Knowledge is power – conceptualizing collaborative ﬁ nancial risk assessment

Purpose – Inspired by new ﬁ ndings on and perceptions of risk governance, such as the necessity of taking a broader perspective in coping with risks in companies and working together in interactive groups with various stakeholders to deal with complex risks in the modern world, the purpose of this paper is looking for new ways to deal with ﬁ nancial risks. Current methods dealing with those risks are confronted with the problems of being primarily based on past data and experience, neglecting the need for objectivity, focusing on the short-term future and disregarding the interconnectedness of different ﬁ nancial risk categories. Design/methodology/approach – A literature review of risk governance, ﬁ nancial risk management andopen foresightwasexecuted to conceptualizesolutionsto thementioned-above problems. Findings – Collaborative ﬁ nancial risk assessment (CFRA) is a promising approach in ﬁ nancial risk governance with respect to overcoming said problems. It is a method of risk identi ﬁ cation and assessment, which combines aspects of “ open foresight ” and the ﬁ nancial risk management and governance literature. CFRA is characterized as bringing together members of different companies in trying to detect weak signals and trends to gain knowledge about the future, which helps companies to reduce ﬁ nancial risks and increase the chance of gaining economic value. By overcoming organizational boundaries, individual companies may gain the knowledge they would probably not have without CFRA and achieve a competitive advantage. Research limitations/implications – A conceptual paper like the one at hand wants empirical proof. Therefore,theauthors developed a researchagendain theform of ﬁ ve propositionsfor further research. Originality/value – This paper discusses the existing problems of ﬁ nancial risk identi ﬁ cation and assessment methods. It contributes to the existing literature by proposing CFRA as a solution to those problems andadding a new perspective to ﬁ nancial risk governance.


Introduction
Recent developments have a tremendous effect on corporate risk management in organizations (Nocco and Stulz, 2006). Driving forces such as globalization, deregulation, industry consolidation and increased shareholder value orientation have changed the nature of risk management and increased its importance (Liebenberg and Hoyt, 2003). In today's complex business world, missing or insufficient risk management has a major impact on a company's performance. Scandals such as those linked to Tycom or Enron show the necessity of managing risks effectively (Fabozzi and Peterson, 2009). Decades of risk management research have focused on procedures and methods of risk management (Renn, 1998). However, talking about the possibility of a loss or an injury is not enough in today's complex world. The current state of research encourages enterprise risk management, a holistic and integrative approach, dealing with and measuring the likelihood of all unexpected events which affect a company (Hampton, 2014;Olson and Wu, 2008;McShane et al., 2011). An even broader concept under discussion is risk governance, which is a new way of dealing with complex risks and uncertainty in a world of strongly interacting networks (Asselt and Renn, 2011).
This paper focuses on the implications of global changes for financial risks. Identifying and assessing risks is the first and probably the most crucial step in the financial risk management process. Management literature offers a wide variety of methods for risk identification and assessment, which are often used in combination. Nevertheless, those tools have several problems: most methods are primarily based on past data and experience; the risk identification and assessment tools mentioned face the possibility that "reality is not defined correctly because of the subjective perspective" of the corporate risk management team (Ramona, 2011(Ramona, , p. 1109); most instruments do not consider the long-term future (Best, 1998); and financial risk management models and responsibilities tend to split financial risks into several financial categories (market risk, commodity risk, etc.) even though those risks are interconnected (Best, 2010).
A method that is currently being established for general corporate risk managementincluding financial risksthat focuses on the future, and thus, helps companies to manage uncertainties and detect weak signals is foresight (Rohrbeck et al., 2015;Vecchiato, 2015;Wayland, 2015). Through foresight, companies should be able to detect external risks and identify opportunities earlier, and thus, gain time to prepare (Boe-Lillegraven and Monterde, 2015; Rohrbeck, 2012). Furthermore, foresight can improve companies' strategic decision-making regarding future developments (Müller and Müller-Stewens, 2009), as the intense and continuous engagement with trends and weak signals can lead to a learning process that supports companies in reacting more quickly to changing environments (Vecchiato, 2015). Nevertheless, corporate foresight is also confronted with limitations, e.g.: some foresight approaches also try to calculate the future based on past data. In this linear forecasting approach, the responsibility for generating foresight is delegated to a certain group of people (Van der Duin et al., 2014), and therefore; leads to "losing sight of foresight's impacts on today's decisions on strategy and innovation" (Daheim and Uerz, 2008, p. 331). Equally, the newer approach to foresight, trend-based foresight (Daheim and Uerz, 2008) faces limitations (Schmidthuber and Wiener, 2018); there is moreover a risk that companies might focus too much on scanning and monitoring itself, and therefore, restrict the company to a reactive strategy (Daheim and Uerz, 2008); and further, corporate foresight draws exclusively on internal capabilities and knowhow (Heger, 2014;Ruff, 2006).
This might prevent a company from conceiving truly new ideas to handle the complexity of new contingencies (Keinz and Prügl, 2010). This paper investigates how these limitation can be overcome and proposes the rather new approach of open foresight  as an additional tool in the financial risk governance process of organizations that would help companies to uncover white spots and provide more time to prepare for the risks detected.
