Anticipating the unforeseen: RTI International.
Given the extraordinary series of man-made and natural disasters in the past two years, RTI International, a Research Triangle Park, N.C.-based research facility, has broadened its approach to enterprise risk management.
"We are seeking to gain a better understanding of the 'known unknowns'--the highly improbable yet high-impact risks that the recent catastrophes have highlighted," says Ward Sax, vice president, treasurer and chief risk officer.
Sax cites such catastrophes as the eruption of the Eyjafjallajokull volcano in Iceland, the Deepwater Horizon oil spill in the Gulf of Mexico, the earthquake in Haiti, and the global financial crisis. "These disasters have highlighted that even a 'one in a million' occurrence can happen and affect an organization's strategy and business prospects," he says.
In the wake of these events, RTI's audit committee and board challenged senior management to take enterprise risk management to the next level, developing more effective practices to identify and assess emerging strategic risks.
Sax and Jennifer MacKethan, senior manager of enterprise risk management, responded by adding "risk velocity" to the processes for evaluating risk, complementing the two previous risk dimensions--impact and probability.
"Risk velocity is essentially the speed by which a risk event is realized," MacKethan explains. "We asked each business unit leader to provide what they considered to be their top improbable, high-impact 'known unknown' risks, and then plotted each one of them on a graph according to their impact, probability and velocity."
Business units cited such risks as pandemics, natural disasters, armed assaults and terrorist incidents. Other uncommon events included espionage, a biochemical incident at a research facility, and fraud committed by a researcher. The same tool used to assess other, more traditional risks was leveraged to assess these extraordinary exposures, assuring that they were addressed in strategic plans by both business units and enterprise level management.
"From these reports we have built our early detection and response strategies, which are incorporated in our risk dashboard," Sax says. "We'll be able to respond more nimbly now when the next 'one in a million' event happens."