Why integrating risk and strategy is important


Share on LinkedIn

This is the first in a series of posts that will discuss key steps to integrating risk and strategy.

The past three years have made organizations of all types respond to some pretty big risks and rethink strategy. If you lead an organization, are part of a strategy or risk function, or are a consultant like me you know a lot rides on the strategic bets organizations are now making.

But not all risk is bad; organizations need to take risks to build value, whether through diversification, key acquisitions or strategic divestiture, to name a few options. The trick is to know which risks will have the biggest effect on strategy—and which environmental shifts may provide hidden opportunities with the right strategic adjustment.

If we already do both, why integrate?

Integrating risk into the strategic planning process may help to make strategic planning more robust. For example, in some US firms, “strategic” objectives only look a year ahead. This may be the most that a startup can and should do. However, most of the factors that drive strategic risk, such as political and regulatory change—or the current global economic shift—do not play out on yearly cycles. Good strategic risk assessments for larger and more stable organizations look further forward, often employing tools like scenario planning. These can be lighter and more iterative for dynamic organizations.

On the other hand, linkage to strategy can also help to focus risk activities. Understanding where the organization wants to be at an agreed horizon and how leaders plan to get there drives risk assessment and monitoring priorities. In addition, integration with strategy discussions can help to ensure that judgment tempers the results of quantitative risk analyses. Over-reliance on these analyses has been called out as an issue with some of the risk approaches used in the financial services sector prior to the 2008 meltdown.

When strategy and risk are integrated, there is a better basis for setting both strategic objectives and concrete operational goals—and risk-based triggers to identify when a course correction is needed. What’s the tangible value? Here are just a few benefits:

  • Better allocation of resources in a cost-constrained environment
  • Less “churn” with fewer major decisions revisited
  • Fewer change management challenges
  • Faster and better results, with less pain!

Why don’t organizations already do this?

Well, some do. But there are several historical and cultural reasons that inhibit many others from either trying or succeeding.

On the risk side…

Fragmented risk analyses

This often occurs in siloed fashion—each unit or function catalogues and ranks its own risks, reporting the top risks to leadership. This bottom-up approach can impede strategic risk assessment due to:

  • A tendency to get stuck at the operational level due to the analysis techniques that are used—often quite appropriately for the level and type of risk of concern to the specific risk owner
  • Inability to see across risks and identify how one risk might either create or exacerbate another—so-called risk contagion
  • Inability to calibrate across risks in different parts of the organization
  • Risk simply being seen as separate from strategy—and not at the same level

Lack of a shared vision of the organization’s willingness to take different types of risk

This is often the critical but missed grounding conversation. Leadership may see the organization as “aggressive” or “conservative” without having explicitly discussed what that means, whether the culture is aligned with the organization’s strategy or where the risk propensity is higher or lower (in R&D vs. Supply Chain, for example). They may not agree on what high or low means, or, more fundamentally, how much risk the organization can take on overall. This is the organization’s Risk Appetite, and it will be the subject of a future post.

On the strategy side…

Fragmented strategic planning

Some organizations do strategic planning by unit or function; this is more common when the company has discrete business areas or geographies—but in the face of the global changes many organizations face today, it can be worth considering how to conduct a risk-based review of the full set of strategies.

“Secret” strategic planning

Since strategy is a competitive asset, many organizations restrict participation in its development, an understandable choice that will affect how risk can be integrated into the planning process and who can participate.

How do organizations overcome these challenges?

  • Take a top-down approach to understanding top risks
  • Facilitate a leadership dialogue to establish Risk Appetite
  • Establish clear risk ownership by the same executives who help set strategy
  • Map risk assessment activities into the strategic planning cycle
  • Have a change management plan to integrate risk into the culture

Republished with author's permission from original post.

Jim Haughwout
Jim Haughwout (pronounced "how-it") is passionate about creating technology that improves how people live and work. He is the Chief Technology Architect at Savi Technology and a General Partner at Oulixeus Consulting. His work has been featured by Network World, ZDNet, Social Media Today, the IBM Press, CIO Magazine, Fast Company, GigaOm and more.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here