Lack of confidence in strategic assumptions now the top emerging risk: Gartner

Cyber-physical convergence ranks as the No.2 emerging risk in Q4, 2019, followed by extreme weather events, data localization and US-China trade talks

Lack of confidence in strategic assumptions now the top emerging risk: Gartner - CIO&Leader

Concerns that the assumptions underpinning organizational strategy may be outdated or misaligned to current growth objectives topped business leaders’ concerns in Gartner’s latest Emerging Risks Monitor Report.

Gartner surveyed 136 senior executives across industries and geographies and the results showed that “strategic assumptions” had risen to the top emerging risk in the 4Q19 Emerging Risks Monitor survey, up from the third position the previous quarter (see Table 1). Last quarter’s top emerging risk, “digitalization misconceptions,” has now become an established risk after ranking on four previous emerging risk reports.

“This quarter saw a number of external risks converge in executives’ thinking, from increasing concerns about the impact of extreme weather events to trade policy,” said Matt Shinkman, vice president with Gartner’s Risk and Audit Practice. “Currently, however, business leaders are most acutely concerned with the beliefs underpinning their own strategic assumptions and the ramifications of getting them wrong.”

“This quarter saw a number of external risks converge in executives’ thinking, from increasing concerns about the impact of extreme weather events to trade policy,” said Matt Shinkman, vice president with Gartner’s Risk and Audit Practice. “Currently, however, business leaders are most acutely concerned with the beliefs underpinning their own strategic assumptions and the ramifications of getting them wrong.”

Table 1: Top Five Risks by Overall Risk Score: 1Q19-4Q19

Rank

1Q19

2Q19

3Q19

4Q19

1

Accelerating Privacy Regulation

Pace of Change

Digitalization Misconceptions

Strategic Assumptions

2

Pace of Change

Lagging Digitalization

Lagging Digitalization

Cyber-Physical Convergence

3

Talent Shortage

Talent Shortage

Strategic Assumptions

Extreme Weather Events

4

Lagging Digitalization

Digitalization Misconceptions

Data Localization

Data Localization

5

Digitalization Misconceptions

Data Localization

U.S.-China Trade Talks

U.S.-China Trade Talks

Source: Gartner (February 2020)

Strategic Planning Must Account for Critical Uncertainties

The study defined a strategic assumption as a plan based on a belief that a certain set of events must occur. Gartner research has found that executives believe more than half of their time spent in strategic planning is wasted, and the quality of those plans fail to meet expectations. Incorrect strategic assumptions often result in stalled growth that can derail planned results.

“Strategic assumptions are often sound when they are first formed, but in today’s environment are more vulnerable to becoming outdated or obsolete due to a rapid increase in the pace of change,” noted Shinkman. Senior executives ranked the pace of change as a top emerging risk in the second quarter of 2019.

Organizations with a poorly formed set of strategic assumptions typically produce a high number of projects that are not aligned with their stated objectives. Moreover, time and budget for the execution of key initiatives consistently overrun planned targets.

“Risk teams should play a vital role in mitigating the impact of inaccurate strategic assumptions. A key component of clarifying strategic assumptions is discerning between likely truths and critical uncertainties,” Shinkman said. “Risk leaders should involve themselves early in the strategic planning process and add value by developing a set of criteria to stress-test assumptions and root out biases and flaws before they become cemented in a strategic plan.”

Cyber-Physical Convergence Presents New Risks

The second most cited risk was a convergence of cyber-physical risks, as previously unconnected physical assets become part of an organization’s cyber network. Nearly 90% of organizations with connected Operational Technology (OT) have already experienced a breach related to cyber-physical architecture. Despite these threats, organizations continue to move forward with integrating Internet of Things (IoT) devices, smart buildings and other OT, often without dedicated security policies.

“The risks of OT are still not widely appreciated throughout most organizations,” said Shinkman. “Top risk teams partner with IT to develop dedicated strategies that account for the security deficiencies in such assets and include regular meetings to review issues such as access rights and employee training.”


Add new comment