Question

10 Critical Steps for Value-Added Strategic RIsk Management.

Answer 1

Critical Steps for Value-Added Strategic Risk Management

Strategic risk management is increasingly being viewed as a core competency at both the management and board levels. In fact, board members are increasingly focused on strategic risk management, asking executives such questions as “Of the top five strategic business risks the company faces, which ones are you looking at, and what countermeasures are you devising?” The Strategic Risk Management Lab in the Center for Strategy, Execution, and Valuation at DePaul University is sharing with management teams and boards emerging best practices gleaned from its research. Consider the following list of 10 practices worth striving toward.

1. Communicate and share information across business and risk functions— and externally. This is considered by some to be the ultimate risk management “best practice.”

2. Break down risk management silos. Establish interdisciplinary risk management teams, so that each functional area can understand where it fits into the entire company strategy and how it affects other areas.

3. Identify and, where possible, quantify strategic risks in terms of their impact on revenue, earnings, reputation, and shareholder value

4. Make strategic risk assessments part of the process of developing strategy, strategic plans, and strategic objectives. Again, this requires a combination of skills that can be achieved by creating interdisciplinary teams.

5. Monitor and manage risk through the organization’s performance measurement and management system, including its Balanced Scorecard.

6. Account for strategic risk and embed it within the strategic plan and strategic plan management process. Wherever scenario planning is included in developing the strategic plan, there should also be a discussion of countermeasures in the event that a risk event occurs.

7. Use a common language of risk throughout your organization. Everyone must understand the organization’s particular drivers of risk, its risk appetite, and what management considers acceptable risk levels.

8. Make strategic risk management, like strategy management itself, a continual process. Risk is inherently dynamic, so risk management and assessment must evolve from being an event to being a process—and must include regular analysis and critical risk information refreshes. Strategic risk management reviews should be conducted as part of regular strategy reviews.

9. Develop key risk indicators (KRIs) to continuously monitor the company’s risk profile. Like the Balanced Scorecard with its measures, targets, and initiatives, the risk management system should include KRIs, thresholds and trigger points, and countermeasures to mitigate or manage the risk.

10. Integrate ERM into Strategy Execution Systems. This means integrating ERM into the entire management system. This will require strategic risk management as a core competency in organizations and a commitment to continuously monitor and manage risk in the strategy and its execution.

CONCLUSION

The need to connect strategy and enterprise risk management couldn’t be more relevant than it is in the current economic climate. Effective strategic risk management is likely to make the difference between survivability and demise for many. Designed effectively, the connection of ERM and strategy should be value-adding, allowing the enterprise to be more proactive and flexible in managing uncertainties tied to strategies as they unfold.

The key to successful strategic risk management is the ability to identify those risks embedded in the organization’s business strategy that are potentially the most consequential. Focusing on strategic risks serves as a filter for management and boards of directors to reduce the breadth of the risk-playing field and ensure that they are focused on the right risks.