Strategic Risk: The importance of linking risk to strategy


It’s amazing how many organisations are great at defining and documenting a 3-4 year strategy and wonder why, when they are two years into execution it’s failing.

Did they assess their strategic risks? Did they even engage with the Risk Team during the development of the strategy? My guess is no.

Many organisations both public and private sector, “retro-fit” risks to a strategy or plan that has already gone through multiple reviews and approvals. Many do not consider the “effect of uncertainty” on their objectives whilst determining what those strategic objectives should be.

The International Standard for Risk Management, ISO 31000, defines risk as “The effective of uncertainty on objectives” and that it can be positive, negative or both and can address, create or result in opportunities and threats. Confusing isn’t it!

Opportunity is an outcome, an outcome of effectively managing risk. Here at Skefto we have a motto “Managing risk to maximise opportunities”. There is benefit in investing in risk management and specifically focusing on those strategic risks that could impact on you achieving your objectives.

It’s important for organisations to identify their strategic risks to ensure they can:

  1. Improve outcomes,
  2. Reduce uncertainty,
  3. Improve decision making,
  4. Create opportunities, and
  5. Enhance their organisational resilience.

Link between Strategy and Strategic Risk

I am still amazed that after more than 15 years working in senior risk roles, the disconnect between strategy and risk. I’m sure some of you reading this article are a “risk nerd” like myself, and would agree that it’s a no-brainer that risk and strategy go hand-in-hand. But why do our organisations still get this wrong? There are examples of where the risk team and strategy teams are located in the same building, 1 floor apart but have never met… WHAT THE?

This is true though, I bet you know of a few examples like this too.

I’ve worked with organisations to facilitate strategic risk workshops, one or in some cases, two years into their strategy execution. Sorry folks, it’s too late, but I guess better late than never. What I observed in this type of “retro-fitting” of risk is that if they’d known then what they know now, with regards to their risks, they may have not pursued certain objectives or they could have taken more risk and created new opportunities elsewhere for their people, clients, shareholders or the community.

Strategy and Risk Teams should be working very closely together, sharing the information and intelligence they are finding across the business and providing integrated reporting to executives, Boards and their sub-committees.

As part of the organisation’s strategy development, they should engage with the risk team, to validate and test if a particular objective can be pursued, is it within our risk appetite, and do we have effective existing controls in place or do we need to treat this strategic risk. This is where we see risk management integrated into decision making processes. Does your organisation do this? If so, did it add value to the conversation? Did it improve the likelihood of you achieving the objectives of the strategy?

What is Strategic Risk

Okay, to all my risk purists reading this, you’re probably going to leave comments about “where is strategic risk defined in the standard?” And you’re right it’s not. In fact a quick google search of the words “strategic risk” will produce 898 Million results. So although there is no standard definition of strategic risk, it now forms part of our risk management vernacular.

Let’s face it, a risk, is a risk, is a risk! The only thing that changes is context and complexity. That context could be strategic, enterprise, operational, project etc, etc. The same process is applied and it’s still defined as the effect of uncertainty on objectives.

When we think of strategic risk or risks in a strategic context, we need to ask ourselves some questions:

  • How likely is the event to occur?
  • How effective are our existing controls?
  • If the event did occur what would be the consequence for the people, places and systems in our care?

If organisations can answer these questions as they are determining what their strategic objectives should be, then they will increase their chances of achieving the future, desired state, that the Board and Executive have articulated in their 3-4 year strategy.

Skefto can support you by providing consultancy and a flexible, dynamic, real time risk management and integrated strategy and planning software solution.  Imagine a world where you can seamlessly link strategic risks to objectives or when you’re working out those objectives in Skefto, identifying, analysing and evaluating risks in real time.

We are not just a software company but rather a team of strategy and risk experts that know that software will only support decision making, it won’t replace the importance of good strategy and risk conversations.

To learn more about the importance of linking risks to strategy come along to a free webinar in November where you’ll hear from strategy and risk experts with an opportunity to ask questions, share experiences and engage with others to build your own networks. To register your interest in attending please click here.

Share This Page
Receive updates of our top blogs, guides, and White papers straight to your inbox