How to Manage Strategic Risk for Organizational Success
by Pat Ordenes, on Feb 13, 2020 11:26:41 PM
This is our introduction to strategic risk for 2020. We're aiming to cover as many of the key topics as possible, around strategic risk and how you can manage it in your organization. We'll cover things like:
- What is strategic risk?
- How to identify strategic risk
- What type of risk you should be looking for
- Approaches to measuring strategic risk
AND, we'll even give you a downloadable version of this guide with a framework you can follow...
Let's get started!
Kodak was a pioneer in the photography space (they actually filed a patent for one of the first digital cameras), but they lost the digital camera race.
Blockbuster made $6 billion in revenue at its peak, but there is only one store left in the world!
MySpace was once of the dominant social networks until Facebook came along...
You could argue that these companies failed to innovate, but I'd argue that they failed to see the iceberg ahead... In other words, they failed to manage their strategic risk.
Every great company takes risks. Smartphones, eReaders, car sharing services, even natural cleaning products — so much of what we as consumers now take for granted was a brave step, once upon a time.
But Apple, Amazon, Zipcar and Method didn’t launch their sector-defining products overnight.
These organizations safeguarded their success with a strong risk management strategy. They knew what success would look like, which factors could cause them to fail, what failure could cost them, and how they would respond to obstacles in their path.
Managing strategic risk is an essential activity for all businesses, whether you’re launching an innovative solution to market, or just trying to stay ahead of the competition. Understanding the dangers (however small) and their potential impact (however minor) empowers leaders at different levels to make smart, well-informed decisions.
The thing is, that’s easier said than done.
Risk management is a dynamic process — it shifts focus as internal and external influences change. It also requires a great deal of joined-up thinking and communication across an organization.
If you’re tasked with strategic planning and execution within your business, it can seem like an insurmountable task. Yet, armed with the right information, you can help ensure that your organization achieves its goals.
But don’t worry: we’ve got your back. In this guide, we’ll break down strategic risk management into bite-sized chunks; explaining strategic risk examples, decoding the difference between strategic risk vs operational risk, and giving you a strategic risk management template to round things off.
So, let’s start from the beginning...
What is strategic risk?
According to Wikipedia, "'Strategic risk' is the risk that failed business decisions, or lack thereof, may pose to a company." This doesn't really tell us much, so let's try and expand on it some more...
At its core, strategic risks are those that have the ability to affect an organization's overall strategy (sometimes these risks come from within the strategy itself). They can sometimes be difficult to spot and manage, since unlike other risks, a strategic risk is not always 'negative' (stick with me on this...).
This means that particularly at an executive level, leaders and teams need to be able to look for strategic risk and instead of categorizing them as things to hedge or mitigate, develop the acumen to ask the appropiate questions:
- Are we going to resist this, avoid it or maybe push it away?
- Or do we embrace it, use it as an indicator for the market and take it as an opportunity for a strategic change?
Every business has strategic objectives and established routines. Strategic risk relates to the dangers companies face in the process of trying to accomplish their strategic objectives. Even though your plan might seem viable and on-track for success, analyzing the strategic risks involved can help organizations identify obstacles (or opportunities) — and address them before it’s too late.
Some strategic risks relate to a business’s internal choices, such as product development routines, advertising, communication tools, sales processes, investments in cutting-edge technologies, and more. These all have a direct impact on function, performance, and overall results.
However, other strategic risks originate outside the company. These could apply to the current or projected environment into which products will be released.
It’s often easier to understand strategic risk through real-world examples. For instance, a new type of smartphone might be in high demand today, but economic changes could lead to a drop in commercial interest, leaving the business in a totally different position than it might have expected.
Or a competitor may release a groundbreaking product or innovative service that fills the gap first, creating significant risk to the success of a strategy. And let’s not forget that technology’s swift evolution could cause a new product to become obsolete within a few months — I’m sure that the manufacturers of wired headphones felt their stomachs drop when they saw Apple had cut the headphone jack.
These types of risk pose real danger to companies. Investing in a business model which has little chance of achieving the success envisioned can lead to severe financial strain, loss of revenue, and damage to reputation. And none of these are easy to recover from.
Strategic risk vs operational risk — what’s the difference?
Recognizing and taking action on strategic risks is vital to mitigate costly problems. But let’s be clear: strategy risks and operational risks are very different.
Where strategic risks can come from both internal and external forces, operational risks tend to stem solely from the internal processes within a business — especially when they stand to disrupt workflow.
You could say that strategic risk is about what you do, and operational risk is how you do it.
