Anticipate the unexpected | KPMG | CA
Share with your friends

Anticipate the unexpected

Anticipate the unexpected

The risk landscape has changed dramatically over the last two decades.


National Leader, Risk Consulting

KPMG in Canada


Related content


The risk landscape has changed dramatically over the last two decades and at an increasing velocity. Whereas risk assessments were once primarily concerned with financial and operational functions, businesses have learned that strategic risk has become equally, if not more critical, to any risk assessment. Most notably, strategic risk is a reflection of the external market forces and a company’s preparedness for them.

While a private company may have a risk strategy in place, once it goes public it is faced with having to consider the wants and demands of investors and other stakeholders, who regard risk at a much more complex level.

What is especially important when identifying risk factors within your organization is to avoid making it a mechanical process. It’s not enough to distribute questionnaires or circulate a generic list for ranking risk. Risk identification has to be a much deeper dive that requires significant time and effort. Otherwise, your entire baseline will be wrong, and your company will end up managing and addressing the wrong issues.


A simple definition of risk

Let’s begin by considering the basic definition of risk: Anything that prevents or impedes an organization from achieving its goals and objectives.
Businesses often take that too literally by focusing solely on operational and budget issues. To put this in perspective, missing a sales target by one per cent will likely not cause significant damage to the overall long-term health of a company.

Real but sometimes less glaring factors such as reputation, corporate culture, cybercrime, deception, corruption or quality (e.g., product recalls) can be far more harmful.

For instance, in the past, companies expanding into Asia considered primarily capital allocation, financing and supply chain risks. Over time, organizations learned that the more crucial issues were related to having the appropriate business partners, fostering good communication with the subsidiary operations and engaging appropriately with local governmental bodies.


Commonly overlooked risks

There are of course the obvious risks that make up every profile; for example, regulatory compliance, financial reporting and operational controls. Then there are risks that are specific to industries that may not be applicable to the broader population of public companies – such as climate change or supply chain risk. A great deal depends on the products you produce, the services you provide, your location in the world and myriad of additional factors.

But experience has also shown there are some “hidden” risks that are often unaccounted for and are relevant to a large percentage of public companies. A few examples are:

  • Corporate culture – A company can face massive reputational damage as a result of corruption, fraud or lack of transparency caused by poor corporate culture. There are countless examples of what can happen when you don’t have the right tone at the top. Or to put it another way, the right culture around making the right decisions. The onus is on leaders to make sure their people are able to do the right thing despite their inclination to do what’s best for themselves, or more expedient in the near-term.
  • External markets – Often when companies do a risk assessment, they neglect to interview people outside the organization. Yet it is essential to look beyond internal processes and opinions and seek out how the market views the company, its sector and competitive advantages and disadvantages. As an example, the views of analysts covering public companies should be understood.
  • Innovation risk – In the past, companies whose reputation rested on creating new products were focused on continued innovation. These days, all services and products are susceptible to disruption. Often, disruption will not come from a known and direct competitor. It might come from a start-up, a Fintech company, or a regulator. Innovation risk equals disruption risk. In some ways, the visibility and information that a public company provides to the world increases the risks it faces in this regard.
  • Talent – Risk registers often include succession risk at the C-suite level or union negotiations. However, talent development and management are often not examined with sufficient depth. Plans to develop and train people, create succession plans at various sensitive positions and recruiting the right people are key to an organization’s sustainability.


A continuous process

Once an organization goes through a baseline exercise, often the assumption is that the go forward job is maintenance. The reality is, risk identification should be a continuous process that must engage the organization at all levels, from the Board to the production floor. Some companies appoint “Risk Champions” in its various divisions, while others adopt a top-down approach to seeking out feedback on risks. As a company grows and enters new markets, risk prioritization needs to be reviewed, adjusted and discussed frequently to ensure you are well-positioned to meet potential challenges as they arise.

Connect with us


Request for proposal