A possible source of loss that might arise from the pursuit of an unsuccessful business plan. For example, strategic risk might arise from making poor business decisions, from the substandard execution of decisions, from inadequate resource allocation, or from a failure to respond well to changes in the business environment.
Before we can understand Strategic Risk Management (SRM), we must first understand Enterprise Risk Management (ERM).
Definition of ERM:
- A process performed by an entity’s Board, management and other personnel
- Process is applied in a strategy setting and across the entire enterprise
- Designed to identify potential events or risks that may affect the entity
- Risk is defined by the IIA as the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.
- Allows the entity to manage risk to be within its risk appetite (the level of risk an organisation is willing to accept)
- Provides reasonable assurance (not absolute assurance) regarding the achievement of entity objectives
ERM focuses on the achievement of an entity’s objectives
Most entity objectives can be broken down into four broad categories for ERM:
1.Strategic
2.Operations
3.Reporting
4.Compliance
A particular objective may overlap certain categories
Allows an organisation to focus on these separate objectives for the purpose of ERM
Strategic objectives are one of the components of ERM
Strategic Objectives
Strategic objectives are defined as:
¨ High-level goals
¨ Aligned with and support the goals of the organisation
¨ Core and backbone of the organisation’s strategy
¨ Provide guidance on how the organisation can fulfill or move toward the high-level goals
¨ More specific and cover a more well-defined time frame
Strategic Risk
As an organisation attempts to achieve their strategic objectives, both internal and external events and scenarios can inhibit or prevent an organisation from achieving their strategic objectives. This is known as strategic risk.
Strategic risk can be further defined as:
- Exposure to loss resulting from a strategy that turns out to be defective or inappropriate
- Risk associated with future plans and strategies, including plans for entering new services, expanding existing services through enhancements and mergers, enhancing infrastructure, etc
- Current and prospective impact of strategic decisions made by management arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes
Strategic risk is a function of the compatibility of an organisation’s strategic goals, the business strategies developed by management to achieve those goals, the resources deployed against these goals, and the quality of implementation.
The resources needed to carry out business strategies are both tangible and intangible. They include communication channels, operating systems, delivery networks, and managerial capacities and capabilities. The organisation’s internal characteristics must be evaluated against the impact of economic, technological, competitive, regulatory, and other environmental changes and challenges.
See also: Strategic Risk Management.