World Economic Forum Risk Assessment Survey
Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The World Economic Forum conducts a risk assessment survey annually. The 2019 survey is the 14th edition. It contains information from 2009 to 2019. The article looks at the results of the survey for these years and discusses some implications.
The Risk Assessment survey presents the results in two ways. One is by grouping the risks into five broad categories. The other is to indicate the specific risks. The broad categories are Economic, Environmental Geopolitical, Societal and Technological. The specific risks include Extreme Weather Events, Failure of climate-change mitigation and adaptation, Man-made-disasters and Cyber-attacks.
Table 1 below shows the broad categories for the top five Likelihood rating for six of the eleven years. Likelihood is the probability of an occurrence. Table 2 shows the top five Impact ratings for the same periods. Impact is the significance of the impact.
The results indicate, there is has been a shift in concern from Economic Risks, to Environmental Risks. While there is a greater likelihood of a Technological risks, Technological risks have a lower impact than either Geopolitical or Societal Risks.
Before examining the specific risks, it is worth looking at the three broad trends identified in 2012. The trends were: Seeds of Dystopia, How Safe are our Safeguards? and The Dark Side of Connectivity.
Three Major Risk Groupings of 2012
Seeds of Dystopia reflects the recognition that in a global economy there is significant interconnectivity. “The interplay among these risks could result in a world where a large youth population contends with chronic, high levels of unemployment, while concurrently, the largest population of retirees in history becomes dependent upon already heavily indebted governments.” This could precipitate a global downward spiral of the global economy “fueled by protectionism and populism”
The second trend was a questioning of whether the current safeguards used to manage vital resources and ensure “orderly markets and public safety”, is sufficient.
The last trend notes the importance and growth of digital connectivity and the risks associated with it. “Online security is now considered a public good, implying an urgent need to encourage greater private sector engagement to reduce the vulnerability of key information technology systems.”
Comparison 2012 and 2019
Looking at present day, one can say those responding in 2012 demonstrated foresight. There has been a trend towards protectionism and populism. Markets have been disrupted and there is a questioning of whether the old safeguards are adequate. Finally, there is a need for the private sector to reduce the vulnerability of key information technology. This seen in the 2018 and 2019 likelihood rankings where Cyber-attacks and Data fraud and theft were ranking 3 and 4 and 4 and 5 respectively.
However, severe income disparity has been replaced as a top risk by Extreme weather events. The other two top rated risks in 2019 were Failure of climate change mitigation and adaptation and Natural disasters.
That natural disaster is a current concern with substantive costs can be seen in the case of PG&E. PG&E is California’s largest power company. It declared bankruptcy. This is the result of its liability for an employee’s starting of the 2018 wildfires. It is estimated that without bankruptcy, the company would be liable for $30 billion in damages. The company’s wildfire insurance for 2018 was $1.4 billion. In fact, Extreme Weather events has been ranked among the top five Likely risks since 2012.
Combining Likelihood and Impact
The combination of the Likelihood and Impact scores for 2019 results in the following top five risks: Failure of Climate-change mitigation and adaptation, Extreme weather events, Natural disasters, Cyber-attacks and Biodiversity loss and ecosystem collapse. Four out of the top five combined risk scores are environmental. The presence of so many environmental risks in the top five points out a major difficulty.
Difficulty in Implementation
Identifying the risks is one thing. The implementation of mitigative efforts are more difficult. This is because the mitigative efforts of environmental risks is beyond the capabilities of individual companies.
To mitigate most Environmental Risks requires comprehensive governmental action. Yet, government actions, even after a catastrophic event, can often be diffuse. For instance, the 2018 California wildfire cost the state $400 billion. In response, the California Senate passed a measure that requires developers to increase fire protection and develop plan for evacuations. Local governments would also be required to make existing structures less likely to burn.
California Governor Newsom, a former city mayor, released a report that suggested that local government “de-emphasize” building in high risk areas. However, Governor Newsom stressed that he does not want to take away land-use planning or power from local governments. Further, any legislation restricting building, even in high risk areas, is likely to receive push back from California’s Building Industry Association.
The conflict between local control and restricting building in high risk areas is obvious. Local governments want development. Such development adds property to the tax rolls. This increases property tax revenue. Local government also gets money for building permits and inspection fees. Consequently, there is little incentive to apply restrictions.
The old approach, such as allowing local government control over land use policies which continue to allow construction in high risk areas, is coming into question. Also coming into question is the effectiveness of organizations to manage the risks they have control over. Cyber-security is a good example. Even after years among the top five most likely risk, Cyber-attacks is still among the top five in terms of likelihood and total score.
The difficulty is that in order to mitigate the adverse impact of any risk an organization faces, it must have an administrative process such as Enterprise Risk Management (ERM), and an organizational culture which is risk aware. Based on the continuing presence of Cyber-attacks among the top five risks, ERM appears to be lacking in most private sector organizations.
The list of risks identified by The World Economic Forum is a key indicator that risk management is an important issue. The risks listed in the forum’s risk survey are those identified by the captains of global industry. This give those risks a higher profile. However, a historical analysis shows that the types of risks given high profile change over time. It also shows that, while the number of top five risks over the last three years has been consistent, their impact continues to be substantive. In the cases of environmental risks, the organizations have little or no control over the mitigative efforts. Where the organizations have considerable control, mitigative efforts may be difficult to implement.
James J. Kline is a Senior Member of ASQ, a Six Sigma Green Belt, a Manager of Quality/Organizational Excellence and a Certified Enterprise Risk Manager. He has work for federal, state and local government. He has over ten year’s supervisory and managerial experience in both the public and private sector. He has consulted on economic, quality and workforce development issues for state and local governments. He has authored numerous articles on quality in government and risk analysis. email@example.com