Following Hart and Sharma (2004, p. 7), companies need to search outside of the organization, "at the periphery of firms' established stakeholder networks", to gain the knowledge needed to manage the increasingly complex and disruptive changes. The collaborative approach of open foresight uses the potential of engaging externals to identify and assess future (financial) risks and opportunities. The collaborative nature of open foresight can promote out-of-the-box-thinking, lower the risk of being limited to existing mental models (or subjectivity), and help to form a clearer picture of the opportunities and threats presented by disruptive changes (Gattringer et al., 2017;Heger and Boman, 2015;Keller et al., 2015;Keinz and Prügl, 2010;Van der Duin et al., 2014). Nevertheless, most companies still tend to focus only on their internal capabilities and resources in identifying and assessing financial risks. In acknowledging these challenges, we conceptualize collaborative financial risk assessment (CFRA) as a new approach to acquiring knowledge regarding future developments from various heterogeneous stakeholders. CFRA is thus able to respond to the long-term dynamics of risk, which are not part of today's risk management. Eventually, financial risk identification and assessment cannot be restricted only to the actors within a company. It also needs actors from outside the organization to keep up with today's complex challenges. We conclude that those needs are addressed by risk governance literature and CFRA is an appropriate tool to please them.
Despite a growing number of researchers focusing on inter-company collaboration, there are still lots of white spots, especially, when it comes to risk management. Gattringer et al. (2017) and Wiener et al. (2018a) mention that there are hardly any publications regarding open foresight, in particular, regarding the practical application as well as planning and implementation in different situations. At the same time financial risk management needs "new theoretical inventions and instruments" to manage risks appropriately (Li, 2003). The paper at hand tries to contribute by reducing the research gaps mentioned.

Financial risk management
Despite the importance of integrating all types of risks, the sources of uncertainty differ. Numerous categorizations and classifications exist for the purpose of considering all risks and distributing responsibility within a company (Hampton, 2009). Categories are proposed by academics (see, e.g. Schlegel and Trent, 2015;Keitsch, 2004;Hopkin, 2017;Haerle-Willerich and von Rekowski, 2005) and practitioners (Mohammed and Sykes, 2012;Philips, 2013). Analyzing existing literature, we identify four main sources of risk commonly distinguished (Figure 1).
Strategic risks describe the uncertainty of a company's business strategy not achieving the expected shareholder value (Slywotzky and Drzik, 2005;McConnell, 2012;Verbano and Venturini, 2013). This can be the result of wrong/bad management decisions or strategic objectives that may be detrimental to that company (Lam, 2017).
While strategic risks result from wrong decisions of the senior management (Mohammed and Sykes, 2012), operational risks are caused by different sources. According to the Basel Committee on Banking Supervision (2001, p. 2) operational risk is "the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events". Thus, operational risks are not taken to make more profit, but rather emerge automatically when doing business.
This paper focuses on financial risks, which arise "through countless transactions of a financial nature" (Horcher, 2011, p. 2). Corporations have to make financial decisions dealing with investment opportunities, spending money and raising it (Brealey et al., 2014). All decisions and actions may have an unexpected (and unwelcome) result that needs to be dealt with in financial risk management. Financial risks can be further distinguished into risks that stem directly from changes in the market and those who do not. The former in particular arise from changes in interest rates, foreign exchange rates, commodity prices, and value of investments. These risks are also called financial risks in the narrower sense and are discussed most by academics and practitioners. Those risks that do not directly stem from the market are liquidity risks and credit risks. They are also called financial risks in the broader sense.
All of the risks mentioned here may have an influence on reputational risk. This risk category describes the uncertainty that the reputation (also often called trust or reputational equity) of a company is destroyed or damaged due to any event (Atkins et al., 2006).
The first and probably the most crucial step in the financial risk management process is risk identification and assessment. Management literature offers a wide variety of methods for solving this tasks, which are often used in combination. On the one hand, there are qualitative approaches such as workshops, risk assessments, scenario analysis, employee questionnaires, checklists, brainstorming, Delphi-method, synectics, fault tree analysis, failure mode and effects analysis, hazard and operability studies, incident investigation, Political, Economic, Social, Technological, Environmental, Legal or Strengths, Weaknesses, Opportunities, Threats analysis. On the other hand, quantitative tools try to detect risks by analyzing past or present data, including correlation analysis, trend analysis or complex mathematical models, e.g. Monte Carlo analysis and early-warning systems (for more information on all of these tools see, Chapman, 2011;Moeller, 2011;Martinelli and Milosevic, 2016;Pritchard, 2015;McNeil et al., 2015;Sharma et al., 2015;Chen et al., 2016). The result of this process should be a risk-management hierarchy, Knowledge is power defining those risks with high priority, which should be managed first and those who are of less importance (Bogodistov and Wohlgemuth, 2017). A notable aspect (Dun andBradstreet, 2006 or Horcher, 2011) is that both academic research and practice arguably see managing financial risks as more important than identifying and assessing them. Even guidelines helping banks (which are subject to numerous regulations) to adjust their risk management to the requirements of Basel II only recommend to install adequate risk identification, assessment and management tools (Oesterreichische Nationalbank and Austrian Financial Market Authority, 2006).