For example, outdated machinery can cause a slowdown in production, delaying completion and ultimately damaging employee morale. In this case, the operational risk might stem from what appears to be a non-critical problem, but has the potential to drag productivity down to rock bottom.
Another example of operational risk is a company’s current payroll system. Let’s say they outsource to a small team with a weak reputation purely because it’s a cheaper alternative to working with a more reliable, respected group. But this option could create a higher risk of late payments, processing errors, or other issues with the potential to frustrate the company’s most valuable asset: their employees.
Operational risks such as these (not to mention the many, many others) are critical to consider, and must be dealt with as soon as possible. They have a direct impact on a business’s work and can tie-in with strategic risks, as the resources, processes, or staff available may be unable to achieve the established goals.
What is strategic risk management?
Okay, so now we’re all clear on what strategic risk is, but how do companies manage it?
Strategic risk management is the process of recognizing risks, identifying their causes and effects, and taking the relevant actions to mitigate them. As already discussed, risks can arise from inside and outside an organization, such as manufacturing failures, economic changes, shifts in consumer tastes, etc.
A strategic risk can disrupt a business’s ability to accomplish its goals and achieve value for itself and its stakeholders. Effective, efficient management puts the power in leaders’ hands to avoid potential obstacles to success and maximize their performance.
One of the first things you need to do, to better manage risks, is learn to identify them.
How do you identify strategic risk?
In your strategic risk management toolkit, you’ll need two essentials:
- An in-depth understanding of your organization, your target audience, your market sector, your competitors, and the environment in which your business operates.
- A clear awareness of your organization’s core strategic goals, from conception to proposed execution.
Gathering data on both areas can take time and investment, but it’s worthwhile to achieve the most accurate insights into strategic risks. The more information you have to draw upon, the more likely it is that you’ll be able to implement processes and safeguards that facilitate organizational success.
Teams have a choice of different approaches when identifying strategic risks.
One popular option is to gather employees from across the business to explore ‘what-if’ scenarios. By mind mapping risk factors collaboratively — with a mix of perspectives and experiences from different departments — Heads of Strategy, Change Managers and Business Analysts may discover risks they wouldn’t have thought of on their own.
Remember: all potential risks are worth considering, no matter how unlikely they may seem at first. That’s why participants should be encouraged to let their mind wander and suggest virtually any viable risk that occurs to them.
It’s best to have a long list that can be reduced through elimination: underestimating risks can lead to businesses being unprepared down the line.
Another approach to identifying risk is to speak with a range of stakeholders and to consider their views on strategic risks. If you consult a wide enough group, they have different perspectives on an organization from that of your core employees, which can prove hugely beneficial when trying to understand the dangers it faces. Their broad awareness of how the company operates can raise unexpected possibilities that need to be factored in.
What types of strategic risk should you be looking for?
The specific strategic risks relevant to your business will largely depend on your sector, product range, consumer base, and many other factors. That being said, there are some broad types of strategic risk, each of which should be on your radar. For example:
Let’s imagine an organization starts work on a new product, or plans a fresh service set to transform the market. Perhaps it spots a gap in the industry and finds a way to fill it, yet needs years to bring it to fruition.
However, in this time, regulations change and the product or service suddenly becomes unacceptable. The company can’t deliver the result of its hard work to the target audience, risking a substantial loss of revenue.
Fortunately, the organization had prepared for unexpected regulatory change. Now, elements of the completed project can be incorporated into another or adapted to offer a slightly different solution.
The lesson here?
It’s vital for companies to stay updated on all regulations relevant to their market, and be aware of upcoming changes as early as possible.
Most industries are fiercely competitive. Companies can lose ground if their market rivals release a similar product at a similar or lower cost. Pricing may even be irrelevant if the product is suitably superior.
Competitor analysis can help to mitigate this strategic risk: businesses should never operate in a vacuum.
Economic risks are harder to predict, but they pose a real danger to even the most well-realized strategy.
For example, economic changes can lead a business’s target audience to lose much of its disposable income or to scale back on perceived luxuries. Customer research is imperative to stay aware of what target audiences desire, their spending habits, their lifestyles, their financial situations, and more.
Strategic Risk Examples
We'll walk you through two specific examples of strategic risk in real life. One that happened a little while ago, and one that is still happening now...
Like in the movies...
Before Neflix, HBO Go, Amazon Prime, Disney + and all the other streaming platforms, people used to go to Blockbuster.
In its prime Blockbuster had over 9,000 locations around the world and became synonymous with movie rental. It had a huge slice of the market share and looked pretty peachy until the late nineties...
