A number of unexpected catastrophes and shortages dominated the headlines in the first quarter of 2011. Japan was hit by a magnitude 9.0 earthquake and tsunami that caused a nuclear disaster, persistent power outages, and a host of other major societal and economic challenges. China sharply tightened its limits on exports of rare earth minerals, on which the information technology, automotive, and energy industries rely. The nations of the Middle East and North Africa experienced severe political eruptions, including civil war in Libya and regime-shaking protests in Algeria, Egypt, Iraq, Jordan, Syria, and Tunisia, which pushed oil prices above US$100 per barrel. Portugal and Greece tottered on the edge of insolvency, destabilizing their political leaders. Christchurch, New Zealand, was hit by two major earthquakes in quick succession, and the state of Queensland in Australia suffered the worst floods in recorded history in at least six river systems, resulting in great social and economic disruption.
All these events are examples of the kinds of high-magnitude, low-frequency upheavals that Nassim Nicholas Taleb labeled black swans, after a historical reference to their improbability. In The Black Swan: The Impact of the Highly Improbable (Random House, 2007), Taleb defined a black swan as “an event with the following three attributes. First, it is an outlier, as it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility. Second, it carries an extreme impact.... Third, in spite of its outlier status, human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable.”
Whether environmental, economic, political, societal, or technological in nature, individual black swan events are impossible to predict, but they regularly occur somewhere and affect someone. Some observers argue that the frequency of these events is increasing; others say global communication networks have simply made us more aware of them than we were in the past.
In any case, with the rise of global business, it is likely that black swans carry increased risks for your company, including negative impacts on your customers, suppliers, partners, assets, operations, employees, and shareholders. Today, not only can a catastrophe in one part of the world affect the sourcing, manufacture, shipping, and sale of products locally, but the interconnections of global financial, economic, and political networks ensure that the effects of such events ripple around the world.
ERM Is Not Enough
Typically, a large company relies on its enterprise risk management (ERM) department to identify potential business disruptions, map out their most likely effects, and develop mitigation plans and preventive actions to reduce the risk exposures. After the multiple and severe disruptions of the past decade, starting with the terrorist attacks of September 11, 2001, the ERM functions at most companies have become well staffed with risk managers who work diligently to protect their company across strategic, operational, financial, and hazard risk categories. Through this process, ERM has become an indispensable member of the global functional teams in most large companies.
Most ERM groups focus their attention on the risks that businesses most frequently encounter — such as whether the enterprise is complying with regulations, suitably accounting for its activities, and operating in an ethical and legal manner — rather than on black swans. And this approach is appropriate. First, ERM resources are limited and must be invested in mitigating high-frequency risks, as well as servicing the growing demands imposed by Sarbanes-Oxley and other financial and regulatory requirements. Second, high-magnitude, low-frequency events can stem from sources too numerous and too varied for the ERM team to identify in full. Third, the internal politics and culture of many large companies unintentionally create blind spots that can be very difficult to penetrate for internal staff members using standard ERM tools.
Thus, most ERM teams can assure their board and executive team that they have covered the more common risk areas of compliance, ethics, finance, and accounting, as well as safety, quality, and customer experience. But ERM simply does not have the capacity to also monitor high-magnitude, low-frequency disrupters on a continuous or regular basis.
This does not mean that black swans can or should be ignored. These events can threaten a company’s survival, and boards and senior leaders are responsible for protecting shareholders and other stakeholders. They must ask, What else can go wrong?
A Disrupter Analysis Stress Test
The solution to this conundrum is disrupter analysis. Disrupter analysis does not seek to predict black swans; that cannot be done. And it is not meant to replace ERM, but rather to complement it. Disrupter analysis — which is typically conducted by a separate team working in collaboration with the ERM staff, functional and business unit leaders, and senior management — is designed to periodically administer a stress test to a large company in order to assess its ability to withstand black swans.
