How to use risk

management to be prepared
for disruptive technology
Carol Williams
 How to use risk management to be prepared for disruptive technology

How to use risk management to be prepared for

disruptive technology
Disruptive technology is a phrase we’ve been hearing a lot lately. While the concept of business
disruption is nothing new, it is an accelerating trend that shows no signs of slowing down anytime
soon.
Disruptive innovation or technology was formally defined by Harvard Business professor Clayton
Christensen in a 1995 HBR article and subsequent book entitled Innovator’s Dilemma. In short,
disruptive innovation is a concept, product, or service that disrupts an existing market or creates a
completely new market segment. Disruption occurs when an existing market’s value drivers
significantly change.
Warren Black illustrates this point in a talk on the Fourth Industrial Revolution when he says:

“Electricity wasn’t invented to improve the

performance of the candle.

What typically happens is a company enters a particular market with a new technology and/or
business model that provides different and better value than more established firms. Note that
“disruption” doesn’t just include technology but business processes as well.
One example of a disruptive technology is the SaaS or “software as a service” business model, which
is something we all have become more familiar with in recent years. Rather than paying a hefty price
tag for software programs on an individual computer or on-site server, the SaaS model delivers
software for a small monthly fee.
Salesforce’s customer relationship management (CRM) tool was a pioneer in the SaaS space.
Although struggling at first, Salesforce’s availability, flexibility, and ease of maintenance, or a
combination of new technology and a unique business model, ultimately led to widespread adoption
and displacement of older firms.

How does disruptive technology go from initial concept

to displacing established market players?
Contrary to what you may think, disruptive technologies start off slow and are typically not profitable
in the beginning. The new technology, like SaaS in the early 2000s, only appeals to a small market
niche – the early adopters – who are looking for new solutions, because they feel the existing
solutions don’t effectively meet their needs. Therefore, most established companies will opt to focus
their resources on “sustaining innovation” (i.e., improving existing technology), especially
considering that the existing customer segment is the most profitable.
Disruption begins to take place when the needs and preferences of consumers becomes more in
alignment with what the new technology offers.
Established companies eventually catch on but it is often too late…
While they are quite good at meeting the needs of customers through improvements to existing
technology, most fail to anticipate what customers in the future will demand. Larger more
established firms rarely pioneer new technologies that initially only appeal to small, niche markets.
 How to use risk management to be prepared for disruptive technology
After all, this sort of innovation can be hard to justify since it means diverting resources from meeting
the needs of current customers and fending off competitors to creating something new for an
insignificant or (currently) nonexistent market.
While established companies by and large do a great job of focusing on their existing customers,
they are also often oblivious to up and coming technologies in emerging markets. According to a
2017 survey from Innosight, many executives see existing market players as their biggest
competition and not new entrants to the market. I imagine that is what the executives of giants like
Borders and Sears thought…until they were unable to reverse the downhill course of their companies.
Although bureaucracy, arrogance, and short-term thinking does play a role in a company being
disrupted, the core reason leading companies are displaced is that they stay too close to existing
customers. Executives rely too much on past successes and fail to appreciate the abilities of new
entrants to the market until it’s too late.

Avoiding this fate requires established companies to

not be reactionary but instead take informed risks…
Taking a reactionary approach to the adoption of disruptive technologies can lead to “shiny-object
syndrome.” A client fell victim to this mindset…there were no principles or goals guiding its
technology investments. A solution sounded fantastic when discussed, but implementation led to
extremely inefficient processes, staff overwhelm, and dissatisfied customers.
A recent article exploring disruptive technology though suggests a very blanket, reactionary
approach, thus prompting today’s topic. Technologies like machine learning, AI, and block chain may
be disruptive for some industries, but AI for example has been used in retail for a long time.
Taking a proactive, strategic approach instead of a reactionary one is crucial for organizations to
adapt and thrive in the decades ahead. It is also a key difference between traditional risk
management and ERM.
In his book Prepare to Dare, author and former strategic risk manager for LEGO Hans Læssøe
summarizes the different levels of risk management from basic to progressive.
He explains that to survive and thrive in the onslaught of change expected in the years ahead,
companies need a certain level of disruptive capability. These companies will seek ways to leverage
key risks into opportunities and look for areas of disruption or business development in a deliberate
and systematic way. As Hans states:

“The actions and decisions applied for doing disruptions or

disrupting your industry may not be seen as risk
management as such – and so be it. However, it is all the
tools and processes of risk management that enables an
organisation to do it successfully.” [emphasis added]

Business development and disruption is a more advanced use of risk management tools. Not every
organization is equipped to do this right out of the gate as there are different foundational elements
that must be in place first. However, once these are in place, a few questions (from Hans’ book) you
can ask to gauge your company’s level of disruption capability include:
 How to use risk management to be prepared for disruptive technology
• Do you actively scout for disruptions made by others – in other industries?
• Do you actively and broadly scout for options of creating disruption?
• Do you actively seek the opportunities of applying your business strengths into other
industries?
• Does your development strategy embed explicit risk taking?

I also highly recommend Dr. Christensen’s original article for ideas on what your company can be
doing to monitor business disruptions and act before being displaced by an insurgent competitor.
The story of human advancement has been one of disruption, whether it’s Gutenberg’s printing press,
Henry Ford’s assembly line, or the more recent growth of Amazon, Uber, and Airbnb.
Simply reacting to these changes will inevitably lead to irrelevance, but by taking a methodical,
strategic approach, your company will be well-equipped to survive and thrive in the 21st century.

Is your company harnessing risk management in pursuit of disruptive technology?

The pace of disruption will only intensify in the years ahead. To share your thoughts on this trend
and where the future may be headed, please don’t hesitate to leave a comment below or join the
conversation on LinkedIn.

And if your company is struggling to use risk management for building a strategic advantage in your
industry, I invite you to visit my consulting firm website Strategic Decision Solutions to learn more
about how we help companies take smart and informed risks to maximize business performance.

About the Author

Carol Williams, CRM (Certified Risk Manager) has over 10 years of

experience helping organizations develop customized enterprise risk
management tools to support decision-making and strategic planning.
She is the founder, CEO and principal consultant of Strategic Decision
Solutions and publishes weekly how-to and other articles for fellow risk
professionals at her blog, ERM Insights by Carol.
SoftExpert ERM software enables organizations to identify, analyze, evaluate, monitor, and
manage their enterprise risks using an integrated approach. It brings together all risk
management related data in a single and comprehensive environment, including a reusable
library of risks and their corresponding controls and assessments, events such as losses and
non-conformities, key risk indicators, issues and treatment plans.

Process-oriented risk identification Risk repository

The software serves as the foundation for the company’s enterprise risk management efforts
through its ability to unite and support different risk categories like strategic, financial, security,
compliance, environmental, assets, products, processes and projects. These categories can
be part of broader applications and risk family solutions, such as Operational Risk
Management, IT Risk Management and General Compliance Management.

Risk assessment Risk response planning and monitoring

SoftExpert ERM is designed to be flexible and configurable, supporting whether the risk
management standards defined by ISO 31000, COSO and PMBOK, as well the company’s
unique requirements.

Tests and Control Self-Assessments Risk monitoring portals

Learn More at:

https://www.softexpert.com/enterprise-risk-management-erm/
 Manage business process change with checklists
About SoftExpert
SoftExpert is a market leader in software and services for enterprise-wide business process
improvement and compliance management, providing the most comprehensive application suite to
empower organizations to increase business performance at all levels and to maximize industry-
mandated compliance and corporate governance programs.
Founded in 1995 and currently with more than 2,000 customers and 300,000 users worldwide,
SoftExpert solutions are used by leading corporations in all kinds of industries, including
manufacturing, automotive, life sciences, food and beverage, mining and metals, oil and gas, high-
tech and IT, energy and utilities, government and public sector, financial services, transportation and
logistics, and healthcare.
SoftExpert, along with its extensive network of international partners, provides hosting,
implementation, post-sales support and validation services for all solutions to ensure that
customers get the maximum value from their investments.

SoftExpert Excellence Suite

The Roadmap for Business Excellence and Enterprise Compliance

More information: www.softexpert.com | sales@softexpert.com

Disclaimer: The content of this publication may not, in whole or in part, be copied or reproduced without prior authorization from SoftExpert Software. This
publication is provided by SoftExpert and/or its network of affiliates strictly for informational purposes, without any guarantee of any kind. The only guarantees
related to SoftExpert products and services are those contained within a contract. Some product functionalities and characteristics presented herein may be
optional or may depend on the makeup of the offer(s) acquired. The content of this material is subject to change without prior notice.