All of those tools can be used to identify and assess financial risks, but they are characterized by several problems: Most methods are primarily based on past data and experience. Quantitative tools need existing information and facts to detect future trends. In principle, there is nothing wrong with that and it works well as long as the future behaves like the past and there is enough data. Unfortunately, disruptive change forces companies to rely not solely on past data or, as Stulz (2008, p. 43) indicates, "in other cases, historical data will be of little usesay, because a risk has not manifested itself in the past." Let us take value-at-risk as an example, which is a commonly used ratio in financial risk management. It is a statistical measure that states "the maximum amount of money that may be lost on a portfolio over a given period of time, with a given level of confidence" (Best, 1998, p. 10). Value-at-risk is usually based on a companys' experience of the past three or four years, which is why it is underestimating risk after years of growth (Best, 2010;The Economist, 2008) or as The Economist puts it "The trouble is that it is well-nigh useless at predicting catastrophe". Bell (2009, p. 147  Some qualitative approaches try to overcome this problem by trying to leave the past behind. Managers of a company or, at the most, a small team of risk managers try to predict the future. Unfortunately, the risk identification and assessment tools mentioned face the possibility that "reality is not defined correctly because of the subjective perspective" of the corporate risk management team (Ramona, 2011, p. 1,109). Subjectivity results in leading a company with blinders on. Most instruments are not able to or simply do not consider the long-term future but rather focus on the short-term future. Let's take value-at-risk as an example again. Although it could be calculated for any period of time, it is most often compiled for a time period of 24 hours (Best, 1998). Credit risk is usually assessed over a time horizon of 12 months (García-Céspedes and Moreno, 2017). Again, there is nothing wrong with the tool as such; instruments such as value-at-risk are necessary and help to predict the near future. None of them, however, take into account changes, problems and trends that may or may not arise in 5, 10 or 15 years. Finally, existing methods and models may be complex but they tend to "oversimplify economic relations" and splinter the economy into "seemingly manageable risks." Risk models and responsibilities are often split into several narrow financial risk categories like those mentioned in Figure 1 thereby, forgetting that they are interconnected and can be mutually boosting. As a result of some experts already argue for more "non-statistical ways thinking about risk" (Best, 2010;The Economist, 2008;Chen et al., 2016). Companies from outside the US relying on oil, for example, do not only have to hedge the oil price itself but also as oil is priced in US-dollar they have to hedge currencies at the same time maybe disregarding the interaction of the US-dollar against other currencies and the oil price (Jackson, 2010; for other examples see The Economist, 2008 andJankensgard et al., 2016).
Millo and MacKenzie (2009) even go as far as to conclude that the success of today's financial risk management methods is a result of its communicative usefulness, whereas its results lack accuracy. This does not necessarily imply to dismiss all existing methods of risk identification and assessment but rather the necessity to choose (and combine) the appropriate risk management techniques (Bogodistov and Wohlgemuth, 2017). The question remains as to which tool is able to help financial managers in which situations to perform their task properly. In this regard, Rohrbeck et al. (2015) recognize that research and practice have focused increasingly on corporate foresight as an approach for different functions within a company, e.g. risk management.

Corporate foresight
Foresight as a proactive approach to detecting weak signals and future developments earlier, and thus, gaining time to prepare for them is not a recent invention, being rooted in both the military and macro-economy (Gattringer, 2018). The very general understanding of foresight as phrased by Van der Heijden (2004) can be specified from two different perspectives. A process understanding (Gattringer, 2018;Martin, 1995;Horton, 1999) that Martin (1995, p. 140) defines as follows: "process involved in systematically attempting to look into the longer-term future." Various other researchers (Slaughter, 1998;Tsoukas and Shepherd, 2004;Tyssen et al., 2012) see foresight as an ability: Corporate foresight is an ability that includes any structural or cultural element that enables the company to detect discontinuous change early, interpret the consequences for the company, and formulate effective responses to ensure the long-term survival and success of the company (Rohrbeck, 2011, p. 11).
Our understanding in this paper is in line with Rohrbeck (2011), who sees foresight as a dynamic capability, which enables a systematic identification and assessment of trends and weak signals and their potential influence on the corporation.
The use of foresight should not only sensitize companies to weak signals and trends but also develop scenarios for the future, and thus, support companies in preparing for the future risks and chances andideallybe part in shaping these developments to their advantage (Cunha et al., 2010). The confrontation and intense analysis of future developments aims to detect and make use of discontinuous changes before competitors do (Müller and Müller-Stewens, 2009;Schwarz, 2010) and strengthen the companies' learning and innovating capability (Daheim and Uerz, 2008). In this context, Keller and von der Gracht (2014, p. 81) identified a growing confluence between risk management and futureoriented thinking: "Engaging in strategic foresight supports organizations in maintaining sufficient flexibility for future developments and unforeseen circumstances".
Beside these promising benefits of corporate foresight, this approach has also its limitations, e.g. some quantitative foresight approaches that build on forecasting methods use past data to predict the future ( Van der Duin et al., 2014). This can lead to misinterpretations in case the future does not behave like the past. Furthermore, corporate foresight relies on internal capabilities and know-how (Heger, 2014;Ruff, 2006). As a result, companies tend to run the risk of being narrow-sighted, myopic and blind toward external change (Day and Schoemaker, 2004;Heger, 2014). Companies today face demanding, new conditions of increasing complexity and disruptive changes (Christensen et al., 2002;Christensen and Raynor, 2003;Fink et al., 2013), which makes it almost impossible for them to grasp the entire range of trends and weak signals. Thus, the future bears the risk of unseen challenges as shown by the following examples: How many people would have predicted Brexit, the intention of Great Britain to withdraw from the European Union, 10 or 20 years ago? Probably not many, although there have been early signs (Drummond, 2016). Its consequences on financial risks are harsh. Pound Sterling lost a large part of its value, for example, against EUR or USD, which made importing goods for UK-based companies more expensive and exporting them cheaper. Companies that saw the possibility and consequences of Brexit coming, trying to hedge those risks, would have profited.