The analysis consists of a four-step process that will be familiar to professional ERM managers. It quickly and efficiently maps the shape of the enterprise, determines the breadth of potential disrupters, asks the “what ifs” to determine how severely certain events could stress the enterprise, and then implements the contingency plans.
1. Mapping the enterprise. The shape of a company is determined by a number of factors, starting with its geographic footprint, its operations, the composition and construction of its supply chain, and its channel partners and customers. In mapping these elements, it is important to look beyond first-order relationships. Recently, for example, Apple’s supply of lithium-ion batteries, used in iPods, suddenly dried up. Unfortunately, as Apple quickly discovered, almost all its suppliers purchased a critical polymer used to make the batteries from the Kureha Corporation, a Japanese company whose operations were disrupted by the March 11 earthquake. In fact, Kureha’s share of the global market for polyvinylidene fluoride, which is used as a binder in lithium-ion batteries, is 70 percent. This is why analysts must also map second-order relationships (the suppliers of the company’s suppliers). In some critical cases, even third-order relationships should be mapped.
After the shape of the enterprise has been mapped with the help of the ERM staff, finance and other group functions participate in team sessions to map sources and concentrations of revenue, profit, and capital. Then the often-hidden concentrations that exist in go-to-market activities — including the business’s products, services, channels, and customers — are considered.
A determination of the company’s shape must also include a mapping of industry structure and competitive dynamics, as well as the firm’s position in both. To determine how a black swan event could stress a company, the team needs to understand the foundation on which the status quo rests.
2. Creating the disrupter list. The key to creating a list of potential black swan events is to cast a wide net by cataloging possible catastrophic environmental, economic, political, societal, and technological events. The team should add much more to the list than ERM typically does, and continue until the net is wide enough to include representatives of as many different black swan categories as possible.
After the long list is compiled, the events are categorized by the type of impact they might have on the business. The result is a shorter, more workable synthesis that encapsulates the black swan events that could threaten the company.
3. Asking “what if.” Armed with the enterprise map and a concise list of disruptive events, the analysis team can begin to ask what would happen to the company if the events, or even combinations of events, occurred. The likelihood of occurrence is not a major concern here; these are, after all, black swans. Rather, the team needs to determine the relative impact and consequences of a given catastrophe.
This stage of the analysis often produces surprising results. Revelations can include greater concentrations of risk than were previously recognized, more severe and unexpected consequences, and, sometimes, seemingly obvious mistakes in how an enterprise has been shaped. The widespread adoption of offshoring strategies has spawned one example. At first, offshoring spread out the exposures and risks of operational disruptions because large companies were expanding their ranks of partners and their geographic footprints. But more recently, new exposures have arisen: Offshoring has created greater concentrations of risk in far-flung locations, where high-magnitude, low-frequency risks are often more varied and where the likelihood of rapid recovery can be much lower. Consider what might happen to the world’s consumer electronics and apparel industries, for example, if the recent labor unrest in southern Chinese factories develops into a disruptive labor movement similar to what the West experienced during the early 20th century.
4. Implementing contingency plans. Typically, the analysis team systematically generates mitigation options for each major “what if” insight. It looks for options that address multiple risks, and prioritizes them by the magnitude of risk exposure as well as the expense and ease of implementation.
Sometimes companies complete this final step on their own, using their ERM departments. The ERM staff usually participates throughout the analysis and is the most logical and effective group to shore up any major exposures. However, sometimes internal complexities warrant third-party involvement. Also, most boards prefer to involve an external, objective set of eyes, especially when recommendations include critical strategic and operational issues.
No company can be completely prepared for every possible black swan event. But the board, the executive team, and the ERM staff can complement the day-to-day work of the ERM function with periodic disrupter analyses. These analyses can ensure that the company has adequately focused its attention on high-magnitude, low-frequency events, performed stress tests on its fitness in the face of such events, and prepared itself for unexpected catastrophes.
Reprint No. 11303
- Matthew Le Merle is a partner with Booz & Company based in San Francisco. He works with leading technology, media, and consumer companies, focusing on strategy, corporate development, marketing and sales, organization, operations, and innovation.