De-risking the business model


August 2020


Bjørn Rothaus

The exponential development and effects of COVID-19 have thrust risk management into the limelight, leading many of us to question whether our current risk management models are up to par. Now is the optimal time to consider what other exponential risk exposures our organisations may face and how we can best equip our businesses to deal with cases of extreme uncertainty and risk.

The traditional approach to risk management usually means defining a list of risks, assessing the risks in a risk matrix and then agreeing on further actions to take to mitigate the risks. If this approach is used and implemented appropriately, we can make great strides in de-risking businesses – in particular related to well-defined “persistent” risks like IT security, operational breakdown, fraud, health and safety and compliance.

However, when we are exposed to dynamic and complex tactical and strategic risk – the true threats to and opportunities for businesses – the traditional approach actually falls short. These are risks such as pandemics, geopolitical shifts, technological disruptions, climate change and shifts in demand.

When addressing the more complex types of risks, we should focus more on building resilience into our business model and enabling the organisation to make agile changes when needed, i.e. due to risk exposure, rather than trying to mitigate the risk.

Travelling in Mediocristan vs Extremistan

Risk analyst and author of “The Black Swan” and “Antifragility” Nassim Nicholas Taleb discusses the distinction between travelling in Mediocristan vs Extremistan.

In Mediocristan, we meet the persistent risks that we can deal with by using well-known tools like cause and effect analyses and risk assessments.

In Extremistan, our normal map, GPS and currency does not work. We need to be more mindful in order to avoid our confirmation bias and look for what we do not expect to happen.

Looking for the five signs of Extremistan

Due to our extensive work with clients on risk management, we recommend looking for five signs of Extremistan: snowballs, long tails, egg baskets, lock-ins and Gordian knots.


Snowballs are events and developments that are self-enforcing or contagious. Examples include pandemics, customer loyalty and shitstorms.

Long tails

Long tails occur when a potential best- and worst-case outcome is extreme compared to the average outcome. Examples are technology developments, the weather, the climate and financial markets.

Egg baskets

Egg baskets occur when an organisation is impacted in multiple ways or in several areas by one event or development. Examples could be a situation instigated by leadership and organisational culture or knock on effects to supply chains, patents and products.


Lock-ins refer to situations when strategies and business models are sticky and difficult to change. This could be high fixed costs, too much bureaucracy or a lack of change experience.

Gordian knots

A Gordian knot is a tricky problem: A project, market or relationship that is so complex that we cannot find the beginning or the end, and we do not know the effects of actions on results. Examples include political dependencies, M&A and transformation projects.

As you can see, we cannot equate these signs of Extremistan with risks that can be meaningfully listed and assessed in a risk matrix.

When looking at the signs of Extremistan, we should instead use scenario thinking, stress testing and strategic problem-solving to understand how we can prepare our business to survive and take advantage of uncertain environments.


One of our clients found significant “lock-ins” in their business. Their ability to react to changes in the market was limited due to an inability to change or stop projects, initiatives and activities that were no longer relevant.

They had some difficulties in objectively measuring progress and impact. And there was also a lack of agile project management skills and misunderstood loyalty and stubbornness amongst employees.

By upscaling these issues and introducing objective “turning points” before entering initiatives, the client was able to address the lock-in issues by reducing emotions around changing decisions and adjusting courses of action.

New risk management in a new world

We often say that the world is changing faster than ever. While that may be true, it’s even more relevant to remember that the world is becoming more complex and interrelated.

We have seen major pandemics before, and these pandemic events resulted in very severe impacts on society due to communication, technology, knowledge, healthcare systems and sanitation that was far less developed than today. But living in a globalised and interrelated world means that pandemic incidents travel faster to every corner of the globe and has an even greater impact on supply chains, markets and customer behaviour.

If you want to prepare your business for the next extreme risk, look for new ways of effectively setting up your risk management approach so you can de-risk your business model.

Business performance transformation

Want to know more?

We help companies drive end-to-end business performance transformations through order-to-cash optimisation, integrated business planning, holistic performance management and other core disciplines within finance, data and risk.