In 2015, Nobel Prize winner Paul Krugman wrote an entry in his blog about interest rates. He wrote: "For sure, nobody saw negative rates coming, and few predicted that rates would stay this low this long" (Krugman, 2015). He made clear that negative interest rates have been remarkably shocking, but he also pointed out that people have not been "equally flummoxed." That also indicates that those who were able to predict that uncommon new situation would have been at an advantage. Predicting commodity prices is, due to the volatility of some commodities, rather difficult. In times of unexpected change, it is even more difficult. Take, for instance, the subprime crisis and price for Brent crude oil. In 2008, the oil price for a barrel dropped from about US$144 to US$38 within five months. If someone saw Lehman Brothers' collapse coming or at least predicted the subprime crisis to some extent (and there are some who did, see, Burry, 2010), they would have been able to benefit.
The examples mentioned above have in common: that they are new and unusual; that their consequences have a tremendous effect on financial risks. Therefore, it is highly possible; that quantitative methods relying on past data would not have been able to foresee them properly; and that qualitative methods assessing and identifying those risks within a company share the possibility of not perceiving them.
Furthermore, the examples also show the complexity of risks and the interconnectedness of developments. Thus, it is not enough to focus only on, e.g. financial developments and try to calculate the effects derived from them based on historical data or to rely exclusively on internal know-how and capabilities, as this might inhibit companies from finding significant new ideas to master the complexity of new conditions (Keinz and Prügl, 2010). Indeed, the complexity of risks often extends beyond the capabilities of individual organizations and forces them to reshape organizational practices (Carlile, 2002). In other words, as Chesbrough (2003) remarked, companies can no longer rely on having all the smart people working for them, making it a necessity to collaborate. Following this mindset, various authors claim that, to identify disruptive changes, knowledge outside of the organization is required (Hart and Sharma, 2004;Macher and Richman, 2004). We follow this proposal and suggest adopting the open foresight concept as a promising approach in financial risk governance.

Open foresight: a promising approach in financial risk governance
In alignment with the open innovation paradigm (Chesbrough, 2003), foresight has recently been opened up for collaboration with externals and developed into so-called open foresight. Openingup organizational boundaries is not only a change in the process design itself but also based on a different mind-set. While the assumption in closed innovation is that all the smart people within the field work for the respective organization, the proponents of open innovation take a more critical view and assume that not all the smart people work for them (Chesbrough, 2003). As the complexity of the above-mentioned examples shows, it is hard for organizations to screen and gain access to all relevant information on their own, which increasingly pushes companies to cooperate with others (Krystek and Walldorf, 2002). Based on its seminal idea "that valuable ideas can come from inside or outside the company" (Chesbrough, 2003, p. 43), open foresight also aims to grasp the potential of integrating external know-how from various partners or stakeholders into a company's foresight process by opening-up organizational boundaries (Heger and Boman, 2015). Through a joint view on the future and exchange of know-how, companies can use synergies and, based on that, create added value (Wiener, 2018a). There exist various forms of open foresight, depending on the number and kind of actors included. We refer to "collaborative open foresight," an inter-organizational collaboration with few participating companies (Gattringer et al., 2017;Heger and Rohrbeck, 2012;Vecchiato and Roveda, 2010;Wiener et al., 2018b).
For structuring an open process, we refer to the frameworks from Gattringer (2018), Rau et al. (2014) and Schmidthuber and Wiener (2018), which all suggest to structure open foresight into different phases: e.g. pre-foresight, open foresight, output and in addition Gattringer (2018) adds an accompanying project management for the coordination of all phases and activities. There is a consensus among foresight scholars that there is no one-size-fits-all approach on how to design an open foresight process (Georghiou and Cassingena Harper, 2011). Nevertheless, they agree on various tasks to consider within the phases. The pre-foresight phase is mainly conducted by the initiator and comprises the following tasks: partner selection, the definition of a common goal, which all participants agree on and to conduct initial preparations (Crespin-Mazet et al., 2013;Schmidthuber and Wiener, 2018). Research results in the field of open innovation (Baum et al., 2010;Holzmann et al., 2014;Huizingh, 2011) and collaborative open foresight (Gattringer et al., 2017;Rau et al., 2014;Wiener, 2018b) show that the selection of suitable partners is one key success factor. Nevertheless, there still exists little consensus among the scholar about 'partner proximity'. While some authors argue that if competences and knowledge are too similar, there is little to learn. Han et al. (2012) state that collaborations with similar partners have fewer advantages due to the lack of diversities in terms of resources, capabilities and skills. A low diversity of the knowledge bases can have a negative impact on the ability to innovate (Nooteboom et al., 2007;Rosenkopf and Almeida, 2003;Sampson, 2007).
The collaboration of the various participating organizations starts with the open foresight phase. The organizations jointly identify trends (systematic scanning of the environment), interpret these detected trends and weak signals (discussion of the trend effects and interrelationships) and based on that generate future scenarios (Gattringer et al., 2017). Rau et al. (2014) suggest to conduct these tasks in various workshops where representatives of the participating organizations meet to discuss and develop future scenarios and strategies for how to respond to future challenges (Schmidthuber and Wiener, 2018). In the output phase, the organizations are encouraged to feed the joint developed open foresight outcome into a strategy.
