The Benefits of Strategic Risk Management in Decision-Making: risk impacts on corporate performance and future development
The Benefits of Strategic Risk Management in Decision-Making
: Practical experiences on how to encourage decision-makers to realize risk impacts on corporate performance and future development
by Dr. Chao Yuang Shiang
While conventional enterprise risk management (ERM) techniques have done a reasonable job in identifying and mitigating financial and operational risks, research shows that it is the management of strategic risk factors that will have the greatest impact on your ability to realise your strategic objectives.
Bringing ERM into the forefront of strategic decision making and execution could thus give your business a decisive edge.
can be defined as the uncertainties and untapped opportunities embedded in your strategic intent and how well they are executed. As such, they are key matters for the board and impinge on the whole business, rather than just an isolated unit.
Strategic risk management approach
can be viewed as your organisation’s response to these uncertainties and opportunities. It involves a clear understanding of corporate strategy, the risks in adopting it and the risks in executing it. These risks may be triggered from inside or outside your organisation. Once they are understood, you can develop effective, integrated, strategic risk mitigation.
The main types of risk a business is likely to face.
Type 1. Financial risks
Financial risks are typically well controlled and are part of the routine focus of board risk discussions, with strong impetus coming from the increased regulatory, accounting and financial audit focus. As financial information is a key element of stakeholder communications, performance measurement and strategic delivery, board risk discussions will devote considerable time to these risks. The different types of risks will be discussed as follows.
Type 2. Operational risks
Operational risks are typically managed from within the business and often focus on health and safety issues where industry regulations and standards require. These internally driven risks may affect your organisation’s ability to deliver on its strategic objectives.
Type 3. Hazard risks
Hazard risks often stem from major exogenous factors, which affect the environment in which the organisation operates. A focus on the use of insurance and appropriate contingency planning will help address some of these. However, there is often a danger that as many of these risks cannot be controlled, boards and senior management will not reflect these in their strategic thinking. Confining strategic management to controllable factors will leave your business at risk of failing to address these factors.
Type 4. Strategic risks
Strategic risks are typically external or affect the most senior management decisions. As such, they are often missed from many risk registers. Your board has a responsibility to make sure all these types of risks are included in their key strategic discussions.
(Figure 2 sets out the main types of risk a business is likely to face)
The next discussion will be focused on how are risk management frameworks evolving in the face of these gaps in how risk is managed and the need for greater integration with strategic management? This research with board-dimension analysis is to highlight three major concerns.
First, many executives are worried that the risk frameworks and processes that are currently in place in their organisations are no longer giving them the level of protection they need.
Second, boards are seeing rapid increases both in the speed with which risk events take place and the contagion with which they spread across different categories of risk. They are especially concerned about the escalating impact of ‘catastrophic’ risks, which can threaten an organisation’s very existence and even undermine entire industries.
Third, shift is that boards feel they are spending too much time and money on running their current risk management processes, rather than moving quickly and flexibly to identify and tackle new risks. As a result, some are not convinced that their return on spending on ERM is fully justified by the level of protection they gain from it.
These shortcomings as mentioned above reveal that current approaches to risk management are no longer fit for purpose. It is important to develop and expand existing frameworks and tools, drawing on outside experience and knowledge wherever possible. Indeed, the external viewpoint that independent directors can bring to the boardroom will play an essential part in ensuring this breadth of risk-thinking enhances the development of strategic thinking.
How to map the risks to key performance and value measures
Where possible, it is useful to consider risk in the context of how shareholders or stakeholders measure value in the organisation. This will help management articulate to stakeholders how the risks they are taking or the risks the business is exposed to may affect the organisation’s ability to realise its objectives. Creating common metrics for risk and performance also allows management to define the priorities of risk management activities and focus on the more relevant risks to stakeholders and the board.
Encouraging management to understand risk impacts in the context of key performance metrics can be a complex task. However, if the key value drivers of the business are well understood by management, determining the potential impact of risk events on these value drivers should be achievable and would be considered part of a good risk management system. The challenge your and many other boards face is how to make sure the processes used to review and approve strategy can be extended to include an appropriate consideration of risk. There is a range of approaches that may be taken into considerations.
Dr. Chao Yuang Shiang
(Faculty in Dep. of finance, Nan Hua university)