Logo

Strategic Risk Management: Complete Overview (With Examples)

Download our free Risk Management Strategy Template Download this template

As businesses continue to operate in an increasingly competitive and uncertain environment exacerbated by threats to their operations, such as cyberattacks, supply chain disruptions, and climate catastrophes, strategic risk management has become a key factor in ensuring an organization's success.

According to Racounteur , 85% of business leaders feel they are operating in a moderate to high-risk environment, and 79% of boards believe that improved risk management will be critical in enabling their organization to protect and build value in the next five years.

It's clear that organizations need to be prepared for the different types of strategic risk coming their way and have strong strategic risk management in place to not only reduce the impact on their operations but even take advantage of the context and transform it into an opportunity.

In this article, we'll dive into the world of strategic risk, the different types of strategic risks, and how to manage them to reduce the chances of disruption. We'll also give you real-life examples and a ready-to-use, free Risk Management Template to help your business be in strategic control and start your journey toward effective strategic risk management.

Free Template Download our free Risk Management Strategy Template Download this template

What Is Strategic Risk?

Strategic risk is the probability of the organization’s strategy failing. It is an estimation of the future success of the chosen strategy. Since strategy is a set of clear decisions, strategic risk reflects the aggregate of the risks of those decisions.

At its core, strategic risks affect an organization's overall strategy . It can sometimes be difficult to spot and manage.

This means that particularly at an executive level, leaders and teams need to be able to look for strategic risks and, instead of categorizing them as things to hedge or mitigate, develop the acumen to ask the appropriate questions:

  • Are we going to resist this, avoid it, or maybe push it away?
  • Or do we embrace it, use it as an indicator for the market and take it as an opportunity for a strategic change?

🤓Want to learn more? Download our FREE Strategic Risk Guide (PDF) with examples, definitions, and a clear framework to help you and your organization better manage strategic risk.

What Is Strategic Risk Management?

Strategic risk management is the process of recognizing risks, identifying their causes and effects, and taking the relevant actions to mitigate them. Risks arise from inside and outside factors such as manufacturing failures, economic changes, shifts in consumer tastes, etc. 

Strategic risk can disrupt a business’s ability to accomplish its goals , break out in the market or even survive. Effective, efficient management puts the power in leaders’ hands to avoid potential obstacles to success and maximize their performance.

Why Is Strategic Risk Management Important?

Organizations that fail to do proper risk management face significant threats. At times, they face existential threats. Kodak was a pioneer in the photography space (they actually filed a patent for one of the first digital cameras), but they lost the digital camera race . Blockbuster made $6 billion in revenue at its peak, but there is only one store left in the world ! MySpace was once one of the dominant social networks until Facebook came along . 

You could argue that these companies failed to innovate. Maybe, but they also failed to evaluate the threat properly and the risk involved in not dealing with it.

Every great company takes risks.

Smartphones, eReaders, car-sharing services, even natural cleaning products — so much of what we as consumers now take for granted was a brave step, once upon a time. But Apple , Amazon , Zipcar, and Method didn’t launch their category-defining products overnight.

These organizations safeguarded their success with a strong risk management strategy. They knew what success would look like, which factors could cause them to fail, what failure could cost them, and how they would respond to obstacles in their path.

Managing strategic risk is an essential activity for all businesses, whether you’re launching an innovative solution to market or just trying to stay ahead of the competition.

Understanding the dangers (however small) and their potential impact (however minor) empowers leaders at different levels to make smart, well-informed decisions. 

But that’s easier said than done. Risk management is a dynamic process - it shifts focus as internal and external influences change. It also requires joined-up thinking and communication across an organization. 

If you’re tasked with strategic planning and execution within your business, it can seem like an insurmountable task. Yet, armed with the right information, you can help ensure that your organization achieves its goals.

The Two Kinds Of Strategic Risk Factors

One of the first things you need to do to better manage risks is learn to identify them. There are mainly 2 kinds of strategic risk factors that you should look out for.

1. Internal strategic risk factors

Every business has strategic objectives and established routines.

Strategic risk relates to the dangers companies face in trying to accomplish their strategic objectives. Even though your plan might seem viable and on track for success, analyzing the strategic risks involved can help organizations identify obstacles (or opportunities)—and address them before it’s too late.

Strategic risks relate to a business’s internal choices, such as product development routines, advertising, communication tools, sales processes, investments in cutting-edge technologies, and more. These examples all directly impact function, performance, and overall results.

2. External strategic risk factors

Some strategic risks originate outside the company.

These could apply to the current or projected environment into which products will be released. 

It’s often easier to understand strategic risk through real-world examples. For instance, a new type of smartphone might be in high demand today, but economic changes could lead to a drop in commercial interest, leaving the business in a totally different position than it might have expected. 

Or a competitor may release a groundbreaking product or innovative service that fills the gap first, creating significant risk to the success of a strategy.

And let’s not forget that technology’s swift evolution could cause a new product to become obsolete within a few months—I’m sure that the manufacturers of wired headphones felt their stomachs drop when they saw Apple had cut the headphone jack.

These types of risks pose a real danger to companies. Investing in a business model with little chance of achieving the envisioned success can lead to severe financial strain, loss of revenue, and damage to reputation.

And none of these are easy to recover from.

Strategic Risk Assessment: How To Identify Strategic Risks?

Recognizing and taking action on strategic risks is vital to mitigate costly problems.

In your strategic risk management toolkit, you’ll need two essentials:

  • An in-depth understanding of where your organization stands . This includes your target audience, market sector, competitors, and the environment in which your business operates.
  • A clear awareness of your organization’s core strategic goals , from conception to proposed execution .

Gathering data on both areas can take time and investment, but it’s worthwhile to achieve accurate insights into strategic risks.

The more information you have to draw upon, the more likely it is that you’ll be able to implement processes and safeguards that facilitate organizational success.

Teams have a choice of different approaches when identifying strategic risks. 

how to identify strategic risks infographic cascade

Initiate “What if” discussions

Gather employees from across the business to explore ‘what-if’ scenarios .

By mind mapping risk factors collaboratively —with a mix of perspectives and experiences from different departments—Heads of Strategy, Change Managers, and Business Analysts may discover risks they wouldn’t have thought of on their own.

All potential risks are worth considering, no matter how unlikely they may seem at first. That’s why participants should be encouraged to let their minds wander and suggest virtually any viable risk that occurs to them.

It’s best to have a long list that can be reduced through elimination: underestimating risks can lead to businesses being unprepared down the line.

📚 Recommended reading: Risk Matrix: How To Use It In Strategic Planning

Gather input from all stakeholders

Speak with the whole range of stakeholders and consider their views on strategic risks.

If you consult a wide enough group, you’ll gather expanded perspectives about your organization or issues and not just the ones from your core employees.

Collecting a wide range of perspectives creates a holistic view of risk factors which can prove hugely beneficial when trying to understand the dangers the organization faces.

Their broad awareness of how the company operates can raise unexpected possibilities that need to be factored in.

Strategic Risk Examples

The specific strategic risks relevant to your business will largely depend on your industry, sector, product range, consumer base, and many other factors. That being said, there are some broad types of strategic risk, each of which should be on your radar.

types of strategic risks example infographic cascade

Regulatory risks

Let’s demonstrate the importance of regulatory risks with an example.

Imagine an organization working on a new product or planning a fresh service set to transform the market. Perhaps it spots a gap in the industry and finds a way to fill it, yet needs years to bring it to fruition.

However, in this time, regulations change and the product or service suddenly becomes unacceptable. The company can’t deliver the result of its hard work to the target audience, risking a substantial loss of revenue.

Fortunately, the organization had prepared for unexpected regulatory change. Now, elements of the completed project can be incorporated into another or adapted to offer a slightly different solution.

The lesson here? 

It’s vital for companies to stay updated on all regulations relevant to their market and be aware of upcoming changes as early as possible. 

Competitor risks

Most industries are fiercely competitive. Companies can lose ground if their market rivals release a similar product at a similar or lower cost. Pricing may even be irrelevant if the product is suitably superior. 

Competitor analysis can help mitigate this strategic risk: businesses should never operate in a vacuum.

📚 Recommended read: 6 Competitive Analysis Frameworks: How to Leave Your Competition In the Dust

Economic risks

Economic risks are harder to predict, but they pose a real danger to even the most well-realized strategy. For example, economic changes can lead a business’s target audience to lose much of its disposable income or scale back on perceived luxuries.

Customer research is imperative to stay aware of what target audiences desire, their spending habits, lifestyles, financial situations, and more. 

Change risks

Change risks refer to the challenges that arise from changes in technology, market trends, consumer preferences, or industry standards. 

For instance, a company heavily invested in a particular technology may face significant risks if a disruptive innovation renders their current technology obsolete. Having a strong change management strategy to adapt to change and embracing innovation are key strategies to mitigate this risk.

Reputational risks

Reputational risks arise when a company's actions or associations damage its brand image and public perception. Negative publicity, customer dissatisfaction, product recalls, or ethical controversies can all contribute to reputational risks. 

Safeguarding the company's reputation through transparent communication, ethical practices, and proactive crisis management is crucial.

Governance risks

Governance risks refer to the effectiveness and integrity of a company's management and decision-making processes. Weak corporate governance, lack of oversight, non-compliance with regulations, or unethical behavior by key executives can lead to significant strategic risks. 

Establishing robust governance frameworks, maintaining transparency, and fostering a culture of accountability are essential to mitigate these risks.

Political risks

Political risks stem from changes in government policies, regulations, or geopolitical events. These risks can impact businesses operating domestically or internationally. Political instability, trade restrictions, sanctions, or changes in tax policies can disrupt operations and affect profitability. 

Companies must closely monitor political developments and have contingency plans to navigate such risks effectively.

Financial risks

Financial risks involve challenges related to capital management, funding, cash flow, and financial stability. Factors such as market volatility, credit risks, liquidity constraints, or inadequate financial planning can expose a company to strategic risks. 

Implementing sound financial strategies, conducting risk assessments, and maintaining a healthy balance sheet are crucial in managing these risks effectively.

Operational risks

Operational risks are inherent in day-to-day business activities and processes. These risks encompass issues such as supply chain disruptions, equipment failures, cybersecurity breaches, human errors, or natural disasters. 

Ensuring robust operational processes, implementing contingency plans, and investing in risk mitigation measures can help minimize the impact of operational risks.

Managing Strategic Risk Vs. Operational Risk

Strategic risks and operational risks are two distinct kinds. While strategic risks originate from both internal and external forces, operational risks stem solely from the internal processes within a business and they stand to disrupt workflow. 

However, the biggest difference between them is the level of the decisions they reflect.

Strategic risks reflect the risk of the decisions at a higher level, where the overall strategic plan is considered. The operational risks reflect the risk of the decisions at a lower level, the operational level, where the execution of the strategic plan is outlined.

Simply put, strategic risk is about what you do, and operational risk is how you do it.

Operational risks examples

Operational risks are critical to consider and must be dealt with as soon as possible. They directly impact a business’s work and can tie in with strategic risks, as the resources, processes, or staff available may be unable to achieve the established goals. 

One example of operational risk is outdated machinery. They can cause a slowdown in production, delay completion, and ultimately damage employee morale. In this case, the operational risk might stem from what appears to be a non-critical problem but has the potential to drag productivity down to rock bottom. So the decision of whether to upgrade the machinery should be considered.

Another example of operational risk is a company’s current payroll system. Let’s say they outsource to a small team with a weak reputation purely because it’s a cheaper alternative to working with a more reliable payroll solution . But this option could create a higher risk of late payments, processing errors, or other issues with the potential to frustrate the company’s most valuable asset: its employees.

Risk Mitigation Strategies

Implementing effective risk mitigation strategies is essential for businesses to navigate uncertainties and protect their long-term success. By identifying potential risks and proactively addressing them, companies can minimize the impact of adverse events and capitalize on opportunities for growth.

risk mitigation strategies examples infographic cascade

Discuss opportunities and risks separately

This is something that needs to happen before the risk identification process. Mixing in the same conversation potential opportunities and their risks handicaps the opportunity conversation.

You want your people to free their minds, brainstorm ideas, and locate all possible growth and incremental opportunities. Don’t allow that process to shrink and miss out on great opportunities. Discuss risks in a different meeting on a different day.

Distribute resources at the operational level

Once you have decided on your company’s strategy, you’ll have to align every department and person with it.

Allocate your resources in a way that serves your overall strategy to succeed. That means starving certain departments or regions to feed the ones that contribute the most to your strategic objectives.

Mitigating strategic risks is often nothing more than focusing on a great execution of your strategic plan.

Align your incentive structure

Focus on execution takes another form besides resource redistribution.

You have to visit and align with your strategic objectives the incentive structure of your top and middle management. This is a crucial step in executing your strategy because it eradicates internal conflicts.

If your leadership team is rewarded according to an older strategic plan, don’t expect them to take care of your new plan’s risks. They simply won’t have the incentive to do so.

Strategy Risk Management Examples

Let’s examine two specific real-life examples of strategic risk. One that happened a little while ago, and one that is still happening now.

Complacency vs Disruption

Before Netflix, HBO Go, Amazon Prime, Disney + , and all the other streaming platforms, people used to go to Blockbuster.

In its prime, Blockbuster had over 9,000 locations around the world and became synonymous with movie rental. It had a huge slice of the market share and looked pretty peachy until the late nineties. Until 1997, when a little company called Netflix came knocking.

At the time, Netflix didn't stream. It simply delivered rentals in the mail for a set fee each month. There were no late fees (which was one of the biggest gripes from Blockbuster customers), and movie delivery was very convenient.

Netflix was a pretty obvious strategic risk to Blockbuster, which needed to manage it somehow. This could also be seen as a clear opportunity for Blockbuster since they were in a position to buy Netflix but refused to do so.

Yes, Blockbuster passed on the $50 Million deal with Netflix and sealed its fate in the process.

Comparing Revenue for Blockbuster and Netflix, 1998-2016 - Slow Reveal  Graphs

Regulatory complexity

This story is still in development, so who knows how it will end.

Uber is known as the company that shook the cab industry around the world, but things are still changing. Uber is a tech company and understands that change happens, and risk evolves faster than ever before.

This is why they began investing in self-driving technology early on. At first glance, this seems counter-intuitive since moving in this direction could really upset the thousands of Uber drivers out there, but Uber gets it.

They know that if they do nothing, someone else will sweep in and, soon enough, turn Uber into another Blockbuster story.

Uber is a great example of strategic risk management since they not only have to manage things like implementing self-driving cars, but they have also had to navigate through complex regulatory risks in multiple countries.

They have also faced issues around customer safety, assaults, and constant battles with all kinds of protests and regulatory issues.

How To Measure Strategic Risk

So now you know the strategic risks your organization faces, you need a quantifiable figure to measure them. We suggest the following metrics and tools:

Economic Capital

This relates to the amount of equity a business needs to cover any unplanned losses, according to a standard of solvency (based on the organization’s ideal debt rating). 

This metric allows businesses to quantify all types of risks related to launching new products, acquiring enterprises, expanding into different territories, or internal transformation . Then, it can take the necessary actions to mitigate against it.

RAROC: Risk-Adjusted Return On Capital

This applies to the expected after-tax return on a scheme once divided by the economic capital. 

Companies can leverage this metric to determine if a strategy is viable and offers value, helping to guide leaders’ decision-making process. Any initiative with a RAROC below the capital amount offers no value and should be scrapped (sorry!).

Decision trees

Businesses on all scales can utilize both metrics to measure strategic risk, but the stakes will be different for a small enterprise than for a global corporation. The former may never recover from a bad investment, while the latter has a higher chance of weathering the storm. 

As a result, companies may use a decision tree to map the possible outcomes of a decision. This enables teams to determine which choices yield which results and prepare for all eventualities. Specific turning points can be identified and handled appropriately. 

The 7-Step Strategic Risk Management Framework

Now you have all the information, you need to capture it in one place: the strategic risk management framework . This is where you bring together all the resources (employees, technologies, capital, etc.) required to mitigate losses caused by internal or external forces.