The various open foresight approaches claim to be beneficial regarding the following aspects: existing mindsets are challenged by organizations' externals, who enrich the foresight with additional knowledge. Thus, out-of-the-box thinking is fostered (Keinz and Prügl, 2010) and decision-makers' uncertainty about the future is reduced (Daheim and Uerz, 2008;Gattringer et al., 2017;Keller et al., 2015). Knowledge about future developments and the influence and interaction of detected risks can be created together (Daheim and Uerz, 2008;Gattringer et al., 2017;Heger and Boman, 2015;Keller et al., 2015;Van der Duin et al., 2014). Furthermore, open foresight approaches no longer rely on past data as a single source, but use the expert knowledge of people from different backgrounds to identify and assess risks and interpret their interconnections. Based on these findings, we assume that adopting open foresight is also an appropriate approach to identify and assess financial risks, leading us to conceptualize CFRA.

Collaborative financial risk assessment
In summary, conventional (financial) risk management in general and risk identification and assessment methods, in particular, have serious problems. It treats complex problems as if they were simple (Asselt and Renn, 2011), ignores that companies have changed into open systems (Ford, 2008), neglects the long-term consequences of risk (Stein and Wiedemann, 2016), focuses on traditional/static assessment approaches instead of considering the dynamic aspects of risks (Aven, 2016) despite today's necessity of taking risk decisions with uncertainty and under time pressure. These problems need to be addressed. A solution could be to inherit strategies of collaborative open foresight to identify and assess, financial risks as an important part of all risks faced by an organization. Following Gattringer et al. (2017, p. 300), collaborative open foresight is defined as: A discussion and analysis process of a few organizations concerning future developments in specific search fields which are relevant for the participating organizations and wherein issues related to future individual strategy and innovation options are collectively considered. Thereby the joint creation of future knowledge and "out-of-thebox-thinking" are important objectives. The results are used by each organization for further individual deliberations.
Transferring aspects of open foresight to financial risk governance requires a proper definition, acknowledging that financial risk can be defined as the "possibility of experiencing a loss" of economic value (Soler Ramos et al., 2000, p. 4). Although many people associate risk with a negative outcomes, a broader view of risk also includes opportunities, simply indicating that the future is different (better or worse) than predicted (Coleman, 2011). Risk identification, on the other hand, is characterized as the process of identifying all relevant risks a company is facing (Sanchez-Cazorla et al., 2016), and risk assessment is "a systematic process for describing and quantifying the risk associated with hazardous substances, processes, action or events" (Covello and Merkhofer, 1993, p. 3). We, therefore, define CFRA as: A systematic process of identifying and assessing financial risks conducted jointly by representatives of a few companies. The main objective of this process is to create future knowledge about substances, processes, action, and events that help each participant to reduce the risk of experiencing a loss of economic value, yet increase the chance of achieving a gain in economic value effectively.
Thus, CFRA can be characterized along the following lines: It is a process wherein past, current and predicting (trend-) reports, quantitative data and qualitative data from inside the participating companies and outside are used as a basis for discussion and analysis. It thus, no longer solely relies on past data, but combines it with opinions of various experts from different fields and backgrounds. This process stimulates discovering new disruptions instead of confirming already established future trends (Daheim and Uerz, 2008). Neither a single person nor a single organization has enough know-how to create the future on their own (Stout, 1995). As open foresight and CFRA are about including representatives of a few companies, and thus, people with different backgrounds, out-ofthe-box-thinking is fostered (Heger and Boman, 2015;Heger and Rohrbeck, 2012;Rasmussen et al., 2010;Wiener, 2018a), and a main restriction of traditional financial risk assessmentsubjectivitycan be overcome. Nevertheless, the right composition of the CFRA team is a key factor. On the one hand, various authors argue that diversity is essential as too much similarity among actors lead to a smaller potential of learning from each other, and thus, may also have a negative effect on the ability to think out-of-the-box (Capaldo and Petruzzelli, 2014;Han et al., 2012). This is particularly true for projects that require new perspectives, differing knowledge, new ways of doing things and a broad data basis (Heger and Boman, 2015). On the other hand, a certain degree of proximity is also necessary, to ensure that the organizations can create a joint knowledge basis to facilitate learning (Baum et al., 2010;Emden et al., 2006). Even though working in teams has a lot of advantages and can lead to outputs that are superior to individual outputs, this might not always be the case (Du Chatenier et al., 2009). Groupthink, the risk of creating routines and assumptions that make the team blind for new ideas and developments, could occur and may lead to a loss in objectivity (Bergman et al., 2009). A CFRA team involves people from a various organization with a great heterogeneity of interests among each other. Building on the findings from Bénabou (2013) this heterogeneity of interests is a key to prevent groupthink. CFRA is, therefore, a collective process that tries to "capture the wisdom of the group" (Miemis et al., 2012). Regarding the time horizon for CFRA, we again rely on experience from open foresight (Ruff, 2004;Wilhelmer and Nagel, 2013) and propose a typical timeframe of 2-15 years. This timeframe is necessary to enable companies to prepare for the detected changes and identified risks; it thus addresses the risk of being too shortterm-oriented in terms of the risk horizon. As the foresight definition from Makridakis (2004, p. 14) outlines, the purpose and aims of foresight are "to provide business executives and government policy makers with ways of seeing the future with different eyes and fully understanding the possible implications of alternative technological/societal paths." Foresight is therefore not about predicting the future, but aims to improve an organization's ability to consider different future scenarios (Boyko et al., 2012;Schmidthuber and Wiener, 2018) and to gain a better understanding of uncertainties (Boyko et al., 2012;Makridakis, 2004). CFRA incorporates a heterogeneous group of different members of companies (P2). The starting point is a "position of not knowing" rather than a specific financial risk category (Lustig, 2015). CFRA helps to identify and to assess risks, whereas the individual risk management and monitoring remains the ultimate internal task of a company. This makes it easier to consider the interconnectedness of financial risk categories.
