By Kyria Ali, Chief Strategy & Development Officer, NAGICO Group of Companies
It is reasonable therefore to expect that Strategic Risk Management would be described as the management of strategic risks, and persons and businesses do explain it in this manner. However, as a professional with certifications in both Strategic Management and Enterprise Risk Management, that is active at the C-Suite/ Executive level of the business, I view Strategic Risk Management slightly differently. I believe it is better to approach this concept from the perspective of: the management of risks in a manner that is focused on assisting the business with the achievement of its strategic goals.
Having had the benefit of wearing the Chief Risk Officer hat at one stage in my career, followed by Chief Strategy and Development Officer and also Interim CEO, my lens was magnified, and my perspective broadened.
What came to light was how much easier it was to achieve business goals, and to progress plans, with a blend of strategic business and risk management technical competences and experience at the table. The focus of the Executive team was on the big picture. What were we trying to achieve? Why? What risks could impact our success?
Could we avoid, mitigate or manage the risks? What was the potential upside and downside? How did this compare against our risk tolerance levels and appetite?
This type of thinking and collaborative practice is what I consider to be Effective Strategic Risk Management and I encourage all risk management professionals to give this a try.
It is a shift in mindset which moves everyone onto one page, with a common goal; i.e. the achievement of the company’s strategic objectives and KPIs. It is a forward looking and proactive approach.
What came to light was how much easier it was to achieve business goals, and to progress plans, with a blend of strategic business and risk management technical competences and experience at the table.
This approach requires businesses to either establish a new dimension to its risk management department or refocus a part of it. The new or refocused part should be dedicated to serving and supporting the operational leaders, in an agile manner, with the identification of opportunities and development of suitable strategies to achieve targets/goals after having duly interrogated and considered the related risks as well as quantitative and qualitative insights. It is worth mentioning that a by-product of this practice is that the risk management department becomes more of a strategic business partner and thus is able share the feeling of fulfilment when objectives are achieved. It is important to note however, that the traditional risk management role remains very relevant and important, thus it must be maintained.
So how can you help your business improve its overall success rate and increase its resilience with this manner of effective strategic risk management? First off, you should advocate for the integration of business strategy and strategic risk management. This would require governance and framework revisions and policy and procedure development, to create an appropriate infrastructure. In addition, personnel changes or the introduction of a new profile may be required to bridge the gap between the 1st and 2nd lines of the business: operations and risk management; a Strategic Risk Officer or Strategic Risk Manager.
It is worth mentioning that a by-product of this practice is that the risk management department becomes more of a strategic business partner and thus is able share the feeling of fulfilment when objectives are achieved. It is important to note however, that the traditional risk management role remains very relevant and important, thus it must be maintained.
1. Strategy: Enablement and implementation of a framework, including performance improvement through effective governance and risk ownership
2. Assessment: Identification, evaluation and prioritization of risks
3. Response: Identification and implementation of mechanisms to mitigate risk
4. Communication and reporting: Provision of the best or most appropriate means to track and inform stakeholders of an enterprise’s risk response
5. Monitoring: Identification and implementation of processes that methodically track governance objectives, risk ownership/ accountability, compliance with policies and decisions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
6. Technology: Design and implementation of an IRM solution (IRMS) architecture
Kyria Ali is Chief Strategy & Development Officer at NAGICO