Connecting the Dots Between Risk and Strategy

Organizations are struggling to communicate the linkage between their risks and how they may affect their ability to achieve their strategy and business objectives. Picture your risk manager, diligently preparing detailed risk reports that end up buried in board papers, or your strategy team, crafting ambitious plans without truly understanding the risks that could derail them. These disconnects aren't just frustrating - they're symptoms of a deeper organizational problem.

Many companies are approaching risk with a compliance 'tick-box' exercise mindset, an item in their to-do list, or audit task to del with. Approaching risk in this way becomes inferred due to the 'clumping together' of audit, risk, and compliance under the same banner at many levels of the organization. Case in point being with the aptly named 'Audit and Risk Committee' at board level.

The current conventional methodology for how information flows up in a company inherently separates risk, compliance, and audit from strategy, leading companies to lose sight of the purpose of managing risk in a present way. In short, companies lose the ability to understand the value of risk.

But, who's job is it to communicate and drive the management of risk across the organization in a way that drives better strategic decision-making? This isn't an easy, or clear-cut question to answer, and there isn't a smoking gun, one-size fits all approach.

In this article, I will present some ideas an high-level ways that you and your organization can approach this problem. These suggestions are based on my 20 years of risk management experience, working with and for organizations in helping them establish and embed their risk management strategies.

Politics

Let's talk politics. This is the elephant in the room that is not discussed by many as part of the risk management process. This is sometimes dressed up as, or wrapped in, 'stakeholder management'. I have read a number of books and academic pieces of work on the blueprints to setting up a risk management strategy in organizations, they tend to ignore, or merely mention in passing, the art of a) getting everybody on board for establishing a risk management function/programme (a lot of times it has been dictated to be put in place by a board member), b) setting up all the risk frameworks and tools, then c) dealing with the internal politics of identifying and assessing the risks. This is even before you get to articulating the linkage between risk and strategy.

Why is what appears to logically be seen as and effective and integral part of managing a firm's risks and ensuring that the firm is on target to achieve its strategy so contentious? One word: accountability.

There is a notion in the business world that risk management, particularly enterprise risk management, is just a bureaucratic cost centre, or a misconception that it is there to prevent the business from doing business.

Understanding the Strategic Risk Link

The connection between risk and strategy isn't just a theoretical concept—it's a practical necessity. This link follows a clear chain: Strategy drives objectives, which are affected by risks, which are managed through risk appetite, and ultimately measured through specific metrics. This chain forms the backbone of effective risk management and strategic decision-making.

Overcoming Obstacles: Practical Solutions

The CEO's Role

The CEO plays a pivotal role in establishing and maintaining the link between risk and strategy. This can be achieved through the creation of a dedicated risk/strategy program office (ERM) that serves as the central point for aligning risk management with strategic objectives. Furthermore, ensuring risk metrics are embedded in organizational objectives and strategy metrics (KPIs/KRIs) is crucial. The CEO must also maintain a sharp focus on reputation and business model risks as these can fundamentally impact the organization's future.

Delivering Value

To demonstrate the worth of risk management, organizations need to focus on several key areas. Strategic Decision Support provides data-driven insights that inform strategic choices, while Cost Reduction and Revenue Loss Prevention helps quantify the financial impact of risk management. Process Streamlining eliminates redundancies and improves efficiency across the organization. Building Stakeholder Confidence through transparent risk communication is essential, as is establishing clear Measurement and Communication frameworks that demonstrate the value of risk management initiatives.

The Technology Factor

Modern risk management requires technological support, data governance, and systems for implementing effective, robust risk management frameworks. Real-time monitoring utilizing analytics tools enables continuous risk assessment, while risk simulation techniques such as Monte Carlo simulations help validate management's strategic decisions. Operational resilience is strengthened by integrating business continuity planning with risk management practices.

Making It Work: A Unified Approach

The path to effective risk management begins with clear communication of your risk management strategy across all levels of the organization. This must be followed by practical demonstration of the benefits of risk management through tangible examples and implementations. Finally, using data and analytics to validate the effectiveness of your risk management approach provides the necessary proof points for stakeholders.

The time has come for organizations to bridge the gap between risk and strategy. This isn't just about compliance or checking boxes—it's about creating a robust framework that supports better decision-making and drives business success. Your journey should begin with a thorough evaluation of your current risk management approach, followed by identifying gaps in the risk-strategy link. From there, implementing practical solutions based on your organization's specific needs and building a culture that embraces risk-aware decision-making will be crucial steps forward.

Remember, effective risk management isn't about avoiding risks—it's about making informed decisions that balance risks and opportunities in pursuit of your strategic objectives.

Ready to transform how your company connects risks to strategy? Contact Risk Llama today to begin your journey.