Exactly how your framework is structured is your choice, but the following is a great strategic risk management step-by-step approach:

  • Understand where you are right now . You could use a SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis, for example. Here you need to know where your organization is, your vulnerabilities, and what threats you face in the market. 
  • Define your strategy and goals . This is where you clearly outline the strategy for your organization. Check out our free, ready-to-use strategic planning templates to build or revisit your strategy.
  • Choose your key performance indicators (KPIs) . These can be used to measure success, monitor changes, and explore improvement opportunities over time. 
  • Identify risks that can affect productivity and performance in the future. These factors may not be as apparent as others. For example, consumers’ changing tastes can be hard to predict but still have the potential to knock plans off the rails. 
  • Assess your risks and define priorities . You can use a Risk Assessment Matrix that will help you score potential risks based on the probability and the impact on the business. 
  • Identify KRIs (key risk indicators) to gauge your business's tolerance to obstacles . Be sure to look ahead at issues that may lurk around the corner, and determine the right time to put mitigating actions into effect.  ‍
  • Continually monitor KPIs, KRIs, and their internal processes to chart progress . Are problems being resolved fast enough? Are target customers’ needs being addressed? Are all essential programs and processes in place? The aim is to stay on track and adapt to ensure you achieve your objectives. 

strategic risk management framework in 7 steps infographic cascade

Implement A Long-term Strategic Risk Management Strategy

Managing strategic risk is an ongoing process.

It enables organizations to minimize their danger of experiencing severe losses and, ultimately, failure. It doesn’t guarantee every project will be a success (far from it!), but it will provide all the necessary tools to make better decisions in the long run. 

Remember to take your time, even if there’s market pressure to act fast. Trying to rush this process could lead to missed threats or opportunities in your risk analysis. Stay on top of your strategic risk management well into the future, that’s the key to organizational success.

Execute An Effective Risk Management Strategy With Cascade 🚀

Cascade is the world’s #1 strategy execution platform, remediating the chaos of running a business to help you move forward. Cascade serves as your organization's brain, offering a unified platform that spans your entire ecosystem. With Cascade, you can gain a clear picture of potential threats and create a strong risk management strategy to proactively address them.

Signal risks before they happen

Once you've identified your risks, Cascade enables you to seamlessly incorporate them into your strategic plan, ensuring alignment throughout your organization.

Adding risks is very simple:

  • Give the risk a meaningful title, and a description. 
  • Define the likelihood (probability of the event to happen on a scale of 1 to 10)
  • Define the impact (impact of the risk on the outcome on a scale of 1 to 10)

Based on these factors, Cascade automatically calculates and displays a Risk Score (Likelihood * Impact) to assess the severity of each risk, guiding your decision-making process.

risk creation in cascade strategy execution platform

Add mitigations

Cascade empowers you to take proactive measures by adding mitigations to each identified risk. Mitigations are steps that can be implemented to avoid or minimize the occurrence and impact of risks. With a few clicks, you can expand the risk and add relevant mitigations.

As you progress with each mitigation, you can mark its completion using the checkboxes. Cascade keeps track of the number of completed mitigations, providing visibility into your progress.

example of mitigation strategy adding in cascade strategy execution platform

Report your risks’ progress

Cascade offers a comprehensive risk reporting functionality to ensure that you stay informed about the progress of your risk management strategy. You can easily create detailed risk reports containing essential information such as risk title, owners and collaborators, risk type, status, mitigation status, and risk score. These reports can be saved and shared with stakeholders, enabling effective communication and collaboration.

Example of risk report in Cascade Strategy Execution Platform.

Create a risk dashboard

Leverage Cascade's Risk Distribution Scatter Plot widget , available in Dashboards or Reports, to visually represent the count of risks within specific entities (e.g., objectives, measures, projects, or actions). The widget provides valuable insights into likelihood, impact, and risk scores, enabling you to monitor and analyze risks effectively.

Risk Distribution Scatter Plot widget in Cascade

👉🏼For more detailed information on our Risk Management features, visit our Knowledge Base .

8 Free Strategic Risk Management Templates To Get You Started!

Don’t know where to start? Check out these free strategy templates built by our experts to kickstart your risk management journey:

  • Risk Management Strategy Template
  • Regulatory Risk Management Plan Template
  • Financial Risk Management Plan Template
  • Compliance Risk Management Plan Template
  • Enterprise Risk Management Plan Template
  • Risk Mitigation Plan Template
  • Risk Assessment Plan Template
  • Risk Response Plan Template

Ready to up your Risk Management Strategy? Get started with a free plan in Cascade or book a demo with one of our strategist experts to help you develop your strategy. 

Popular articles

strategic business planning risks

How To Implement The Balanced Scorecard Framework (With Examples)

strategic business planning risks

The Best Management Reporting Software For Strategy Officers (2024 Guide)

strategic business planning risks

How To Set And Execute Strategic Priorities

strategic business planning risks

How To Implement Effective Strategic Planning In Healthcare

Your toolkit for strategy success.

strategic business planning risks

From risk management to strategic resilience

In a volatile world, resilience is an increasingly critical prerequisite for corporate performance. The COVID-19 pandemic has caused a massive shock to public health, with dire human consequences. The crisis has dramatically demonstrated the sensitivity of economies to demand shocks as well as industry vulnerabilities to supply chain disruptions. Furthermore, the pandemic spread in an environment defined by accelerating climate change and the increasingly urgent demand to reduce greenhouse-gas emissions.

On top of public-health and environmental pressures, organizations are subject to many business challenges, societal uncertainties, and geopolitical tensions. The disruptive currents include accelerating digitization, cyberthreats, and inflation and price volatility. The dynamic pace of change makes disruptions hard to predict, even as they grow in severity and frequency. Companies in all industries thus need to plan for the unexpected and build up their response capabilities in advance.

The pandemic crisis also revealed the true value of resilience management to business leaders. They recognized that their crisis contingency plans were instrumental to managing through the crisis. Though the magnitude of the pandemic and its domino effects were not generally foreseen, the processes and procedures companies had in place proved themselves (or not) in very trying conditions.

Key findings from the FERMA–McKinsey survey

McKinsey recently supported the Federation of European Risk Management Associations (FERMA) on a comprehensive survey about the pandemic’s impact on corporate resilience. The survey drew responses from more than 200 senior executives and risk and insurance professionals, reflecting a wide range of industry sectors and countries. The survey probed for views on the relevance for organizations, the capabilities for managing strategic resilience, and the importance of resilience in and across corporate functions, including strategy, operations, and risk.

The executives revealed that in the past, their risk management focus was on a small number of well-defined risks, primarily financial risks. They told us that now, risk is encompassing the broader mandate of resiliency management. It is woven into long-term strategy development at top organizations, helping companies navigate a far more dynamic operating environment.

Almost 60 percent of respondents feel their organizations have excellent or very good resilience capabilities, meaning they are well equipped to build and manage resilience overall. In part, that is a direct response to the pandemic, which broadened leaders’ view of the risk function beyond one or two specific risks. More than half of respondents acknowledge that the global pandemic has made risk and resilience significantly more important to their organizations.

Among specific areas of resilience, companies are clearly focusing on workplace safety and remote working in managing through the pandemic. More than 75 percent say implementation measures in these two areas are largely completed. Fifty-two percent of respondents said that for their organizations, the most effective capabilities are in place to manage financial resilience.

At the same time, executives reported room for improvement. Management of business operations and the supply chain emerged as weak points during the pandemic. Many companies have yet to fully implement new remedial measures. Senior executives state that risk is still mainly involved in crisis response.

“We are learning from the crisis, reviewing, for example, our evaluation process for suppliers,” said the chief risk officer at a company in Italy. “In the past, we focused mainly on financial impact but have since adopted a holistic view, looking at the geographic footprint and compliance issues, among other factors.” Survey results included these findings:

  • Nearly two-thirds of responding companies said that resilience is central to their organizations’ strategic process—either as a top priority or to an important extent. Risk and insurance managers are strongly involved in resilience areas, including operational resilience and digital and technology resilience. In addition to those two areas, finance and operations were more often cited by survey respondents as the four most important resilience areas.
  • Foresight capabilities (scenarios and stress testing) emerged as one of the core areas for improvement. Companies were split in their use of scenarios and stress-testing exercises. Roughly half of executives rarely or never use them in strategic decision making, and half use them often or in every risk and resilience exercise.
  • The pandemic continues to highlight the need for secure and flexible technical infrastructure and the strong intersection of digitization within other resilience areas, including implementing work-from-home processes.
  • Risk functions and executive teams play leading roles in building a resilient organization, much more so than strategy teams. However, risk managers are not yet at the center of resolving crises at all times. A better risk governance model is key for efficient and effective decision making and crisis management.

To strengthen resilience in the future, most risk managers (75 percent) believe that the most important actions will be to improve risk culture and strengthen the integration of resilience in the strategy process. Important additional areas are improved risk data aggregation and reporting and more advanced foresight capabilities. Executives also want to revisit risk governance and radiate a better understanding of the critical role the risk function plays.

The challenge now is to move out of a reactive, crisis response mode and integrate risk with other core functions on a more permanent basis. Likewise, as they guide their organizations in the transition from crisis and risk management to resilience, top managers can can emphasize risk governance and risk data aggregation to develop better reporting and foresight capabilities. Risk has a key role to play and should partner with strategy and the executive team to guide organizations in the transition from risk and crisis management to resilience.

From crisis response to a holistic resilience strategy

Like many crises, the pandemic revealed hidden vulnerabilities in organizations and weaknesses in their response capabilities. Executives had to respond quickly to a variety of arising challenges in operations, including workforce discontinuities and supply chain issues involving critical shortages and logistics barriers. Decision makers learned to value timely and insightful data as they defined priorities and actions under stressed conditions. The FERMA–McKinsey survey revealed some good examples of resilient responses to the immediate pandemic-driven challenges:

  • Operational and supply chain challenges. Many companies enabled digital solutions, including advanced analytics, to supply chain issues from the beginning of the crisis. A leading global consumer firm improved the reliability of its supply chain by moving toward predictive maintenance of its machinery; another global company applied next-generation AI technology to monitor and identify unusual ordering patterns and respond accordingly; an energy company applied a smart supply chain digitization plan to provide business continuity. As the crisis evolved, cargo demand surged and ports became congested. Some companies took bold measures in response: a beverage giant shifted some operations from their container shipping to bulk carriers; big-box retailers began leasing their own containers and chartering ships.
  • Technological challenges. During the pandemic, cyberattackers have been taking advantage of security vulnerabilities created in the shift to work-from-home operations. In response, many organizations have strengthened defenses, closing potential gaps before hackers can compromise networks. Some companies have made significant investments in their capabilities, sometimes hiring experts; tech giants and other global firms have also acquired smaller cybersecurity companies.
  • Organizational challenges. At the beginning of the crisis, remote-working arrangements needed to be scaled and implemented for office work, while on-site workers needed appropriate safety measures, including testing and protective equipment. The record for on-site work has been spotty, especially at the beginning of the pandemic, and many lessons should be incorporated into future plans. The switch from office to home, however, was handled with ready competence by many large companies. The remote workforce required a new cyberstrategy, extending the security shield into the remote endpoints in people’s homes. Leaders then explored avenues to prevent the fragmentation of organizational culture, maintain high performance, and support the health and well-being of the remote workforce.

Beyond these often well-executed responsive actions, however, few firms have adopted a comprehensive strategic perspective to meet the challenges of the next disruption over the horizon. Yet this is what organizations need to do if they are to pivot during crises and accelerate into the new crisis-defined environment. The needed orientation is proactive, based on a business perspective, and goes beyond a reactive, second-line-of-defense approach to uncertainty. To build resilience into their long-term strategic decision making, organizations need to develop certain cross-functional capabilities and strengthen resilience in a number of strategic areas.

Overarching capabilities and core resilience areas

The overarching capabilities include foresight skills and disruption and crisis response preparedness . To develop foresight capabilities, organizations gather and study the relevant data, develop pertinent scenarios to discover gaps in resilience, and use this method to anticipate and prepare for future crises. Appropriate crisis response capabilities can then be pursued: those that can be developed and implemented in advance, to be applied quickly and effectively in case of disruptions. These capabilities—such as strengthened financials, better security (whether for IT and software or physical assets), market flexibility, and optionality—can by design create a competitive advantage that drives superior performance through the next industry cycle.

The core resilience areas can be grouped as follows:

  • Financial resilience . Institutions must balance short- and longer-term financial aims. A solid capital position and sufficient liquidity enable organizations to weather rapid drops in revenue, increased cost, or credit issues. Resilient companies are able to achieve superior margins by increasing revenue more than controlling costs. But McKinsey research also suggests  that tomorrow’s resilient firms are more likely to be those driving value-added growth while balancing optionality (retained earnings growth)—rather than those that focus most of their attention on maintaining operating margins at the expense of other proportionate measures.
  • Operational resilience. Resilient organizations maintain robust production capacity that can pivot to meet changes in demand or remain stable in the face of operational disruption, all without sacrificing quality. They also fortify both their supply chains and delivery mechanisms to maintain operational capacity and the provision of goods and services to customers, even under stress of all forms ranging from failures of individual suppliers or distributors to natural catastrophes and geopolitical events.
  • Technological resilience. Resilient firms invest in strong, secure, and flexible infrastructure to manage cyberthreats  and avoid technology breakdowns. They maintain and make use of high-quality data in ways that respect privacy and avoid biases, compliant with all regulatory requirements. At the same time, they implement IT projects both large and small—at high quality, on time, in budget, and without breakdowns—to keep pace with customer needs, competitive demands, and regulatory requirements. If something does go wrong, they maintain robust business continuity and disaster recovery capability, avoiding service disruptions for customers and internal operations.
  • Organizational resilience . Resilient firms are able to attract and develop talent in areas critical to their future growth; where many others fail, they find a way to secure sought-after people—with scarce analytics or cybersecurity skills, for example. Such organizations foster a diverse workforce where everyone feels included and can perform at their best. They deliberately recruit the best talent, develop that talent equitably, and upskill or reskill flexibly and fast. They implement strong people processes that are free of bias and maintain robust succession plans throughout the organization. Culture and desired behavior are mutually reinforcing, supported by thoughtful rules and standards that promote fast and agile decision making.
  • Reputational resilience. Resilient institutions align values with actions and words. A wide range of stakeholders—employees, customers, regulators, investors, and society at large—are holding firms accountable for their actions, brand promise, and stance on environmental, social, and governance (ESG) issues. Resilience demands a strong mission, values, and purpose that guide actions. It also requires flexibility and openness in listening to and communicating with stakeholders, anticipating and addressing societal expectations, and genuinely responding to criticism of firm behavior.
  • Business-model resilience. Resilient organizations develop business models that can adapt to significant shifts in customer demand, the competitive landscape, technological changes, and the regulatory terrain. This involves maintaining an innovation portfolio and valuing entrepreneurship. Particularly during times of crises, resilient organizations are able to adapt business models to the dynamic and uncertain environment.
Resilient organizations develop business models that can adapt to significant shifts in customer demand, the competitive landscape, technological changes, and the regulatory terrain.

Resilience as a competitive advantage

The holistic approach to building resilience  advances the organization from a narrow focus on risk, controls, governance, and reporting to a longer-term strategic view of the total environment. Rather than hunting for blind spots in risk coverage within today’s business model, resilient organizations embrace the holistic view, in which resilience becomes a competitive advantage in times of disruption.

An important aspect of the holistic approach involves using crisis scenarios to test for resilience in a downturn. Accordingly, foresight capabilities are used to develop the scenarios; scenario-based modeling can then pressure-test strategies and business models through future volatile environments—such as those defined by economic downturns, rising geopolitical tensions, disruptions in the regulatory landscape, as well as technological disruptions. Such an approach enables leaders to move beyond resilience capability assessments to active strategic thinking to find new opportunities and shape new business models.

Designing and implementing strategic resilience

Companies have lately developed tools to deal with the challenges of the COVID-19 pandemic, but the “resilience muscle” must still be strengthened. Future disruptions will be different, and institutions need to plan for the primary impact and also for second- and third-order effects. Some of these knock-on effects appear only after a long delay but then suddenly accelerate; others gather momentum incrementally until an emergency tipping point is reached.

