Regardless of industry sectors, it is critically important for organisations to build and maintain resilience to sustainably navigate their risks and future opportunities. How quickly and effectively risks can be identified (and managed) will determine how well businesses will recover and rebuild – these factors alone develop the rethinking of Risk Management strategies.
While financial and operational risks are the main threats that most organisations consider, strategic risks often tend to be overlooked, and yet they can cause more significant impact. This is why Strategic Risk Management (SRM) becomes so important and within the elements of Enterprise Risk Management (ERM), since the traditional focus on risk categories aren’t always connected to the organisation’s strategy. In fact, by failing to identify your “strategic risks” there could be greater consequences for other risks that may threaten your organisation’s future and survival.
By linking Risk Management to strategic goals, this builds and segments an AGILE business model that can make fast decisions and implement change at speed, thereby bringing a competitive advantage. Organisations need to adopt a diverse and inclusive approach that involves clearly assigning ownership for risks, investing in risk transparency, and implementing effective strategies for comprehensive risk. This holistic approach strengthens the acceptance of Risk Management that is forward-looking, cross-silo and systemic, and based on an inherent understanding of risks.
What is Strategic Risk Management (SRM)?
Strategic Risk Management (SRM) is the action-oriented and continual process of recognising risks, identifying causes / effects, and taking the relevant actions to mitigate risks that affect business strategy and strategy execution.
Risk is an integral part of organisation’s strategy, which can affect both its decision-making and overall performance. The key factors aim to address the unintended consequences created by or arising from the execution of enterprise strategy, since Strategic Risk Management activities (and internal controls) are based on the organisation’s capabilities, business environment, and stakeholder requirements.
6-Key Principles of Strategic Risk Management
An effective Strategic Risk Management Framework protects enterprise value and helps to create a competitive advantage with businesses facing disruptive change. With the prioritisation and understanding of business risks, your organisation can take the necessary steps to protect its assets and operational objectives by evaluating “Risk v. Reward” – in the context of risk appetite and risk control framework.
This can be determined by the following six (6) principles:
- A process for identifying, assessing, and managing both internal / external events and risks that may impede the achievement of organisational strategy and strategic objectives.
- Both creates and protects shareholder and stakeholder value.
- Represents the foundation of the organisation’s overall Enterprise Risk Management (ERM) process and activities.
- A primary component of Enterprise Risk Management (ERM) and, can be affected by the organisation’s Board of Directors, Executive Management Team, and other Key Stakeholders.
- The ability of the organisation to achieve its objectives is based on its strategic view of risk and how external and internal events are managed.
- A continual improvement process that must be embedded in strategy direction, strategy execution, and strategy management.
Examples of Strategic Risk Management
Strategic Risk Management is a critical part of Enterprise Risk Management (ERM) as it takes a high-level view of strategic risk. Some examples include:
- Generates critical risk intelligence and improves risk-informed decision-making.
- Provides a systematic method, approach, and process to manage strategic risks.
- Helps prioritise strategic risks by relevance, priority, and potential impact.
- Supports Risk Management, strategic planning, and strategy execution.
What is Strategic Risk?
Strategic risks are those threats to an organisation (both internal and external) that can hamper its ability to execute its strategy and deliver on the expected outcomes. These risks usually arise when the Executive Management Team makes a poor strategic decision or fails to respond effectively to changing market environments.
Many other disruptive events or disasters could impede an organisation’s strategic goals and affect the viability of its long-term future. Fortunately, this is where an effective Strategic Risk Management Framework assists organisations with avoiding these circumstances and by correctly identifying, quantifying, and mitigating strategic risk.
Examples of Strategic Risks
A strategic risk is usually caused by an event or development that makes it difficult (or perhaps even impossible) for an organisation to achieve its goals and objectives. Some examples include:
- Changes in technological infrastructure.
- Executive Management and Senior Management changes or turnover.
- Financial challenges.
- Introduction of new products or services based upon market research.
- New competition and pressure to sustain revenue performance.
- Shift in customer response or expectations with current products or services.
- Legal and regulatory changes affecting operational efficiency.
- Industry or market changes causing pressure on competitiveness.
- Damage to the organisation’s market reputation.
- Unsuccessful mergers and acquisitions (M&A) or joint ventures (JVs) due to the transition and integration of operational objectives.
