reworq consulting logo
3d view camera shutter

How Strategic Risk Management Determines your New Targeted Focus?

Most corporate strategies initially start but also end in the boardroom. Many organisations will have a top-level strategy plan that comprises of their Mission Statement and a series of strategic goals and key objectives. However, putting Strategic Risk Management into action involves several steps but many organisations struggle to cascade their strategic plans throughout the business – let alone understand the potential risks to achieving their strategy.

All organisations must undertake a certain degree of calculated risk to grow and mature their business model. A risk-aware culture is equally crucial for management, boards, and owners to promote Risk Management collaboratively throughout the organisation, in particular the correct mindset to embed into daily decision-making.

With an acute awareness of your organisation’s core strategic goals, from conception to proposed execution and to successful delivery, stakeholders and employees want to see clearly defined strategic initiatives that drive long-term organisational value. They demand evidence that their Executive Management Team are evaluating risks associated with strategy formulation (and execution) by responding to the requirement for strategic renewal.

How to integrate Strategic Risk Management within the organisation’s core processes?

Managing risk and making decisions about your organisational objectives, strategies, and projects are the one (1) and the same activity. Since strategic risk is directly linked to an organisation’s strategies, Strategic Risk Management must become incorporated within its core business processes.

What this means is that the references and tools that make up your Risk Management Framework shouldn’t exist in a siloed system, but instead be part of your strategic and operational planning and reporting. With reference explicitly to risk, your corporate strategy and business plans must consider evidence that a thorough Risk Assessment has informed their content and that the actions described in the strategy and planning will manage those risks.

Strategic Risk Management can be embedded into the organisation’s inner workings by integrating Risk Management with strategic planning and undertaking the following six (6) steps:

1. Communication of the strategic vision

Communicate with your key stakeholders, internal teams, and employees as to why Strategic Risk Management must be aligned with everyone’s values. It is critically important to commit and deliver regular updates and further discussions about progress or gaps in your business processes.

2. Align the organisation to the vision

Review your existing Policies, Procedures, and processes to ensure that Risk Management is incorporated and addressed to mitigate risk. Undertake a Gap Analysis and SWOT Analysis to ensure that consistent application is applied, so that any documentation which is “out-of-date” or lacking detailed information is updated accordingly.

3. Plan and guide your operational areas

Empower your team to brainstorm new ideas and challenge your ingrained business processes. Help guide and motivate your employees to understand how they can implement “best practices” with Strategic Risk Management – to avoid or monitor strategic risks.

4. Perform quality-reviews and adapt to change

Monitor your business processes and how your business goals are being affected. By analysing data insights and monitoring Key Performance Indicators (KPI’s), it is critical to ensure that regular assessment is deployed to achieve business goals.

One of the simplest methods to monitor KPIs (in real-time) is to utilise automation technology and tools (e.g., Risk Management software and Dashboards) to assist with the continual review and tracking of your KPI’s and Risk Management reporting. By instilling a conscious mindset to drive process improvement, along with performing Quality Assurance (QA) reviews and internal audits, this uncovers delayed processes that may impact organisational performance.

What are the key steps for an effective Risk Management strategy?

protection concept with lock keys

With any type of business risk, organisations need to determine which strategic risks could have the most impact. This is particularly relevant when a Strategic Risk Management process can help organisations mitigate the impact of new technologies, disruptive change, and while also presenting them with an opportunity to innovate their business model to maintain market competitiveness.

That’s where identifying strategic risks helps with the planning process. Firstly, by identifying strategic risks, organisations can then develop an effective Strategic Risk Management Plan to help transition the “root cause” of risks and mitigate them with an integrated plan of action and execution process.

An effective Risk Management approach involves the following five (5) steps:

1. Define the business strategy and objectives

It is crucial for organisations to take additional steps to integrate Risk Management at the initial planning stage by using a Risk Management Framework, which is a methodology to identify, eliminate, and minimise risks.

So where do you start? Start by identifying and prioritising risks by building a Risk Assessment Matrix. This helps to define your risks and categorise them based on the likelihood of occurrence and level of impact. But what it also highlights are helping to increase the visibility of risks across the organisation and the importance of ensuring that your key stakeholders and employees are kept updated on risk.

