Emerging risks are newly developing or evolving risks on the horizon that can affect the achievement of

an organisation’s strategic objectives. It may be difficult to fully articulate or assess their likelihood or
consequence, given they are newly developing and may not yet have a track record to analyse.
Identifying, communicating and managing emerging risks is crucial in order for an organisation to
achieve its strategic objectives.

After an emerging risk has been identified, it is important that it is effectively escalated and
communicated throughout the organisation. In conjunction with this escalation process, appropriate
and considered mitigation activities may be planned and implemented that are commensurate with the
materiality and proximity of the risk and the entity’s risk appetite and priorities.

The nature of emerging risks

Emerging risks can be conditions, situations or trends that may be observed in the wider community or
internally. They may be complex in nature and can be rapidly changing or evolving. Due to the inherent
level of uncertainty associated with emerging risks, they can be hard to anticipate and even more
difficult to measure. They should be supported by indications and reasonable information that justifies
the emerging risks as being material and needing further assessment.

What makes a risk an “emerging” risk can be related to a series of factors, including:

 Novelty – it is not a risk previously considered or expected

 Source – change and disruption in the external environment creates new sources of risk not
previously considered

 Uncertainty – there is a greater degree of uncertainty associated with them

 Timing – the risk would materialise beyond the immediate strategic risk horizon.

As a result, emerging risks tend to:

An example of an emerging risk could include the following:

 An increase in extreme weather events.

 A potential change in regulations and legislation.

 The emergence of new technologies.

Mechanisms for identifying emerging risks

It is important for an entity to pay attention to global trends and Key Risk Indicators (KRI’s). This
forward-thinking mindset helps prepare decision-makers for emerging risks that may threaten the
achievement of strategic objectives. There are a number of mechanisms that can be used in order to
identify emerging risks:
Figure 1: Mechanisms for Identifying Emerging risks

 Horizon Scanning/Risk Sensing: This involves examining all of the information and data available
to detect any early indicators of an emerging risk in your entity’s operating environment. This
works towards enhancing your situational awareness and supports your understanding of your
internal and external operating environments. Some of the methodologies involved in risk
sensing include:

o SWOT analysis: This is a methodical examination of Strengths, Weaknesses,

Opportunities and Threats. It is a useful approach for identifying any external or internal
trends and factors that give rise to risk.

o PESTLEE analysis: This stands for Political, Economic, Social, Technological,

Environmental and Ethical. This provides a useful framework to guide thinking in
identifying risks that are on the horizon, by providing consistent categories to consider
these risks. This analysis should enable entities to understand the events that could
occur or are occurring in their external context that can make a difference to an entity’s
ability to carry out functions and activities and reach strategic outcomes.

o Risk Sensing Technology: Cognitive risk sensing helps organisations analyse large
samples of available data to better anticipate emerging events and gain the intelligence
to predict risks. This process allows entities to detect emerging threats and
 opportunities more effectively, understand the potential impact to them, enhance the
quality of its insight and make better informed decisions.

 Utilising strategic documents: This involves identifying your entity’s goals and subsequently the
future dependencies or uncertainties that could stand in the way of achieving these objectives.
Through reviewing your entity’s corporate plan and identifying drivers of success, you may be
able to identify more clearly what must go right if you are to achieve these objectives and
consider any potential roadblocks and barriers that may prevent the fulfilment of these
objectives.

 Traditional methods: These are more common approaches that involve consultation with both
internal and external stakeholders that facilitate a discussion and awareness about any potential
emerging risks. Some of these include:

o Risk Workshops: These are an effective way to bring stakeholders together to

brainstorm risks that are on the horizon and to challenge the thinking within an entity.

o Risk bow-tie analysis: This is a process that works towards identifying where new or
enhanced controls may be worthwhile when dealing with an emerging risk. It is a
graphical depiction of pathways from the causes of an event or emerging risk to its
consequences in a simple qualitative cause-consequence diagram. This visual approach
can be undertaken through a brainstorming session with stakeholders that first of all
looks to identify any new or evolving pressures. Attention is then directed towards
examining and extrapolating the causes, consequences and controls.
Figure 2: Risk Bow-tie Analysis

Managing emerging risks

Once an entity has identified potential emerging risks, these risks should be prioritised to create greater
focus and clarity, and appropriately monitored and managed. An example of a process for managing
emerging risks, including responsibilities of the business and risk function, is outlined below:
Figure 3: Process for managing emerging risks

Escalating and Communicating emerging risk

Emerging risks need to be communicated regularly and escalated appropriately in order for them to
inform decision-making. The following are a number of channels which may be useful to escalate and
communicate emerging risks:

 Risk watchlists: Risk watchlists provide an opportunity to monitor and draw attention to any
pertinent emerging risks on the horizon. They provide an opportunity for active assessment and
communication in relation to their nature, consequence and likelihood of materialising. Through
inspection of these risk and communication of these watchlists, the messaging provided to the
executive can be tailored around the severity of the threat and consequence presented by any
emerging risks.

 Formal quarterly risk reports: These can provide detailed information on the entity’s top
emerging risks and allow for greater visibility over any new or evolving risks that have the
potential to affect business operations in the future. Scenarios may also be used to demonstrate
the potential consequence should emerging risks occur and drive discussion about the entity’s
strategic options. This reporting may also include existing risks which are potentially impacted
by emerging or future risks.

 Regular reporting to the Executive Committee: This can include informal and formal upwards
communication as part of the regular internal reporting This can work towards embedding
 emerging risks into the risk conversation in the entity’s existing reporting channels. This can also
help inform the executive about the potential challenges the entity may face in the future.

 Risk workshops: A broad, diverse and robust risk dialogue at these workshops with an emphasis
on emerging risks can help to overcome blind spots, foster risk awareness and support any kind
of Strategic Risk Assessment. It is necessary to broaden the dialogue in these workshops to
involve different stakeholders and platforms, such as Chief Risk Officers and Chief Operating
Officers.

 Risk committees: Consideration of emerging risks at these meetings helps provide a level of
oversight. Focusing on emerging risks at these committees can help the entity turn their
attention towards putting in place measures to combat emerging risks that threaten the
achievement of business objectives in the future.

These approaches to escalating emerging risks will enable the entity to understand if the future
consequence of the risk would be within its risk appetite and tolerances as well as providing a greater
understanding of potential threats and opportunities.