How do you measure, monitor, and effectively manage Strategic Risk?
With navigating the strategic risks that your organisation faces and to understand the different Strategic Risk Management techniques, there must be a quantifiable figure or value to measure risk. However, measuring risk v. measuring results is the same process. Similarly organisations can calculate how much inherent risk their new initiatives contain, but then monitor those risks to make better informed business decisions.
Strategic risk can be measured with the use of the following two (2) key metrics:
Economic Capital
Economic Capital relates to the amount of equity required to cover any unexpected losses based on a pre-determined solvency standard (based on the organisation’s ideal debt rating). This standard is usually derived from the organisation’s target debt rating. But more importantly, it applies the same methodology (and assumptions) used to determine enterprise value and making it ideal for Strategic Risk Management.
This metric is a common currency with which any risk can be quantified and allows businesses to quantify all types of risks – related to launching new products, acquiring enterprises, expanding into different territories, or internal transformation.
Risk-Adjusted Return On Capital (RAROC)
Risk-Adjusted Return On Capital (RAROC) applies to the expected after-tax return on an initiative divided by the Economic Capital. Organisations can leverage this key metric to determine if a strategy is indeed viable and offers value, helping to guide the Executive Management Team and assist with their decision-making process.
- Any initiative with a Risk-Adjusted Return On Capital exceeding the organisation’s Cost of Capital, then this initiative is viable and will add value.
- Any initiative with a Risk-Adjusted Return On Capital less than the organisation’s Cost of Capital, then this initiative is NOT viable and will destroy value; this initiative should be immediately scrapped.
Additional Risk Management Techniques
Decision Trees
All businesses can utilise both Economic Capital and Risk-Adjusted Return On Capital (RAROC) metrics to measure strategic risk. However, the underlying stakes will be vastly different for a Small-Medium-Enterprise (SME) business v. global corporation.
As a direct result, a Decision Tree can help map the possible outcomes of a decision. This enables various internal teams to determine – which choices provide which results – and commence preparation for impeding events. Therefore, the specific turning points can be readily identified and handled appropriately.
Opportunities and risks need to be discussed separately
This is something that must happen before the commencement of the risk identification process.
By mixing the discussions pertaining to potential “opportunities” and “risks”, this is a disadvantage to the opportunity conversation. This is about your employees thought process, to free their minds, brainstorm ideas, challenge convention, and identify all the possible growth and incremental opportunities for your organisation.
Encourage a free environment for change and take advantage of any great opportunities borne from your brainstorming sessions. Simply, discuss your risks in a different meeting but on a different day.
Allocate and distribute your resources at the operational level
Once a decision has been reached on the direction of your organisation’s strategy, the next step is alignment of the vision for every business unit, department, stakeholders, teams, and employees.
Then, allocate your strategic resources appropriately but in such a way to ensure that your overall strategy succeeds. This means that certain regions or business units will be “resource poor” and therefore, other operational areas will need to contribute more to your strategic objectives. With mitigating strategic risks, it is quite often nothing more than simply focusing on the execution of your Strategic Plan.
Align your reward and incentive structures
Besides resource distribution across the organisation, your focus on strategic execution will take another form.
The purpose is to review the assessment and alignment of your strategic objectives with the incentive structure of your organisation’s Executive Management and middle-management teams. This is a crucial step in executing your strategy because its integration is designed to eradicate internal conflicts – your leadership team is rewarded according to the Strategic Plan.
Summary
Effectively managing risk has always been critical for success in any organisation and industry sector – but never more so than today. By assessing and responding to strategic risks in an ever-changing environment, your organisation can drive innovation, remain agile, and build risk resilience to protect business assets and enhance their market competitiveness.
Risk and initiative cannot be separated from business decision making. Successful organisation’s embrace risk with improved decision-making processes and use this new perspective as a catalyst to achieve their strategic goals. Being able to identify and properly assess risks clarifies for decision-makers (and their teams) and helps Executive Management Teams with the actions they need to take.
Strategic Risk Management isn’t just about protecting your business against potential risks. It also provides the flexibility to seize new opportunities that are borne from both uncertainty and change. By effectively managing these risks and taking crucial steps to follow Risk Management “best practices” across the enterprise, this can minimise risk exposure but whilst allowing to take advantage of future opportunities.
Need some guidance on your next steps? Let’s start a conversation…