- Employees’ illegal or inappropriate behavior.
- Operational bottlenecks due to human error.
- Inefficient organizational structure and unclear reporting responsibilities.
- Unexpected financial events and market value loss.
Unlike external risks, internal risks can (at least hypothetically) be anticipated and mitigated.
What are external risks?
External risks are, of course, from outside the organization, and can be wildly unpredictable. They include:
- Natural disasters, such as hurricanes and earthquakes.
- Major macroeconomic shifts, including recessions and industry disruption.
- Competitor actions, including the development of new disruptive technology.
- Political policy changes, in governance, ideology, and governmental policies, and regulatory requirements.
- Social unrest, such as movements, protests, or shifts in societal fundamentals.
- Cyber-attacks, such as data breaches and leaking of confidential information.
The coronavirus crisis has
proven out the WEF’s predictions for 2020. The virus’ spread and the need for social distancing and other restrictions on work and commercial activity have shut down whole sections of the economy. Many businesses have been
forced to work remotely and have suffered interruptions in workflow and deliverability.
Employees working from home may also inadvertently expose their businesses and customers to hackers who prey upon loose data security and unsecured video chats. And inadequate business continuity planning/disaster recovery and pandemic preparedness plans have put many companies in dire straits.
Threading the needle
All these factors and more can greatly harm a company’s reputation. According to Forbes, “corporate reputation is highly dependent upon the system of the organization performing well across many complex reputational drivers.”
These can include product and service quality, ethics, technological advancement, and environmental responsibility. Throughout all of this, when a company’s reputation is at risk, its market value is at risk.
How can you thread the needle of systemic risk oversight and management for both internal and external risks? Your ERM program should include automated, real-time risk reports and a configurable, multilevel evaluation framework to help identify and analyze these interconnected risks to proactively prevent them or mitigate any damage.