By Joanne Peulen, Board and Governance Specialist
In pursuit of long-term organisational success, the ever-changing landscape in which we conduct business requires boards to effectively understand and address strategic risk. Here, we explore the concept of strategic risk and offer guidance for directors and boards on how to navigate the task of mitigating downside risks while optimising upside risks.
Understanding strategic risk
Strategic risk refers to the potential threats or uncertainties which could impact an organisation’s ability to achieve its objectives and long-term goals.
Often displaying interdependencies, responding to strategic risks necessitates an integrated approach from senior leaders. The interconnectedness means the collective impact of these risks may be more substantial than any individual risk, particularly when they are not managed cohesively.
Strategic risks can take many forms, including:
- Market disruption: The emergence of new technologies, the rise of competitors, or changing consumer preferences can disrupt traditional business models and strategies.
- Reputational damage: Public perception and brand reputation are crucial for businesses, with negative publicity or ethical lapses carrying the potential to significantly harm a company’s image and profitability.
- Regulatory changes: Evolving regulations and government policies can affect the operations of organisations, particularly in heavily regulated industries such as healthcare and financial services.
- Economic fluctuations: Economic downturns, either domestically or in a key overseas market, can impact an organisation’s financial performance and growth prospects.
- Supply chain disruptions: Global supply chains are vulnerable to disruptions caused by natural disasters, geopolitical events and other unforeseen factors.
- Cybersecurity incidents: The new and evolving ‘kid on the strategic risks block’, the increasing reliance on digital technologies elevates companies’ exposure to bad actors whose activities can result in data privacy breaches, reputational damage and financial losses.
The board’s role regarding strategic risk
Given the abundance of potential threats and opportunities available to any organisation, boards play a pivotal role in overseeing how the organisation’s scarce resources are allocated to the management of strategic risks. Outlined below are some key ways in which directors and boards can fulfil this responsibility effectively.
1. Understand the business landscape and your business drivers
Directors must ensure they have a thorough understanding of their company’s industry, market dynamics and competitive landscape. There is a need to commit time and energy to keeping abreast of emerging trends and potential disruptors which could impact the organisation’s strategy.
Directors must also understand the business model of their company, key drivers of that model and the impact of substantial changes
As a collective, it is vital for the board to possess the right skills and experience to identify, understand and oversee risk management.
2. Clearly articulate your risk appetite
These days, how a business goes about achieving its strategic objectives is often just as important to stakeholders as the extent to which those objectives are achieved. This is why it is crucial for boards to clearly articulate their risk appetite in a manner that provides meaningful guidance to all staff. A risk appetite statement should serve as a roadmap and define the routes the board is comfortable for the organisation to travel to reach the strategic objectives set.
3. Ensure a risk management framework is in place
All organisations should have a clear framework for risk management , the effectiveness of which is monitored by the board. Embedding a structured and systematic approach to the identification, assessment, management, monitoring and reporting of risk is crucial to the organisation and to ensuring the board receives the information it needs to fulfil its duties.
Different risk methodologies, procedures and risk systems will be appropriate depending on an organisation’s nature and scale, but key to all successful risk management frameworks is that the board’s risk appetite statement sits at their apex, and everything cascades from that. In your organisation, is the horse leading the cart or does it sometimes feel like the cart is leading the horse?
4. Engage in scenario planning
Scenario planning involves considering ‘what if’ scenarios which could harm or benefit the organisation. Scenarios can be a particularly good way of highlighting interdependencies in risk factors both internal and external to the business.
Planning exercises also enable the board and management to assess how the organisation would respond to different risk scenarios, the effectiveness of existing controls and consider whether alternative approaches may need to be investigated.
5. Promote a transparent and risk-aware culture
Organisational culture should be conducive to identifying and reporting risks to senior management and the board. At board level, open and honest discussions about strategic risks should take place. The successful implementation of a tailored risk management framework embeds a shared risk language and shared responsibility for risk management across the organisation. That shared risk language should facilitate open and transparent discussions about risks and their appropriate levels.
Boards should be seeking to promote risk-aware cultures rather than risk-averse ones. The latter can, at the very least, stymie innovation and, at worst, foster management decision-making that prioritises self-preservation over team and organisational performance. And, risk management is very much a team sport. For example, when it comes to cybersecurity, the organisation is only as strong as its weakest link.
6. Review and adapt risk management framework
Strategic risk management is an ongoing process and boards should also regularly review the company’s risk management and reporting framework and approaches to managing the risks it identifies in light of changing circumstances. Organisations must be willing to adapt to sustain and grow business value.
7. Seek external expertise
Consider bringing in external experts with specialised knowledge to provide insight on strategic risk management.
For example, at Directors Australia, we advise on a wide range of issues regarding all types of risk, including facilitating board risk workshops, reviewing and developing fit-for-purpose risk management frameworks and advising on board risk reporting. Our approach is to ensure risk management is not just a process, but results in real and tangible information to assist boards in performing their oversight functions and support the executive and all staff in meeting their delegated risk management responsibilities.
Strategic risks will always be a consideration
Strategic risk is an inherent part of modern business and directors and boards must be proactive in addressing this. By understanding the nature of strategic risks, fostering a culture of risk awareness and implementing fit-for-purpose risk management practices, boards can fulfill their duty of both safeguarding and enhancing the organisation’s long-term success and sustainability.