For a number of reasons, few institutions have built sufficient strategic resilience. The goal of becoming a resilient company can sometimes run counter to the more immediate objective of value creation. Building redundancy in supply chains builds resilience but it also increases costs, reduces returns on investment, and thus can make resilience a tough sell to business leaders.

Another barrier is organizational forgetfulness. Resilience is not needed every day; big disruptions are not happening all the time. The importance of resilience can be forgotten between big crises. These trigger big investments, but the next crisis will not necessarily be recognizable as a repeat of the last one. Over time, the effort to achieve strategic resilience peters out and new leaders shift priorities.

Resilience as we have been defining it cannot be achieved in a siloed approach. Yet due to inertia and biases, efforts to achieve a holistic resilience agenda can begin to veer off course, back toward familiar patterns. And siloed resilience efforts cannot collectively achieve the integrated solution.

Finally, as yet, we have no universal means of measuring resilience (we are working on it!). Consequently, the efficacy of investments in resilience tends to be based on qualitative judgements. Likewise, people are not trained in resilience, and performance evaluation is not much based on it. Managers are promoted for expertise in pattern recognition and for avoiding mistakes; however, resilience leadership requires creative thinking, first-principles problem solving for navigating through disruptions, and a predisposition to learn from and adjust to crises and downturns. A defensive stance and routinized thinking will prevent the organization from pivoting and accelerating in the next upswing.

Robust steps toward building sustainable resilience

Companies across industries have learned to successfully navigate fundamental disruptions, emerge stronger, and gain competitive advantage in tough times. The following steps briefly sketch a path to overcome pitfalls while systematically building and strengthening strategic resilience. The steps are not, of course, a simple how-to guide. Rather, each element relies upon talent, capabilities, and deep commitment to the integrated effort.

  • Measure resilience and start to report it internally. Taking a business-model view, review resilience dimensions regularly and systematically, identifying strengths and weaknesses compared with industry peers. The ability to conduct these reviews is of critical importance to decision making and balancing value creation and resilience building.
  • Pick your disruptions. A resilience agenda built around generic disruptions or overly specific scenarios is rarely useful. Instead, choose a particular type of disruption to start with, then probe it deeply for expected initial impact and longer-term secondary and tertiary effects.
  • Put less emphasis on extrapolations based on planning and budgeting processes. The approach is too slow and narrow for our disrupted world. Define instead a mechanism for creating scenarios systematically. Define increasingly disruptive scenarios across a widening circle and embed the impact of structural factors.
  • Risk functions need to move beyond the formal views of administration, control, and governance, as well as the formal processes for risk assessment. Find a way to replace these structures, integrating their constituent activities into strategy. Like strategy, risk and resilience management requires a strong business and market perspective, a risk mindset, and interdisciplinary thinking. For risk professionals, this is a call to come out of the ivory towers and into the marketplace.
  • Identify the organization’s natural strengths and Achilles’ heels. Test strategy and underlying assumptions against different scenarios—for example, by deploying qualitative and quantitative scenario analyses.
  • Define a portfolio of resilience investments. This step will entail revising short-term performance and corporate resilience strategies to enable longer-term profitable growth. Consciously invest in the resilience dimensions, with strategic options and big bets, when needed, to strengthen the strategies. Develop action plans for alternative futures.
  • Build first-line capabilities in resilience; build personal resilience and resilience within teams. These efforts also better integrate people into the transition.
  • Create an early-warning system that truly monitors internal and external risks. The board should be involved, but crowdsourcing can be used judiciously, for a more secure view on the risks the organization is facing.

History teaches us that the conditions of future growth are often created as organizations respond to the vulnerabilities crises expose. In times of disruption, survival and the wherewithal to achieve future prosperity depend on strategic resilience, which, as the participants in the FERMA–McKinsey survey stress, importantly means adaptability and decisiveness.

Alfonso Natale is a partner in McKinsey’s Milan office; Thomas Poppensieker is a senior partner in the Munich office, where Michael Thun is a senior expert.

This article was edited by Richard Bucci, a senior editor in the New York office.

Explore a career with us

Related articles.

The emerging resilients: Achieving 'escape velocity'

The emerging resilients: Achieving ‘escape velocity’

key

The unsolved opportunities for cybersecurity providers

The resilience imperative: Succeeding in uncertain times

The resilience imperative: Succeeding in uncertain times

Kezia Farnham Image

Strategic risk management 101: The director’s guide

Someone representing strategic risk management

Strategic risk is occupying more of board directors’ time and headspace than ever. The need to identify and tackle the significant risks your organization faces is a priority action for all directors. To do this effectively, you need a thorough understanding of strategic risk, what it is and how you can respond to the strategic threats you face. You need to understand the latest approaches to strategic risk management and the board’s role in creating a strategic risk management plan. Here, we explore the essentials of strategic business risk.

What Is Strategic Risk?

Pinning down a strategic risks definition can be a challenge, as there are different understandings of what comprises a “strategic” risk.

  • The Association of Chartered Certified Accountants ( ACCA ), who identify as the global body for professional accountants, defines strategic risks as “those that arise from the fundamental decisions that directors take concerning an organization's objectives.”
  • Deloitte looks further than this; their definition of strategic risk encompasses risks that threaten business strategy decisions as well as those that arise from them. Deloitte defines strategic risks as “ those that either affect or are created by business strategy decisions. ”
  • A paper published by a panel of US academics agrees. The paper notes that a definition of strategic risk that focuses only on risks generated by external factors “creates… problems.”

This approach neglects the significant risks that can originate within the organization; for example, quality failings are brought about through poor governance, risk and compliance processes.

It also includes trends in external factors as a source of strategic risk, something the paper’s authors take issue with, arguing that predictable trends shouldn’t be a source of risk; instead, it is deviations from these trends that can cause risks.

Of course, defining trends as a non-risk assumes that organizations have the insight and data to identify these trends and spot any deviations. Being able to achieve this demands that you adopt best practice governance intel strategies and understand the broader risk landscape.

Whatever the finer details of your strategic risk definition, there is no doubt that when we seek to answer “What is strategic risk?” the response is that these are the big picture risks with a significant impact on an organization’s ability to deliver.

The types of risk typically defined as “strategic” include:

  • Competitive risk
  • Change risk
  • Regulatory risk
  • Reputational risk
  • Political risk
  • Governance risk
  • Financial risk
  • Economic risk
  • Operational risk

You can read more about different examples of strategic risk in our article on strategic risk examples .

How Are Approaches to Strategic Risk Changing?

The types of strategic risk, as above, may be fairly unchanging. But as with everything, the devil is in the detail, and the nuanced threats your organization faces will shift constantly. Strategic risk analysis and mitigation demand that your approach keeps pace with these changing threats. Risk management approaches have traditionally been backward-looking — examining financial indicators and the existing regulatory landscape. As a result, they can lag behind any new risks the business faces. As  Deloitte noted  as long ago as 2013, companies are now “making a deliberate effort to improve” their proactive strategic risk management capabilities. Some of the ways that strategic risk management frameworks have evolved in recent years include:

  • A move from purely quantitative to qualitative risk management. Historically, strategic risk assessment was based purely or largely on quantitative factors; financial indicators, for instance, as we’ve noted above.

Increasingly, organizations have realized that some of their most relevant risks may only show a financial impact several years down the line or that the risk may be significant in some ways but the direct financial impact minimal. As a result, boards have started to measure strategic risk in purely financial terms and the context of softer metrics like reputation . As ethical considerations and broader CSR and ESG move up the corporate agenda, these metrics drive customer and stakeholder decisions and play an increasing role in the strategic risk matrix.

  • A shift from defining process to usable insight. As companies tackled the issue of strategic risk management for the first time or upped their focus on strategic risk, they concentrated on the process. There’s no doubt that implementing the right processes forms an essential bedrock for your strategic risk management program. But once these are in place, your focus can evolve. With the right processes underpinning your approach, directors can turn attention to how they use the actionable insights they gain from the data and insights their process delivers. This is the next step in the strategic risk planning journey.
  • Integrating strategic risk management with business strategy. The concept of integrated risk management (IRM) isn’t new, but organizations today are integrating strategic risk assessment and analysis more into their overall business strategy and planning.

Strategic decision and risk management approaches are increasingly interwoven, with risk management programs being used to inform the design and execution of business strategy. Again successfully doing this is contingent upon having the right processes in place and drawing on the data that these processes deliver to inform your decision-making .

How To Build a Strategic Risk Plan

What organizations really need to know, though, is how to build a plan to tackle strategic risk; what are the steps, what do best practices look like, and who should be involved?

6 Steps to Building a Strategic Risk Plan:

  • Define your business’s objectives and strategy. As above, some of your risks will stem from your strategic decisions; others may impact them. Identifying your strategy and aims is an essential first step.
  • Determine the measures you will use to monitor performance. How will you measure compliance with your strategic processes and progress towards your goals? Establish the performance indicators you will use to define success.
  • Identify the risks that may impact your ability to achieve the KPIs in step 2. What factors threaten your success? These could be internal, like the failure of a core piece of equipment, or external, like a breakdown in your supply chain .
  • Prioritize these risks ; which are critical, and which can be circumvented? What tolerance is there to results outside of your ideal?
  • Put in place reporting that measures your strategic risks and response to them. Best practice reporting on governance, risk and compliance gives you the insight you need to defend your organization against strategic risk. Assess the processes, software and measures you have in place to gather this reporting and monitoring.
  • Revisit and refresh your plan regularly. Implementing a strategic risk plan isn’t a “one time” job but needs regular review, in tandem with strategic risk assessment. As internal processes and the external landscape evolve, so should your approach to mitigating and managing your strategic risks.

Follow these six steps, and you will be well on the road to adopting some best practices for strategic risk management.

The Board’s Role in Strategic Risk Management

According to Harvard Law School , strategic risk management is “a necessary core competency” for the board. Every company’s strategy includes an element of risk; the board plays a crucial role in working with the CEO to identify these risks, stress-test the strategy against them and ensure mitigation plans are in place. In a world of ever-increasing board accountability , directors have a responsibility to ensure that risk is considered as part of the business plan. But their role doesn’t end there. In his book, Owning Up: The 14 Questions Every Board Member Needs to Ask , business advisor and corporate governance expert Ram Charan says boards must also “watch for a toxic culture that enables ethical lapses throughout the organization.” Corporate culture plays a key role in strategic risk management and should be at the heart of any strategic risk assessment. The board is central to setting the organization’s cultural tone and building an ethos of compliance , ethics and good corporate behavior. Directors must put culture at the heart of any strategic risk management framework.

Strategic Risk Solutions

Tackling strategic risk requires a range of solutions, from the strategic, via the operational to the technological. It demands a board that takes the lead in building a culture of compliance . It requires a rigorous approach to monitoring and data, enabling you to capture the metrics you need to support strategic risk management. And your approach can be transformed by harnessing leading-edge technologies that provide a 360-degree view of the risks your organization faces . Keeping track of the risks you face can feel like a full-time job — and for busy directors, a huge challenge. But keeping abreast of upcoming regulatory change, shifts in political and economic landscapes, and best practices is vital for boards wanting to be proactive on strategic risk.

Stay Abreast of GRC Industry News and Insights

Signing up to Diligent’s GRC Newsletter gives you instant access to the latest insights, delivering a snapshot of current news and sharing examples of best practices in strategic risk mitigation. And you can read more about the issues and factors that underpin strategic risk management in our article on governance, risk and compliance .

Solutions Solutions

  • Board Management
  • Enterprise Risk Management
  • Audit Management
  • Market Intelligence

Resources Resources

  • Research & Reports

Company Company

Your data matters.

  • Thought Leadership

Strategic risk: a quick guide

User icon

Strategic risk refers to the internal and external events that may make it difficult, or even impossible, for an organization to achieve their objectives and strategic goals. These risks can have severe consequences that impact organizations in the long term.

Given the significance of this type of risk, we have put together this quick guide to help you get up to speed with all things strategic risk, including strategic risk examples, definitions, and an overview of strategic risk management.

Let’s start by diving a little deeper into what exactly strategic risk is.

What is strategic risk?

Strategic risk is a category of risk in the same way that risks such as operational risk, financial risk, reputational risk and regulatory risk are. Sometimes, strategic and operational risk can be confused with each other, but we will get to the differences later. First, let’s look at some strategic risk definitions.

Roberts, Wallace and McClure (2003) describe strategic risk as relating to ‘ risk at the corporate level’ which ‘ affects the development and implementation of an organisation’s strategy. ’

Similarly, the Economist Intelligence Unit (2010) explain that ‘ Strategic risks are those that pose a threat to a company’s ability to set and execute its overall strategy .’

Deloitte (2013) expand on this strategic risk definition, stating that these risks can also be ‘ created by an organization’s business strategy and strategic objectives ’. In other words, as well as impacting how likely an organization is to achieve its strategy, strategic risks also arise from strategic decisions themselves.

Furthermore, Louisot and Ketcham (2014) state that strategic risks are ‘ associated with adopting or not adopting the correct strategy for an organization in the first place or, once adopting, not adapting the chosen strategy in response to competition or other forces ’. This, and the definition from Deloitte, align with Roberts, Wallace and McClure’s statement that ‘ one example of strategic risk is the risk that the strategic decision is wrong. ’

So, what can we learn from these strategic risk definitions?

In essence, strategic risk refers to the events or decisions that could potentially stop an organization from achieving its goals. It also refers to the danger of an organization’s strategic choices being incorrect, or not responding effectively to changing environments.

As you may suspect, your organization will therefore need to be aware of the possible circumstances that could put an obstacle between your organization and its objectives. You also need to be ready to adapt and respond quickly to any changes.

What is the difference between strategic risk and operational risk?

Both strategic and operational risk can have serious consequences for organizations if they materialise. After the 2008 financial crisis, many organizations wanted those working in risk management to look beyond operational risks and focus on strategic risks due to a lack of effective foresight. However, as operational risk refers to the more immediate and tangible risks your organization could face, disregarding this completely would be a mistake.

Here are the key differences:

ID_Week_3_-_Strategic_risk_CTA

Be prepared to handle risk

Discover how to choose the right solution to help your organization improve its risk management activities.

Strategic risk examples

Examples of events or circumstances that could derail an organization’s strategic goals include:

  • Strategic decisions that are unclear or poorly made
  • Changes in senior management and leadership
  • The introduction of new products or services
  • Mergers and acquisitions which prove unsuccessful
  • Market or industry changes, such as a shift in the needs or expectations of customers
  • Problems with suppliers and other stakeholders
  • Financial challenges
  • Failure to adapt to a changing environment or keep up with competitors
  • Company reputation damage

And that list is not exhaustive. Almost any strategic decision the board makes can run the risk of not working out, and there are a range of activities – operational and otherwise – that have the potential to stop your organization from achieving its aims. That’s why having an effective strategic risk management process is so imperative.

What is strategic risk management?

Strategic risk management is a term that can cause some confusion. Does it relate to risk management that is strategic in nature? Or does it refer to the actual management of strategic risk? The truth is, it can mean both. For the purposes of this guide, we will look at how you can manage strategic risk.

The good news is that you can follow the same 5-step process of identifying, assessing, treating, monitoring, and reporting that you would when handling other types of risk.

Your strategic risk management framework may therefore look something like this:

1. Identify the strategic risks your organization could come up against

2. Conduct a strategic risk assessment to determine the likelihood of risks occurring, and the impact they might have

3. Choose a strategy for dealing with each risk

4. Monitor each risk over time to keep on top of any changes

5. Report at each stage of the strategic risk management process

When it comes to managing strategic risk, make sure you pay close attention to organizational strategy and objectives, have a broad oversight of the strategic risks you could face, and be proactive by adapting to changes and responding effectively.

Improve your strategic risk management framework with technology

Having a proper risk management process in place helps ensure your organization is prepared to handle strategic risk. With risk management software, you can maximise these efforts. After all, the benefits of technology include time-saving automation, and improved quality and efficiency of risk decisions. Technology can also help you stay on track of a constantly changing risk landscape, which is imperative for managing strategic risk.

