Concerns that the assumptions underpinning organisational strategy may be outdated or misaligned to current growth objectives topped business leaders’ concerns in Gartner’s latest Emerging Risks Monitor Report.

Gartner surveyed 136 senior executives across industries and geographies and the results showed that “strategic assumptions” had risen to the top emerging risk in the 4Q19 Emerging Risks Monitor survey, up from the third position the previous quarter.

Last quarter’s top emerging risk, “digitalisation misconceptions,” has now become an established risk after ranking on four previous emerging risk reports.

“This quarter saw a number of external risks converge in executives’ thinking, from increasing concerns about the impact of extreme weather events to trade policy,” says Matt Shinkman, vice-president with Gartner’s Risk and Audit Practice. “Currently, however, business leaders are most acutely concerned with the beliefs underpinning their own strategic assumptions and the ramifications of getting them wrong.

The study defined a strategic assumption as a plan based on a belief that a certain set of events must occur. Gartner research has found that executives believe more than half of their time spent in strategic planning is wasted, and the quality of those plans fail to meet expectations.

Incorrect strategic assumptions often result in stalled growth that can derail planned results.

“Strategic assumptions are often sound when they are first formed, but in today’s environment are more vulnerable to becoming outdated or obsolete due to a rapid increase in the pace of change,” notes Shinkman. Senior executives ranked the pace of change as a top emerging risk in the second quarter of 2019.

Organisations with a poorly formed set of strategic assumptions typically produce a high number of projects that are not aligned with their stated objectives. Moreover, time and budget for the execution of key initiatives consistently overrun planned targets.

“Risk teams should play a vital role in mitigating the impact of inaccurate strategic assumptions. A key component of clarifying strategic assumptions is discerning between likely truths and critical uncertainties,” Shinkman says.

“Risk leaders should involve themselves early in the strategic planning process and add value by developing a set of criteria to stress-test assumptions and root out biases and flaws before they become cemented in a strategic plan.”

The second most cited risk was a convergence of cyber-physical risks, as previously unconnected physical assets become part of an organisation’s cyber network. Nearly 90% of organisations with connected operational technology (OT) have already experienced a breach related to cyber-physical architecture.

Despite these threats, organisations continue to move forward with integrating Internet of Things devices, smart buildings and other OT, often without dedicated security policies.

“The risks of OT are still not widely appreciated throughout most organisations,” says Shinkman. “Top risk teams partner with IT to develop dedicated strategies that account for the security deficiencies in such assets and include regular meetings to review issues such as access rights and employee training.”