Strategic risk management

Strategic risk management
See also

Strategic risk management enables top management to link strategy with risk management in highly uncertain environment. Achievement of goals described in the strategy requires identification and dealing with risks. The strategic risk management is part of enterprise risk management (ERM) as defined by COSO (Committee of Sponsoring Organizations of the Treadway Commission) in Enterprise Risk Management—Integrated Framework in 2004.

As the environment becomes more and more turbulent, and long-term planning gets shorter and shorter due to inability to predict future, the strategic risk management becomes a necessary tool for managers. It helps extend planning and increase its accuracy, which translated into decline in losses related to bad strategic decisions.

6 principles of strategic risk management

M.L. Frigo and R.J. Anderson defined six principles of strategic risk management in relation to ERM:

  1. It's a process for identifying, assessing, and managing both internal and external events and risks that could impede the achievement of strategy and strategic objectives.
  2. The ultimate goal is creating and protecting shareholder and stakeholder value.
  3. It's a primary component and necessary foundation of the organization's overall enterprise risk management process.
  4. As a component of ERM, it is by definition effected by boards of directors, management, and others.
  5. It requires a strategic view of risk and consideration of how external and internal events or scenarios will affect the ability of the organization to achieve its objectives.
  6. It's a continual process that should be embedded in strategy setting, strategy execution, and strategy management.

Strategic risk management process

The strategic risk management process was proposed by M. Tonello:

  1. Achieve a deep understanding of the strategy of the organization
  2. Gather views and data on strategic risks
  3. Prepare a preliminary strategic risk profile
  4. Validate and finalize the strategic risk profile
  5. Develop a strategic risk management action plan
  6. Communicate the strategic risk profile and strategic risk management action plan
  7. Implement the strategic risk management action plan

See also: risk management process.

Implementation of SRM

Implementation of SRM in the enterprise requires to deal with four main issues:

If the goals of top management are different than those of enterprise owners, the increased exposure to risks is inevitable. The risk level accepted by managers can be lowered if they are also owners of the company. If the power of investors is low, the managers tend to take higher risks. Therefore, effective corporate governance is necessary for SRM to work properly.

The personnel should be prepared for risk events to avoid panic and wrong decisions. The managers should teach personnel how to behave in case of crisis situations. They should also create a set of procedures and risk management plans. The personnel and managers should be rewarded for good decisions related to risks. Some add that they should be also punished for bad ones.

The whole implementation of SRM usually requires change in the organizational culture. In case of risk management, the communication systems should be fast and reliable, personnel must not be afraid of taking about risks. This helps to identify all the risks related to enterprise strategy.


Author: Slawomir Wawak