What’s more, the right software can help you put your strategic risk management framework into focus, so you can be sure that your organization is doing the most that it can to achieve its strategy and manage any risks that arise along the way.

Find out how to choose the right risk management technology for you, to help your organization better manage strategic risk.

web_id_audit-and-risk_sub-sol_risk-management_tile1

Ensure effective risk management

With our powerful risk solutions, you can shield your organization against potential threats, safeguard your reputation through seamless risk management processes and remain adaptable to ever-changing industry regulations.

authorPicture.AltText

author.AuthorFullName

Dive into the future at frontier 2023.

promo-img

Redefining what matters in regulated industries

  • Our Approach
  • Our Programs
  • Group Locations
  • Member Success Stories
  • Become a Member
  • Vistage Events
  • Vistage CEO Climb Events
  • Vistage Webinars
  • Research & Insights Articles
  • Leadership Resource & PDF Center
  • A Life of Climb: The CEO’s Journey Podcast
  • Perspectives Magazine
  • Vistage CEO Confidence Index
  • What is Vistage?
  • 7 Laws of Leadership
  • The CEO’s Climb
  • Coaching Qualifications
  • Virtual Chair Academy
  • Apply to be a Vistage Chair

Research & Insights

  • Talent Management
  • Customer Engagement
  • Business Operations
  • Personal Development

Business Growth & Strategy

Strategic planning: managing assumptions, risks and impediments

' src=

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

While no one likes the idea of having one foot on the brake while doing strategic planning, there are very good reasons to take the time required to be cautious. We are speaking to the undeniable link between the business assumptions we make and the risks we introduce to the organization during strategic planning. In fact, the assumptions we base strategies upon can mushroom into grave risks and show-stopper impediments down the line – appearing out of nowhere when the business attempts to execute to a seemingly well-laid plan. Twelve to eighteen months into strategy implementation is too late to go back and ask, “What were we assuming…?” Given that time will always be of the essence, what kind of strategic assumption vetting and risk management is warranted? How much is enough?

Assumptions Introduce Risk

At a minimum, the planning process must involve an evaluation of the impacts that the strategy will have on the business to determine if it will actually help accomplish the outcomes intended. That is the absolute minimum requirement.

The strategic planing process is the one key point to get in front of idle supposition and truly manage assumptions, risks and impediments. When strategy is well developed, there will be an actual plan for implementation associated with the strategy. A holistic plan defines goals that support the strategy and addresses the operational tactics that will accomplish the goals. No business possesses a crystal ball to know exactly what will happen in the economy, financial markets or competitors next bold moves. That means that business assumptions are a necessary evil.

Given that we must rely upon certain assumptions to put strategic plans together and that risk will always be present (as will natural impediments to execution of strategy), the following sections will explore each of these factors at the planning level…beginning with a definition of terms and ending with approaches to better manage process.

What is an assumption in strategic planning?

The dictionary defines an assumption as follows: “ something taken for granted; a supposition ”.

Assumptions form the basis of strategies, and those underlying assumptions must all be fully vetted. Testing strategic assumptions requires allowing those involved with planning to back away from the “givens” and challenge them to ensure the team is not assuming the rosiest of scenarios on which to base strategy.

Considering that the synonyms for the word “assumption” includes words like “hypothesis”, “conjecture”, “guess”, “postulate” and “theory” the concept takes on a more weighty meaning in the  strategic planning process. Yes, assumptions are beliefs we take for granted, but they can be no better than guesses in many cases.

Assumptions are not always justifiable. Defending an assumption may be difficult, as facts are not always available to support the belief. That does not mean that they are incorrect, but it does underscore the challenge assumptions present in planning. In fact, assumptions are particularly difficult to even identify because they are usually unconscious beliefs.

An assumption about assumptions:

One can safely assume that if an assumption is sound, the inferences and conclusions associated with the assumption will also be sound. Unfortunately, the reverse is also safe to assume.

What is a risk in strategic planning?

As a noun, risk means something that may cause injury or harm or the chance of loss or the perils to the subject matter. As a transitive verb, risk means to “expose to hazard or danger” or “to incur the risk or danger of”.

In strategic planning, the definitions applying to both the noun and the transitive verb usage are relevant. A risk might be an event or condition that might occur in the future. Likewise, we may risk financial losses if we bet on an assumption that is incorrect.

An unmitigated risk can become an impediment, so risks must be evaluated in terms of the likelihood they will occur and the impact they will have if they do occur. If the impact/likelihood of a risk is high “enough”, we should identify a mitigation path – as an unmitigated risk can become an impediment later on.

All risk can never be removed from a strategic plan, therefore business planning teams must approach risk management from a Cost / Benefit perspective. Business risk mitigation in planning can cost speed, but if risks are addressed early the organization can avoid future impediments.

What is an impediment in strategic planning?

An impediment is something that makes movement or progress difficult. It differs from being a risk in that risks are future-based and an impediment is something that is occurring now.

During the strategic planning process, impediments might be grouped into macro or micro categories. Macro impediments might include: poor culture, business process inefficiencies, lack of job descriptions, no performance metrics and many other general types of issues. Micro impediments might include: core competency gaps, having people in the wrong roles, lack of sufficient tools to support business functions and technology / infrastructure issues.

Knowing business impediments and factoring them into the planning process adds realism to the strategy being developed and the operational tactics needed to implement it.

How should risks, assumptions and impediments be identified?

Identification of assumptions.

Strategic planning is a team sport, so working in teams is a great way to approach the identification of assumptions. In small groups, conduct a “round robin” to identify the assumptions within each strategic theme of the plan. Review the assumptions compiled by each team and discuss. This same approach can be used to identify impediments and risks.

The following are questions that assist to identify assumptions:

  • Is there anything being taken for granted?
  • Are there beliefs that we are ignoring that we shouldn’t?
  • What beliefs are leading us to this conclusion?
  • What is… (this project, strategy, explanation) assuming?
  • Why are we assuming…?

Identification of Risks

Risks are about events that, when triggered, cause problems. Hence, risk identification can start with the source of problems, or with the problem itself. Remember, risk sources may be internal or external to the organization. Examples of risk sources are: external stakeholders, employees, finance, political and even weather.

Risks are related to the identified threats from SWOT analysis, so that is another valuable reference during the identification process. For example: the threat of losing money, the threat of a major planned product launch being delayed or the threat of a labor strike disrupting critical manufacturing operations. The threats may exist with various entities, most importantly with shareholders, customers and legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. For example: banks withdrawing funding support for expansion; confidential information may be stolen by employees; weather delaying construction projects, etc.

Additionally, other methods of risk identification may be applied, dependent upon culture, industry practice and compliance. For instance, objectives-based risk identification can focus on any potential threats to achieving strategic objectives. Any event that may endanger achieving an objective partly or completely can be identified as risk. Scenario-based risk identification – In scenario analysis different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk. As a final example, a taxonomy-based risk identification can be utilized, where the taxonomy is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire can be compiled and the answers to the questions used to reveal risks.

How should risks, assumptions and impediments be dealt with?

Dealing with identified assumptions essentially becomes a task of translating the assumption to a risk. Once all risks have been identified, they must then be assessed as to their potential severity of impact (generally a negative impact, such as damage or loss) and to the probability of occurrence.

The assessment of risk is critical to make the best educated decisions in order to mitigate known risks properly. Once risks have been identified and assessed, the strategies to manage them typically include transferring the risk to another party, avoiding the risk, reducing the negative effect or probability of the risk, or even accepting some or all of the potential or actual consequences of a particular risk.

Taking the time and caution to identify, asses and deal with the risks and other factors will always be a worthy investment, even when time is of the essence. The vetting of these factors will pay off in smooth implementation of the strategic plan down the line. Your plan can proceed, free of the potholes and other roadblocks that, with a little planning, might well have derailed the best-laid plans.

Related articles:

Grow from a position of strength (Video)

Four innovation strategies to take your company from complacent to competitive

Print Friendly, PDF & Email

Category: Business Growth & Strategy

Tags:   risk management , Strategic Planning

' src=

Since 2006, Joe Evans has been President & CEO of Method Frameworks, one of the world's leading strategy and operational planning management consultancies. The firm provides services for a diverse field of clients, ranging …

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Gain deeper insights when you join Vistage

Take advantage of peer advisory group advice, 1-to-1 executive coaching, industry networks, exclusive events and more.

strategic business planning risks

Privacy Policy

Your contact and business information will be used to fulfill this request and to share other Vistage services.

See Vistage's Privacy Policy for details.

Privacy Overview

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

  • Search Search Please fill out this field.

What Is Business Risk?

Understanding business risk, reducing business risk, the bottom line, what is business risk definition, factors, and examples.

strategic business planning risks

Business risk is the exposure a company or organization has to factor(s) that will lower its profits or lead it to fail. Anything that threatens a company's ability to achieve its financial goals is considered a business risk . There are many factors that can converge to create business risk. Sometimes it is a company's top leadership or management that creates situations where a business may be exposed to a greater degree of risk.

However, sometimes the cause of risk is external to a company. Because of this, it is impossible for a company to completely shelter itself from risk. However, there are ways to mitigate the overall risks associated with operating a business ; most companies accomplish this by adopting a risk management strategy.

Key Takeaways

  • Business risk is any exposure a company or organization has to factor(s) that may lower its profits or cause it to go bankrupt.
  • The sources of business risk are varied but include changes in consumer taste and demand, the state of the overall economy, and government rules and regulations.
  • Risk can be created by external factors that the business doesn't control, as well as by decisions made within the company's management or executive team.
  • While companies may not be able to completely avoid business risk, they can take steps to mitigate its impact, including the development of a strategic risk plan.

Investopedia / Xiaojie Liu

When a company experiences a high degree of business risk, it may impair its ability to provide investors and stakeholders with adequate returns. For example, the CEO of a company may make certain decisions that affect its profits, or the CEO may not accurately anticipate certain events in the future, causing the business to incur losses or fail.

Business risk is influenced by a number of different factors including:

  • Consumer preferences, demand, and sales volumes
  • Per-unit price and input costs
  • Competition
  • The overall economic climate
  • Government regulations

A company with a higher amount of business risk may decide to adopt a capital structure with a lower debt ratio to ensure that it can meet its financial obligations at all times. With a low debt ratio, when revenues drop the company may not be able to service its debt (and this may lead to bankruptcy). On the other hand, when revenues increase, a company with a low debt ratio experiences larger profits and is able to keep up with its obligations.

To calculate risk, analysts use four ratios: contribution margin, operation leverage effect, financial leverage effect, and total leverage effect. For more complex calculations, analysts can incorporate statistical methods.

Business risk usually occurs in one of four ways: strategic risk, compliance risk, operational risk, and reputational risk .

Types of Business Risk

Strategic risk.

Strategic risk arises when a business does not operate according to its business model or plan. When a company does not operate according to its business model, its strategy becomes less effective over time, and the company may struggle to reach its defined goals.

For example, imagine ABC Store is a big box store that strategically positions itself as a low-cost provider for working-class shoppers. Its main competitor is XYZ Store, which is seen as a destination for more middle-class consumers. However, if XYZ decides to undercut ABC's prices, this becomes a strategic risk for ABC.

Compliance Risk

The second form of business risk is compliance risk, sometimes known as regulatory risk. Compliance risk primarily arises in industries and sectors that are highly regulated. For example, in the wine industry, there is a three-tier system of distribution that requires wholesalers in the U.S. to sell wine to a retailer, who then sells it to consumers. This system prohibits wineries from selling their products directly to retail stores in some states.

However, there are many U.S. states that do not have this type of distribution system; compliance risk arises when a brand fails to understand the individual requirements of the state in which it is operating. In this situation, a brand risks becoming non-compliant with state-specific distribution laws and may face fines or other legal action.

Operational Risk

The third type of business risk is operational risk . This risk arises from within the corporation, especially when the day-to-day operations of a company fail to perform. For example, in 2012, the multinational bank HSBC faced a high degree of operational risk and as a result, incurred a large fine from the U.S. Department of Justice when its internal anti-money laundering operations team was unable to adequately stop money laundering in Mexico.

Reputational Risk

Any time a company's reputation is ruined, either by an event that was the result of a previous business risk or by a different occurrence, it runs the risk of losing customers and its brand loyalty suffering. The reputation of HSBC faltered in the aftermath of the fine it was levied for poor anti-money laundering practices.

Business risk cannot be entirely avoided because it is unpredictable. However, there are many strategies that businesses employ to cut back the impact of all types of business risk, including strategic, compliance, operational, and reputational risk.

The first step that brands typically take is to identify all sources of risk in their business plan . These aren't just external risks—they may also come from within the business itself. Taking action to cut back the risks as soon as they present themselves is key. Management should come up with a plan in order to deal with any identifiable risks before they become too great.

Finally, most companies adopt a risk management strategy . This can be done either before the business begins operations or after it experiences a setback. Ideally, a risk management strategy will help the company be better prepared to deal with risks as they present themselves. The plan should have tested ideas and procedures in place in the event that risk presents itself.

Once the management of a company has come up with a plan to deal with the risk, it's important that they take the extra step of documenting everything in case the same situation arises again. After all, business risk isn't static—it tends to repeat itself during the business cycle. By recording what led to risk the first time, as well as the processes used to mitigate it, the business can implement those strategies a second time with greater ease. This reduces the timeframe in which unaddressed risk can impact the business, as well as lowering the cost of risk management.

What Are the 4 Main Types of Business Risk?

The four main types of risk that businesses encounter are strategic, compliance (regulatory), operational, and reputational risk. These risks can be caused by factors that are both external and internal to the company.

Why Is Risk Management Important In Business?

Businesses face a great deal of uncertainty in their operations, much of it outside their control. This uncertainty creates risk that can jeopardize not both a company's short-term profits and long-term existence. Because risk is unavoidable, risk management is an important part of running a business. When a business has a thorough and carefully created risk management plan in place, and when they are able to iterate on that plan to deal with new an unexpected risks, the business is more likely to survive the impact of both internal and external risk.

What Are Internal Risks That Can Impact a Business?

Internal risks that can impact a business often come from decisions made by the management or executive team in pursuit of growth. These decisions can create physical or tangible risks. For example, on-site risks such as fires, equipment malfunctions, or hazardous materials can jeopardize production, endanger employees, and lead to legal or financial penalties. Policies that guarantee a safe working environment would, in this instance, be an effective strategy for managing internal risks.

In business, risks are factors that an organization encounters that may lower its profits or cause it to go fail. Sources of risk can be external, such as changes in what consumers want, changes in competitor behavior, external economic factors, and government rules or regulations. They can also be internal such as decisions made by management or the executive team.

No company can completely avoid risks, especially because many risk factors are external. However, businesses can put risk management strategies into place. These strategies can be used both to reduce risk and to mitigate the impact of risks when they arise. By documenting the sources of risk and creating a strategic plan that can be repeated, businesses can reduce the overall impact of risk and deal with it more efficiently and effectively in the future.

United State Department of Justice. " HSBC Holdings Plc. and HSBC Bank USA N.A. Admit to Anti-Money Laundering and Sanctions Violations, Forfeit $1.256 Billion in Deferred Prosecution Agreement ."

strategic business planning risks

  • Terms of Service
  • Editorial Policy
  • Privacy Policy
  • Your Privacy Choices

Cart

  • SUGGESTED TOPICS
  • The Magazine
  • Newsletters
  • Managing Yourself
  • Managing Teams
  • Work-life Balance
  • The Big Idea
  • Data & Visuals
  • Reading Lists
  • Case Selections
  • HBR Learning
  • Topic Feeds
  • Account Settings
  • Email Preferences

Strategic Planning Should Be a Strategic Exercise

  • Graham Kenny

Don’t create a plan. Create a system.

Many managers complain that strategy-making often reduces to an operational action plan that resembles the last one.  To prevent that from happening they need to remember that strategy is about creating a system whereby a company’s stakeholders interact to create a sustainable advantage for the company.  Strategic planning is how the company designs that system, which is very different from an operational action plan in that it is never a static to-do list but constantly evolves as strategy makers acquire more insights into how their system of stakeholders can create value.

