot be addressed in isolation. Not just each risk in isolation, but the risk needs to be seen and assessed in its context – which includes the trends and feedback loops that interact with and modify the risks.
The report highlights an “Horizon Scanning Risk” that we should be aware of – the respondents mistaking current and recent news headlines as an indication of the location of the horizon and the risks that are coming. The WEF detected this in some of their respondents, so in the 2015 report they have asked people to project a short-term horizon (18 months) plus their traditional 10 year perspective. Not surprising that the 18 month horizon reflected contemporary events like state collapse and terrorist incidents.
The longer-term scan raised a number of physical and environmental trends such as water crisis, climate change and food crisis. The risk of social instability is rated highly in both timeframes. In part because the short-term looked at interstate conflicts which are not always physical but include economic and cyber warfare, with the prospect of creating instability.
History also showed why we need to look beyond the obvious when we define horizon risks. In the WEF report for 2007 one of the primary risks was the possibility of an asset price bubble – which was realised and set off a major financial crisis that year. Subsequent years have seen the knock-on impacts to a range of economies and the risk of sovereign defaults. Even in our own smaller-scale worlds we need to learn to look beyond the obvious to identify risk interconnections.
Risks to critical infrastructure
Enough of all that vague management and strategic stuff I hear you say. What about the things that matter to BC like systems and buildings and the like?
The risk of failure in critical infrastructure is a specific risk area addressed. A significant cause of the vulnerability here is the way organisations and nations have managed their infrastructure. The report notes that we have perceived risks to be low and therefore not invested in maintaining infrastructure and building preparedness.
“To improve efficiency and lower cost, various systems have been allowed to become hyperdependent on one another. The failure of one weak link – whether from natural disaster, human error or terrorism – can create ripple effects across multiple systems and over wide geographical areas.”(p20)
Before everybody runs off and puts just that piece in front of their executives, lets also take a look at our own practices.
“At the heart of the problem is a risk -management approach based on responsive measures that assume things go back to normal after a crisis – an approach that falls short with complex or slowly evolving environmental risks such as climate change.”(p21)
We need to learn about complexity, rather than assume everything conforms to engineering and linear systems models.
Another area that is likely to get the attention of the BC community. Not surprising there is a concern that supply chains are becoming too lean.
“The creation of value has become a complex process spanning countries and continents. The far-reaching global supply chains set up by multinational corporations are more efficient, but the complexity and fragility of their interlinkages make them vulnerable to systemic risks, causing major disruptions.”(p29)
Again the concept of complexity is what changes the risk profile.
Those with global exposures will find the section that looks at preparedness on a regional basis useful. This part looks at what risks each region is least prepared for. Preparedness in this report includes a combination of exposure to the risk plus the measures that have been taken to mitigate and/or prepare for the impact.
Part 2- Risks in Focus
The second part of the report takes a deep dive into three specific risks. The focus is on the interplay between geopolitics and economics, rapid and unplanned urbanization in developing countries and emerging technologies.
This is consistent with the approach of assessing both the trends and the risks as theyinteract;
“by addressing the trends underlying most of the risks, the vulnerability to risks can be reduced significantly. In addition, understanding the context and trajectories of a significant nexus of risks and trends can help to clarify ways to address them and to ccapitaliseon opportunities presented by the trends.”(p27)
This part of the report looks at emerging technologies, in this case includes biological and genetic technologies as well as AI and robotics. One of the major risks is listed as the unforeseen consequences of these technologies – which includes not foreseeing that somebody could use this technology for evil.
The mitigation is seen as needing a balance between precaution and innovation (we dont want to impact the upside of the trend) and governance, safeguards and facilitated dialogue between stakeholders.
Again this is a lesson we can take and apply within our organisations. We need innovation and novel practices – our risk and BC approaches need to allow for this.
Part 3 – Good Practices on Risk Management and Risk Resilience
There are three specific case studies here, taken together they illustrate the need for collaboration to address risks in the modern world. Often confused by misaligned incentives where those with the most at risk often do not have the power to address the problem. Also the interconnected nature of the risks means we need to attack from multiple directions and mitigate in multiple areas.
The case studies include;
- Murray-Darling Basin (Australia)
- Highlighting an interdisciplinary approach to a complex problem
- Plus the essential nature of trusted data collection and analysis
- Resilient America Roundtable (USA)
- Looking at the need for community building
- Flood risk and risk communciation (Saxony, Germany)
- An example around risk communication
These are worth reading to see what you can take away and apply within the organisation and its value chain.
“Building resilience means finding ways to change behaviours across sectors and systems, identifying the barriers that must be addressed and the enablers that should be leveraged.”(p49)
I would encourage anybody working in the risk, resilience and BC space to read this report. If you have not read those form recent years there is some indicators there – and some of the risks they highlighted for 10 years out are getting closer!
Are you involved in Horizon Scanning?
How far out is your horizon? Is it really scanning the horizon, or something closer?
Is it a comfortable look, or do you try and go outside your comfort zone when scanning?