Topics:   Corporate Governance,Risk Management,Strategy

Topics:   Corporate Governance,Risk Management,Strategy

May 23, 2023

Overseeing Gray Rhino Risks

May 23, 2023

The relentless disruption of recent years has ingrained “black swans” into our risk management lexicon. While these kinds of risk events come with catastrophic consequences, black swan events are extremely rare, impossible to predict, and outside our control. We’ve started to codify risks differently, not as unexpected swans, but as “gray rhinos,” which better defines the risks that boards should prioritize because they are more plentiful, are expected, and are charging right at us in plain sight.

While the pivot from black swans to gray rhinos helps companies think more proactively about enterprise risk management, there is work to be done to prepare and build resiliency. The board has a key role to play in this important work, including by asking provocative “what if” questions that challenge assumptions, recognize limitations in assessing risk, and guide management to plan for possible risk scenarios, even those that seem unlikely.

Learning to See Gray Rhinos

When was the last time your board asked management the below crucial questions?

  • What if we are wrong?
  • What if the least-likely gray rhino risk with the most severe consequences becomes a reality?

Years before COVID-19, Bill Gates predicted a massive pandemic that would cause millions of global deaths and cost trillions of dollars. Yet, few companies planned for this rhino. Likewise, a year ago, the US Federal Reserve Board was convinced that inflation was transitory, and it downplayed the impact. Some companies could see the writing on the wall, but few planned accordingly. The question boards should be asking management is: Were they scenario-planning around these rhinos, and if not, why not? How often do companies ask, What if we are wrong? How often do they stop to think about how leaders’ judgment could be clouded? Today’s risk environment demands that companies prepare for a wide range of scenarios, including those with low probability but high impact.

Human Limitations in Assessing Risk

Risk assessments require leaders to understand the nature of risks, the effectiveness of controls, and the likelihood and impact of a risk event. But human nature, with all its biases and limitations, poses an additional challenge when it comes to assessing risk.

Take, for example, subject-matter bias, where experts are unintentionally biased in how they process information and tend to prioritize the most recent evidence. Also consider confirmation bias, where individuals tend to process information that agrees with their view and are dismissive of information that contradicts it. Or groupthink, where groups tend to coalesce around a consensus view that is based on a common experience (often, the last crisis).

Especially when dealing with highly remote, but gravely impactful, risks, it is hard to not be dismissive of the impact when you want to believe that the likelihood is low (because it has never happened before), and so does everyone else around the table.

Building Resiliency by Planning for Uncertainty

So what can boards do? Boards need to challenge the way they think and plan for uncertainty. This involves directors, as well as executives, letting go of the need to be right regarding their predictions and instead allow for the possibility that they may get it wrong—and must mitigate what happens if they do. Board members are especially well-positioned to probe management as to what alternatives were considered (even highly unlikely ones) and follow up with “what if” questions.

There are several techniques that boards and management teams can use to help overcome biases and plan for uncertainty, including the following:

  • Future-back scenario planning is a collaborative visioning exercise that uses demographic, environmental, or social changes as prompts for brainstorming strategic opportunities and uncovering gray rhino risks.
  • Premortem assessments are a method to overcome the effects of groupthink and identify potential risks by assuming a future scenario where there are failures, then imagining what might have led to those failures.
  • Red teaming is a US Army practice of rigorously challenging plans, policies, systems, and assumptions by adopting an adversarial approach.
  • Designated troublemaker is an approach where you assign someone the role of asking uncomfortable questions and challenging the consensus. It promotes the idea that embracing those who dissent from the majority opinion can lead to better decisions and outcomes.

For all of the destruction that the pandemic has wrought, it has shown us the need to plan for risk scenarios that may seem unimaginable in the present moment but should have been considered if we were really looking for gray rhinos. Let’s use what we’ve learned.

While companies may never know exactly which external risks on the horizon will manifest, by embracing that uncertainty and planning for a range of scenarios, they can create an organization that is more resilient and agile. Boards can guide them to plan for that uncertainty, see the rhinos with more transparency, and prepare for the unlikely in a way that will position the company to thrive. You can never predict which gray rhino will manifest, but if you look at risks purely as black swans, you might not prepare at all.

Kris Pederson, NACD.DC, is the EY Americas Center for Board Matters leader.

EY is an NACD partner, providing directors with critical and timely information, and perspectives. EY is a financial supporter of the NACD.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.


Bill Smillie May 25, 2023

Kris, great article. It reminds me of the idea in programme/project management of "ambiguous threats and recovery windows". Seems like there is some overlap in thinking here:

Wendy luscombe May 24, 2023

What a wonderful concept of having a “designated troublemaker.” It takes the pressure off those with a different point of view. I felt this way reporting on the individual peer comments on our board assessments, I was only the messenger even though I was delivering some quite personal comments.