THE FUTURE, FORESIGHT AND RISK MANAGEMENTsd
IN BRIEF
As the future unfolds more quickly, its rapid changes increase uncertainty and accelerate risks that jeopardize the relevance and even the existence of organizations. The boundaries between foresight and risk management are increasingly blurring and complementing each other more.
Risk and future. Future, a risk
If risk is the effect of uncertainty on objectives with the potential for either a negative outcome or a positive outcome or opportunity. Every risk has its own characteristics that require particular management or analysis.
If each risk has its own characteristics which require particular management or analysis, we can also say that it is the same for the future since more than one future is possible (plurality of futures), each having its own particular characteristics.
Risks are generally divided into four categories :
● compliance (or mandatory) risks;
● hazard (or pure) risks;
● control (or uncertainty) risks;
● opportunity (or speculative) risks.
According to this classification, the future is classified as a speculative risk. It can also be classified as a control risk, right?
Risk includes the following key elements
In the next paragraphs, we cite the key elements of risk while making a short analogy (when applicable) with the future rather than writing additional paragraphs and making the reading heavier (and while hoping that the method chosen does not have the effect of making the reading heavier).
Probability or Likelihood : Risk involves assessing the chances of a particular event or outcome happening. This can range from highly probable events to highly unlikely ones. Applying it to the future, the risk lies in the likelihood that the future we want will arrive or not.
Impact or Consequence : Risk (and future as risk) also considers the potential consequences or impact of the event if it does occur. This impact can be positive or negative and may affect various aspects such as financial, operational, reputational, or strategic aspects of an organization or individual.
Uncertainty : Risk inherently involves uncertainty about the future ; the future being uncertain is then a risk, right? While some risks may be relatively predictable based on historical data or known factors, others may be more difficult to anticipate due to changing circumstances or unknown variables. Some parts of the present can be in the future.
Variability : Any future, all futures just like risks can vary in their magnitude and nature. Some risks may have a relatively minor impact, while others could have severe consequences. Additionally, risks can arise from a wide range of sources, including internal processes, external factors, and even natural phenomena.
Management : Effective risk management involves identifying, assessing, and prioritizing risks, as well as implementing strategies to mitigate or manage them. This may include risk avoidance, risk reduction, risk transfer, or acceptance of certain risks within tolerance levels. We can apply this reasoning to the management of the chosen future since the latter eventually becoming the present will also include impacts, consequences, etc.
Overall, risk and the future as risk is an integral aspect of decision-making in various contexts, including business, finance, project management, and everyday life. Understanding and managing risk is essential for achieving objectives, protecting assets, and ensuring resilience in the face of uncertainty.
Managing risk
In general terms, organizations will seek to minimize compliance risks, mitigate hazard risks, manage control risks and embrace opportunity risks.
Risk classification
In order to manage risks, organizations will classify them, however, it is important to note that there is no ‘right’ or ‘wrong’ subdivision of risks but there is such a risk classification that will help an organization the most and best; each case being specific to each organization.
Strategic, Financial and Operation, Information, Legal, Reputation, Governance and Disruption
Risk management is generally concerned with the maintenance of current operations and business model and their classification will most of the time include the risk categories as stated above and risk management activities will seek to minimize compliance risks, mitigate hazard risks, manage control risks and embrace opportunity risks.
Existential and relevance risks
There is not much said about these types of risks but we can deduct that some there are risks that will affect the very existence and relevance of an organization. A pandemic is one such case of existential risk. The failure to adapt to new market shifting trends can greatly affect the relevance and ultimately the existence of an organization. Research In Motion and its failure to adapt the Blackberry is a great example.
When we read about the risk that the future represents, the literature mostly refers to the future as a threat to the relevance and the existence of the organization; to its survivability, its ability to carry on its business because the rapid changes will render it irrelevant or obsolete.