Over the years I’ve facilitated many strategic planning workshops for business, government, and not-for-profit organizations. We reflect on recent changes and future trends and consider how to engage with them for corporate success.

strategic business planning risks

  • Graham Kenny is CEO of  Strategic Factors and author of the book Strategy Discovery.   He is a recognized expert in strategy and performance measurement who helps managers, executives, and boards create successful organizations in the private, public, and not-for-profit sectors. He has been a professor of management in universities in the U.S., and Canada.  You can connect to or follow him on  LinkedIn .

Partner Center

strategic business planning risks

  • Get started

Strategic Risk Management: 5 Tips for Success

Download Free Risk Mitigation Guide

Successful businesses have to both do the right things and do things right to stay ahead. In terms of action, this means having operations in line and also defining a strategy that works. However, many companies lose out on market opportunities because they ignore strategic risks. While operational risks also post a threat, strategic risks tend to be overlooked more often, yet they can cause more significant impact. This is why strategic risk management is so important. 

Here, we will define strategic risk, understand strategic risk management and share five tips for success for its implementation. 

Download Now: Reduce Finance & Compliance Risk ebook

1. What is Strategic Risk?

2. What are Strategic Risk Examples

3. How to Overcome Different Types of Strategic Risk?

4. Strategic Risk vs Operational Risk

5. What is Strategic Risk Management?

6. Strategic Risk Assessment Process

7. Integrating Strategic Risk Management

8. 5 Tips for Success: Measuring and Managing Risk

9. How Automation Helps

10. Types of Risk

11. A CFO’s Approach to Strategic Risk Management

12. The Bottom Line

What is Strategic Risk?

In its most simplistic of definitions, strategic risk is the risk associated with failed business decisions. It refers to decisions or events that can get in the way of an organisation reaching its goals.

Strategic risk represents one type of risk that businesses face, along with risks like operational, financial, and regulatory, to name a few. In many instances, strategic risks and the other kinds of risk will impact one another as they are interconnected.

Strategic risk can take place due to competition, market events, changing regulations, compliance, and more. We’ll soon touch on what this could look like in your business.

These types of risks affect overall business strategy, but sometimes they are necessary to reap the rewards. For example, a bank takes on strategic risk by offering credit, but it’s an inherent risk that is directly related to its business goals. Since strategic risk is all centered around “doing the right things,” it may be harder to identify than operational risks, which come down to “doing things right.” 

Strategic risks occur when businesses fail to meet the market’s needs. To achieve business goals, companies face dangers and downfalls. Every internal choice comes with the potential of making the wrong choice. To complicate things further, strategic risk isn’t only based on subjective decisions. It can also be caused by externally because of market demand and the environment in which products get released. 

What are Strategic Risk Examples

By breaking down strategic risk examples, we can better understand how to overcome them. Here’s a look at what they can be categorised as:

  • Competitive risk: This refers to the risk that your competition will gain more market share than you and you will fall behind them in innovation.
  • Regulatory risk: The degree to which you must adhere to regulations varies by industry. In highly regulated industries like finance or transportation, this type of strategic risk will clearly be more of a concern. This is because new regulations can affect your business processes, call upon the need for new roles to be created, demand new technologies, and shift your business leaders’ time and focus to having to deal with the regulations.
  • Political risk: Changes in the political landscape can affect business’ operations, trade agreements, and more. Additionally, the politics affect security and the supply chain, so politics can pose a risk to businesses.
  • Governance risk: Any risk associated with lack of governance or compliance. Again, the degree to which this risk affects your business will depend on your business line. When it comes to data and finances, governance risk is higher (which calls upon the need for more internal controls).
  • Economic risk: The overall macroeconomic conditions affect how your business takes place and the success of your business strategy.
  • Operational risk: This refers to the day-to-day ways that you execute in business and the risk that processes are not up-to-date. With outdated processes, you may be costing the business more or less productive than you’d otherwise be with process improvement.
  • Change risk: Implementing changes within your organisation can create risk in itself if there’s resistance or struggles to adopt the change. Keep in mind that you can practice change management to overcome such risk.

DOWNLOAD NOW REGULATORY REPORTING DATA SHEET Prepare, validate and submit regulatory returns 10x faster with automation.  

How to Overcome Different Types of Strategic Risk?

The connection between the types of strategic risk can serve to your advantage. It requires a holistic and high-level view of your business, goals, and strategy to decide how to mitigate the strategic risks you may face.

With that said, here are suggestions for overcoming such risks:

  • Understand your competition and conduct market research
  • Utilise data to your advantage for business intelligence and forecasting
  • Remain aware of regulatory changes and adopt technologies and processes that are agile
  • Select suppliers and vendors in politically stable countries
  • Continuously monitor your business and its practices to protect against financial risks
  • Leverage change management such that change is welcomed and understood by everyone involved

No matter what type of strategic risks your business faces, financial automation software can serve multiple purposes. You can rely on having data in a centralised and secure location. You will be able to measure the success of your processes and optimise efficiency. You can conduct data analysis to make use of historical data to predict future events and be prepared.

Strategic Risk vs Operational Risk

To better understand strategic risk, it helps to define what operational risk is to see the differences. 

Operational Risk:  Operational risks comes from how a business does something, or in other words, their operations. Risks can arise from a breakdown in processes, people or systems. These risks stem from how a business performs day-to-day activities. 

Now that we better understand what strategic risk is and isn’t, how do business leaders plan around strategic risk? They implement strategic risk management. 

What is Strategic Risk Management? 

Once you recognise and acknowledge that strategic risk is inherent in the business, it pays to manage it. 

Strategic risk management is the process of identifying risks, analysing their potential effects and taking necessary action to mitigate them. These internal and external risks pose a threat to the business’ strategy and objectives. For example, if a finance company is going to sign a big new client, there is an inherent risk that the company won’t be able to scale quickly to provide the full service with the client needs and what if the client leaves after a short time. However, the finance company is aware of this risk and can plan by hiring part-time staff or keep existing staff and free up their time by driving more efficiencies such as through automation tools to mitigate such risk. 

As a focal point under enterprise risk management (ERM), strategic risk management focuses on the types of risks that will affect stakeholder value. As such, executive-level leadership must allocate their time to help manage and face this risk. 

Some examples of strategic risk include:

  • Technological changes 
  • Senior management turnover
  • Merger integration 
  • Stakeholder pressure 
  • Competitive pressure 
  • Consumer demand shifts 
  • Consumer preferences changes 
  • Regulatory changes 

It’s critical to assess the impact of strategic risks to prioritise the strategy to manage them. The main two crucial metrics by which to evaluate strategic risks are:

  • Economic Capital:  This is the amount of equity needed to cover unexpected losses. It’s derived from the company’s target debt rating. 
  • Risk-Adjusted Return On Capital (RAROC):  RAROC helps to understand the return on investment with the risk involved. It determines the return level relative to the risk taken. The calculation is:  revenue - expenses - expected loss + income from capital / capital 

Strategic Risk Assessment Process

Putting strategic risk management in action involves several steps. It begins by assessing the types of strategic risk that can affect your organisation. 

  • Understanding organisational strategy:  To measure the potential consequences of strategic risk, you must first thoroughly understand the organisation’s strategy and objectives. In this way, you can then prioritise potential risks. 
  • Gather data of strategic risk:  By interviewing executives and stakeholders, you can gather data on how people in the organisation view strategic risk. Data gathering may be conducted with both internal and external personnel who would be affected by the risk. The use of  automation tools and risk management  software is highly effective in collecting data and helping to assess the risks that could affect your organisation. It also enables business more clarity across the business, map out processes, and set real-time alerts reducing bottlenecks, reducing data errors, removing critical man dependency and increasing compliance.
  • Prepare strategic risk profile:  With the information from step 1 and 2, you can create a strategic risk profile for the organisation. It can be displayed in a list or even a heat map to outline what the top strategic risks are and how severely they rank in terms of potential detrimental impacts. 
  • Validate the profile:  Before creating a strategic risk management action plan, be sure that key executives and directors agree on the risk profile. 
  • Develop an action plan:  Developing an action plan is the primary goal of this whole process. In this step, you will outline how the organisation plans to face, mitigate, ignore or overcome strategic risks. It also involves defining methods by which strategic risks will be managed. 
  • Communicate and implement the plan:  Once you have the strategic risk management plan, then you must share the message across the organisation. Defining your organisation’s risk culture is what allows employees and team members to act in accordance. 

Integrating Strategic Risk Management

Since strategic risk is tied to an organisation’s strategies, strategic risk management must become incorporated with the organisation’s core processes. 

To embed strategic risk management into the organisation’s inner workings, you can follow these six steps to integrate risk management with strategic planning: 

1. Develop the strategy:  Define your mission and vision, as well as the ways by which you will assess risks. 

2. Communication:  Be sure to communicate with stakeholders and the internal team as to why strategic risk management is aligned with everyone’s interests. You can agree to regular updates and discussions about progress or gaps in the process. 

3. Align the organisation:  Review existing processes and procedures to ensure that risk management is incorporated and addressed. If anything is out-of-date or lacking information, provide updates. 

4. Plan operations:  Train everyone to understand how they can implement best practices to avoid or monitor strategic risks. 

5. Monitor:  Be sure to keep an eye on how processes are running and how business goals are being affected. Analysing data and monitoring KPIs is crucial to ensure that you are “doing the right things” to achieve business goals. One of the easiest ways to monitor KPIs in real-time is to utilise an automation tool because you can continuously  track KPIs via dashboards. 

6. Test and adapt:  After implementation, keep an eye on the system. Perform quality-reviews and don’t be afraid to make changes if needed. 

strategic business planning risks

5 Tips for Success: Measuring and Managing Risk

Here are the top 5 tips for measuring and managing strategic risk in any business. 

1. Define business goals:  Many companies fail to integrate risk or acknowledge risk when defining their business goals. In this stage, it is crucial to outline the types of risks that can threaten your organisation. You can accomplish this in a simple exercise like using SWOT analysis. 

2. Establish KPIs:  Key performance indicators (KPIs) are a way to measure your success and downfalls. Decide what you want to measure and monitor, like sales per customer, for example. You can leverage automation solutions to provide you with  dashboards of live updates  of these numbers so you can assess if your processes are working in your favour. 

3. Identify Risks:  Risks are unknown situations that can affect variability in your KPIs and performance. Create a list of such risks so that when your business is concerned, you can quickly understand what’s happening to resolve the situation . 

4. Define risk tolerance levels:  KRIs, or key risk indicators, anticipate risks in advance. If you set your risk tolerance levels, then you can count on an automated tool to alert you in advance or manage the situation automatically once the threshold is met. 

5. Provide reporting and monitoring:  To stay abreast of how your organisation is doing, you want to continue to monitor risks and manage situations as they arise.

How Automation Helps 

You can leverage  automation tools  to help assess and monitor strategic risks. Once you’ve devised your strategic risk management policy, you can note thresholds and criteria into your automation tool. This way, you can rely on the tool to provide you with updates if something is going wrong. By using quantitative analysis, you can be sure to track your business’ performance and see that it is headed in the right direction to accomplish business goals. 

You can also use analysis to test business decisions and their potential effects before implementing them. Data analytics can provide you with the necessary information to make the right decisions, or in other words, do the right things for your business. Automation tools give a variety of benefits, including:

  • Removal of low-level manual tasks 
  • Frees time for your team to focus on their high-value tasks 
  • Reduces human errors to improve the accuracy of information and reporting
  • Improves compliance by providing  audit trails and reports
  • Provides real-time reporting for real-time insights and analysis
  • Maps out processes to improve standardisation and consistency 
  • Offers trend analysis and data analytics for better decision-making and more precise insights 
  • Can be set up to provide real-time alerts and notifications 

Types of Risk

We’ve already briefly touched on the differences between organisational and strategic risks. There are different types of risks that a business faces. Here’s a look at some types of risk so you can better understand how to approach them. 

Category 1: Preventable risks

Preventable risks occur internally. They are breakdowns in processes that can otherwise be controlled. For the most part, avoidable risks are operational risks. One way to minimise operational risks is to  set up business processes  and use automation tools to run them. In this way alone, you can minimise various risks from a human error to eliminating bottlenecks. 

Category 2: Strategy risks

To receive returns from business practices, organisations assume strategic risks. Strategic risks are not always undesirable; they are inherent as a part of running a business. Strategy risks cannot be controlled on a rules-basis method, like operational risks can. Instead, you need to devise the risk management system to reduce risk or manage them when they happen. 

Category 3: External risks

Factors beyond a business’ control cause external risks. This includes natural and political disasters. External threats cannot be avoided, but they can be mitigated by creating action plans for if and when they occur. 

A CFO’s Approach to Strategic Risk Management 

A CFO plays an integral role in approaching strategic risk management. Strategic risks affect business plans, so it’s up to a CFO to help identity, assess and mitigate such risks. If you’re a CFO, you can get involved by:

  • Stress testing:  How will risks affect the business plan? Once you have this answer, you can incorporate stress testing as a part of the financial planning phase.  ‍
  • Risk analytics:  Before moving forward on any plan or investment, a CFO should conduct due diligence and use data automation software to carry out risk analytics to assess potential financial outcomes of any decision. With risk analytics, you can use historical data to help predict the future through  predictive analytics. 
  • Risk preferences:  To usher in rewards, the risk is necessary. However, it’s up to executive leadership to decide how much risk is worth taking on to move forward.  

Talk to Our Experts: Book a Free Session

The Bottom Line

With strategic risks, businesses face both their most significant upsides and downfalls. To position your organisation to manage strategic risks adequately, it’s necessary to implement strategic risk management. An  automation tool  can help you better manage risks of every kind, including strategic risks. 

New call-to-action

Related Posts

Our top guides, our top guide, popular posts, free up time and reduce errors, intelligent reconciliation solution, intelligent rebate management solution, recommended for you.

strategic business planning risks

Request a Demo

Book a 30-minute call to see how our intelligent software can give you more insights and control over your data and reporting.

strategic business planning risks

Reconciliation Data Sheet

Download our data sheet to learn how to automate your reconciliations for increased accuracy, speed and control.

strategic business planning risks

Regulatory Reporting Data Sheet

Download our data sheet to learn how you can prepare, validate and submit regulatory returns 10x faster with automation.

strategic business planning risks

Financial Automation Data Sheet

Download our data sheet to learn how you can run your processes up to 100x faster and with 98% fewer errors.

strategic business planning risks

Rebate Management Data Sheet

Download our data sheet to learn how you can manage complex vendor and customer rebates and commission reporting at scale.

strategic business planning risks

Top 10 Automation Challenges for CFOs

Learn how you can avoid and overcome the biggest challenges facing CFOs who want to automate.

Latest Blog Posts

strategic business planning risks

Internal Audit Trends: Finance Tips for Innovation

Technology, politics and ways of working are shifting business landscapes. Here are our top audit trends to ensure innovation and compliance

strategic business planning risks

Risk Management Software: A CFOs Guide to Choosing

Implement risk management software to use data and minimise business risk. Here’s how to choose from the variety of available options.

strategic business planning risks

How to Manage Risk and Compliance: Expert Tips

Risk and compliance are inevitable in business. Take a look at our expert tips on how to maintain compliance risk management.

  • Business strategy |
  • 7 strategic planning models, plus 8 fra ...

7 strategic planning models, plus 8 frameworks to help you get started

Team Asana contributor image

Strategic planning is vital in defining where your business is going in the next three to five years. With the right strategic planning models and frameworks, you can uncover opportunities, identify risks, and create a strategic plan to fuel your organization’s success. We list the most popular models and frameworks and explain how you can combine them to create a strategic plan that fits your business.

A strategic plan is a great tool to help you hit your business goals . But sometimes, this tool needs to be updated to reflect new business priorities or changing market conditions. If you decide to use a model that already exists, you can benefit from a roadmap that’s already created. The model you choose can improve your knowledge of what works best in your organization, uncover unknown strengths and weaknesses, or help you find out how you can outpace your competitors.

