Integrating Risk Management and Strategic Planning

Changes in information technologies, an increase in the number of corporate scandals, heightened globalization, complexity of business transactions, competition, natural disasters and the recent fallout from the global financial crisis have all contributed towards enterprise risk management (ERM) becoming a top priority.

In the age of intense volatility, uncertainty, complexity and ambiguity, business success hinges hinges on making intelligent and informed risk decisions through the integrating corporate strategy and risk management.

Ignoring risks associated with strategies or ineffectively managing them is a definite recipe for failure. Why integrate risk into strategic planning and embrace ERM?

ERM’s top-down and holistic approach to effective risk management for the entire enterprise, enables the organization to identify and evaluate how a broad range of possible events and scenarios will impact its strategy execution, including their ultimate impact on achievement of set objectives.

By integrating enterprise risk management in strategy development and strategy execution capabilities, the organization will be best positioned to create and enhance sustainable value.

Although research has shown the benefits of such integration, why has there been a slow take-off in the risk-strategy integration processes of numerous organizations?

• Failure by senior management in the overall risk-oversight process.
• Boards of directors being unaware of enterprise risks because of lack of knowledge, and sometimes, due to ignorance.
• Over-reliance by senior management on complex quantitative risk models that ignore sound human element of qualitative judgement.

Although it is evident that no one person can predict the future with accuracy, management and their boards must at least consider and be proactive of responses to events, whatever the cause, that might have a devastating impact on strategy execution and the overall performance of the organization.

Instead of viewing ERM as a compliance activity, management ought to view ERM as a strategic focus, consistent with the view that an enterprise-wide approach to risk management is value-enhancing. This means management:

• Strengthening the overall oversight of the enterprise’s risk management processes.
• Reassessing the weaknesses in existing risk management processes.
• Enhancing the accuracy of risk management analysis to the company’s strategic setting activities.
• Adding formal risk discussions to their agendas on a regular basis.

To maximize value when setting strategic objectives, it is imperative that management find an ideal balance between performance goals and targets and related risks.

This means evaluating the difference strategic alternatives designed to reach performance goals as well as interconnected risks across each alternative to establish whether the potential returns are proportionate with the associated risks that each alternative presents.

This evaluation should also involve weighing enterprise risks to ensure they are within the stakeholders’ appetite for risk.

Considering risk during the strategy planning and strategy execution process is important because it creates ability for the organization to seize risk opportunities with the potential to increase returns for the business or identify areas where it is too risk averse.

If risk decision making is not aligned with strategic decision making processes, business opportunities and threats may be overlooked.

It is therefore important that the board and executive management clearly understand the various value drivers of the organization and the different risks surrounding these drivers.

Knowing this information helps devise and implement strategies that are capable of moving the organization forward.