2. Establish your Key Performance Indicators (KPI’s) to measure and improve results

Key Performance Indicators (KPI’s) for Risk Management are metrics for assessing risks but more importantly providing detailed insights on how an organisation can improve its performance. KPI’s evaluate the critical operational areas of a business that it functionally needs for the successful achievement of its goals and objectives.

The primary function of Key Performance Indicators (KPI’s) is to monitor business strategies, financial, and operational targets and measure their impact (and performance) to determine both effectiveness and efficiency. An organisation sets KPI’s to gauge their success, improve performance, and guide decision-making for the Executive Management Team.


  • This type of KPI uses subjective characteristics, such as customer satisfaction.


  • This type of KPI uses objective data, such as percentages.

Leading Indicator

  • Leading indicators are predictable changes because of specific situations.

Lagging Indicator

  • Lagging indicators are an insight into a change after it occurs.


  • This type of KPI measures resources used.


  • This KPI measures the result of a process or activity.


  • This KPI measures the efficiency of a particular activity.

3. Identify risks that can drive variability in performance

An effective Risk Management strategy will identify the unknown elements but that will determine results and the immediate benefits that it can deliver. It also helps organisations remove barriers to performance and productivity and strengthen their overall operations – by quantifying risks and assure Business Continuity Management (BCM) with the most effective tool (preparedness!).

4. Establish Key Risk Indicators (KRI’s) and tolerance levels for critical risks

Key Performance Indicators (KPI’s) measure historical performance, whereas Key Risk Indicators (KRI’s) are forward-looking leading indicators which are intended to anticipate potential roadblocks and with tolerance levels that serve as “triggers for action”.

Key Risk Indicators (KRI’s) are metrics that predict potential risks that can negatively impact organisations, as they provide ways to quantify and monitor each risk. They can essentially be considered as change-related metrics that act as an early warning risk detection system to help organisation’s effectively monitor, manage, and mitigate risks.

Key Risk Indicators (KRI’s) are not limited by function alone and can be applied to many business processes. They provide accurate visibility into organisational weaknesses within their risk and Internal Controls environment (including processes) by helping to scope the development of your Risk Assessment Plan.

5. Deliver cross-functional engagement with integrated Risk Management Reporting

The continuous reporting and monitoring of strategic risks are a dynamic process that requires organisation-wide participation, engagement of values, and ingrained purpose. By addressing critical trends before they escalate to become major problems, the Enterprise Risk Management function must periodically report on Key Risk Indicators (KRIs) to their key stakeholders. But more importantly, grasp any unexpected opportunities as they arise.

With initiating “best practices” approach for creating an effective Risk Management Report, simply ensure that the following details are inclusive:

  • Include charts and / or other graphical elements in your Risk Management Report to highlight data and factual insights.
  • When possible, include a Sunrise (the point when a risk comes into play) and Sunset (when an identified risk is no longer considered to be a risk) for each identified risk.
  • Each identified risk should include a clearly defined Risk Statement explaining the threat of that same risk and a corresponding Context Statement (if necessary) can add additional clarity to determining next actions.
  • Include your Key Risk Indicators (KRI’s) to explain the significance of each indicator and what the organisation plans to do, but only if certain conditions are met.
  • Each risk must include a Risk Closure Criteria Statement explaining what your organisation is engaged with or actioning in terms of risk mitigation.


While a new strategy may prove unsuccessful (for a variety of reasons), neglecting the risks associated with strategy formulation and execution is a prominent reason for failure.

Quantitative measured information is readily available and long-term value creation is commonly measured using growth in revenue, share prices, and profitability. However, these items are lagging indicators that don’t necessarily provide assurance regarding the sustainability of value creation but when combined with risk analysis and taking corrective actions, organisation cut their losses and optimise their gains.

The odds concerning failure are alarming but the ability to “fail faster” is counterintuitively one of the best ways to improve financial performance. When an organisation fails faster through managing and measuring strategic risk – such as with Economic Capital and Risk Adjusted Return On Capital (RAROC)this enables the identification of early-warning signs for potential problems, assesses the salvageability of the situation, and thereby creates an exit strategy (if needed).

Need some guidance on your next steps? Let’s start a conversation…