Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
City Risk Index and ERM
Recently, Lloyd’s of London in conjunction with the University of Cambridge Center for Risk Studies, published the results of their global risk analysis. Lloyd’s document is entitled “Lloyd’s City Risk Index: Executive Summary”. Cambridge has entitled theirs “Cambridge Global Risk Outlook 2017”. This is their second risk assessment. The first was published in 2004.
The index is a ten-year projection based on twenty-two threats to 300 hundred of the world’s leading cities. The 300 cities account for half of the world’s Gross Domestic Product (GDP). This piece discusses the results of the study and its implication for the application of Enterprise Risk Management (ERM).
Looking at the impact of twenty-two risks it is estimated they will account for an expected loss of $546.5 billion. The reasons for this loss are twofold. First, the world economy is expanding and more interconnected. Because of this expansion worldwide GDP is increasing. Thus, a greater amount is in jeopardy. The second, is the number of risks are increasing. Geopolitical, technological, and financial are among the growing risks cities face. Natural catastrophes and climate changes related adverse risks are expected to continue at current levels.
The risks reviewed in the study are of low probability, but high impact. Man-made risks account for fifty-nine percent of the risks cities face. The largest impact risk is Market Crash. Market crash accounts for $103.33 billion. The second, third and fourth largest impact risks are: Interstate conflict ($80 billion), Tropical windstorm (($62.56 billion) and Human pandemics ($47.13 billion). Cyber-attacks are ranked seventh ($36.54 billion). It is fastest increasing risk. Other man-made risks include sovereign defaults ($17.97 billion), terrorism ($9.93 billion), power outages ($7.48), social unrest ($6.19 billion) and nuclear accidents ($1.26 billion).
The dynamic nature and multiplicity of the risks have an uneven impact geographically. The geographic regions most susceptible to signification adverse impact are the Pacific rim, the Middle East, the Indian subcontinent and Latin America. The unequal geographic adverse impact affects the 300 cities differently.
The top five cities facing the highest adverse risk impact are: 1. Taipei ($20.57 billion), 2. Tokyo ($20.44 billion), 3. Seoul ($13.76 billion), 4. Manila ($13.1 billion), and 5. Istanbul ($12.06 billion). New York is ranked ninth at $9.23 billion, while Los Angeles is ranked twelfth at $8.73 billion. Both New York and Los Angeles saw the adverse impact dollar cost decline from the 2004 study.
Based on a comparison of the 2004 and 2017 results three major trends were identified. These are:
- Emerging economies are going to have a higher adverse impact because of accelerating economic growth and the higher risk in specific geographic areas.
- The impact of man-made risks is increasing.
- New or emerging risks, such as cyber-attacks and infrastructure vulnerabilities are going to have a greater adverse impact.
The study stresses that heightened awareness of the risks is the first step in mitigating their impact.
Mitigation and ERM
While the study does not layout specific mitigative actions, it does note that if cities were to increase their resilience, the potential dollar loss would be reduced by $73.4 billion or 13.4%. The study does, however, provides decision makers with cost benefit justification for the implementation of mitigative actions. It also provides a framework for incorporating the frequency and severity of impact into resilience plans and “inputs into risk registers and formal reporting of risks to shareholders and regulators.”
A risk register is the final document produced by the ERM Process. ERM is also a formal methodology which results in the prioritization of risks based on their frequency and severity. By using a frequency and severity approach and linking it to risk registers and formal reporting of risks, Lloyd’s of London and Cambridge are encouraging the implementation of Enterprise Risk Management by local governments worldwide.
The 2017 Lloyd’s and Cambridge risk assessment advances the discussion of risk and the adoption of ERM in several ways. First, by providing a comparative assessment with the 2004 study, emerging risks such as cyber-attacks have been identified. Second, by indicating that man-made risks are a higher proportion than natural hazards, it extends the discussion of risk beyond natural disasters. This encourages the expansion of risk assessment to all risks the organization faces both internal and external. Third, it provides a cost to the risk and a benefit to the mitigative actions. It, thus, shows decision makers the consequences of not mitigating known risks. Lastly, it encourages local governments to use ERM to mitigate the adverse risk impact.
James J. Kline is a Senior Member of ASQ, a Six Sigma Green Belt, a Manager of Quality/Organizational Excellence and a Certified Enterprise Risk Manager. He has over ten year’s supervisory and managerial experience in both the public and private sector. He has consulted on economic, quality and workforce development issues for state and local governments. He has authored numerous articles on quality in government and risk analysis. firstname.lastname@example.org