Managing Strategic Risk

When leaders think about risk management in business they are too often talking about legal compliance.  This is a common misunderstanding of risk by leaders, not seeing risk as primarily a strategic issue in business. This view of risk misses the strategic elements of risk, which leaders need to consider in defining their business model and in making strategic decisions. From start-up to exit risk is a strategic issue, which should underpin all strategic thinking.  

Developing leadership risk skills is an important element for leaders to understand that their approach to risk defines how the lead and what they lead. Strategic risk defines the type of business model that leaders develop through to which markets and where in them they choose to operate. 



Drawing up lots of rules and making sure that all employees follow them on the other hand can solve operational risk. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company. But rules-based risk management focuses on legal requirements, not complete risk management. 

Understanding strategic risk and learning to how to manage key business risks throughout your business is an important skill set for leaders to develop in establishing their judgment in risk considerations and ensure they are integrated into strategic thinking.  There are two parts to risk, firstly identifying your strategic risk and then secondly how to actively manage the identified risks, which this article covers. If you would like to know more about strategic business planning then click this link here.

Here are some key questions to consider in identifying strategic risk:  

1. Risk Appetite 

The first stage in managing risk is to look at the leadership team and its surrounding stakeholders, both formal (Board, NED, shareholders) and informal (employees, advisors, channel partners) to map out the appetite to risk. The leaderships' risk appetite determines the overall approach the business will take to risk. Risk is always directly linked to reward, take no risk and you take no reward. Conversely take high risk and you could achieve high reward, but equally high failure. The more the leadership diversifies from its core skill sets it also increases the risk it takes. So risk is linked to the sector you are operating in, established and known is lower risk than emerging and unknown.       


2. How well is your strategy defined? 

Without a strategy your business is at high risk. If the leadership does not have a clear and articulated strategy, which is shared and owned, then the business is vulnerable to strategic drift, living in a dream and is without clarity and purpose. Having a strategy in place, provides the context of the business, with strategic goals, intent in positioning and outcomes defined which enable the business to drive forward. To learn more about strategy click here.

3. Strategic Risk Analysis

A business strategy must define the risk environment within which it operates. Strategic risk starts by looking at the risk of entering a market compared to the risk of not entering a market. Strategic risk management should compare not only the risks of the strategy but the reverse risks of not doing the strategy, the gap risk of missing the opportunity.

Strategic risk also covers risk analysis of the leadership and its approach to risk, how comfortable it is with risk reflects in how leadership teams actively manage risk which reflects its established risk skill set and appetite to risk across the board.

4. Strategic Risk Assessment

Risk, any risk is defined by the potential impact of the consequences from it. The manifestation of its likelihood of occurring is the assessment which must be undertaken, this is often scrutinized by undertaking scenario analysis (driven by board, NED and expert support and advisors) will encourage the leadership to consider a range of scenarios that can result in significant adverse consequences for the business and assist the leadership to make sure full width and depth analysis of strategic risk is undertaken.

This assessment provides the basis of mapping the risk and determining the investment in mitigation required to reduce or remove that risk.

5. Strategic Risk Mapping

The
leaders must see risk in the context of how shareholders or stakeholders measure value in the organization. This essential mapping of risk enables the leadership to articulate to stakeholders how the risks they are taking or the risks the business is exposed to may affect the organization’s ability to realize its strategic goals. By identifying common metrics for risk and performance also allows the leadership to define the priorities of risk management activities and focus on the mitigation of relevant and important and decision defining risks the board.



The second step, in creating an effective strategic risk management system is to understand the qualitative distinctions among the types of risks that a business could face and determining how to actively manage those risk. Risks typically fall into one of three categories and here's how leaders should be managing them:


1. Managing: Strategic risks.

The leadership having determined the level of risk it is willing to take in order to generate the returns from its strategy, its risk and reward profile, leaders must then develop appropriate channel partners to achieve that strategy. From its bankers credit risk, its strategy of launching new products through to its channel partner selection, all these decisions impact upon the strategic risk strategy. 

