Time horizon—or a planning horizon—is the estimated length of time needed to accomplish the goals outlined in a strategic plan, business plan, project plan or program. Assigning a time horizon facilitates accountability for achieving expected goals. In risk assessment exercises, it is important to clarify this variable when engaging with people because their perspectives and respective responsibilities will influence their views on what the time horizon might be. But does the risk assessment process use a time horizon that looks out far enough?
In a risk assessment, there are several time horizon attributes worth considering:
- The longer the horizon, the more likely a potential future event can occur. The shorter the horizon, the less likely the event is to occur. Exposure to severe weather is an illustration: the longer the time horizon, the higher the possibility that a severe weather event will impact the organization’s operations.
- With a longer time horizon, the organization has more flexibility in responding to the unexpected. For example, if a competitor adopts predatory pricing tactics, a short time horizon affords the organization little time to react. However, over the long term, this is an issue the organization can realistically expect to manage.
- By their nature, strategic risks have a longer time horizon than other risks. These risks represent exposure to one or more future events invalidating fundamental assumptions underlying the business strategy. They also present the potential for the strategy and business model to fall out of alignment with management’s long-term outlook. By contrast, operational and financial risks typically have a shorter time horizon given the focus on quarterly performance and the achievement of annual business plans and budgets. And compliance risks, since they reflect ongoing day-to-day activities, likely have the shortest time horizon.
When you really look out longer term, what do you see? Earlier this year, the World Economic Forum (WEF) attempted to answer this question in its annual update on global risks. For the tenth straight year, this study viewed risk across five categories: economic, environmental, geopolitical, technological, and societal. It defines global risk as “an uncertain event or condition that, if it occurs, can cause significant negative impact for several countries or industries within the next 10 years.” Among its findings:
- The risks of highest concern over the next decade suggest that our lives will be intensely shaped by transformative forces that are already under way. Covering all five categories, the risks include: water crises; interstate conflict with regional consequences; failure of climate change adaptation; high structural unemployment or underemployment; large-scale cyberattacks; asset bubbles in major economies; large-scale terrorist attacks; fiscal crises in key economies; profound social instability; food crises; failure of national governance; extreme weather events; and state crises or collapse.
- Megatrends are driving global risks over the next 10 years. The WEF defines a trend as “a long-term pattern that is currently taking place and that could contribute to amplifying global risks and/or altering the relationship between them.” The report highlighted 13 trends: aging population; climate change; environmental degradation (quality of air, soil and water); growing middle class in emerging economies; increasing national sentiment; increasing polarization of societies; rise of chronic diseases; rise of hyperconnectivity (connecting people and things); rising geographic mobility (of people and things); rising income disparity; shifts in power (from state to non-state actors, from global to regional levels, and from developed to emerging market and developing economies); urbanization; and weakening of international governance. The report illustrates the interconnectivity of these trends with the top global risks.
- There are distinctions between the top three risks for which each region of the world is least prepared. Risk profiles vary by region. For example, in North America, the WEF identified failure of critical infrastructure, cyberattacks, and failure of climate change adaptation as the top three risks. In Europe, unemployment or underemployment, large-scale involuntary migration and profound social instability are the most significant risks. In the Middle East and North Africa, the top risks are water crises, profound social instability, and interstate conflict. In East Asia and the Pacific, they are interstate conflict, failure of urban planning and man-made environmental catastrophes. In Latin America and the Caribbean, the top risks are profound social instability, failure of urban planning and failure of national governance. Sub-Saharan Africa faces unemployment or underemployment, food crises, and spread of infectious diseases.
In addition the report made the following observations:
- Fragile economies are under pressure due to rising socioeconomic inequality, structural unemployment, and climate change.
- The global economy is returning to growth, although sluggishly, while facing falling inflation, the risk of deflation, increased exposure to asset bubbles due to low interest rates, and the risks of a failure of a major financial institution and fiscal crises.
- With the rise in technological connectivity between people and things, there is risk of large-scale cyberattacks.
While the WEF’s global risks may not have an immediate impact, they are nonetheless important considerations over the longer term. Companies and their boards should be thinking about the implications of longer-term trends that reach beyond the time or planning horizons considered by management during the strategy-setting and risk assessment processes.