In this article, we cover the most common strategic planning models and frameworks and explain when to use which one. Plus, get tips on how to apply them and which models and frameworks work well together. 

Strategic planning models vs. frameworks

First off: This is not a one-or-nothing scenario. You can use as many or as few strategic planning models and frameworks as you like. 

When your organization undergoes a strategic planning phase, you should first pick a model or two that you want to apply. This will provide you with a basic outline of the steps to take during the strategic planning process.

[Inline illustration] Strategic planning models vs. frameworks (Infographic)

During that process, think of strategic planning frameworks as the tools in your toolbox. Many models suggest starting with a SWOT analysis or defining your vision and mission statements first. Depending on your goals, though, you may want to apply several different frameworks throughout the strategic planning process.

For example, if you’re applying a scenario-based strategic plan, you could start with a SWOT and PEST(LE) analysis to get a better overview of your current standing. If one of the weaknesses you identify has to do with your manufacturing process, you could apply the theory of constraints to improve bottlenecks and mitigate risks. 

Now that you know the difference between the two, learn more about the seven strategic planning models, as well as the eight most commonly used frameworks that go along with them.

[Inline illustration] The seven strategic planning models (Infographic)

1. Basic model

The basic strategic planning model is ideal for establishing your company’s vision, mission, business objectives, and values. This model helps you outline the specific steps you need to take to reach your goals, monitor progress to keep everyone on target, and address issues as they arise.

If it’s your first strategic planning session, the basic model is the way to go. Later on, you can embellish it with other models to adjust or rewrite your business strategy as needed. Let’s take a look at what kinds of businesses can benefit from this strategic planning model and how to apply it.

Small businesses or organizations

Companies with little to no strategic planning experience

Organizations with few resources 

Write your mission statement. Gather your planning team and have a brainstorming session. The more ideas you can collect early in this step, the more fun and rewarding the analysis phase will feel.

Identify your organization’s goals . Setting clear business goals will increase your team’s performance and positively impact their motivation.

Outline strategies that will help you reach your goals. Ask yourself what steps you have to take in order to reach these goals and break them down into long-term, mid-term, and short-term goals .

Create action plans to implement each of the strategies above. Action plans will keep teams motivated and your organization on target.

Monitor and revise the plan as you go . As with any strategic plan, it’s important to closely monitor if your company is implementing it successfully and how you can adjust it for a better outcome.

2. Issue-based model

Also called goal-based planning model, this is essentially an extension of the basic strategic planning model. It’s a bit more dynamic and very popular for companies that want to create a more comprehensive plan.

Organizations with basic strategic planning experience

Businesses that are looking for a more comprehensive plan

Conduct a SWOT analysis . Assess your organization’s strengths, weaknesses, opportunities, and threats with a SWOT analysis to get a better overview of what your strategic plan should focus on. We’ll give into how to conduct a SWOT analysis when we get into the strategic planning frameworks below.

Identify and prioritize major issues and/or goals. Based on your SWOT analysis, identify and prioritize what your strategic plan should focus on this time around.

Develop your main strategies that address these issues and/or goals. Aim to develop one overarching strategy that addresses your highest-priority goal and/or issue to keep this process as simple as possible.

Update or create a mission and vision statement . Make sure that your business’s statements align with your new or updated strategy. If you haven’t already, this is also a chance for you to define your organization’s values.

Create action plans. These will help you address your organization’s goals, resource needs, roles, and responsibilities. 

Develop a yearly operational plan document. This model works best if your business repeats the strategic plan implementation process on an annual basis, so use a yearly operational plan to capture your goals, progress, and opportunities for next time.

Allocate resources for your year-one operational plan. Whether you need funding or dedicated team members to implement your first strategic plan, now is the time to allocate all the resources you’ll need.

Monitor and revise the strategic plan. Record your lessons learned in the operational plan so you can revisit and improve it for the next strategic planning phase.

The issue-based plan can repeat on an annual basis (or less often once you resolve the issues). It’s important to update the plan every time it’s in action to ensure it’s still doing the best it can for your organization.

You don’t have to repeat the full process every year—rather, focus on what’s a priority during this run.

3. Alignment model

This model is also called strategic alignment model (SAM) and is one of the most popular strategic planning models. It helps you align your business and IT strategies with your organization’s strategic goals. 

You’ll have to consider four equally important, yet different perspectives when applying the alignment strategic planning model:

Strategy execution: The business strategy driving the model

Technology potential: The IT strategy supporting the business strategy

Competitive potential: Emerging IT capabilities that can create new products and services

Service level: Team members dedicated to creating the best IT system in the organization

Ideally, your strategy will check off all the criteria above—however, it’s more likely you’ll have to find a compromise. 

Here’s how to create a strategic plan using the alignment model and what kinds of companies can benefit from it.

Organizations that need to fine-tune their strategies

Businesses that want to uncover issues that prevent them from aligning with their mission

Companies that want to reassess objectives or correct problem areas that prevent them from growing

Outline your organization’s mission, programs, resources, and where support is needed. Before you can improve your statements and approaches, you need to define what exactly they are.

Identify what internal processes are working and which ones aren’t. Pinpoint which processes are causing problems, creating bottlenecks , or could otherwise use improving. Then prioritize which internal processes will have the biggest positive impact on your business.

Identify solutions. Work with the respective teams when you’re creating a new strategy to benefit from their experience and perspective on the current situation.

Update your strategic plan with the solutions. Update your strategic plan and monitor if implementing it is setting your business up for improvement or growth. If not, you may have to return to the drawing board and update your strategic plan with new solutions.

4. Scenario model

The scenario model works great if you combine it with other models like the basic or issue-based model. This model is particularly helpful if you need to consider external factors as well. These can be government regulations, technical, or demographic changes that may impact your business.

Organizations trying to identify strategic issues and goals caused by external factors

Identify external factors that influence your organization. For example, you should consider demographic, regulation, or environmental factors.

Review the worst case scenario the above factors could have on your organization. If you know what the worst case scenario for your business looks like, it’ll be much easier to prepare for it. Besides, it’ll take some of the pressure and surprise out of the mix, should a scenario similar to the one you create actually occur.

Identify and discuss two additional hypothetical organizational scenarios. On top of your worst case scenario, you’ll also want to define the best case and average case scenarios. Keep in mind that the worst case scenario from the previous step can often provoke strong motivation to change your organization for the better. However, discussing the other two will allow you to focus on the positive—the opportunities your business may have ahead.

Identify and suggest potential strategies or solutions. Everyone on the team should now brainstorm different ways your business could potentially respond to each of the three scenarios. Discuss the proposed strategies as a team afterward.

Uncover common considerations or strategies for your organization. There’s a good chance that your teammates come up with similar solutions. Decide which ones you like best as a team or create a new one together.

Identify the most likely scenario and the most reasonable strategy. Finally, examine which of the three scenarios is most likely to occur in the next three to five years and how your business should respond to potential changes.

5. Self-organizing model

Also called the organic planning model, the self-organizing model is a bit different from the linear approaches of the other models. You’ll have to be very patient with this method. 

This strategic planning model is all about focusing on the learning and growing process rather than achieving a specific goal. Since the organic model concentrates on continuous improvement , the process is never really over.

Large organizations that can afford to take their time

Businesses that prefer a more naturalistic, organic planning approach that revolves around common values, communication, and shared reflection

Companies that have a clear understanding of their vision

Define and communicate your organization’s cultural values . Your team can only think clearly and with solutions in mind when they have a clear understanding of your organization's values.

Communicate the planning group’s vision for the organization. Define and communicate the vision with everyone involved in the strategic planning process. This will align everyone’s ideas with your company’s vision.

Discuss what processes will help realize the organization’s vision on a regular basis. Meet every quarter to discuss strategies or tactics that will move your organization closer to realizing your vision.

6. Real-time model

This fluid model can help organizations that deal with rapid changes to their work environment. There are three levels of success in the real-time model: 

Organizational: At the organizational level, you’re forming strategies in response to opportunities or trends.

Programmatic: At the programmatic level, you have to decide how to respond to specific outcomes or environmental changes.

Operational: On the operational level, you will study internal systems, policies, and people to develop a strategy for your company.

Figuring out your competitive advantage can be difficult, but this is absolutely crucial to ensure success. Whether it’s a unique asset or strength your organization has or an outstanding execution of services or programs—it’s important that you can set yourself apart from others in the industry to succeed.

Companies that need to react quickly to changing environments

Businesses that are seeking new tools to help them align with their organizational strategy

Define your mission and vision statement. If you ever feel stuck formulating your company’s mission or vision statement, take a look at those of others. Maybe Asana’s vision statement sparks some inspiration.

Research, understand, and learn from competitor strategy and market trends. Pick a handful of competitors in your industry and find out how they’ve created success for themselves. How did they handle setbacks or challenges? What kinds of challenges did they even encounter? Are these common scenarios in the market? Learn from your competitors by finding out as much as you can about them.

Study external environments. At this point, you can combine the real-time model with the scenario model to find solutions to threats and opportunities outside of your control.

Conduct a SWOT analysis of your internal processes, systems, and resources. Besides the external factors your team has to consider, it’s also important to look at your company’s internal environment and how well you’re prepared for different scenarios.

Develop a strategy. Discuss the results of your SWOT analysis to develop a business strategy that builds toward organizational, programmatic, and operational success.

Rinse and repeat. Monitor how well the new strategy is working for your organization and repeat the planning process as needed to ensure you’re on top or, perhaps, ahead of the game. 

7. Inspirational model

This last strategic planning model is perfect to inspire and energize your team as they work toward your organization’s goals. It’s also a great way to introduce or reconnect your employees to your business strategy after a merger or acquisition.

Businesses with a dynamic and inspired start-up culture

Organizations looking for inspiration to reinvigorate the creative process

Companies looking for quick solutions and strategy shifts

Gather your team to discuss an inspirational vision for your organization. The more people you can gather for this process, the more input you will receive.

Brainstorm big, hairy audacious goals and ideas. Encouraging your team not to hold back with ideas that may seem ridiculous will do two things: for one, it will mitigate the fear of contributing bad ideas. But more importantly, it may lead to a genius idea or suggestion that your team wouldn’t have thought of if they felt like they had to think inside of the box.

Assess your organization’s resources. Find out if your company has the resources to implement your new ideas. If they don’t, you’ll have to either adjust your strategy or allocate more resources.

Develop a strategy balancing your resources and brainstorming ideas. Far-fetched ideas can grow into amazing opportunities but they can also bear great risk. Make sure to balance ideas with your strategic direction. 

Now, let’s dive into the most commonly used strategic frameworks.

8. SWOT analysis framework

One of the most popular strategic planning frameworks is the SWOT analysis . A SWOT analysis is a great first step in identifying areas of opportunity and risk—which can help you create a strategic plan that accounts for growth and prepares for threats.

SWOT stands for strengths, weaknesses, opportunities, and threats. Here’s an example:

[Inline illustration] SWOT analysis (Example)

9. OKRs framework

A big part of strategic planning is setting goals for your company. That’s where OKRs come into play. 

OKRs stand for objective and key results—this goal-setting framework helps your organization set and achieve goals. It provides a somewhat holistic approach that you can use to connect your team’s work to your organization’s big-picture goals.  When team members understand how their individual work contributes to the organization’s success, they tend to be more motivated and produce better results

10. Balanced scorecard (BSC) framework

The balanced scorecard is a popular strategic framework for businesses that want to take a more holistic approach rather than just focus on their financial performance. It was designed by David Norton and Robert Kaplan in the 1990s, it’s used by companies around the globe to: 

Communicate goals

Align their team’s daily work with their company’s strategy

Prioritize products, services, and projects

Monitor their progress toward their strategic goals

Your balanced scorecard will outline four main business perspectives:

Customers or clients , meaning their value, satisfaction, and/or retention

Financial , meaning your effectiveness in using resources and your financial performance

Internal process , meaning your business’s quality and efficiency

Organizational capacity , meaning your organizational culture, infrastructure and technology, and human resources

With the help of a strategy map, you can visualize and communicate how your company is creating value. A strategy map is a simple graphic that shows cause-and-effect connections between strategic objectives. 

The balanced scorecard framework is an amazing tool to use from outlining your mission, vision, and values all the way to implementing your strategic plan .

You can use an integration like Lucidchart to create strategy maps for your business in Asana.

11. Porter’s Five Forces framework

If you’re using the real-time strategic planning model, Porter’s Five Forces are a great framework to apply. You can use it to find out what your product’s or service’s competitive advantage is before entering the market.

Developed by Michael E. Porter , the framework outlines five forces you have to be aware of and monitor:

[Inline illustration] Porter’s Five Forces framework (Infographic)

Threat of new industry entrants: Any new entry into the market results in increased pressure on prices and costs. 

Competition in the industry: The more competitors that exist, the more difficult it will be for you to create value in the market with your product or service.

Bargaining power of suppliers: Suppliers can wield more power if there are less alternatives for buyers or it’s expensive, time consuming, or difficult to switch to a different supplier.

Bargaining power of buyers: Buyers can wield more power if the same product or service is available elsewhere with little to no difference in quality.

Threat of substitutes: If another company already covers the market’s needs, you’ll have to create a better product or service or make it available for a lower price at the same quality in order to compete.

Remember, industry structures aren’t static. The more dynamic your strategic plan is, the better you’ll be able to compete in a market.

12. VRIO framework

The VRIO framework is another strategic planning tool designed to help you evaluate your competitive advantage. VRIO stands for value, rarity, imitability, and organization.

It’s a resource-based theory developed by Jay Barney. With this framework, you can study your firmed resources and find out whether or not your company can transform them into sustained competitive advantages. 

Firmed resources can be tangible (e.g., cash, tools, inventory, etc.) or intangible (e.g., copyrights, trademarks, organizational culture, etc.). Whether these resources will actually help your business once you enter the market depends on four qualities:

Valuable : Will this resource either increase your revenue or decrease your costs and thereby create value for your business?

Rare : Are the resources you’re using rare or can others use your resources as well and therefore easily provide the same product or service?

Inimitable : Are your resources either inimitable or non-substitutable? In other words, how unique and complex are your resources?

Organizational: Are you organized enough to use your resources in a way that captures their value, rarity, and inimitability?

It’s important that your resources check all the boxes above so you can ensure that you have sustained competitive advantage over others in the industry.

13. Theory of Constraints (TOC) framework

If the reason you’re currently in a strategic planning process is because you’re trying to mitigate risks or uncover issues that could hurt your business—this framework should be in your toolkit.

The theory of constraints (TOC) is a problem-solving framework that can help you identify limiting factors or bottlenecks preventing your organization from hitting OKRs or KPIs . 

Whether it’s a policy, market, or recourse constraint—you can apply the theory of constraints to solve potential problems, respond to issues, and empower your team to improve their work with the resources they have.

14. PEST/PESTLE analysis framework

The idea of the PEST analysis is similar to that of the SWOT analysis except that you’re focusing on external factors and solutions. It’s a great framework to combine with the scenario-based strategic planning model as it helps you define external factors connected to your business’s success.

PEST stands for political, economic, sociological, and technological factors. Depending on your business model, you may want to expand this framework to include legal and environmental factors as well (PESTLE). These are the most common factors you can include in a PESTLE analysis:

Political: Taxes, trade tariffs, conflicts

Economic: Interest and inflation rate, economic growth patterns, unemployment rate

Social: Demographics, education, media, health

Technological: Communication, information technology, research and development, patents

Legal: Regulatory bodies, environmental regulations, consumer protection

Environmental: Climate, geographical location, environmental offsets

15. Hoshin Kanri framework

Hoshin Kanri is a great tool to communicate and implement strategic goals. It’s a planning system that involves the entire organization in the strategic planning process. The term is Japanese and stands for “compass management” and is also known as policy management. 

This strategic planning framework is a top-down approach that starts with your leadership team defining long-term goals which are then aligned and communicated with every team member in the company. 

You should hold regular meetings to monitor progress and update the timeline to ensure that every teammate’s contributions are aligned with the overarching company goals.