Strategic risks are quite different from operational risks because they are not inherently undesirable; they are quite the reverse they are deliberately accepted as part of operating within that industry. A strategy with high returns requires the business to take on higher risks, and actively managing those risks is a key driver in achieving those potential gains.

Strategic risks cannot be managed through a rules-based control models, such as compliance to legislation. Instead, the leadership must install a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain the risk events should they occur. Such systems enable companies to take on higher-risk, higher-reward ventures by identifying drivers of strategic risk, most often these are identified through 5 Forces analysis within markets and systems usually include primary (and secondary fallback) detailed objectives which must be achieved which underpin the strategy to actively manage the strategic risks.    


2. Managing: External risk factors

Certain strategic risks arise from events outside the company and are beyond its influence or control, often identified through PESTLE analysis. These major macroeconomic risks are outside the market but directly influence it. PESTLE identification and analysis enable leaders to manage the external risks effectively, through proactive identification and mitigation of their impact. For example changing economic conditions may raise global interest rates, which put pressures on even successful businesses, which impacts upon costs and profits.

Businesses need to build a defined risk management processes to these different PESTLE categories. By identifying key drivers of external change leaders can devise stress testing through scenario planning and devise alternative strategic options should external risk factors come into play.

3. Managing: Preventable internal risks. 

Conversely internal risks, arising from within the organization, that are controllable and ought to be eliminated or avoided. Businesses should have well defined internal risk systems in place which includes a tolerance level, such as 95% of all calls must be answered within 3 calls, in other areas health and safety for example mandatory 100% requirements for the use of PPE and operating systems must always be in place.  

Businesses should seek to eliminate these risks since they get no strategic benefits from taking them on. This risk category is managed through active prevention by monitoring operational processes and guiding people’s behaviors and decisions toward desired norms.

Identifying and managing preventable risks is about good management of existing best practices within the legal and industry best practice.  Companies cannot anticipate every circumstance or conflict of interest that an employee might encounter, so ensuring that risk is talked about, reviewed and assessed against best practice. 


Managing Risk effectively

Risk is a difficult subject for leaders, precisely because it is seen as an operational detail rather than strategic in nature. Business planning sets over optimistic forecasts, from unrealistic timescales to launch new products and services through over inflated revenue streams.  This form of linear extrapolations, how leaders have done it before will be immediately repeatable with something new is compounded by the use of conformation bias, selectively picking supportive data and ignoring unsupportive data. This form of groupthink often limits the risk discussion by narrowing the discussion down to it will happen rather than taking a holistic approach to risk.

Other key drivers of strategic risk failure come from leaders ignoring industry activity, how fast and quickly competitors will react to any new strategic initiatives to minimize their impact upon the status quo and how channel partners and customers will sound supportive but will measure the risk to them and mitigate it by limiting their exposure to risk. How industries react to change is one important consideration from an effective 5 forces analysis of any market. How do they players react to change is often analyzed by war-gaming with scenarios played out in theoretical games to see the impact of industry competition.

By strategy mapping your business leaders can often assess all risks linked to objective setting, looking at risk events associated with each objective and generate a risk profile for each risk and associated mitigation strategy.

Recently the adoption of the balanced scorecard has become a major way of mitigating risk, by linking mitigation to performance driver indicators of behavior within the organization. This highly effective risk management tool enables companies to engineer risk out of departments through positive mitigation strategies.  

For areas of risk which cannot be mitigated from within the company, such as natural disasters or acts of terrorism, then developing contingency plans act as mitigation to unforeseeable external risks. Not putting all leaders on the same plane is a simple example of contingency planning as is having secondary operational site, should your primary site be unusable from either natural causes such as flooding or from acts of terrorism.

Like to know more about strategic business planning then learn more through my video course on strategic business planning, which will reduce your risk in succeeding within your market, then click this link.


Richard Gourlay, how to take the guess work out of your business success

Good leaders embrace risk, they do not avoid it and investing time and skills into understanding and actively managing risk is an important element of leadership.  Good strategic planning encompasses strategic risk assessment and leadership teams need to invest in understanding their risk if they wish to succeed in their market.  

Popular Posts