Examining Strategic Risk – What is it – Why Should We Care? Part 1
Within the management literature, most organizations have viewed the process of risk management primarily as an issue of compliance with statutory or regulatory requirements. Risk management within organizations has traditionally occurred within specific areas – technology, regulatory, financial, environmental etc. – with little or no coordination. Major ‘risk’ events such as September 11, Enron, WorldCom and the recent financial crisis made it increasingly apparent that the processes, policies and procedures of managing organizational risk must be a cohesive, constant analysis of both the internal and external organizational environment.
After the major ‘risk’ events of the last twenty years, the literature suggests a concentration on compliance with statutory regulatory requirements as the driver for risk management within an organization may not be an effective motivation for the management of risk.
The notion of risk as a fundamental part of strategic management has also become increasingly important in organizations. The rise of Enterprise Risk Management (ERM), sophisticated approaches to financial risk by both financial and non-financial organizations and an emphasis by regulators on risk related issues manifests this importance. However, as we know, ERM is a relatively recent management activity and has not been fully implemented in most organizations.
ERM implementation is a recent development and there has been little academic research about its success or the barriers to furthering its progress. In particular, very little has been published about attempts to identify and manage strategic risks while integrating them into a corporate-wise ERM framework.
As more organizations are focusing on the systemic and controllable risks within their business as well as ERM, a question emerges as to how this fits in with an organization managing its strategic objectives? Moreover, how does the risk function manage ’strategic risks’? Yet it is unclear from the literature what strategic risks are and how they are managed. There needs to be a common understanding of strategic risk and what it means to be managed by organizations.
You may also find the following posts interesting:
- Examining Strategic Risk – What is it – Why Should We Care? Part 2
- Examining Strategic Risk – ‘Strategic’ Risk or ‘Strategic Risk’ Management?
- Exploring Enterprise Risk Management and Organizational Culture: Part One
- Strategic Risk as an Element of Operational Risk
- Big Companies Get It, Why Don’t SMBs?
4 Responses to “Examining Strategic Risk – What is it – Why Should We Care? Part 1”
Leave a Reply
todddavies on October 19th, 2009
Hi Tom
I found your post from a question you asked on LinkedIn. Unfortunately by the time I got to that one the question had been closed.
Great to see you raising such pertinent questions. I have been working for many years working on assessing the adequacy of risk management systems, and teaching others how to do so.
I’ve come to the conclusion that strategic and systemic risk are the key issues to be managed and that operational, reporting and compliance risk are more of a hygiene capability. Unfortunately to get a lot of that hygiene capability in place an ERM exercise is necessary, and many countries and industries are very early on that journey.
A number of regulators in Commonwealth countries are now beginning to drive accountability for material business risk into their listing requirements. I see this as a trend, and the SEC is currently being petitioned on this.
The conclusion I’ve reached on this is that you can’t sign off on material risk, unless you’ve got a good handle on strategic and systemic risk, which is precisely the reason that in the lead up to the GFC we had a lot of risk professionals scratching their heads saying “I didn’t see that coming”.
I’ve got an enormous body of work on this if you’re interested, including some recent presentations on video and audio feed. Just follow the link above.