Strategic risk management

From CEOpedia | Management online
Revision as of 03:19, 18 November 2023 by Sw (talk | contribs) (Infobox5 upgrade)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Strategic risk management enables top management to link strategy with risk management in highly uncertain environment. Achievement of goals described in the strategy requires identification and dealing with risks. The strategic risk management is part of enterprise risk management (ERM) as defined by COSO (Committee of Sponsoring Organizations of the Treadway Commission) in Enterprise Risk Management—Integrated Framework in 2004.

As the environment becomes more and more turbulent, and long-term planning gets shorter and shorter due to inability to predict future, the strategic risk management becomes a necessary tool for managers. It helps extend planning and increase its accuracy, which translated into decline in losses related to bad strategic decisions.

6 principles of strategic risk management

M.L. Frigo and R.J. Anderson defined six principles of strategic risk management in relation to ERM:

  1. It's a process for identifying, assessing, and managing both internal and external events and risks that could impede the achievement of strategy and strategic objectives.
  2. The ultimate goal is creating and protecting shareholder and stakeholder value.
  3. It's a primary component and necessary foundation of the organization's overall enterprise risk management process.
  4. As a component of ERM, it is by definition effected by boards of directors, management, and others.
  5. It requires a strategic view of risk and consideration of how external and internal events or scenarios will affect the ability of the organization to achieve its objectives.
  6. It's a continual process that should be embedded in strategy setting, strategy execution, and strategy management.

Strategic risk management process

The strategic risk management process was proposed by M. Tonello:

  1. Achieve a deep understanding of the strategy of the organization
  2. Gather views and data on strategic risks
  3. Prepare a preliminary strategic risk profile
  4. Validate and finalize the strategic risk profile
  5. Develop a strategic risk management action plan
  6. Communicate the strategic risk profile and strategic risk management action plan
  7. Implement the strategic risk management action plan

See also: risk management process.

Implementation of SRM

Implementation of SRM in the enterprise requires to deal with four main issues:

If the goals of top management are different than those of enterprise owners, the increased exposure to risks is inevitable. The risk level accepted by managers can be lowered if they are also owners of the company. If the power of investors is low, the managers tend to take higher risks. Therefore, effective corporate governance is necessary for SRM to work properly.

The personnel should be prepared for risk events to avoid panic and wrong decisions. The managers should teach personnel how to behave in case of crisis situations. They should also create a set of procedures and risk management plans. The personnel and managers should be rewarded for good decisions related to risks. Some add that they should be also punished for bad ones.

The whole implementation of SRM usually requires change in the organizational culture. In case of risk management, the communication systems should be fast and reliable, personnel must not be afraid of taking about risks. This helps to identify all the risks related to enterprise strategy.

Examples of Strategic risk management

  • Developing a contingency plan: A contingency plan is an effective tool that can be used to manage strategic risks. It involves developing a plan to address potential risks and outline the steps that should be taken if the risk materializes. For example, if a company is planning to launch a new product or service, they might develop a contingency plan that outlines the steps that should be taken if the launch fails.
  • Establishing risk policies: Risk policies are statements that outline the organization’s approach to managing risk. They provide guidance on how risks should be identified, assessed, managed, and reported. Risk policies should be established to ensure that all risk management activities are conducted in accordance with the organization’s risk management objectives.
  • Implementing risk controls: Risk controls are measures that can be used to reduce or eliminate the likelihood of a risk occurring or the severity of its impact. Risk controls should be implemented to ensure that risks are managed in a way that minimizes their impact on the organization. Examples of risk controls include installing a firewall to protect against cyber attacks or conducting regular audits to ensure that processes are being followed correctly.
  • Establishing a risk culture: Establishing a risk culture in an organization involves creating an environment where risks are identified, assessed, and managed effectively. This involves educating staff on risk management and encouraging them to report any potential risks they identify. It also involves setting clear expectations for risk management and ensuring that everyone in the organization is held accountable for managing risks.

Advantages of Strategic risk management

An effective strategic risk management process can bring many advantages to an organization. These advantages include:

  • Improved decision making: Strategic risk management provides a systematic approach to identify, assess, and manage risks, which allows management to make more informed and effective decisions.
  • Enhanced strategic planning: Strategic risk management helps to identify and analyze the risks associated with various strategic initiatives, allowing management to better understand the potential outcomes and plan accordingly.
  • Improved risk management: By identifying and managing risks, organizations can reduce the likelihood of negative outcomes and discover opportunities for improvement.
  • Increased efficiency and cost savings: By managing risks, organizations can reduce their operational costs and improve efficiency.
  • Improved communication: Strategic risk management facilitates communication between departments and stakeholders, allowing them to collaborate more effectively.
  • Increased shareholder confidence: Companies that use strategic risk management are in a better position to fulfill their obligations and meet the expectations of their shareholders, increasing their confidence in the organization.

Limitations of Strategic risk management

  • Strategic risk management has some inherent limitations, such as:
  • Difficulty in framing appropriate strategies to manage risks: Strategic risk management requires appropriate strategies to manage risks and to achieve the desired goals. However, it can be difficult to frame such strategies, particularly in a highly uncertain environment.
  • Difficulty in predicting future events: Strategic risk management relies on predicting future events. In a highly uncertain environment, it can be difficult to accurately predict future events, making it challenging to effectively manage risks.
  • Difficulty in measuring risks: Strategic risk management requires accurate measurement of risks in order to properly manage them. However, it can be difficult to accurately measure risks, particularly when dealing with highly uncertain environment.
  • Difficulty in monitoring the risks: Strategic risk management requires the implementation of appropriate strategies and the monitoring of risks in order to ensure that the strategies are effective. This can be difficult to do in a highly uncertain environment.

Other approaches related to Strategic risk management

There are other approaches related to strategic risk management, such as:

  • The Risk Management Maturity Model (RM3) by the Open Risk Management (ORM) Foundation, which is a structured approach to assessing, managing and improving risk management performance. It provides a framework to identify and measure the maturity of risk management practices across different risk management disciplines.
  • The Strategic Risk Management Framework, developed by the Institute of Risk Management (IRM), which provides a structured approach to assessing and managing risks strategically. This framework helps organizations identify, assess and manage risks that may affect their strategic objectives and long-term performance.
  • The Risk Appetite Framework, developed by the Financial Stability Institute (FSI), which is an approach to setting an organization’s risk appetite and managing risk at the enterprise level. It helps organizations understand the level of risk they are comfortable taking and how to manage it.
  • The Governance and Risk Management Framework, developed by the Canadian Institute of Chartered Accountants (CICA), which provides a comprehensive approach to risk management and corporate governance. It helps organizations identify, assess, manage and report on their risks.

In summary, there are a number of approaches related to strategic risk management, including the Risk Management Maturity Model, Strategic Risk Management Framework, Risk Appetite Framework, and Governance and Risk Management Framework. These approaches help organizations identify, assess, manage and report on their risks in order to achieve their strategic objectives.


Strategic risk managementrecommended articles
Risk appetite statementRisk management processBusiness risk managementDifferences between control and controllingStrategy deploymentStrategic controlISO 31000Management systemRisk treatment plan

References

Author: Slawomir Wawak