Heads of enterprise risk management (ERM) must prepare their organisations for the risks associated with extreme weather events, according to Gartner.
“Extreme weather events now rank in the top 10 of Gartner’s quarterly emerging risk report, with global data showing they’re becoming more frequent and destructive,” says Alex Ossington, director, Advisory in the Gartner Assurance practice. “Yet this risk can be difficult to manage because an extreme weather event can be seen as a random occurrence, leading to a perception among organisations that it is harder to monitor and prepare for.”
Once ERM teams have identified the risks associated with extreme weather events that could impact their organisation, they should assess, monitor, and report their findings to drive coordination and action.
Assess and enhance preparedness
The first step is for ERM teams to thoroughly assess organisational preparedness. This involves interviewing key stakeholders and risk owners to evaluate the company’s ability to anticipate, respond to, and recover from extreme weather events. These interviews should focus on three core elements: visibility, agility, and resilience.
Visibility refers to the organisation’s awareness of potential risks such as understanding the exposure of third-party vendors or having a comprehensive list of facilities in at-risk areas. Agility measures how quickly and effectively the business can adapt, for example, by having contingency plans for supply chain disruptions or being able to shift sales strategies if a market is temporarily inaccessible. Resilience assesses the company’s capacity to withstand and recover from disruptions – including whether there are redundancies in the supply chain or sufficient inventory to sustain operations during an emergency.
Develop key risk indicators
A cornerstone of effective risk management is the development of informative Key Risk Indicators (KRIs). Gartner advises that KRIs should be based on long-term, relevant data and directly tied to the organisation’s strategic objectives. Rather than simply tracking general metrics like CO2 emissions, KRIs should reflect specific business risks such as the value of assets located in flood-prone regions or the percentage of working hours lost due to weather disruptions.
“Examples of meaningful KRIs include the volume of real estate collateral exposed to devaluation, the cost of past damages from extreme weather, or the proportion of production facilities in high-risk areas,” says Ossington.
Reporting and mitigation planning
“Perhaps the most vital role for ERM is to report actionable information to stakeholders and support the develop of preliminary mitigation plans,” says Ossington. “This ensures that decision-makers are aware of both the organisation’s exposure to extreme weather risks and its appetite for taking on such risks.”
Gartner experts recommend that ERM teams provide stakeholders with reasonable estimates of the potential financial impact of extreme weather events. While these calculations do not need to be exact, they help quantify the value at risk and facilitate more direct comparisons with the organisation’s risk tolerance.
“When presenting this information, ERM should also suggest ‘low-regret’ actions – practical steps that can be taken immediately to reduce risk,” says Ossington. “These might include localised adaptation measures such as strengthening site-specific protections or diversifying suppliers.”