How to improve emerging risk reporting: Learnings from 2023 Annual Reports
Claudia Telling

"By enhancing transparency and detailing the proactive steps taken, companies can provide stakeholders with a clearer understanding of how emerging risks are managed and mitigated, thereby reinforcing confidence in their governance practices."

Stay informed with regulations, insights & events by joining our mailer


In today's rapidly evolving business landscape, effective management and disclosure of emerging risks are critical for ensuring the company is forward-looking and considers all aspects of risk that may impact the business in the medium and long term.

While it is clear that many companies recognise the importance of monitoring and managing emerging risks, there is a need for more proactive disclosures and detailed actions.

In this blog, we look at how companies can enhance their emerging risk disclosures to provide greater clarity and detail. We examine best practices, explore key examples from the 2023 Annual Reports we reviewed, and offer practical recommendations for improving transparency and effectiveness in emerging risk management.

Emerging risk reporting has room for improvement

In our reporting research this year, we have seen a number of companies explain that emerging risks, being less defined than principal risks, do not pose an immediate threat. However, companies will acknowledge that these risks, due to their future focus and greater uncertainty, can impact strategic delivery. We feel there is an opportunity to provide further clarity on the potential impact of emerging risks, outline what it takes for an emerging risk to develop into a principal risk and provide greater detail on mitigation activities.

A great example of a company that does this well is Rotork. Rotork's approach of conducting biannual functional risk workshops with the management board and the board, providing tailored responses to each scenario, serves as an excellent example (see page 71 of AR23). This ensures that each emerging risk or opportunity is addressed comprehensively based on specific circumstances.

By enhancing transparency and detailing the proactive steps taken, companies can provide stakeholders with a clearer understanding of how emerging risks are managed and mitigated, thereby reinforcing confidence in their governance practices.

This is just a snapshot of what good emerging risk disclosures look like; below are more detailed examples from our research. 

Enhancing emerging risks disclosures: key ways to improve your disclosure

Some companies maintain a separate framework for reviewing and managing emerging risks, while others incorporate them into their principal risk framework model. National Grid (p19) and Aviva (p92) include an emerging risk monitoring framework separate to the principal risk framework. Visual aids can effectively communicate complex processes and enhance stakeholder understanding. Firms like Rotork (p69), Britvic (p74), Vodafone (p51) and Savannah Energy (p100) successfully integrate emerging risks into their principal risk frameworks. Consider which approach best suits your organisation's risk management strategy.

Consider demonstrating how emerging risks align with the company’s strategic objectives. Derwent London (p32) is an example of how this can be achieved effectively through a key. Emerging risks have also been found to be referenced in S172 statements, as seen with discoverIE (p48-49), when discussing long-term decision making and maintaining a reputation for high standards of business conduct. 

To demonstrate how each emerging risk is managed, it is beneficial to include detailed information such as the time horizon, the potential business impact, and the actions taken to mitigate these risks (see Derwent London p102-103 and Severn Trent p79). Also, consider assigning an owner to each risk and linking the risk to relevant material issues (Coca-Cola Hellenic p105).

We would also recommend considering the viability of emerging risks. For instance, Derwent's viability statement (p89) considers the adoption of technology as a long-term emerging risk and outlines how this risk is monitored. This approach ensures stakeholders are comprehensively informed about the management of emerging risks and their influence on the company’s strategic planning and long-term viability.

Consider stress testing emerging risks (see EasyJet p67) to help investors understand how the business is actively evaluating the potential impact of risks under various scenarios, providing valuable insights into your company's resilience.

Consider demonstrating any horizon scanning activities. By using horizon scanning, the Group can identify potential risks and opportunities over the mid to long term. This allows for proactive strategy development, ensuring plans are aligned with future business realities. Companies that demonstrate they have conducted this exercise include Rotork (p71) and Balfour Beatty (p95).

Linking identified emerging risks to principal risks, as done by Breedon Group (p53), can provide a holistic view of your risk landscape. Breedon also considers both the longer-term impact and shorter-term risk velocity of some of their emerging risks within the context of their viability statement.

Besides focusing on emerging risks themselves, consider evaluating emerging factors for each principal risk. Vodafone's (p56) practice of including watchlist risks – those not yet considered principal risks but still noteworthy – can enrich your risk disclosures.

By adopting these best practice recommendations, companies can enhance their emerging risks disclosures, providing stakeholders with a clearer, more comprehensive view of their risk management strategies and fostering greater confidence in their governance practices.

Types of emerging risks

Here are several types of emerging risks commonly disclosed by companies:

The ability to harness disruptive technologies like generative AI can significantly enhance productivity. However, the increasing availability of AI in the business environment heightens the risk of cyber-attacks and intellectual property protection issues (Compass Group p25).

Anglo American (p80) considers how the future demand for its products may change as a result of efforts to reduce global warming.

M&S (p58) points to the rapid pace of change in ESG matters and evolving consumer expectations, as well as the impact of changes in the legal and regulatory landscape.

Derwent (p102) identifies climate risks and opportunities as prevalent emerging risks. These include the effects of climate change on office occupation, technological advancements, power shortages, geopolitical instability and deglobalisation. Barclays (p263) identifies the physical risks of climate change and those associated with transitioning to a lower-carbon economy.

The impact of new government legislation, such as changes in how the UK trades with Europe, is a significant emerging risk for companies like M&S (p58).

Emerging risks in the governance section 

Based on our research, the level of disclosure of emerging risks in the governance report is still only light-touch, mainly used as a way to signpost to emerging risk content in the strategic report. Below, we have identified areas of the governance report we would recommend referencing emerging risks:  

Fevertree (p83) and SSE (p158) provide detailed accounts of how they assess and manage emerging risks in the audit and risk committee reports. Companies like Mondi (p112) highlight specific areas of focus, such as the execution of major capital expenditure projects, which are part of their extensive expenditure programmes. 

In their audit and risk committee reports, companies such as Renew Holdings (p86) identify the review of current and emerging risks as a priority for the year. Savannah Energy (p126) extends this practice by mentioning the main responsibilities of its health, safety, environment, security and risk committee, demonstrating a comprehensive approach to risk management.

Companies like discoverIE (p108), Barclays (p155) and M&S (p78) include emerging risks in their board's discussions and activities, ensuring that these risks are continuously monitored at the highest level of governance.

3i Group's AR24 (p101) includes emerging risks in its governance framework, detailing how the group risk committee oversees these risks, thus reinforcing its commitment to proactive risk management.

By integrating these practices, companies can enhance the transparency and effectiveness of their governance reports, providing stakeholders with a comprehensive view of how emerging risks are identified, assessed and managed. This not only strengthens stakeholder confidence but also underscores the company’s dedication to robust risk management and governance practices.

How DP can help

Navigating the complexities of emerging risk disclosures and integrating them into your strategic and governance reports can be daunting. The evolving landscape of risk management requires not only understanding but also anticipating and effectively communicating these risks to stakeholders. 

For expert assistance in improving your risk disclosures, ensuring compliance with the latest standards and effectively communicating your risk management, get in touch with one of our specialists at DP.

Contact our experts