Stick to your strategic goals

Whether you’re a small business just starting out or a nonprofit organization with decades of experience, strategic planning is a crucial step in your journey to success. 

If you’re looking for a tool that can help you and your team define, organize, and implement your strategic goals, Asana is here to help. Our goal-setting software allows you to connect all of your team members in one place, visualize progress, and stay on target.

  • Global directory Global directory
  • Product logins Product logins
  • Contact us Contact us

Our Privacy Statement & Cookie Policy

All Thomson Reuters websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.

  • Privacy Statement
  • Cookie Policy

strategic business planning risks

Enterprise risk management (ERM): an overview

February 20, 2024 · 12 minute read

Establish resilient enterprise risk management (ERM) with strategic planning, comprehensive risk identification, and effective communication, ensuring business sustainability and growth.

This blog is part of this series.

strategic business planning risks

Not long ago, retailer Bed Bath & Beyond was a Fortune 500 company. In 2023, it filed for Chapter 11 bankruptcy, closing its last store at the end of July. The reasons for its closure are numerous and complex. But it’s clear that it didn’t or couldn’t plan for all the dangers that brought down its once-booming business model.

As events such as the pandemic, the decline of many economies, and rapidly rising interest rates have demonstrated, even solid businesses can be disrupted. Companies of all kinds face numerous risks that could damage their operations, their reputation, their profitability, and even their viability. This makes the implementation of an enterprise risk management (ERM) initiative absolutely crucial. The goal of ERM is to help businesses make informed decisions about risk in order to operate more efficiently and profitably. But to be effective, an ERM initiative needs careful planning and enterprise-wide participation.

What is enterprise risk management?

Enterprise risk management (ERM) is a systematic approach to identifying risks associated with running a business, assessing their likelihood and potential impact, and developing strategies to manage and mitigate them. Most businesses have some kind of risk management program in place. But in “traditional” risk management, the management is typically left in the hands of separate divisions or departments. By contrast, ERM is a holistic approach, requiring communication and coordination between business units to identify and manage risks across the entire organization. Many companies have established an ERM team that includes stakeholders from several key departments.

This is because of the risks that enterprise risk management (ERM) addresses across departmental boundaries. These include strategic risks, which involve activities related to achieving business objectives. They also include financial risks that need to be managed such as debt levels, cash flow shortfalls, or investments that could harm the business’s bottom line. New technologies, notably generative AI technologies such as ChatGPT, could disrupt many companies’ business models and open them up to possible compliance challenges. Insufficient cybersecurity can cause crucial company or customer data to fall into the hands of cybercriminals. There are legal risks that would need to be managed such as lawsuits involving contracts or other business agreements. Then there are the risks associated with compliance–not meeting regulatory requirements such as Sarbanes-Oxley regarding financial reporting, for instance.

Enterprise risk management (ERM) also includes operational risk management (ORM) , which focuses specifically on identifying, assessing, and managing risks related to the organization’s day-to-day operations. These can include risks associated with technology, regulatory compliance, and onboarding vendors . Like ERM, ORM seeks to reduce risks. However, the risks ORM addresses are unintentional risks, such as employees who accidentally open up company data systems to cybercriminals. Besides managing all types of risk, ERM can also help an organization to optimize certain intentional strategic risks —those that could bring in new customers, new product lines, and new ways to reduce expenses and improve performance.

In addition, enterprise risk management (ERM) incorporates the use of key performance indicators , or KRIs, with metrics that track risk assessment performance. It also typically includes the development of a “risk register” that outlines potential risks associated with certain activities or operations.

There are numerous reasons why enterprise risk management (ERM) is essential. Most notably, it allows organizations to be proactive in identifying and monitoring potential internal and external risks rather than simply reacting to them after they occur. It also establishes protocols for mitigating those risks that an enterprise simply can’t avoid.

Another key reason a business should establish an ERM program is to enhance its ability to operate more efficiently and profitably. By raising the profile of the potential dangers a company faces, ERM protocols can help inform strategic decision-making and implementation while also minimizing losses from potentially damaging risks.

By openly and transparently sharing information about risk and mitigation, a company-wide risk management initiative can keep all employees and other stakeholders aware of risks and risk management protocols. This can be beneficial when employees interact with customers about potential risks. That in turn can reassure all stakeholders about a company’s resilience and durability.

Steps to the enterprise risk management process

Crafting a successful enterprise risk management (ERM) initiative requires careful thought and rigorous execution. That thinking informs the following ERM components, which were developed by the Committee of Sponsoring Organizations (COSO), a private-sector group that helps organizations provide guidance on internal control, risk management , and fraud deterrence:

Setting goals

This involves defining the organization’s goals and objectives and aligning them with its tolerance for risk. A business should recognize that long-range strategic plans are fraught with risks that could translate into opportunities–or dangers.

Internal workflows

Internal factors that influence the organization’s risk management include its management structure, governance, and company culture. These factors determine the enterprise’s risk appetite and what kinds of risks it needs to manage. While it is senior management (and, in many organizations, the company’s board of directors) that typically identifies what risks require managing, many organizations also engage employee input.

Identifying risks

This involves identifying risks, defined as events or situations, that could affect the organization’s ability to achieve its objectives. These impacts can be either beneficial or harmful to the company’s future operations. An ERM program should identify high-risk events that could be particularly damaging. An example of such an event might be the current backup at the Panama Canal, which is snarling numerous companies’ supply chains.

Assessing risk

In this step, a company determines how likely the risks it has identified risks are likely to occur. It also prioritizes them based on how significant an impact they might have. The COSA ERM framework suggests that companies assess both the percent change of occurrence and the dollar impact of a potential risk. In addition, COSA advises that an organization assess not only the direct risk (COVID-19 social distancing) but also residual risks (employees resisting returning to the office). There are many types of risk assessments depending on the industry, but overall, risk assessment tools have their benefits .

Responding to risk

The organization then develops and implements strategies for managing the risks it has identified. One strategy is avoidance. An example would be shedding a business line where the potential dangers outweigh any benefits. A second strategy is maintaining that business line while establishing protocols to reduce any potential damage. A third option is acceptance. A company may choose this route if it determines the possibility of a risk event occurring is low and the costs of reducing potential negative impacts are too high.

Controlling activities

Also known as internal controls, these activities involve implementing policies and procedures to mitigate the identified risks and monitoring their effectiveness. Control activities can be classified as preventative (preventing or mitigating a risk event) or detective (recognizing the risk event and responding appropriately).

Monitoring risk activity

This involves continuously monitoring the organization’s risk management processes and controls, and making adjustments as needed. A company may wish to contract with an external consultant to evaluate its risk management practices. Whether the monitoring is conducted externally or internally, it should determine how well the ERM process is working, and whether the company is leaving itself vulnerable to any risk despite the processes and policies in place.

Communicating information

This step ensures that the organization’s risk management processes and results are communicated to stakeholders. Those within the business overseeing its ERM initiative should gather data and design metrics regarding the company’s risks and how they’re being managed. Sharing this information with senior management and affected employees can ensure their involvement in any needed mitigation.

Benefits and challenges to enterprise risk management

What are the benefits of enterprise risk management.

A rigorous, thoughtfully developed enterprise risk management (ERM) program can help avoid financial losses, reputational damage, compliance failures, and legal liability. It also improves business decision-making because it provides more complete information on the risks a company faces. As a result, an ERM program can strengthen corporate governance and oversight and reduce instances of fraud.

Enterprise risk management (ERM) also boosts internal communication and interdepartmental cooperation. The regular risk reports that a firm’s ERM team delivers to upper management include a list or “matrix” of the risks, how these risks are being prepared for or mitigated, and how the risks are being prioritized. This information is crucial for management decision-making and guidance regarding risk response and preparation.

An enterprise risk management (ERM) program can help a company’s operations and profitability in numerous ways. It can uncover areas where a company is vulnerable to theft or embezzlement. It can be useful in discovering markets and product areas to enter or to avoid. ERM also can strengthen a business’s supply chain by identifying areas where that chain might be weak. An example would be the recent semiconductor shortage, which slowed production for many companies. All this can result in better management of strategic risks that could lead to new opportunities (such as acquisitions and new products) or dangers (such as new competitors and disruptive technologies).

What are the challenges of enterprise risk management?

Despite all the advantages of enterprise risk management (ERM), getting a program established is by no means a slam dunk. For most companies, ERM requires culture, process, or system changes that can be costly, time-consuming, and disruptive. ERM can be particularly costly to businesses that have limited resources. As a result, it may be difficult for supporters of an effective ERM program to get buy-in from upper management.

Company leaders may believe that the investments of time, talent, technology, and capital needed to implement an enterprise risk management (ERM) initiative don’t pencil out, and that those costs exceed the potential benefits. They may argue that it’s difficult to project a program’s effectiveness, including a legal project management tool , because it involves assessing the probability and impact of risk events that may or may not occur. Establishing metrics is often one of the most significant challenges an ERM initiative wrestles with. In addition, ERM also could result in organizations becoming reliant on particular digital technology tools, which could be a risk in itself.

If a company does go forward with establishing an enterprise risk management (ERM) program, there are other risks it will need to anticipate. It makes perfect sense that the risks an enterprise will seek to manage will be those that the company has already faced or is currently facing. But the most potentially dangerous risks are those that it hasn’t encountered. The recent pandemic is a particularly notable example. How many companies not only anticipated the pandemic but also had metrics in place to measure its effect on the business’s customers, employees, and other stakeholders? And how could the potential costs of mitigating the risks associated with the coronavirus have been determined?

Best practices for enterprise risk management

Companies need to consider both the benefits and challenges of enterprise risk management as they craft their own enterprise risk management (ERM) program. This can help them determine the best practices they should follow.

The components of enterprise risk management (ERM) discussed earlier reflect many of the best practices of an effective ERM initiative. Clearly, such a program needs to identify, assess, and prioritize all risks an enterprise might face. It needs to develop consistent action plans that eliminate or reduce the most significant risks, as well as processes to continuously monitor risk and risk-related metrics–and then enforce risk management policies.

For this to succeed, a company should also develop a culture that includes open communication about risk and risk management throughout the organization. It should also assign risk management responsibilities to appropriate employees. And it should determine whether there are ways to automate risk management processes.

Final words

In an unpredictable, fast-changing business environment, an enterprise risk management (ERM) initiative is essential. An ERM program includes assessment, prioritizing, and mitigation of any potential risk to a company’s future health and success. And wherever necessary, it solicits the participation and input of all stakeholders—senior management, board of directors, employees, and customers.

The benefits of a well-crafted risk management strategy include thorough regulatory compliance, a clearer sense of how strategic risks can help or hurt a business, and improved decision-making about operations, opportunities, and future planning. It’s not stated too strongly to say that an enterprise risk management program could mean the difference between maintaining a successful business—or going out of business entirely.

  • Fraud Waste & Abuse
  • Preventing Fraud

strategic business planning risks

Join our community

Sign up for industry-leading insights, updates, and all things AI @ Thomson Reuters.

strategic business planning risks

Webcast and events

Browse all our upcoming and on-demand webcasts and virtual events hosted by leading legal experts.

strategic business planning risks

Charting a path forward with AI adoption in compliance: Reducing uncertainty and embracing change

Industry expercts discuss the best examples of AI being used for compliance, the key risks that come with these options, what this means for compliance analysts, and how compliance leaders can make themselves and regulators comfortable with putting AI to use.

strategic business planning risks

Mitigate risk, detect fraudulent activity, and streamline investigations

In today’s digital world, risk and fraud detection is even more important than ever before

Related posts

strategic business planning risks

Operational risk management (ORM): an overview

strategic business planning risks

Risk management: the framework

strategic business planning risks

Why AI still needs regulation despite impact

More answers.

strategic business planning risks

Attorney-client collaboration: The key to happy clients

strategic business planning risks

How legal workflow automation turns thousands of tasks into one

strategic business planning risks

Generative AI: What in-house legal departments need to know

strategic business planning risks

Back to All Posts

The Relationship Between Strategic Planning and Risk Management

by Funding For Good | Mar 13, 2023 | Strategic Planning

A chessboard with two white pieces and two black pieces, showing how integrating risk management into strategic planning can strengthen an organization.

As leaders, we often think of strategic planning as a project for when things are already going well. We imagine tackling questions of how to grow—our budget, our impact and our teams. But planning isn’t just for the good times. There’s a strong relationship between strategic planning and risk management—and the two work especially well when paired together.

Risk Management on Our Minds

The sudden collapse of Silicon Valley Bank is a shock to investors and Wall Street. Everyone’s wondering whether it’s a sign of things to come. Is a financial crisis brewing?

While Silicon Valley Bank’s failure doesn’t directly affect most small businesses and nonprofit organizations, it does add to a moment already rife with economic uncertainty. Between inflation, interest rate hikes, and talk of a recession on the horizon, there’s plenty of uncertainty to go around. So it’s natural for leaders to take a step back and consider risk management.

Traditionally, risk management is often synonymous with compliance. This encompasses areas like legal and regulatory compliance, financial management, governance, insurance, cybersecurity, and workplace oversight. Organizations are also increasingly considering reputational risk management, which can involve preparing crisis communications plans.

But a critical area for both nonprofit and business leaders is strategic risks . The strategic decisions we make today will affect our organizations’ ability to weather an operating environment that is rapidly changing . That’s where strategic planning plays a key role in your organization’s risk management.

Read more: The Complete Guide to Nonprofit Strategic Planning

The Relationship Between Risk Management and Strategic Planning

One of the first steps in the strategic planning process is using tools like an environmental scan and SWOT analysis to understand the external and internal factors that affect an organization today—and in the future. At Funding for Good, we increasingly hear from leaders wondering how to manage the multitude of external threats and trends that could impact their organizations.

The Value of Environmental Scans

A structured environmental scan enables leaders to consider a broad range of potential threats and opportunities without getting overwhelmed. For example, a PESTLE analysis guides leaders to think through how external political, economic, social, technological, legal, and environmental factors could affect operations.

Coupling an environmental scan with consideration of more traditional risk management topics helps leaders understand the true scope of challenges they may face. Which is the first step in preparing to weather them head-on.

Integrating Risk Management and Strategic Planning

The Stanford Social Innovation Review explains that:

Nonprofits can’t effectively engage in strategic planning until they understand the risks they face.

The same is true for businesses. That’s why Funding for Good always begins our strategic planning process with a SWOTA analysis that assesses each organization’s strengths, weaknesses, opportunities, threats, and achievements (a special addition we make to the traditional SWOT analysis).

This approach allows stakeholders to create ambitious visions and goals—all while staying grounded in the realities that may affect implementation. Indeed, assessing your organization’s risks won’t be helpful unless you also create a plan to address those risks.

By starting your strategic planning process by mapping threats and opportunities, you also create more dynamic and effective long-term goals and strategies. While traditional risk management planning may get siloed into operations and finance functions, the more holistic approach provided through strategic planning can set your organization up for operational, financial, and programmatic success.

Read more: What are the Steps in Strategic Planning?

strategic business planning risks

Get Your Free Strategic Planning QuickStart Kit

Align your team, clarify your vision, and grow your impact - starting TODAY! 

It's on it's way! Are you ready to get started? We hope so because the download link for the checklist is going to hit your inbox any second now.

We will protect your information, will not share it, and will not misuse it.

strategic business planning risks

No products in the cart

A business journal from the Wharton School of the University of Pennsylvania

How Early Adopters of Gen AI Are Gaining Efficiencies

February 20, 2024 • 10 min read.

Enterprises are seeing gains from generative AI in productivity and strategic planning, according to speakers at a recent Wharton conference.

strategic business planning risks

Generative AI can affect managerial decision-making in “a transformative way” by boosting value generation, according to Prasanna (Sonny) Tambe , Wharton professor of operations, information and decisions. Tambe is also faculty co-director of AI at Wharton , which fosters AI activities across the University of Pennsylvania. He was speaking at a conference hosted jointly by Wharton’s Mack Institute for Innovation Management and AI at Wharton in November 2023, titled “ Driving Innovation with Generative AI: Strategies and Execution. ”

Its unique strengths in translation, summation, and content generation are especially useful in processing unstructured data. Some 80% of all new data in enterprises is unstructured, he noted, citing research firm Gartner . Very little of that unstructured data that resides in places like emails “is used effectively at the point of decision making,” he noted. “[With gen AI], we have a real opportunity” to garner new insights from all the information that resides in emails, team communication platforms like Slack, and agile project management tools like Jira, he said.

