BY TAHMID SADMAN
In the realm of business, risk has become a household word. It has garnered considerable attention in the light of events such as the financial crisis, policy changes, cyber-attacks and the arrival of big data and new business models. These events have presented headwinds and uncertainty which must be confronted with by incorporating a framework which should serve as a platform for robust planning, decision making, risk analyzing and strategy setting.
Past precedent, which treated risk as an isolated entity and not as an integral part of the overall business strategy and planning process, is a recipe for disaster in the current business context. A broader view of risks that focuses on a company’s long term future and not only on the strategies is the need of the hour. This is the new essence of strategic risk management.
Strategic risk management, a component of ERM (Enterprise Risk Management), refers to the process of pointing out, analyzing and taking appropriate steps to deal with risks which can threaten to undermine its business position, model and thwart its strategy objectives. Risks can be both internal and external. This process is anything but conservative as it helps firms to create value, not just protect it.
A survey by Forbes Insights revealed that firms are not only scaling up their emphasis on risk management, but they are also changing the way they do it- integrating risk management with business strategy. 48% of the firms involved in the survey had risk management systems which were paying dividends. The survey also revealed that in 2016, economic trends, business models, reputation and competition are the major risk areas that will have the most significant bearing on business strategy. It also revealed that human capital, customer capital and innovation will be the most valuable strategic entities by 2016. Companies have increased budget and frequency to monitor and manage strategic risks, and simultaneously they have also injected additional human capital to better manage these risks.
Implementation of Strategic Risk Management (SRM) consists of two pain parts- Risk Assessment and the embedding of SRM in the execution process of the firm.
A Risk assessment process consists of combining key elements of a strategy with risk data to form a risk profile. Then an action plan to manage and monitor risks is created and put into action to supplement the risk profile and hence provide an avenue for the organization to be pro-active. Effective management of key risk indicators (KRIs) helps management identify the root cause, the intermediate event resulting from the root cause and risk event arising. This proactive identification helps management design better operational buffers to mitigate the risks, achieve more effective risk reporting and ultimately achieve better performance
The integration of SRM in the overall business planning process is a very rigorous process which starts with the development of vision, values and mission; strategic analysis is also made along with the identification of strategic risks. Then we shed more light on the strategy by setting out strategy themes(operational excellence, creating solid relationships with stakeholders etc), strategy objectives(improve efficiency etc), set a risk scoreboard,strategy maps (maps which show the cause and effect relationship of strategic goals which falls under various perspectives such as finance, customer etc), set key risk indicators, which highlight potential risks to core objectives.
The next step is to align the organization with SRM which highlights the risk categories, risk owners, risk appetite, monitoring, action plans, and board and company oversight.
Afterwards, a firm should move on to planning its operations. Planning here should take strategic risks into account and be designed accordingly. The next step is to monitor strategic risks and refine the risk analysis. Finally, firms must engage in scenario analysis from which they can gauge profitability levels of various situations and apply new strategies.
However, an effective SRM will only add value if it fulfills the following factors
- Continuous evaluation of the risk scorecard
- Continuous collaboration between risk and strategy functions.
- Risks must be taken into account on the basis of a firm’s strategy objectives
- Clarity in the risk management process
- SRM being a part of organizational culture.
- If SRM manages to reveal future risk factors (Relevant key Risk Metrics must be designed to ensure this)
SRM is a core competency which if applied properly will help organizations stay ahead of the curve. A comprehensive SRM will require a considerable financial investment-ERPs, risk management software, additional training and hiring risk managers. However, ultimately the benefits will outweigh the costs as SRM will help firms mitigate and exploit risks more effectively, thus helping them to sustain their respective competitive advantage, maintain better bottom lines, increase shareholder value and curtail the chances of a reputation meltdown.
The writer is a junior at the Institute of Business Administration, University of Dhaka. He can be reached at [email protected] For more information on GradInsights, the research service of GradConnect, drop us a message on our facebook page.