Finally, risk literature states a growing need to study risk in dynamic interacting groups and across the total organization (Frigo and Anderson, 2011;Lam, 2006;Beasley and Frigo, 2007). In this regard, Asselt and Renn (2011, p. 443) define risk governance as "the critical study of complex, interacting networks in which choices and decisions are made around risks". Open foresight is a managerial instrument that opens up organizational borders, paying: Tribute to the increased socio-cultural and socio-technical dynamic resulting from the emergence of the networked society, where almost everything is interconnected and the separation of spheres of life, like technology, economics, politics and culture, has come to an end (Daheim and Uerz, 2008, p. 332).
CFRA combines both aspects by recommending to assemble and to join CFRA-teams. We assume that those interacting networks are in a better position to generate future knowledge, and therefore, also to identify and assess financial risk properly. Thus, we propose: P1. CFRA is a promising managerial instrument of risk governance helping to overcome the problems of current financial risk identification and assessment tools.
Existing literature offers no one-size-fits-all-approach for the operational implementation of open foresight and its processes (Georghiou and Cassingena Harper, 2011). Nevertheless, we agree with Rau et al. (2014) and Schmidthuber and Wiener (2018) who suggest three phases, namely, pre-foresight, open foresight and output phase. Transferring those ideas into CFRA, we propose a similar CFRA process. First of all, there needs to be an initiator who pushes the idea of CFRA forward. Participating companies need to be selected and internal decisions (like who participates in a CFRA team) need to be made. Then the CFRA team makes decisions about where and how often to hold the workshops and who is responsible for organizing them.
In this regard, we follow Gattringer (2018) who proposes an accompanying project management team. This team can comprise of members of the financial risk management organization of each participating company. The CFRA phase is the main process of identifying and assessing risks in workshops. Afterward, the different members use their new knowledge to implement financial risk management methods in their companies. Further details about actors, roles and company selection are discussed henceforward.

Actors in collaborative financial risk assessment
To adopt the ideas of open foresight, some adaptions to the organization and actors of financial risk management within an organization are necessary. Soler Ramos et al. (2000) summarize recommendations and ideas for an ideal financial risk management organization. They divide an organization into two general areas: First, a strategic structure consisting of the board of directors and risk committee(s) is responsible for ensuring the resources and defining a financial risk management strategy. Second, an operational structure (consisting of all other areas of the company) is responsible for executing the strategy and communicating information that might result in an adaptation of the existing strategy to senior management. The International Finance Corporation (member of the World Bank Group) points out that, "[h]istorically, the CFO [Chief Financial Officer] has often been responsible for the Risk function" (IFC, 2012, p. 20). However, recent developments in risk management, risk governance, and corporate governance stress the importance of appointing a Chief Risk Officer (CRO), an independent senior-level position actually responsible for risks and responding to risk factors (Culp, 2001). His responsibility is to actively navigate risk management "rather than passively monitor risk measurement and analysis" (Dionne, 2013, p. 163). A strong CRO should be a member of the Board, be independent from any business line and directly report to the Chief Executive Officer (CEO) (IFC, 2012).
A collaborative project such as CFRA raises new questions, mainly "Who initiates the CFRA process?" and "Who are the actors in this new (CFRA-) team?" Open foresight research (Gattringer et al., 2017;Heger and Boman, 2015;Wiener et al., 2018b) stresses a topdown initiation of the collaborative project for the following reasons: First, open foresight is seen as a foundation for strategic decisions and is thus, often a responsibility located at the top-management-level (Andersen and Borup, 2009;Boe-Lillegraven and Monterde, 2015;Coelho et al., 2012); second, it supports the acceptance of the project within the company; third, a top-down initiation, and thus, also commitment supports the motivation of the participants; as, it provides access to the necessary resources not only in terms of time, budget but also human resources (Daheim and Uerz, 2008;Tyssen et al., 2012;Wiener, 2018a). Nevertheless, top management commitment is not enough according to Boer and During (2001), who point out that top-management involvement is also needed to enable decision-making. Furthermore, from a risk management perspective, top management (in particular the board of directors) is ultimately responsible for risk oversight (Lam, 2014). Directors in today's world must have risk management expertise and they are already starting to consider risk as an organizational necessity. Additionally, theory and methods are adjusting to this new role of the board: (financial) "risk oversight is now a governance requirement" (Fraser, 2016, p. 283). Even though first findings in open foresight literature argues for a top-down initiation Wiener, 2018a) various authors coming from different disciplines point out the advantages of a bottom-up approach (Bharwani et al., 2017;Bakker, 2017;Tiwari et al., 2015). In both waystop-down and bottom-upit seems that a device factor is a top-management support and commitment. Beyond top-management involvement, various scholars propose heterogeneity, in the sense of different educational and professional backgrounds, among the participating actors as beneficial (Du Chatenier et al., 2010;Ollila and Elmquist, 2011), as different perspectives on an event can avoid a one-sided foresight. Nevertheless, diversity can also be defined more broadly and include a variety of "gender, age, ethnicity, tenure, educational background and functional background" (Van Knippenberg and Schippers, 2007). In the light of foresight, Rohrbeck (2011) points out that so-called "foresighters" should have expert knowledge, the ability to assess the impact of the detected trend on the organization, as well as curiosity and an open-mindedness not only for new developments but also for information that comes from outside the organization. In addition, a good internal network is necessary for spreading the gained knowledge within the company and sharing it with many others (Enkel, 2010). Boe-Lillegraven and Monterde (2015) furthermore consider a certain readiness to reach consensus and a shared mindset a necessity.
