A guide to strategic risk management
Understand and learn the best-practice approach to managing risks associated with business decisions.
What is strategic risk management?
Risk affects every organisation in today’s global marketplace. And to be successful, organisations must ensure that they are both meeting all their current requirements as well as preparing for what might come up in the future.
The first aspect is simply risk management. The second is what we think of as strategic risk management.
​
To understand strategic risk management, we first need to understand strategic risk.
​
​
Meaning of strategic risk
Strategic risk is quite simple to define – it’s the risk that arises or is associated with business decisions. So, for example, a lending entity takes on strategic risk every time it lends money to an individual or a company. And a property development firm exposes themselves to strategic risks when they purchase land to develop.
In both cases, these are inherent risks that relate directly to their own business goals.It’s important to note that strategic risks don’t just arise because of a failure of internal decision making. They can also be caused by external factors such as market demand, the economic environment and more, which impact the timing or environment of your business decisions.
Strategic risk management
Good strategic risk management is the process of identifying, analysing and mitigating your strategic risks. Take our earlier example of the lending institution. When this organisation lends money to an individual, they implement strategic risk management by putting processes in place to identify and analyse the level of risk that individual presents in terms of their ability to repay the loan. Then they mitigate lending risks by, perhaps, requiring security or some other additional documentation.
​
Of course this is a very simple example. But in practice, and for every organisation, it can be a complex process. Executive level leaders must be focused on their strategic risk management to ensure that risks are prioritised and adequately addressed.
Examples of strategic risk management
-
Technological advancements
-
Talent turnover
-
Partnerships and affiliations
-
Mergers or restructures
-
Competitive or market pressures
-
Regulatory changes
Strategic risk management vs operational risk management
The Basel Committee on Banking Supervision defines operational risk as, “the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events.” So unlike strategic risk management which focuses on doing things right to stay ahead, operational risk management is about doing the right things.
​
The primary objective of operational risk management is to mitigate risks that could arise from day-to-day operations. Strategic risks, by contrast, do not necessarily arise and could result in major losses.
​
Read more:
Strategic risks are inherent in every organisation and managing them is the key to success. Without proper strategic risk management, you may find yourself facing negative risk outcomes that have occurred because your strategy has failed.
​
Strategic risk management is important in every organisation’s general risk approach. It is this that allows an organisation’s executive management to focus on the future, rather than just the day-to-day risks and business plans.
Without this focus, an organisation’s decision-making ability will be limited to only those problems and risks they are currently facing. They simply won’t be focusing on the big picture. Strategic risk management provides the framework for focusing on that big picture.
Importance of strategic
risk management
Implementing effective
strategic risk management
In order to begin managing strategic risk, we must first be able to measure it. This can be done in a few ways, but the most common is the economic capital metric.
​
Under the economic capital metric, strategic risk is quantified by the amount of capital required to cover pre-determined losses associated with that risk. Because it is the common currency for risk quantification, and applies the same methodology and assumptions used in assessing enterprise value, it is ideal for measuring strategic risk.​​
5 steps to effective strategic risk management
Effective strategic risk management includes five steps:
1. Identification of business strategies and objectives
Strategic risk management focuses on the big picture, and to understand the big picture you must first identify the business strategies and objectives of your organisation, including KPIs.
2. Risk identification
Many strategic frameworks simply don’t take risks into account. However, understanding your organisation’s risks is the most vital step to managing them, and it’s crucial that they are integrated at your organisation’s planning stage.
When it comes to strategic risks, ensure that you are identifying risks that drive variability in performance in order to determine results. To adequately gather this holistic information you will need to involve staff from all levels of the business, so you can identify risks from a micro to macro level.
4. Set actions
At this stage, your risk managers will need to determine the actions and controls that should be put into place to manage your organisation’s strategic risk exposure and minimise your potential financial loss or operational disruption.
5. Implement controls for monitoring & reporting
Ongoing monitoring and reporting is a vital part of your strategic risk management plan.
This is where you ensure that all risk activities are being undertaken and accomplished and can see where there are gaps that may leave your organisation vulnerable or that might prove to be vital opportunities for the future.
3. Establish KRIs and impact tolerance levels
KRI’s are forward-looking indicators that help you to look at the road ahead to identify potential (rather than just probable) disruptions. With each of these potential disruptions, you’ll also want to set your impact tolerance levels. You will need to understand the likelihood and frequency of occurrence, the possible or probable severity, the impact on the business operations, and more. This needs to end with a prioritisation of those risks based on the factors you uncovered.
​
Read more: Impact Tolerance (Operational Resilience)
Your integrated strategic risk management solution
Strategic risks are some of the biggest (and most costly) hazards that your organisation faces in today’s global marketplace. But they also represent some of the greatest opportunities. In fact, when strategic risk management is done well, an organisation is able to minimise vulnerabilities while driving their future business outcomes.
​
Having good automation tools and software on your side can streamline your strategic risk management processes, including anticipating, assessing, monitoring, and managing risks. Good strategic risk management software can accomplish the following:
01
Seamless implementation
Your solution must be able to be seamlessly integrated and implemented within your organisation. Great solutions like Drova, give you the flexibility to create a tailored strategic risk program or automate and update your existing one, in order to ensure that your risk vulnerabilities are addressed, and your risk opportunities captured.
02
Risk analysis
Your tools must include quantitative analysis so you can track your business’ performance in light of its desired outcomes. It also needs to be able to test business decisions and their potential impacts before giving them the green light.
03
Automation and efficiencies
Any strategic risk management platform must be able to help you efficiently scale back the resources you are applying to your risk management. This includes automotive low-level tasks and freeing up your time and your risk team’s time for high-value activities, reducing costly human errors, and mapping out processes to improve standardisation, consistency and efficiency.
04
Collaboration and communication
An integrated strategic risk management platform must allow for easy information access by the right stakeholders. This means real-time alerts and notifications, trend and data analysis for more timely and accurate decision-making and compliant audit trails and reports.