As Britain moves towards the deadline for leaving the European Union (EU), there’s news of businesses making major strategic decisions which have far-reaching implications. Many of these businesses operate internationally but all the businesses are connected with the British economy in one way or another. Their decisions seem to be coming after months of seeming indecision and are being taken in the – admittedly normal – light of only partial information being available to the decision takers.

 

In taking their decisions, these business leaders are assessing risk, deciding how exposed to this risk they want their business to be, weighing the options and then acting (or not acting). Consequently, this state of affairs offers some lessons about risk, along with its effects upon business leadership and business strategy.

 

Britain’s exit from the EU is a political event – and, in business terms, a political event isn’t a risk unless it affects your business. Once you decide that a particular political event is a risk to your business, you must map out organisation-specific ‘pathways of impact’ from any crisis.

 

According to Alasdair Ross, a specialist in global affairs, economics and business strategy, writing for FT | IE Business School Corporate Learning Alliance, it’s important to remember that simple measures, implemented speedily, can mitigate potentially huge risks. It’s also vital to determine – before the crisis arrives – which risks are worth mitigating to stay in your market. What matters isn’t merely business leaders’ foresight but also the way they assess the risks to their operations.

 

To make an effective calculation of political risk, Ross argues that organisations must understand four key variables: the likelihood of the risk event happening; the degree to which they and their business are exposed; their level of resilience, and the amount of risk they’re willing to accept.

 

He adds that there are four elements involved in any business decision related to risk caused by geopolitical events:

 

  1. Probability: How likely is a particular risk event?

Judging probability is a vital calculation because an organisation’s resources are scarce. Any external political event is just a headline to be read and forgotten unless and until it can also affect business operations.

 

We tend to assess probability by using our knowledge of the past – a record of the event’s frequency over time. However, the past is a notoriously unreliable predictor of the future.

 

The most straightforward assessment technique is to rank events in order of their perceived likelihood. If you can’t say how likely event A is, you may be able to judge whether it’s more, or less, likely than event B. Such a ranking might provide enough data for an effective risk model.

 

This qualitative approach is often required where political risk is involved. Given the range and uncertainty of political variables, the kinds of quantitative techniques used in finance can be dangerously spurious.

 

  1. Degree of exposure: How exposed is your organisation to the threat?

The way an event affects business will vary from organisation to organisation, and it’ll depend on the ‘pathway of impact’.

 

The same event will affect different organisations differently. It will work its way through organisations in different ways, with a cascade of primary and secondary impacts as the organisation responds.

 

Leaders must also decide how important the disrupted part of the business is within the context of the whole organisation.

 

Measuring exposure to political risk is an art rather than a science. Financial risk can be expressed in terms of the expected impact on revenue but politics is less tangible and transparent. Again, a ranking system, agreed in discussion with relevant department heads, can provide the basis for calculation.

 

  1. Resilience: How protected is the organisation from the identified threat?

Judging resilience is not just a matter of how an organisation responds, but also how fast. This involves three variables:

  • Decisive action– have responses to threats been identified? Are mitigation plans ready to be activated at short notice?
  • Clear responsibility– have the right people been given the responsibility and the skills to implement the plan, as well as the autonomy to adapt when circumstances change?
  • Practised procedures– does the organisation practise for crises in a realistic way? Mere box-ticking exercises are more likely to breed complacency than resilience.

 

  1. 4Risk appetite

Risk isn’t a choice. The key question is how much risk can an organisation handle for a given reward?

 

Sometimes, it’s the CEO who decides this. Organisations with more sophisticated risk management processes can produce a formal risk appetite statement to cover every major risk identified. This statement recognises the relative importance of the organisation’s strategic and operational objectives, along with the degree of risk the organisation is willing to take to achieve each of them.

 

Organisations, and even entire industry sectors, can be infused with a culture of risk (or risk avoidance). For example, Silicon Valley start-ups are notoriously uncertain ventures and require a voracious appetite for risk. The private banking houses of London and Geneva are protective of their history and will set a high price for the risks they accept.

 

These four variables – probability, exposure, resilience and appetite – play a key part in planning a response to risk. Even highly unlikely events can push an organisation with high exposure and low resilience beyond its tolerance.

 

Ross believes that, once the risk horizon has been mapped, these four variables should determine the priority the organisation gives to each risk and, therefore, the share of its resources it deploys against them. It will also form the basis of a framework allowing each organisation to categorise and prioritise the risks they face – and design appropriate responses.