This post discusses strategic risk and strategic risk management. In this post, you will understand the meaning of strategic risk and the management of strategic risks.

WHAT IS A STRATEGIC RISK?

Strategic Risk Management is a process for identifying, assessing, and managing risks and uncertainties affected by internal and external events or scenarios that could inhibit an organisation’s ability to achieve its strategy and strategic objectives to protect shareholders and enhance the firm’s value. Strategic risk is associated with managing a firm’s long-term plan. An example is a risk resulting from an incorrect assessment of future market trends when developing the initial plan. In developing a strategy, an organisation assesses market conditions today. It then forecasts the various changes that will occur in the market over some time. 

Strategic risk is generally more challenging than operational or change/project risk. Strategic risk tends to be applicable over the long term; hence, strategic risk is highly time-dependent. Most operational processes continue without significant change over relatively long periods. Many small- to medium-sized change projects are designed and implemented relatively quickly. They are unlikely to be affected by long-term changes in the political or economic environment.

Strategic risks are more complex and challenging to model and assess than operational and project risks. Analysing employee attendance records and predicting likely sickness and absenteeism rates through a project is relatively simple. It is much more challenging to assess the likelihood of a significant change in the level of competition that is characteristic of a given sector. This depends on a range of complex and long-term variables that are very difficult to consider in a form for modelling and extrapolation.

TYPES OF STRATEGIC RISKS

The strategic risks relevant to a business depend mainly on its sector, consumer range, product range, and many other factors. There are three broad types of strategic risks: regulatory, competitor and economic risks. Let us explain these three types of strategic risks.

SOURCES OF STRATEGIC RISKS

Strategic risks may arise through:

1. Mergers, acquisitions, and other competition,

2. Market or industry changes,

3. Changes among customers or in demand,

4. Change management,

5. Human resource issues – e.g., staffing and staff training,

6. Financial issues with cashflow, capital or cost pressures,

7. IT disasters and equipment failure,

8. Relationship issues – e.g., issues with suppliers, contractors, and 

9. Reputational damage.

INTEGRATION OF PLANNING INTO STRATEGIC RISK MANAGEMENT

Managing strategic risk involves five steps that can be integrated into the strategic planning and implementation process: 

1. Define business strategy and objectives. 

2. Establish key performance indicators (KPIs) to measure results. 

3. Identify risks that can drive variability in performance. 

4. Establish key risk indicators (KRIs) and tolerance levels for critical risks. 

5. Provide integrated reporting and monitoring.

STRATEGIC RISK MANAGEMENT

Strategic risk management (SRM) is a process that can assist a firm in identifying, assessing, and managing the risk associated with business strategy. It also enables an organisation to take quick action when risks materialise. Strategic risk management involves evaluating: (1) how possible events and scenarios may affect your strategy and execution; and (2) the ultimate impact of these risks on the company’s value. Strategic risk management requires a firm to define tolerable levels of risk as a guide for making strategic decisions.

Rather than a one-off effort, strategic risk management is a continual process that can be integrated into a company’s strategic planning and implementation. A business should prepare for other risk categories, including compliance and regulatory, financial, and operational risks. 

Strategic risk management is a core competency at the management and board levels. The exact steps an organisation should take will depend on the level of maturity of its overall enterprise risk management (ERM) processes. An initiative focused on strategic risks may be a good starting point for organisations starting or considering an ERM effort. For some organisations that have already begun implementing ERM, the focus on strategic risks will be a refinement and evolution of their activities.

Steps of sound strategic risk management practices:

1. Assess the maturity of the organisation’s ERM efforts relative to its strategic risks. 

 2. Conduct a strategic risk assessment. 

 3. Review the strategy-setting process, including identifying related risks. 

 4. Review the processes to measure and monitor the organisation’s performance. 

 5. Develop an ongoing process to periodically update the assessment of strategic risks.

IDENTIFICATION OF STRATEGIC RISKS

The process of identifying strategic risk requires:

1) Intimate knowledge of the company, including the company’s operating market and legal, social, political, and cultural environment; and 

2) Understanding of the company’s strategic objectives.

Identifying strategic risk culminates in specifying a series of threats that comprise the company’s risk profile. Businesses can use several strategies to identify strategic risks, including brainstorming, conducting a team-based exercise, interviews, and surveys. See the post on 26 ways to identify risks in an organisation.

STRATEGIC RISKS ANALYSIS

After identifying a firm’s strategic risks, the next step is to analyse the risks. There are several tools a business can use to analyse its strategic risks, including Scenario analysis, Fault tree analysis, SWIFT Analysis, Bow-tie analysis, decision tree analysis, Incident analysis, Probability and Consequence Matrix, and the Delphi technique.

STRATEGIC RISK ASSESSMENT PROCESS

Here are the seven basic steps in conducting a strategic risk assessment:

1. Understand organisational strategy,

2. Gather views and data on strategic risks,

3. Prepare a preliminary strategic risk profile,

4. Validate and finalise the strategic risk profile,

5. Develop a strategic risk management action plan,

6. Communicate the strategic risk profile and strategic, and

7. Implement the strategic risk management action plan.

HOW TO MEASURE STRATEGIC RISKS

A fundamental tenet of enterprise risk management (ERM) is that it measures risk with the same yardsticks used to measure results. In this way, companies can calculate how much inherent risk their initiatives contain. 

Strategic risk can be measured with two key metrics:   

1. Economic capital is the equity required to cover unexpected losses based on a predetermined solvency standard. 

2. Risk-adjusted return on capital (RAROC) is the anticipated after-tax return on an initiative divided by economic capital.

INTEGRATING STRATEGIC RISK MANAGEMENT

Since strategic risk is tied to an organisation’s strategies, strategic risk management must be incorporated into the organisation’s core processes. Here are the seven steps to integrate strategic risk management with strategic planning within an organisation: 

1. Develop the strategy,

2. Translate the strategy,

3. Align the organisation,

4. Communication,

5: plan operations,

6. Monitor and learn, and

7. Test and adapt.

See my video on Strategic Risk and Strategic Risk Management: https://youtu.be/982kjjrlFso