Those insights will be helpful in a variety of ways, such as more accurately predicting delivery times for say, software development projects, Tambe said. In recent work, he and his research colleagues found “enormous potential” in one specific use case, where they processed raw patent texts and gained more accurate “blue-ocean” insights than was previously possible. They brought a superior understanding of “where firms are innovating, and where there’s room for an entry-level firm to innovate,” he added.

“With generative AI, one important use case is to take these millions of documents in any context and try to boil them down into a small set of factors that managers can understand,” Tambe said. “Generative AI tools can be used to create intuitive answers to questions, and the technology is better at representing ideas in a way that’s intuitive for people to understand.”

“Generative AI tools can be used to create intuitive answers to questions, and the technology is better at representing ideas in a way that’s intuitive for people to understand.” — Prasanna (Sonny) Tambe

For enterprises, gen AI’s power in providing personalized learning will “fundamentally allow people to learn on their own terms, and meet them where they are,” said Scott Snyder , a senior fellow at the Mack Institute and chief digital officer at EVERSANA, a provider of commercialization services to the life sciences industry. He shared those perspectives as he moderated a conference panel that delved into how businesses can leverage large language models (LLMs) using their proprietary data for training and fine-tuning commercial and open-source foundation models.

”As a digital leader, you’re always looking for the burning platform, and we had it handed to us with the pandemic,” Snyder said. “It forced us all to operate completely differently as companies. All of a sudden we were distributed virtual companies.”

“I see gen AI as the same kind of burning platform,” Snyder noted. “In fact, it’s caught the attention of executives like nothing I’ve ever seen. Eighty percent of executives surveyed now say this will impact their company and industries significantly, but only about 50% think they have the capabilities to fully realize its potential ; 92% of Fortune 500 companies are doing something or building something with OpenAI’s ChatGPT. Now everybody is a data scientist in some ways.”

Gains in Strategic Planning and Customer Service

Gen AI can help enterprises become more efficient strategic planning in new ways. Gen AI’s ability to process millions of text documents also helps identify “actionable factors” for organizations, Tambe noted. For instance, it could help companies analyze competition dynamics in their industries and plan on allocating their resources and investing, said he said. Or, it could find uses in performance reviews and instilling corporate culture.

“If you want to take 30,000 performance reviews every year over 10 years and boil it down to a small number of factors that people most care about at your company, such as culture or fairness, what are those few things?” he asked. “How can you boil information from say, thousands of customer service conversations, down into an actionable number of factors? Gen AI can help us distill all that data and represent it back to decision-makers in a way that they can start to act on it.”

Enterprise-level learning is another area where gen AI has big promise. Chris Callison-Burch , professor of computer and information science at the University of Pennsylvania said, “These pre-trained models can do amazing work with learning.” As it happens, his research areas include natural language processing, from where sprung large language models.

Callison-Burch pointed in particular to a feature called RAG, or ”retrieval augmented generation,” which allows users to post web queries to retrieve information and summarize it. Enterprises could also use that tool to upload their internal documents and index them for retrieval via semantic search. “Those are super exciting,” he said.

“[Gen AI] is about marrying the AI and the humans, and the companies that figure out how to unlock that are going to get there the fastest.” — Scott Snyder

A Measured Adoption Curve

Businesses are not rushing in to use gen AI, and their adoption curve is dictated by the risk sensitivity of their activities, among other factors. Avi Patel , chief marketing officer and chief data scientist at Fulton Bank, said companies are experimenting with gen AI, but at a measured pace. “Companies should stay current with gen AI and learn what works and what doesn’t work for them.”

In especially tightly regulated industries, companies will try out gen AI based on the risk sensitivity of their activities, Patel continued. For instance, they might begin by experimenting with gen AI in relatively lower-risk tasks such as document summarization, which would enable their teams to be more effective in their daily jobs, he said. One concern would be the risk of sensitive documents getting leaked out in the process of summarization with third-party tools, he explained.

Other early adopters of gen AI are focusing initially on activities with low complexity, such as Automation Anywhere, which provides automation services to businesses. Tejasvi Devaru , vice president of business applications and data at the firm, is encouraged by some early success with gen AI. His firm had rolled out more than 20 use cases in the six months prior to the conference. In one case involving robotic process automation in the customer service area, his firm was able to automate 60% to 65% of workflows, which freed up the team to focus on escalated emails and provide better customer service. That amounted to savings of nearly 10,000 hours, he said.

In another instance, Devaru’s team tapped GPT to extract specific information from purchase orders to ensure accuracy between sales orders and customer purchase orders. It allowed them to extract “structured information from unstructured documents such as purchase orders,” he said, noting that it was challenging to sift through product information and other details for more than 20,000 purchase contracts with each customer having a different format. Traditional methods were too expensive or time consuming. Devaru’s team is using GPT to process information for about 80% of the purchase contracts, which happen to be relatively less complex. But that shift to GPT is already making a big impact in improving cash flows by about $850,000, he said.

Automation Anywhere is counting gains also in its customer service “deflection rate,” which is a measure of customer support requests that are resolved through self-service mechanisms like chatbots and tutorials, without human intervention. “Right now we have a 30% deflection rate, and we want to increase that to 60%,” Devaru said.

One big challenge for users of gen AI is its so-called “hallucination” problem, where inadequately trained data can produce output that is inaccurate or biased, and does not match real-world settings. “It becomes a problem if you want to solve a business case that requires higher accuracy, and having a human-in-the loop in these scenarios is useful,” said Devaru.

“Companies should stay current with gen AI and learn what works and what doesn’t work for them.” — Avi Patel

Early Questions Facing Gen AI Users

Businesses that want to use gen AI will necessarily have to make some choices based on their specific requirements, Devaru noted. One is to pick the technology that works for them from among the roughly 17,000 large language models that currently exist; ChatGPT is only one of those. “We need to think about what the business use case is and which language model to use for that,” he said. Some, like Google’s Bard, are especially useful in dealing with security threats, while others like OpenAI Ada are good at summarizing documents, he added.

Another question for business users is to decide whether they should use a public model like ChatGPT that is on the cloud versus using an in-house model. Even if a company were to use a public model, it could incorporate security features such as ensuring that its proprietary data is not used by its gen AI provider to train language models, or anonymizing its information before sending it to the gen AI provider, Devaru said.

As companies get more and more comfortable with gen AI and begin to see tangible gains, they would use the technology for higher-level or more sensitive activities. “[For now], companies are likely to think about very, very low-risk items,” Patel said. “But the biggest impact will be when companies use their tabular data and the power of context learning in large language models to understand risks relating to customers, or their likelihood of purchasing the next product,” he added.

Another gen AI feature that Devaru is excited about is the ability to translate from conversation or text to SQL (structured query language), which allows access to databases. “The use case that we are thinking about is exposing a conversational user interface to our leaders where they could get responses to questions like ‘What’s our sales data for the last quarter? Or what are our biggest deals in a quarter? How is it trending?’” he said. “That’s the power we want to unlock.”

Snyder, whose company EVERSANA is in the life sciences industry, sees even bigger possibilities ahead. “There are so many that I get excited about, like giving a voice back to people that have lost it because you can now generate it from their previous history and conversations. Or sight,” he said.

“Ultimately, I think of AI not as artificial intelligence, but augmented intelligence,” Snyder said. “It’s about marrying the AI and the humans, and the companies that figure out how to unlock that are going to get there the fastest.”

More From Knowledge at Wharton

strategic business planning risks

AI in Finance: The Promise and Potential Pitfalls

strategic business planning risks

Why Are Electric Vehicle Loans More Expensive?

strategic business planning risks

Why We Should Avoid the Effort to “Break Up” Big Tech

Looking for more insights.

Sign up to stay informed about our latest article releases.

IMAGES

  1. Overview of the 5 Types of Strategic Risk

    strategic business planning risks

  2. Overview of the 5 Types of Strategic Risk

    strategic business planning risks

  3. Strategic Risk Management 4-Part Model

    strategic business planning risks

  4. Strategic Risk Assessment Template, Examples, & Checklist for 2022

    strategic business planning risks

  5. 5 Top Tips To Make the Risk Management Process More Efficient

    strategic business planning risks

  6. How To Create A Risk Management Plan + Template & Examples (2023)

    strategic business planning risks

COMMENTS

  1. What Is Strategic Risk? 6 Types of Strategic Risk

    Written by MasterClass Last updated: Aug 4, 2022 • 5 min read Strategic risk is the risk of potential failures in strategic planning, which may lead to a company not achieving its core objectives. Learn more about strategic risk and how it can impact your business's decision-making.

  2. 9 strategic risk examples and how to successfully tackle them

    Strategic risk is a category of risk; alongside operational, financial, regulatory and other business risks, it forms part of the umbrella of risks your organization faces. When we look at strategic risk examples, they are generally defined as those that threaten a business's ability to set and implement its chosen strategy.

  3. Identifying and Managing Business Risks

    For startups and established businesses, the ability to identify risks is a key part of strategic business planning. Risks are identified through a number of ways. Strategies to identify these...

  4. Strategic Risk Management: Complete Overview (With Examples)

    Strategic risk management is the process of recognizing risks, identifying their causes and effects, and taking the relevant actions to mitigate them. Risks arise from inside and outside factors such as manufacturing failures, economic changes, shifts in consumer tastes, etc.

  5. 5 Steps to Effective Strategic Risk Management

    Strategic risk management is a crucial, but often overlooked, aspect of enterprise risk management (ERM). Traditionally, ERM has focused on categories of risk such as financial and operational, but those risks aren't always connected to the organization's strategy.

  6. From risk management to strategic resilience

    Resilience as a competitive advantage. The holistic approach to building resilience advances the organization from a narrow focus on risk, controls, governance, and reporting to a longer-term strategic view of the total environment. Rather than hunting for blind spots in risk coverage within today's business model, resilient organizations embrace the holistic view, in which resilience ...

  7. Managing Risks: A New Framework

    Risk events from any category can be fatal to a company's strategy and even to its survival. ... Strategic planning. Robert S. Kaplan is a senior fellow and the Marvin Bower Professor of ...

  8. Strategic risk management 101: The director's guide

    6 Steps to Building a Strategic Risk Plan: Define your business's objectives and strategy. As above, some of your risks will stem from your strategic decisions; others may impact them. Identifying your strategy and aims is an essential first step. ... Implementing a strategic risk plan isn't a "one time" job but needs regular review, in ...

  9. Strategic risk: a quick guide

    Strategic risk refers to the internal and external events that may make it difficult, or even impossible, for an organization to achieve their objectives and strategic goals. These risks can have severe consequences that impact organizations in the long term. Given the significance of this type of risk, we have put together this quick guide to ...

  10. Guide to Strategic Risk Assessment and Management

    Cybersecurity or IT disasters; Economic instability; Political risk; Exchange rate risk. Any of these risks can affect the firm's future performance and innovation capability. They can also make it harder to respond to change and deal with supply chain and other disruptions. How to Identify Strategic Risk

  11. Strategic planning: managing assumptions, risks and impediments

    Given that we must rely upon certain assumptions to put strategic plans together and that risk will always be present (as will natural impediments to execution of strategy), the following sections will explore each of these factors at the planning level…beginning with a definition of terms and ending with approaches to better manage process.

  12. What Is Business Risk? Definition, Factors, and Examples

    Business risk is the possibility a company will have lower than anticipated profits or experience a loss rather than taking a profit. Business risk is influenced by numerous factors, including ...

  13. What Is Strategic Risk and How To Manage It: A Definitive Guide

    1. Understand risk types To better manage risks around strategy, it can help to identify the other types of risks. Some risks businesses face include: Preventable risks: Preventable risks are often internal and involve things that a company can control.

  14. PDF Integration of Risk Management into Strategic Planning: A New

    1. Introduction Following the 2008 global financial crisis, enterprise risk management (ERM) has emerged as a critical issue in the most varied sectors of industry organizations. The risk division and its professionals are now assuming more responsibilities and being recognized and compensated for their contributions to companies.

  15. Your one-page Risk Management strategic plan

    Gartner Risk Strategic Planning Template helps risk leaders define the roadmap for executing the key actions required to meet risk strategic goals in alignment to the enterprise business model and goals. Additionally it helps you create and communicate a clear action plan that states where the risk function currently is, where it needs to be, how to get there and how you will measure progress.

  16. Strategic Planning Should Be a Strategic Exercise

    Graham Kenny. Summary. Many managers complain that strategy-making often reduces to an operational action plan that resembles the last one. To prevent that from happening they need to remember ...

  17. Key Strategies To Help You Manage Your Business Risk

    According to PWC's recent survey, 83% of business leaders said growth strategy is their key focus, much more than any other objectives or direction, including business risks.Additionally, 40% of ...

  18. Strategic Risk Examples & How to Tackle Them

    Perform a strategic risk assessment (this is an analysis of how likely each risk is to take place) Determine the strategy for dealing with each risk. Monitor the risk over time. Document and report each stage of the process for future reference and analysis. Perhaps the most difficult step in the strategic risk management process is to identify ...

  19. 22 Strategic Risks

    The risk of collapse of the global financial system or the financial system of a country. 21. Political Risk. The risk that the political environment will turn hostile to your firm. 22. Force Majeure. A catastrophe such as a act of nature or war. The words strategic risk strike fear into the hearts of investors and executive leaders everywhere.

  20. Strategic Risk Management: 5 Tips for Success

    Here are the top 5 tips for measuring and managing strategic risk in any business. 1. Define business goals: Many companies fail to integrate risk or acknowledge risk when defining their business goals. In this stage, it is crucial to outline the types of risks that can threaten your organisation.

  21. What is strategic planning? A 5-step guide

    Strategic planning is a business process that helps you define and share the direction your company will take in the next three to five years. During the strategic planning process, stakeholders review and define the organization's mission and goals, conduct competitive assessments, and identify company goals and objectives.

  22. 7 Strategic Planning Models and 8 Frameworks To Start [2023] • Asana

    1. Basic model. The basic strategic planning model is ideal for establishing your company's vision, mission, business objectives, and values. This model helps you outline the specific steps you need to take to reach your goals, monitor progress to keep everyone on target, and address issues as they arise.

  23. Enterprise risk management (ERM): an overview

    Establish resilient enterprise risk management (ERM) with strategic planning, comprehensive risk identification, and effective communication, ensuring business sustainability and growth. ... a clearer sense of how strategic risks can help or hurt a business, and improved decision-making about operations, opportunities, and future planning. ...

  24. The Relationship Between Strategic Planning and Risk Management

    The Relationship Between Risk Management and Strategic Planning. One of the first steps in the strategic planning process is using tools like an environmental scan and SWOT analysis to understand the external and internal factors that affect an organization today—and in the future. At Funding for Good, we increasingly hear from leaders ...

  25. Navigating The First Quarter: Eight Goals Every Company Can ...

    Strategic Planning And Risk Management Q1 can also be used to refine or develop a strategic plan that outlines the company's direction for the year. Set clear, measurable goals and identify key ...

  26. Stress testing and optimising the business plan :: InsuranceERM

    Risk experts discuss the practical realities of stress-testing the business plan, and what's missing from the strategic planning process, in the second of a two-part roundtable held by InsuranceERM and QRM. search ... you shouldn't expect a formal plan risk opinion that's dramatically different to the risks highlighted by the first line. It ...

  27. How to Manage HR Operations Risks in Your Strategic HR Plan

    Therefore, it is essential to manage these risks when developing a strategic human resource plan, which is a document that aligns the HR goals and practices with the organizational vision and mission.

  28. How Early Adopters of Gen AI Are Extracting Efficiencies

    Gen AI holds big promises for businesses in strategic planning, productivity, customer service, and learning. Gen AI's top strength is in digesting millions of documents in easy-to-understand ...