How Can ERM Help Prevent the Collision of Internal and External Risks
How Can ERM Help Prevent the Collision of Internal and External Risks

How Can ERM Help Prevent the Collision of Internal and External Risks?

The World Economic Forum published the 15th Edition of its Global Risks Report 2020 on January 15 with a warning that external and internal risks will be a substantial challenge going forward.  They probably had no idea how prescient that statement was going to be.

Even in ordinary times, these interconnected risks are combining and make the necessity for an enterprise risk management (ERM) program even more apparent.

Unfortunately, most organizations struggle with even basic levels of ERM. The unexpected intersection of environmental, social and governance (ESG) risk with systemic, corporate, and reputational risk poses even more of a threat during the coronavirus (COVID-19) pandemic.

How can you understand the nuance of where internal and external risks meet within your organization?  Today, this increasingly requires a full-featured ERM solution with the right monitoring and reporting tools to gain insight into interconnected risks.

Reputational risks put your market value in danger

According to the Global Risks Report 2020, “the growing palpability of shared economic, environmental and societal risks signals that the horizon has shortened for preventing — or even mitigating — some of the direst consequences of global risks.” But what aspects of infrastructure, personnel, process, and technology are impacted by the effects of legislative, environmental, social, and technological factors?

Internal risks within an organization may stem from:

  • Employees’ illegal or inappropriate behavior.
  • Operational bottlenecks due to human error.
  • Inefficient organizational structure and unclear reporting responsibilities.
  • Unexpected financial events and market value loss.

Unlike external risks, internal risks can (at least hypothetically) be anticipated and mitigated.

What are external risks?

External risks are, of course, from outside the organization, and can be wildly unpredictable.  They include:

  • Natural disasters, such as hurricanes and earthquakes.
  • Major macroeconomic shifts, including recessions and industry disruption.
  • Competitor actions, including the development of new disruptive technology.
  • Political policy changes, in governance, ideology, and governmental policies, and regulatory requirements.
  • Social unrest, such as movements, protests, or shifts in societal fundamentals.
  • Cyber-attacks, such as data breaches and leaking of confidential information.

The coronavirus crisis has proven out the WEF’s predictions for 2020. The virus’ spread and the need for social distancing and other restrictions on work and commercial activity have shut down whole sections of the economy. Many businesses have been forced to work remotely and have suffered interruptions in workflow and deliverability.

Employees working from home may also inadvertently expose their businesses and customers to hackers who prey upon loose data security and unsecured video chats. And inadequate business continuity planning/disaster recovery and pandemic preparedness plans have put many companies in dire straits.

Threading the needle

All these factors and more can greatly harm a company’s reputation. According to Forbes, “corporate reputation is highly dependent upon the system of the organization performing well across many complex reputational drivers.”

These can include product and service quality, ethics, technological advancement, and environmental responsibility. Throughout all of this, when a company’s reputation is at risk, its market value is at risk.

How can you thread the needle of systemic risk oversight and management for both internal and external risks? Your ERM program should include automated, real-time risk reports and a configurable, multilevel evaluation framework to help identify and analyze these interconnected risks to proactively prevent them or mitigate any damage.

Defend yourself against vendor and enterprise risk

Learn about our best-in-class VRM/ERM solutions.