What lies behind those three words – Strategic Risk Management? It’s a question worth asking because a) SRM is a relatively new field, and b) there is still confusion between SRM and ERM (Enterprise Risk Management). RIMS (Risk and Insurance Management Society) says that it spotted strategic risk management as an emerging field among its practitioners. In Darwinian terms, SRM is the next stage in ERM as a whole, says RIMS. The concept that separates one from the other is simple, though: it’s ‘upside’.
Accentuate the positive
The working definition of SRM can be taken to be ‘a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization’s strategy and strategy execution’. The emphasis is on strategy and its implementation, and the upside of risks. Examples of strategic decisions might include moving a production site, undertaking a new product research program, or vertical integration. SRM is then the management of risk for positive gain in such situations.
ERM stakes its claim
That leaves ERM on the other hand with operational or everyday risk: in other words, the downside. Except that organizations like the Casualty Actuarial Society (CAS) also lumps in strategic risk along with hazard risk, financial risk and operational risk in its definition of ERM, as does COSO (Committee of Sponsoring Organizations of the Treadway Commission).
Getting the balance right
Dan Borge, former director of Bankers Trust, has an interesting take on risk in general; ‘Many people think that the goal of risk management is to eliminate risk – to be as cautious as possible, not so. The goal of risk management is to achieve the best possible balance of opportunity and risk. Sometimes, achieving this balance means exposing yourself to new risks in order to take advantage of attractive opportunities.’ In other words, both the upside and the downside need to be taken into consideration, but without confusing or excluding either one.
SRM as part of your score sheet
Organizations are now increasingly being assessed for their strategic risk management as part of their rating by agencies such as Standard & Poor’s. You can score (or drop) points according to the point of view (probability, impact) of management vis-à-vis the major risks faced by an enterprise, the way risk identification is carried out, assessment of risk sensitivity, and how risk management affects strategic decision making.
Strategic risk modeling
If management in an enterprise is to produce any documented evidence of how it is identifying, considering and handling strategic risk, a reproducible model can go a long way to help. Whether it’s written down or held in a software program, the ability to run such models on a regular basis, refining them as new information comes to light, is not only reassuring to external analysts and regulators, but it’s also an invaluable focal point for the overall strategic risk management process inside the firm.
If you’d like to know how Analytica, the modeling software from Lumina, can help you to model strategic risk probabilities and impacts in your own organization, then try Analytica for free to see what it can do for you.