Many companies risk management practices are increasingly outmoded, leaving them exposed to a new risk landscape of catastrophic black swan events, according to a paper by PwC.
The firm suggests that businesses need to be adapt and innovate if they are to combat major-impact events such as terrorist attacks, tsunamis or major oil spills, overhauling archaic practices to embed a new risk culture.
"The risk landscape is changing, and established risk management approaches need to be updated to keep pace," says Richard Sykes, PwC governance, risk and compliance leader.
"Many organisations currently have the wrong focus. They major on financial and operational risks and crucially regard risk and strategy as separate, rather than seeing risk-taking as a key source of value creation. But the world where risk events could be predicted - and their impacts controlled - is fast disappearing.
"By their nature, black swan events should only occur at unpredictable intervals," Mr Sykes adds.
"Yet recent experience suggests events that fit this definition are happening more frequently. Rather than being infrequent outlier events, it seems they are now part of a faster-changing and more uncertain world, which makes it hard for businesses to understand where new risks are going to come from.
The PwC paper ‘Black swans turn grey: the transformation of risk’ suggests that enterprise risk management (ERM) practices can become a box-ticking exercise, encouraging staff to see risk as separate from their own business decisions.
In contrast, comprehensive risk management practice makes companies distinctive, more appealing to prospective clients and provides a competitive edge, the firm says. When properly embedded, it helps protect reputation and enhance resilience, while providing a clear view of the board's attitude to integrity, risk and safety.
Some of the questions organisations should ask include: "Does the board have people with enough industry expertise", "Are the CEO and board setting the right behavioural example and risk-aware culture" and "Do rewards encourage risk-based thinking and behaviour?"
Armoghan Mohammed, PwC risk partner calls for an explicit focus on risk appetite.
"By understanding today's risk landscape, organisations can progress from managing specific risks to achieving wider resilience," he says.
"What is needed is a new, more flexible and holistic approach to risk management that develops a risk aware culture and fosters an explicit focus on risk appetite. This will provide a clearer ownership of risks at leadership levels - with risk awareness and accountability shared across the organisation through a common risk culture. It can also give a higher market rating. There's growing evidence that businesses that are seen to truly embed a risk-aware culture and behaviours are valued more highly by the markets.
"Crucially, ultimate responsibility for driving and embedding this change lies not with the risk function, but with the board. It's their duty to embed the right risk culture and behaviours, supported by an appropriate rewards structure. The resulting awareness and scrutiny of risk at all levels in every business decision will help to protect the organisation's reputation - and further enhance its resilience in an uncertain world."