Skip to main content

BASICS

Strategic Risk Management

Risk management is the term applied to a logical and systematic method of establishing the context, identifying, analyzing, evaluating, monitoring, and communicating risks associated with any activity, function, or process in a way that will enable organisations to minimize losses and maximize opportunities. It’s too often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company.
Risk management is as much about identifying opportunities as avoiding or mitigating losses.

Most organizations tend to look at Risk from the following perspective:

      •  Strategic
      •  Operations
      •  Market / External
      •  At times specific to certain function eg: Credit Risk

Apart from Strategic Risk, the rest tend to be compliance centric which calls for more attention towards the relevancy of it and should support the decision process. Meanwhile, Strategic Risk is the most challenging area to implement or execute in an organization.

Strategic Risk falls into 3 categories:

Category 1 :
Known knowns – focusing mostly from governance and compliance matters eg: Arise from employees’ failure to perform routine, standardised or predictable processes

Category 2 :
Known unknowns – What can cause us not to achieve the desired strategic objectives? Risks the organisation is willing to accept to execute the strategy and create value

Category 3 :
“Unknown unknowns:” What event or combination of events can cause the entire strategy or the enterprise to fail? Eg: black swan events

Risks exist within each element of strategy execution as well as the strategy, Failure to address these risks reduces performance and erodes the value creation of an organization.

Risk management is the term applied to a logical and systematic method of establishing the context, identifying, analyzing, evaluating, monitoring, and communicating risks associated with any activity, function, or process in a way that will enable organisations to minimize losses and maximize opportunities. It’s too often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company.
Risk management is as much about identifying opportunities as avoiding or mitigating losses.

Most organizations tend to look at Risk from the following perspective:

  • Strategic
  • Operations
  • Market / External
  • At times specific to certain function eg: Credit Risk

Apart from Strategic Risk, the rest tend to be compliance centric which calls for more attention towards the relevancy of it and should support the decision process. Meanwhile, Strategic Risk is the most challenging area to implement or execute in an organization.

Strategic Risk falls into 3 categories:

Category 1 :
Known knowns – focusing mostly from governance and compliance matters eg: Arise from employees’ failure to perform routine, standardised or predictable processes

Category 2 :
Known unknowns – What can cause us not to achieve the desired strategic objectives? Risks the organisation is willing to accept to execute the strategy and create value

Category 3 :
“Unknown unknowns:” What event or combination of events can cause the entire strategy or the enterprise to fail? Eg: black swan events

Risks exist within each element of strategy execution as well as the strategy, Failure to address these risks reduces performance and erodes value creation of an organization.

Two approaches to integrating Strategy and Risk

In the Strategy development process, it will be beneficial for strategist/planners to identify the strategic risk for every direction planned. This method helps to prepare risk mitigation and opportunities for each strategic direction.
Its crucial to build a Strategy Map (A Road map of your strategy and support the execution process) and conduct a risk assessment against each strategic objective. This process helps to identify risk in each perspective eg: From a financial perspective what are the risk to value creation and preservation, meanwhile in other perspective risks are looked at operations and compliance

All organization recognises that there is an element of risk in all commercial activity, Risk Appetite or the amount of risk the organisation is prepared to take in pursuit of its strategic objectives is necessary to be identified. The below table provides an example of Risk Appetite.

Risk exposure is commensurate with opportunity and reward, it also adds discipline and focus to organisational efforts and priorities. This activity must be ratified by the Board which will set the tone and tempo for the organization accordingly. As the process is cascaded in the development of the execution plan, risk appetite can also be incorporated as shown below and another option is to develop Key Risk Indicators, which helps organizations to provide an early signal of increasing risk exposures in various areas of the enterprise and to the strategy. They are sensors embedded to provide early warning that the organisation might be heading into dangerous water .
In summary its important for the Board and Operating Executives in the Organization to review performance. Effective performance management is critical to understanding whether potential value is being created or is likely to be eroded
Strategic performance management requires ongoing risk assessments – it is a process, not an event. Strategic risk should be quantified wherever possible. Based on our implementations it necessary to keep the entire process Simple & Real!

Written By

TM Nagarajan/Managing partner

News & Thoughts

Leave a Reply