The board should expect management to consider emerging risks periodically. Management should be thinking about the “known unknowns” and the “unknown unknowns” of the future. We often do not see enough of these risks, or their correlated risks, in company risk assessments because the time horizon addressed by most risk assessments does not extend out nearly as far as the WEF update. This is largely due to factors such as the rapid pace of change, short-term incentives, shorter CEO tenures, and fixation of investors on quarterly earnings. In fact, one study notes that 65 percent of companies have a strategy-planning horizon of four years or less while only 7 percent have a horizon of greater than six years.
More important, the same study noted that the longer the strategic horizon, the higher the long-term total shareholder returns. Thus, a dilemma arises: While the uncertainty in viewing a longer planning horizon presents a challenge and the short-term is more predictable, failure to think sufficiently long term can erode competitive position over time. That’s not a good answer.
One clear sign of short-term thinking occurs when a company’s risk assessments shuffle “known knowns” around on a heat map year after year, leaving executives and directors wondering about the value of the process. Effective risk management requires understanding more about unknown factors, such as emerging risks. Does it make sense for a risk assessment to look out even longer than the time horizon, effectively decoupling the risk assessment horizon from the planning horizon?
The WEF study illustrates important considerations relevant to the longer term. Companies and their boards should be thinking about the implications for the company’s strategy and business model of longer-term trends that reach beyond the longest time horizon considered by their strategy-setting and risk assessment processes. For example:
- Focus on the “game-changing” risks. Risks such as a pandemic, large-scale cyberattacks and issues in specific regions where significant investments have been made may be relevant to the company’s business model over the long term, requiring attention sooner rather than later. Make sure your worst-case scenarios are extreme enough by including these risk considerations.
- Pay attention to strategic uncertainties. These uncertainties arise when the critical assumptions underlying the strategy are becoming, or have become, invalid, and management and the board don’t know it. The WEF study points to a number of potentially lethal risks that could affect a company’s assumptions over its planning horizon. Management should consider these risks when formulating strategic assumptions for global and regional markets. They should focus broadly on actions competitors may take, how customer preferences could change, the threat of substitute products, or the implications of losing a major supplier, channel partner, customer or other vital component of the value chain, including transportation and logistics.
- Watch for emerging opportunities, as well as threats. While our focus is on timely identification of emerging risks, disruptive change also presents potential opportunities.
- Use scenario analysis to evaluate the effect of alternative views of the future. Factor the WEF global risks into scenario-planning and stress-testing routines to enable management to challenge assumptions and expectations, address “what if” questions, and identify sensitive external environment factors that should be monitored for change over time so management can focus its intelligence-gathering. By deepening their understanding of the pain of the unexpected, management can identify when contingency plans are required and reinforce the need for flexibility, and even exit plans, in executing the strategy.
Questions for Boards
The following are some suggested questions that boards may consider, based on the risks inherent in their organization’s operations:
- Is the board satisfied that management is looking out far enough when formulating long-term strategies? If not, is the board satisfied that the strategy-setting process is not rooted in short-term thinking?
- During the risk assessment process, is management considering longer-term global risks that are germane to the organization’s strategy, business model and geographic footprint, even though the risks may not manifest themselves over an annual period or even a planning horizon of three to five years?
- Does the organization consider the interrelationships among risks to identify risk themes germane to the company when formulating business plans?
- Is the board apprised of significant changes in the enterprise’s risk profile in a timely manner? Is there a process for identifying emerging risks, including potential black swan events? Does the exercise result in appropriate response plans on a timely basis?
For the full report by the World Economic Forum, click here.
Jim DeLoach is a managing director with Protiviti and works closely with companies to improve their board risk oversight, including the communications between management and the board. He is a member of Protiviti’s Executive Council to the CEO and has been named to the 2015 NACD Directorship 100, the annual list of the most influential people in corporate governance. Protiviti is a global consulting firm that assists board members, and the companies on which they serve, in protecting and enhancing their enterprise value by solving critical business problems in the areas of finance, technology, operations, risk and internal audit.