What Is Strategic Risk - markfrigo.org

1 What is Strategic risk manage-ment (SRM)? Is it the sameas or different from enterprise riskmanagement (ERM)? What kindsof events or risks are strategicrisks? Boards of directors andmanagement teams have been ask-ing these questions a lot ofthe lessons many organi-zations learned from the globalfinancial crisis is that they need toclearly link strategy and risk man-agement and be able to identifyand manage risk in a highly uncer-tain environment. Another is thatthey must focus risk managementon creatingvalue as well as protect-ingvalue. In this article, we presenta working definition of and guid-ing principles for SRM that man-agement teams and directors canuse to help link ERM with strategyand strategy execution and tofocus risk management on creatingand protecting value.

2 This insightis based on some of the latestdevelopments in Strategic riskmanagement from the work we redoing with management teamsand boards, research in the Strate-gic Risk Management Lab atDePaul University, and throughcollaborative research with theCommittee of Sponsoring Organi-zations of the Treadway Commis-sion (COSO) and other universi-ties and professional Relationship between SRM and ERMIn 2004, COSO issued its EnterpriseRisk Management IntegratedFrameworkwith this definition ofERM (see ):Enterprise risk management is aprocess, effected by an entity s boardof directors, management and otherpersonnel, applied in strategy set-ting and across the enterprise,designed to identify potential eventsthat may affect the entity, andmanage risk to be within its riskappetite, to provide reasonableassurance regarding the achieve-ment of entity definition describes a broadset of processes that apply acrossthe enterprise and involve everyonefrom the board of directors ondown.

3 (Note that ERM is directlyrelated to strategy setting. )The Integrated Frameworkpro-vides the key principles and com-ponents of enterprise risk manage-ment and is grounded in theconcept of ERM focusing on theachievement of an entity s Framework groups entityobjectives into four categories: Strategic , operations, reporting, andcompliance. A particular objectivemay overlap certain categories, butthe four categories allow an organi-zation to focus on these separateobjectives for purposes of defines strategicobjectivesas high-level goals, aligned withand supporting its mission. Thesestrategic objectives are the core ofan organization s strategy. Bothinternal and external events andscenarios that can inhibit an orga-nization s ability to achieve itsstrategic objectives are strategicrisks, which are the focus of strate-gic risk management.

4 Accordingly,SRM is a critical part of an organi-zation s overall ERM process. It isn tseparate from ERM but is a criticalelement of it and one that hasbeen becoming more Advent of Strategic Risk ManagementToday,directors and executives areseeing increased expectations fromshareholders, regulators, ratingagencies, and other stakeholdersthat they understand and aremanaging the organization s riskand risk management processes including Strategic risks and thatthere is transparency in the riskmanagement process. It appearsBy Mark L. Frigo and Richard J. AndersonSTRATEGIC MANAGEMENTWhat Is Strategic RiskManagement?Organizations know they mustmanage Strategic risk to createand protect value.

5 Here are someguiding principles that 2011 ISTRATEGIC FINANCE2122 Strategic FINANCEIA pril 2011that this reemergence of risk man-agement, when coupled with thecatastrophic losses incurred bysome organizations, has fueled thecurrent emphasis on Strategic riskmanagement. Strategic risk management isfocused on the most consequentialand significant risks to shareholdervalue clearly an area deservingthe time and attention of executivemanagement and the board ofdirectors. Attributes for strategicrisk management contained in the2008 announcement by Standard &Poor s include: Management sview of the most consequential riskthe firm faces, their likelihood, andpotential effect; the frequency andnature of updating the identifica-tion of these top risks ; the influ-ence of risk sensitivity on liabilitymanagement and financial deci-sions; and the role of risk manage-ment in Strategic decision making.

6 (See Enterprise Risk Management:Standard & Poor s to Apply Enter-prise Risk Analysis to CorporateRatings, May 7, 2008, )A recent study from the Econo-mist Intelligence Unit concluded: Strategic risk managementremains an immature activity inmany companies. (See Fall Guys:Risk Management in the FrontLine, The Economist IntelligenceUnit Limited,2010, )The study also found that There islimited appetite for investment inthe risk function. Despite rising togreater prominence in many com-panies, risk management has notgenerally attracted significantfinancial investment over the than one-half of compa-nies have invested in risk processes,while less than one-quarter haveallocated funds to headcount ortraining of managers in the centralrisk function.

7 Ongoing cost con-straints and company-wide budgetfreezes are undoubtedly helping tocurtail investment, but care mustbe taken not to compromise theeffectiveness of overall risk man-agement. This situation presents aserious dilemma where risk man-agement remains immature andresource constraints present a bar-rier to further Is Strategic Risk Management?Organizations can adapt the fol-lowing definition of Strategic riskmanagement to further developtheir ERM capabilities andprocesses (see Mark Frigo andRichard Anderson, Strategic RiskManagement: A Primer for Direc-tors and Management Teams): Strategic Risk Management is aprocess for identifying, assessing andmanaging risks and uncertainties,affected by internal and externalevents or scenarios, that could inhib-it an organization s ability to achieveits strategy and Strategic objectiveswith the ultimate goal of creatingand protecting shareholder andstakeholder value.

8 It is a primarycomponent and necessary founda-tion of Enterprise Risk definition, which alsoincorporates ERM, is based on s a process for identifying,assessing, and managing bothinternal and external events andrisks that could impede theachievement of strategy andstrategic ultimate goal is creatingand protecting shareholder andstakeholder s a primary componentand necessary foundation of theorganization s overall enterpriserisk management a component of ERM, it isby definition effected by boards ofdirectors, management, and requires a Strategic view ofrisk and consideration of how ex-ternal and internal events or scenar-ios will affect the ability of the orga-nization to achieve its s a continual process thatshould be embedded in strategysetting, strategy execution, andstrategy can adapt thedefinition and principles of SRMin developing their action plansfor strengthening ERM and focus-ing it on Strategic MANAGEMENT continued on page 61To Learn MoreMark S.

9 Beasley and Mark L. Frigo, Strategic Risk Management: Creating andProtecting Value, Strategic Finance, May L. Frigo and Richard J. Anderson, Strategic Risk Management: A Primer forDirectors and Management Teams, Strategy and Execution, L. Frigo, Strategic Risk Management: The New Core Competency, Balanced Scorecard Report, January-February L. Frigo and Richard J. Anderson, Strategic Risk Assessment: A First Stepfor Improving Risk Management and Governance, Strategic Finance,December L. Frigo and Richard J. Anderson, Embracing Enterprise Risk Management:Practical Approaches for Getting Started, COSO, L. Frigo and Richard J. Anderson, Strategic Risk Management: The NewCore Competency, Strategy and Execution (forthcoming, 2011).

10 Critical Steps for Strategic Risk ManagementStrategic risk management increas-ingly is being viewed as a corecompetency at both the manage-ment and board levels. The exactsteps that an organization shouldtake will depend on the level ofmaturity of its overall ERMprocesses. For some organizationsthat have already started to imple-ment ERM, the focus on strategicrisks will be a refinement and evo-lution of their activities. For thosejust starting or just considering anERM effort, an initiative focusedon Strategic risks may be a goodstarting point. Here s a working listof practices worth striving the maturity of theorganization s ERM efforts relativeto its Strategic management and theboard feel that they have a goodunderstanding of the organiza-tion s Strategic risks and the relat-ed risk management action plans to move to ahigh level of ERM a Strategic riskassessment.