At last week’s RIMS 2019 in Boston, a group of risk professionals got together for the panel session “NextGen ERM: Strategic Risk Management” to discuss the advantages of strategic risk management (SRM) and the challenges to successfully integrating it into organizations.
The panel examined several major organizations that have taken shortcuts with training or even rushed to out-duel a competitor, failing to consider the long-term impact on strategy, reputation and market-share. Blockbuster, Kodak and Sears failed to innovate, and these once-thriving name brands are now prime examples of SRM’s benefits.
“Blackberry is one such company, but there are countless examples of organizations that have overlooked the long-term strategic impact of their actions,” said Marian Cope, owner of CopeRisk LLC.
Despite recent corporate missteps tied to failures in long-term strategic analysis, as recently discussed in Risk Management, risk professionals still face resistance to their SRM initiatives. “Demonstrating the value of SRM has to be a priority for risk professionals if they hope to gain buy-in from leadership,” said Rick Roberts, director of risk management and employee benefits at Ensign-Bickford Industries and a former RIMS president.
One of the value propositions of SRM—and an easy one for leadership to support—is the focus on taking advantage of risks that can accelerate the achievement of strategic objectives. “Artificial intelligence is an example of a disruptive technology that is impacting many industries. But, if your organization is aware of it, understands its usefulness and has developed a plan for it, it can give you a competitive edge,” said Marian Cope, owner of CopeRisk LLC.
But the case for an SRM initiative should not just be made with cautionary tales of organizations that did not use SRM. “Don’t just share failures, it’s also important to share SRM successes,” said Ellen Dunkin, senior vice president, general counsel and chief risk officer at Amalgamated Life Insurance Co. “Even Amazon and their business model that gives consumers almost instant access to their purchases has adjusted its strategy and started to open brick-and-mortar shops.”
According to the panel, the risk professional should ideally be involved in strategic planning from the get-go. “Some organizations have a chief risk officer that participates in the preparation as well as the strategic planning and decision-making discussions. Unfortunately, that’s not the norm,” Cope said.
The panel identified the next-best option for risk professionals, which is to work from the strategic objectives established by the organization. From there, they need to analyze the business model, identify, assess, and prioritize the risks that can derail or accelerate achieving the strategic objectives, facilitate the development of appropriate risk responses, and then align such objectives, risks, and risk responses with operations.
An effective SRM program will incorporate plans for a risk strategy, communications strategy, implementation, and training with the goal of integrating strategic risk management into decision-making processes. “The risk professional is going to require support from others in the organization too. They’re going to need risk champions to vouch for them, as well as a final presentation that includes achievable and measurable deliverables that demonstrate the value of the process,” Roberts said.
SRM can be a stand-alone program or a component of ERM. Regardless, the panel noted that SRM is vital to the long-term success of organizations as alignment of strategy and operations results in the identification of opportunities to accelerate achievement of strategic objectives and prevents operational blunders that will trigger strategic risks (e.g., substantial reputational harm). Accordingly, SRM as a stand-alone program allows risk professionals to add more value while streamlining the process.
“SRM is the next generation of ERM and identifies external and strategic risks as opposed to the more granular view for ERM. It allows the team to bring the top 10 key risks to leadership, with a focus on the top two to three as opposed to overwhelming them with the full risk register that could include 100,” said Ellen Shew Holland, higher education practice leader for Hanover Stone Partners LLC and president of Strategic Risk Frameworks LLC.
Ultimately, the group agreed, SRM will help fully integrate risk management programs into an organization’s business model and the value should be evident in each positive step the business takes toward achieving its strategic objectives.