Displaying an organisation’s risk landscape in two dimensional impact / likelihood matrices with a colour coding showing the corresponding threat level from green (“can live with it”) to red (“live threatening”) is part of the ERM gold-standard. It is intuitive, relatively easy to do, appeals to all stakeholders, ensures consistency and allows, to a certain extend, peer-comparison.
In an ever-accelerating1 world an additional dimension depicting the velocity or propensity of each risk to change would come handy. Wouldn’t it be helpful to add some indication of the velocity of change to this graph, a third dimension showing how quickly a risk evolves?
Let’s look at two examples to make this point: longevity, a risk and an opportunity for many businesses, is comparatively well understood. The risk is not static, however the speed of evolution is relatively slow as long as we disregard black swan events (such as the discovery of the fountain of youth…..). In the 3D chart outlined above, we would probably put ‘longevity’ close to zero on the velocity axis.
Cyber Risk, on the other hand, is in stark contrast: on the likelihood axis we would put it (close to) ‘certain’, impact probably medium (depends on the nature of the business under discussion). For sure, everybody would put the cyber risk way out on the velocity axis!
When we do ERM work with our customers, we always give consideration to the velocity of change. This forward-looking, dynamic approach to risk mapping makes Megrow’s customers better prepared to capture the opportunites that arise out of the changes!
1 “The Great Acceleration: How the World is Getting Faster, Faster” by Robert Colvile