The foggy danger of non-financial risks
Financial risks, and the appetites of Boards and Executives in managing them, have had a long history of governance. While the occasional failures of organisations in managing financial risks indicates that financial risk management is not yet perfect, it is still acknowledged as a mature area of governance. Organisations have become increasingly adept at managing financial risks over a long period of time, with evolving sophistication and effectiveness. A number of quantitative and semi-quantitative methods are regularly used to bring a considerable degree of objectivity to managing such risks. Debate may arise about the desirability of taking such risks, which is a question of appetite, but the framing of risks is generally robust.
Non-financial risks, on the other hand, have not had the benefit of a long history of maturing discipline. Subjectivity, rather than objectivity, have for some decades characterised how Boards assess non-financial risks. Consequently, emerging non-financial risks are often viewed through the individual perspectives of Board members, CEOs and Chief Risk Officers. This can create blind spots in governance, particularly with emerging risks. After all, if none of the executives or non-executives have experienced the risk before, either directly or via documented history, the consideration of risk can become an academic, and subjective, exercise. The framing of risk can then become opinion-based. The appetite for a given risk can be unduly influenced by inadequate framing of that risk.
The issue is further complicated by the very wide and varied scope of non-financial risks compared to the reasonably contained domain of financial risks. The spectrum of non-financial risk lies anywhere between climate change and child labour, or anywhere between corruption and contaminated waterways. Any given individual may have a conservative stance on corruption and a non-conservative stance on climate change, or vice versa. We all have a view. Variability, in points of view, is rife. Opinion-based framing of risks places the Board and Executive management in an uncomfortable place where the justification of risks accepted may not withstand later scrutiny. Decisions made with insufficient attention given to causes and controls – and too much weight attributed to debated opinions on whether it “feels ok” – endanger an organisation’s future prospects.
In this context, the term “non-financial risks” is somewhat close to a misnomer. These risks may have financial implications, some of which may be significant. In some cases they have business continuity implications. Such non-financial risks have very real and material revenue, loss, profit and liability impacts; often not in the space of a single fiscal year but over a period of time – five, ten or twenty years. Ironically, this is the strategic timespan that Boards are uniquely entrusted to consider. Investors rightly feel discomfort at the use of “feels ok” lenses to the more significant non-financial risks facing an organisation’s future. More rigour is required.
One of the tasks that Boards are increasingly focusing upon is “de-fogging” non-financial risks. There is greater institutional wariness of unintentionally-glib under-assessment of non-financial risks, and it is accompanied year-on-year by consistently escalating investor concern. There is a greater emphasis on more objective assessments of risk. There is, too, a higher awareness that today’s sensitivity of stakeholders to some non-financial risks may be somewhat less than tomorrow’s sensitivity, indicating a propensity for the escalation of consequence. All of these factors are bright orange flags in the world of non-financial risk.
While this, more considered, perspective of non-financial risks does not by itself constitute a solution, it nevertheless marks an important threshold in Board and Executive effectiveness – the realisation that non-financial risks require a broader, and deeper, application of objectivity.