Foresight and Enterprise Risk Management (ERM)
Foresight and Enterprise Risk Management (ERM) are both strategic approaches used by organizations to
anticipate and manage future uncertainties, but they differ in their focus and methodologies:
– Enterprise Risk Management (ERM)
There is a range of reasons why organizations undertake risk management activities. In the book “Fundamentals of Risk Management” (Hopkin), these reasons are summarized as mandatory, insurance, decision-making and effective/efficient core processes (Madez). ERM is a structured approach to identifying, assessing, and managing risks that could potentially affect an organization’s ability to achieve its objectives. It involves identifying risks across all areas of an organization’s operations, including financial, operational, strategic, and compliance risks. ERM aims to provide a holistic view of an organization’s risk landscape, allowing management to make informed decisions about how to allocate resources to mitigate or transfer risks effectively. ERM typically follows a systematic process that includes risk identification, risk assessment, risk prioritization, risk treatment, and ongoing monitoring and review. While ERM considers a broad range of risks, its primary focus is on managing downside risks that could threaten the achievement of organizational objectives.
– Foresight:
Foresight involves systematically exploring potential future scenarios, trends, and discontinuities to understand how they might impact an organization. It often employs techniques such as scenario planning, trend analysis, horizon scanning, and futures thinking to identify a range of possible futures and their implications. Foresight aims to enhance an organization’s capacity to anticipate and respond to emerging opportunities and challenges, thereby improving its resilience and competitiveness over the long term. Foresight activities typically involve a wide range of stakeholders and may focus on exploring multiple aspects of the future beyond just risks, such as identifying new market opportunities or technological advancements.
A word on maturity models
Maturity models are there to help organization make sure they make a quality and complete job so its relates to both the quality and the number of steps that have to complete to be “complete”. Risk Maturity Model and Foresight Maturity Model. The output of each processes or strategy thinking step would serve for strategy development and planning.
Using the 3 Horizons to align Foresight and ERM
This is an example of how we could use the 3 horizons framework to better understand how ERM and Foresight are used within each of the horizon. As much as horizon 1 is clear cut ERM domain and horizon 3 covers the foresight domain ; horizon 2 could be more of a blur and benefit from using both ERM and Foresight approaches.
Horizon 1 (H1)
Horizon 1 would focus on managing risks associated with current operations and existing business models. Its management activities would involve to identify and assess risks related to day-to-day activities, such as operational risks, compliance risks, and market risks and its objective would be to implement risk mitigation strategies to address immediate threats and vulnerabilities to the organization’s current business.
Horizon 2 (H2):
Horizon 2 would focus on addressing risks and opportunities associated with emerging trends and business opportunities; identify potential disruptions, technological advancements, or market shifts that could impact the organization in the medium term and finally, assess the risks associated with pursuing new initiatives, investments, or business ventures and develop strategies to manage these risks effectively.
Horizon 3 (H3):
Horizon 3 would focus on anticipating and preparing for potential future risks and uncertainties that could significantly impact the organization in the long term; explore potential disruptive and seemingly preposterous events, disruptive technologies, or systemic risks that may not be immediately apparent but could have far-reaching consequences and finally, develop scenario planning and contingency strategies to mitigate the impact of future risks and enhance the organization’s resilience.
In brief
By using the Three Horizons framework to mix foresight and risk management, organizations can adopt a more holistic and forward-thinking approach to identifying, assessing, and managing risks across the different time horizons. This enables them to not only protect their current operations but also to anticipate and capitalize on emerging opportunities while preparing for future challenges.
Benefits of aligning foresight and risk management
While both foresight and ERM are concerned with managing future uncertainties, foresight focuses on exploring potential futures and their implications in a broader context, while ERM is primarily concerned with identifying and managing risks to organizational objectives in a systematic manner. Aligning foresight and risk management allows an organization to better visualize risk and opportunities in a very holistic, granular, effective and efficient manner. It provides a more intimate and integrated view of the organization and how each of its parts (or silos) are subject to common and different risks.
It also provides the following benefits:
- Improved risk awareness and management ;
- Better data quality and risk & opportunity gouvernance ;
- Improved executive and board oversight ;
- Enhanced operational efficiency and effectiveness ;
- Long=term vision ;
- Increased financial performance, profitability, growth, resiliency and antifragility (growing beyond resiliency).
This article will be revisited and updated from time to time.
To your success !