Risk governance calls for a "multifaceted, multi-actor risk process," including different perceptions of risk (Renn, 2008, p. 374). Therefore, we propose: P2. A CFRA team should be made up of heterogeneous actors regarding personal backgrounds (e.g. organisation, age, gender, ethnicity and tenure) and functional backgrounds (representatives of all business units). To include top-management participation, a board director (at best the Chief Risk Officer) should also take part. Figure 2 summarizes the actors in CFRA. It includes a strategic risk structure with the organizations' directors responsible for defining and approving the strategy, ensuring the resources, creating corporate risk culture and being ultimately responsible for a company's risk oversight. The operational risk structure can be categorized into the three lines of defense (IIA, 2013;Doughty, 2011). The first line of defense includes all operational managers who own and manage risks. They are responsible for an effective day-to-day risk management and executing all implemented risk control procedures. Regarding financial risks, this includes, for example, the sales department when thinking about selling goods in foreign currency (foreign exchange risk) or to new (unknown) customers (credit risk), the financial department when thinking about new investments (investment risk) or the buying department when thinking about buying goods (commodity risk). "In a perfect world, perhaps only one line of defense would be needed to assure effective risk management" (IIA, 2013). Unfortunately, one line of defense is not enough in the real world. A second line of defense needs to be installed, one (or more) risk management and/or risk governance unit(s), for instance a financial risk management unit with the task of monitoring the operational managers, assisting risk owners, controlling and monitoring risks, identifying known and emerging risks as well as helping to implement effective risk control procedures. In our understanding, both the first and the second line of defense should be part of the CFRA team to provide sufficiently different perspectives on financial risk (IIA, 2013;Doughty, 2011).
The third line of defense refers to the internal audit. This department is responsible for risk assurance of the whole organization. It is highly independent and reports directly to the CEO (IIA, 2013;Pickett, 2011), hence, we propose it should not be included in the CFRA team but control its effectiveness and efficiency.
It must be pointed out, however, that the actors in CFRA teams mentioned in Figure 2 refer to large companies. In contrast, many economies worldwide are characterized by smalland medium-sized enterprises (Ayyagari et al., 2007). However, risk governance is even more vital to these companies as they have limited resources for reacting to hazards; what is more, to be able to compete against big companies, they need to take riskier decisions (Vargas-Hernández, 2011;Raghavan, 2005). Risk management in small-and medium-sized enterprises is often concentrated on owner managers (Jayathilake, 2012), and they tend to have a simpler internal organization (Lavia L opez and Hiebl, 2014). Nevertheless, only minor changes to the internal selection of representatives for CFRA teams are necessary in small and medium-sized companies. We propose that small and medium-sized enterprises (SME) equally nominate actors with different functional and personal backgrounds and a topmanagement person, probably the owner manager, to participate in CFRA.

Roles of the board of directors and roles of collaborative financial risk assessment team members
It is a challenging task to manage cross-company teams and to understand the interactions of the heterogeneous actors involved (Ollila and Elmquist, 2011). Especially, motivating the employees to engage in collaborative projects and awakening their curiosity and willingness to experiment are not simple tasks (Giannopouou et al., 2011). To foster these behaviors, however, the board of directors should not only rely on monetary reward systems (Füller et al., 2008) but also emphasize the creation of a basis of trust, promote altruistic behavior and free up space for creativity (Bughin et al., 2008). As the board of directors is ultimately responsible for risk oversight in an organization (Lam, 2014), we, therefore, propose that: P3. The board of directors is responsible of initiating CFRA. It identifies proper organizational members and associate companies. The board of directors is thus not only in charge of initiating CFRA but also responsible for committing resources (time, budget) and selecting the participating actors. With regard to human resource management, directors are also required to provide an environment conducive to foresight and a culture in which creative and innovative behavior is a core value. Given this, the likelihood that participants will actually think out-of-the-box and provide unconventional but promising suggestions is greater (Herzog, 2011). Finally, the roles and tasks of all CFRA team members needs to addressed. As already indicated in Figure 2, an operational risk structure is characterized by the tasks of identifying, assessing and managing risks, collecting information and detecting weak signals and trends. Therefore, we propose: P4. Members of CFRA teams have to collect information, detect weak signals and trends and share their professional experience within CFRA teams to identify and assess risks that might occur within their organization and help implement risk management methods relating to their line of defense.