In 1997, a little complany called Netflix came knocking... At the time, Netflix didn't stream. It simple delivered your rentals in the mail for a set fee each month. There was no late fees (which was one of the biggest gripes from Blockbuster customers), and having the movies delivered made it even more convenient...
THIS was a pretty obvious strategic risk to Blockbuster, which needed to manage it somehow. This could also be seen as a clear opportunity to Blockbuster, since they were in a position to buy Netflix, but REFUSED to!
Yes, Blockbuster passed on the purchase of Netflix ($50 Million), and sealed its fate in the process...
DUDE, Where's My Car!?
Now this story is still in development, so who knows how it will end. Uber is known as the company that shook the cab industry around the world, but things are still changing...
Uber is a tech company and understands that change happens and risk evolves faster than ever before. This is why they began investing in self-driving technology early on. Now at first glance, this seems counter-intuitive, since moving in this direction could really upset the thousands of Uber drivers out there right now, but Uber gets it.
They know that if they do nothing, someone else will, and soon enough, they could become another Blockbuster story... Uber is a great example of strategic risk management, since they not only have to manage things like implementing self-driving cars, but they have also had to navigate through complex regulatory risk in multiple countries.
They have also faced issues around customer safety, assaults, and more recently, a fatal roadside incident involving a self-driving car - which all illustrate the varying and evolving risks that an organization must manage.
Approaches for measuring and managing strategic risk
So now you know the strategic risks your organization faces, but what impact will they have? Is it worth it?
In order to manage and assess risks, you need to have a quantifiable figure to work with.
One common metric is economic capital. This relates to the amount of equity a business needs to cover any unplanned losses, according to a standard of solvency (based on the organization’s ideal debt rating).
This metric allows businesses to quantify all types of risks, whether they relate to launching new products, acquiring enterprises, expanding into different territories, or internal transformation.
Another option is risk-adjusted return on capital, aka RAROC. This applies to the expected after-tax return on a scheme, once it’s divided by the economic capital.
Companies can leverage this metric to determine if a strategy is viable and offers value, helping to guide leaders’ decision-making process.
Any initiative with a RAROC below the capital amount offers no value, and should be scrapped (sorry!).
Businesses on all scales can utilize both metrics to measure strategic risk, but the stakes will be different for a small enterprise than for a global corporation. The former may never recover from a bad investment, while the latter has a higher chance of weathering the storm.
As a result, companies may use a decision tree to map the possible outcomes of a decision. This enables teams to determine which choices may yield which results, and prepare for all eventualities. Specific turning points can be identified and handled appropriately.
A template for your strategic risk management framework
Now you have all the information, you need to capture it in one place: the strategic risk management framework.
This is where you bring together all the resources (employees, technologies, capital, etc.) required to mitigate losses caused by internal or external forces.
Exactly how your framework is structured is your choice, but the following is a great strategic risk management template:
- Understand where you are right now. You could use a SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis, for example. Here you need to know where your organization is, what your vulnerabilities are, and what threats you face in the market.
- Define your strategy and its goals. This is where you clearly outline the strategy for your organization. If you need a hand with this, here’s a great resource to help you build or revisit your strategy.
- Next, key performance indicators (KPIs) should be selected. These can be used to measure success, monitor changes, and explore improvement opportunities over time.
- The next step is to identify those risks which can affect productivity and performance in the future.
These factors may not be as apparent as others. For example, consumers’ changing tastes can be hard to predict but still have the potential to knock plans off the rails.
- KRIs (key risk indicators) should be identified to gauge your business's tolerance to obstacles. Be sure to look ahead at issues which may lurk around the corner, and determine the right time to put mitigating actions into effect.
- The final step is to continually monitor KPIs, KRIs, and their internal processes to chart progress.
Are problems being resolved fast enough? Are target customers’ needs being addressed? Are all essential programs and processes in place? The aim is to stay on track and adapt to ensure you achieve your objectives.
Managing strategic risk may start today, but it’s an ongoing process
Properly managing strategic risk enables organizations to minimize their danger of experiencing severe losses and, ultimately, failure.
It doesn’t guarantee every project will be a success (far from it!), but it will provide all the necessary tools to make better decisions in the long run.
Remember to take your time, even if there’s market pressure to act fast. Trying to rush this process could lead to missed threats or opportunities in your risk analysis. Lastly, you need to stay on top of your strategic risk management well into the future — that’s the key to organizational success.
As Tony Robbins says: “Change is inevitable. Progress is optional.” If you want to learn more about strategic planning, our team has compiled our entire series on ‘How to Write A Strategic Plan’ into a comprehensive eBook — you should take a look!