Strategic Risk Management and Executive Commitment

An entire industry has been built up around Risk Management in government and business but for many executives the sheer weight of the detail often involved in enterprise risk management systems is something of a “turnoff”.  How do we get senior management interested in strategic risk management?

Constructive executive involvement is essential in the strategic aspects so necessary to make risk management truly effective. If it is not led from top it certainly won’t be followed on the shop floor. Without the commitment of the CEO and executive team, not to mention the Board, strategic risk management is just not attainable and anything less is courting disaster.

Strategic Risk Management Responsibilities

Corporate Governance involves three core responsibilities for both Boards and Executives –

  • STRATEGY – to identify issues likely to impact on the business and the organisation and to develop strategies to address them.
  • RISK – to identify risks among those issues and develop strategies to eliminate or mitigate them.
  • PERFORMANCE – to monitor and measure the performance of the organisation’s effectiveness in implementing those strategies and managing the risks.

So if everything starts with Strategy, is that where we should start?

If we say that “Risk” is the prospect that some, usually adverse, event will occur to disrupt our plans to achieve some preferred goal, we might say that “STRATEGIC” risk ..

  • is the prospect that the adverse event will not just disrupt but actually prevent or seriously derail our objectives.Strategic Risk Management
  • often involves consequential or cumulative effects.
  • often brings to light related risks that need to be addressed.

Apart from our own motivation to protect our business, our organisation and ourselves from the consequences of risk, there is a wider framework of accountabilities that all executives face whether in the Public or Private Sectors. Beginning with the Common Law “Duty of Care”,  this wider framework includes various laws, both specific (such as Workplace Health & Safety legislation) and more subtle, that place clear obligations on decision makers and Managers to seriously consider Risk Management as part of their daily duty of care.

What is Strategic?

The term Strategic does not always mean long-term. Some strategic risks can have very short term consequences. It goes to the heart of achieving the organisation’s objectives. In other words –

  • what absolutely positively must go right?
  • what absolutely positively must not go wrong?

Strategic risk management for Boards and decision making bodies is associated with the scale of the consequences of failing to manage the risk, not just the consequences of the risk itself. Unlike racecourse Bookmakers it is not always possible in business and government to “lay-off” risk to someone else. Risk management is not just about insurable risk. Brokers don’t tend to underwrite “reputational” damage.

It is also important for Boards and Executives to understand the concepts of mitigation and residual risk. In other words “what have we done to prevent the unwanted occurrence or to mitigate its consequences and if there still remains a risk with attendant consequences can we live with this?”

…..more importantly, will we be held accountable if that risk eventuates and the consequences arise?

“Risk comes from not knowing what you are doing.” – Warren Buffett

Warren Buffet (Image courtesy NYMag)

Strategic risk management needs high-level thinking, planning, executive intervention or policy guidance.

What can organisations do to raise awareness of the need to manage strategic risk?

  • Create an effective risk management framework ensuring that Board members are involved.
  • Brief Board Members on the risk management framework.
  • Dedicate regular sessions to planning and evaluating risk management effectiveness.
  • Test the risk management and mitigation strategies regularly with Board Members against possible and even remote scenarios.
  • Test responses through audit and desktop or active rehearsals to provide the Board with assurance of risk management capability.
  • Above all ensure that senior executives are held accountable for all aspects of managing the organisation’s risks.

Join our newsletter

We won’t spam you, you will receive regular updates on relevant topics. 

  • This field is for validation purposes and should be left unchanged.