Company selection
Open foresight is conducted collectively "by a few organizations" (Gattringer et al., 2017). The same authors also mention the importance of "out-of-the-box-thinking," stressing the need to go outside the company. Therefore, another aspect worth discussing are the companies participating in CFRA teams, as partner selection for collaborative projects is a very critical aspect (Shah and Swaminathan, 2008;Holzmann et al., 2014). Collaborations ask for trust, commitment and complementary resources to benefit from the joint work (Gattringer et al., 2017;Tidd, 2014). Even though trust is a key aspect, an increasing number of collaborations are being formed between competing companies, particularly in sectors that are characterized by intense knowledge (Contractor and Lorange, 2002;Ritala, 2009). In literature, this phenomenon "of simultaneous competition and cooperation has been termed 'coopetition'" (Ritala, 2009, p. 39). On the one hand, various authors point out the benefits from coopetition, e.g. that it may enhance innovativeness (Quintana-García and Benavides-Velasco, 2004) and increases performance (Luo, 2007) with respect to cooperations between non-competitors. On the other hand, with respect to intellectual property, coopetition may be also very risky (Ritala, 2009). However, a counterargument is that the outcome of CFRA is meant as the foundation for individual financial risk management (and thus, is not shared with the other participating companies). In the end, every company needs to assess the advantages and disadvantages discussed.
Research shows that risk aversion and knowledge differs between companies. Hiebl (2013) shows that family firms are more risk-averse than non-family firms. Falkner and Hiebl (2015) show that risk management strategies differ between SME and larger firms. Compliance and Governance standards differ between industries (Hampton, 2011) and maturity in risk management and methods in use (Pergler, 2012). The researchers Laursen and Salter (2006) discuss the breadth and depth of firms' search/collaboration strategies in the context of open innovation. In their work, they associate breadth with exploration and depth with exploitation strategies. Depth is achieved by collaboration with the same partners over longer periods, whereas breadth refers to collaboration with changing, new partners. The latter is associated with radical/disruptive innovation while depth is related to incremental/process innovation. Drawing on such insights, we assume that to detect and identify truly unexpected risk (as, for example, mentioned in Section 3), it is necessary to involve a great breadth of different companies. We, therefore, propose that: P5. To gain different perspectives within a CFRA team, participating companies need to be of different size, ownership structure and from different industries.
We also assume that when participating companies are from different industries, their individual fear of losing industrial secrets decreases and their willingness to participate in CFRA-process increases.

Limitations of collaborative financial risk assessment
Despite the benefits mentioned CFRA is not the solution to all problems. Limitations of this model include its premise of trust between members of different departments and companies (for a discussion of that problem in another context see for example Loveridge and Street, 2005). Furthermore, a growing number of different people from different companies working together in CFRA-teams increases the possibility of identifying early signs of change but does not guarantee success. Additionally, risk identification and assessment may be a core competence of a company especially in the financial industry. Fearing to lose this core competence might hold them back from joining CFRA. Hence, incentives for participating parties have to be clear and obvious (Miemis et al., 2012). It might be difficult, especially at the beginning of the process, to convince other companies about the individual benefits, whereas the costs involved (notably working hours) are apparent. Finally, as already mentioned, companies might be afraid of losing industrial secrets, which makes collaborations more difficult.

Conclusion
Recent risk governance research emphasizes the importance of taking a broader perspective in risk management (Renn, 1998) and developing new ways of dealing with complex risks and uncertainty in a world of strongly interacting networks (Asselt and Renn, 2011). Based on a literature review, we show that methods in financial risk management do not address these requirements. Quite on the contrary, current methods in risk identification and assessment tend to be based on past data and experience, neglect objectivity, focus on the short-term future, and disregard the interconnectedness of risk categories. We argue that CFRA might offer a solution to these problems as it allows companies to anticipate financial risks or challenges that have an impact on financial risks earlier, and thus, gain time to prepare and find solutions for them. Combining the ideas of opening up organizational boundaries and proactively preparing for future developments is thus, likely to be a suitable method to allow the participating companies to think beyond their daily business and experience and to consider a broader perspective and more interactions of future developments that might be requisite to handling the complexity of upcoming developments. In summary, CFRA is a method in financial risk governance that brings together participants with different background and of different companies, coming together regularly in trying to gain future knowledge with an impact on financial risk. As a result of CFRA, financial risk can be decreased and the chance of achieving a gain in economic value increased. This paper offers contributions to the existing literature on risk governance and financial risk identification and assessment methods. Beyond the proposed framework we contribute by engaging with major questions in this context, such as which actors are dominant in collaborative risk assessment, what are the general role-sets of the actors involved, and how is the board of directors to be included in this new approach. Ultimately, by applying open foresight to risk governance research, we also hope to foster interdisciplinary research (i.e. strategic planning, financial risk management and risk governance research) and to promote cross-boundary learning and conceptualization. In particular, we want to encourage future research to provide the first empirical evidence for the impact of CFRA.
Future research should also focus on the organizational and social challenges of CFRA implementation, which will confront people in power with further challenges. Lam (2006), for example, concludes that business units prefer to work autonomously, especially in risk management/governance, and even more so when top-management may gain more insight into a business unit's vulnerability. Additional research questions include but are not limited to: RQ1. Who leads the CFRA meetings?
RQ2. How are meetings organized?
RQ3. Is CFRA a proper instrument for banks or other financial companies?
RQ4. How does information gained through CFRA influence quantitative risk management tools?
The paper at hand is therefore only the beginning of a promising method. Finally, it needs to be mentioned, that the paper in hand concentrates on financial risks as they are of utter importance in companies all around the world (Millo and MacKenzie, 2009).
Notwithstanding, the proposed model may also apply to other forms of risk like strategic or operational risk. We propose experts in this field to further reflect this idea.