Going Beyond the Obvious in Risk Management

Nearly half of directors are failing to anticipate business risks that are not in plain sight. How the better boards can steer management to catch the next tariff war or social media snafu.

It goes without saying that boards deal with risk all the time. The audit committee for one examines the firm’s accounting for trouble spots. Plus, the board always quizzes and advises management on risks about the competition, regulations and other day-to-day red flags.

But how many boards over the last two years were thinking how an increase in global trade tensions, cryptocurrencies, social media snafus and fake news could impact their organization? And yet, few firms escaped the challenge of dealing with those risks.

Indeed, evidence is mounting that when it comes to risks, boards are missing the boat on the ones that aren’t in plain sight—but can bring a firm down. Call them, as one-time CEO and former U.S. Secretary of Defense Donald Rumsfeld used, the “unknown unknowns.” Nearly half of directors say that focusing on the known risks is a “significant obstacle” to the board’s ability to analyze and diagnose potentially disruptive, atypical risks, according to a new survey by the National Association of Corporate Directors. Making things worse, less than 20 percent of directors said they were confident in management’s ability to address these types of disruptive risks, either.

According to Joe Griesedieck, a Korn Ferry vice chairman and managing director of the firm’s Global Board & CEO Services practice, how boards review these hidden risks is becoming a key factor in evaluating their overall performance, “The board needs to be thinking, proactively, about what could negatively impact the business,” he says. “It’s these unknown unknows that can cost a firm market share, dramatically increase costs, inspire a talent exodus or, ultimately, drive a firm out of business. “

Experts suggest several ways board members can get on top of these less overt risks. According to the NACD, directors should demand that risk reports from management provide forward-looking information on changing conditions, including from sources outside the company. Directors should also look inward and evaluate how well they digest bad news and whether they are open to other views. Boards also can devote time during meetings to deep dives into scenario planning and simulations to model how out-of-nowhere risks could potentially impact the organization.

Then there’s the composition of the board itself. Griesedieck says that boards need to seek out new directors who have expertise in areas existing directors do not. Cyber security is one area where many boards admit that they lack knowledge, but experts in environmental and social risks may also be needed.

Of course, boards can’t expect to see all risk, be it another crash in bitcoins or political shifts. But experts say directors have to get into the mindset that risk management is the purview of the entire board. “Environmental risk, social risk, talent flight risk, data risk, that’s quite a portfolio that goes beyond just audit committee,” Griesedieck says.


  • Joseph E. Griesedieck

    Vice Chairman, Managing Director,
    Board & Chief Executive Officer Services

    Bio >