Recently, someone commented on a discussion about real-time risk monitoring with an excellent question:

“A ‘live’ view of risks is still based only on what is known (historic data, even if a few minutes old). What about the unknown risks … and the emerging risks?”

It’s a fair challenge.

Even the most complex dashboards, AI-driven analytics, and real-time monitoring systems are ultimately built upon known information. Whether the data is minutes old or years old, it still reflects already identified events, conditions, and trends.

The real challenge for organizations is not managing known risks; it’s preparing for the unknown and detecting emerging risks before they become crises.

The Reality of Unknown Risk

In my view, addressing unknown and emerging risks requires continuous preparation, monitoring, and a robust management system supported by the right tools.

In fact, we manage unknown risks every day in our personal lives.
Living along the Gulf Coast, we prepare for hurricane season even though we don’t know if, when, or where a storm will strike. We take practical precautions:

• Maintaining generators, food, and water supplies
• Preparing emergency lighting and evacuation plans
• Securing vulnerable areas of our homes
• Transferring risk through insurance coverage

We cannot predict the exact event, but we can prepare for a range of possibilities.
Organizations should approach emerging risks the same way.

Looking into the Risk Crystal Ball

While no system can predict every disruption, there are practical methods organizations can use to improve their ability to identify and respond to emerging threats.

1. Implement a Management System That Actually Works

Many organizations have documented management systems. Far fewer have management systems that are actively used.

An effective management system requires:

• Leadership engagement
• Accountability at all levels
• Regular review and action
• Integration into daily operations

When properly implemented, the management system becomes an early warning system rather than a compliance exercise.

2. Monitor Meaningful Metrics

Organizations should establish quality objectives and key performance indicators (KPIs) that continuously measure the health of the business.

These metrics should provide visibility into:

• Operational performance
• Customer satisfaction and dissatisfaction
• Process effectiveness
• Supplier performance
• Financial indicators

Often, emerging risks reveal themselves through subtle changes in performance trends long before they become major problems.

3. Apply Structured Risk Assessment Techniques

Organizations should leverage formal risk assessment methodologies, such as those outlined in ISO 31010 – Risk Management: Risk Assessment Techniques.

Structured approaches help organizations move beyond instinct and systematically evaluate vulnerabilities, threats, opportunities, and uncertainties.

4. Use a Potential Risk Detector Matrix

One of the most effective tools we’ve developed is a Potential Risk Detector Matrix containing approximately 130 categories, including risks such as:

• Supplier and internal performance
• Financial conditions
• Transportation and logistics
• Climate and natural disasters
• Regulatory and statutory changes
• Health-related concerns
• Geographic influences
• Force majeure events

By continuously monitoring these categories, organizations can identify signals and trends that may indicate future disruption.

5. Establish Risk Indicators and Trigger Points

Over time, we’ve identified approximately 28 areas within a management system where risks frequently surface. Monitoring these areas creates trigger points that alert leadership when conditions begin to shift.

Instead of prediction, the goal is earlier detection.

6. Monitor the External Environment

Many emerging risks originate outside the organization. Leaders should continuously monitor:

• News and geopolitical developments
• Tariffs and trade issues
• Regulatory changes
• Industry associations and publications
• Technology developments, including AI and cybersecurity trends

Organizations that scan the horizon consistently are far less likely to be surprised.

7. Learn from Past Risks

Every incident provides valuable intelligence. Trending historical risks and analyzing recurring patterns can reveal vulnerabilities that might otherwise go ignored. The objective is not simply to document lessons learned but to integrate those lessons into future decision-making.

Building Resilience for the Unknown

Can we predict every “Black Swan” event? No. By definition, a Black Swan is highly improbable and largely unpredictable.*

However, we can create organizations that are prepared to respond effectively when unexpected events occur. The goal isn’t perfect prediction. The goal is resilience.

Organizations that continuously monitor, assess, adapt, and improve are better positioned to endure uncertainty, recover more quickly, and capitalize on opportunities that emerge during disruption.

As Gunnery Sergeant Tom Highway famously said in Heartbreak Ridge: “Improvise, adapt, overcome.”† Those three words may be one of the simplest and most effective risk management strategies ever written.

References

*Taleb, Nassim Nicholas. The Black Swan: The Impact of the Highly Improbable.
†Heartbreak Ridge (1986), Clint Eastwood as Gunnery Sergeant Tom Highway.