By Jeremiah Ndhlovu

“All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved.” – Sun Tzu

With the dynamic operating environment that organisations find themselves in, it is imperative that strategic risk is appropriately managed to sustain operations into the foreseeable future.

Strategic risk is one of the broad key risk categories, together with financial risk, operational risk, compliance risk and reputational risk, which are part of organisations’ risk management framework.

The way that strategic risk has been effectively managed has evolved with the times, and it is the purpose of this article to articulate how the leading-in-class risk management functions are managing this critical risk.

Strategic risk can be defined in so many ways. For the purposes of this article, strategic risk relates to the risk of either, or a combination, of the following:

• Making wrong business decisions,
• Implementing decisions poorly, and/or
• Being unable to adapt to changes in the operating environment.
  From the definition above, it is apparent that, in as much as strategic risk is usually identified with certain components of the business, e.g. issues related to launching new products and services, supply chain issues, shift in technology etc., the risk is actually pervasive, hence impacting virtually all facets of the business, spanning from the governance structures, business model to operating activities.

The three critical components of strategic risk, i.e. wrong decisions, poor implementation of decisions and failure to adapt to changes in the market entails that the management of strategic risk ought to be more flexible, to allow timely pivoting of strategies for the organisation’s good.

The element of agility in managing strategic risk brings forth the principle of transient advantage.

Transient advantage is a business strategy of continuously innovating to stay ahead of competition.

For transient advantage to be of optimal use to an organisation, it ought to be considered enterprise wide.

This entails that present day strategic risk management is all about risk strategy.

This means that strategic risk is managed as part of a program or arrangement for managing all the risk categories applicable to the organisation.

Risk strategy ensures that the management of strategic risk, like the management of other risk categories, is integrated into the operational activities and business strategy of the organisation.

To ensure correlation of the risk strategy to the business strategy, organisations normally observe the following:

• The risk strategy’s vision and objectives are aligned to the organisation’s overall vision and objectives, which are normally the reference points for the business strategy,
• Similar to business strategy, the objectives of the risk strategy should always be derived from the expectations of the key stakeholders, and
• The risk strategy dimensions include the critical business components of growth, earning capacity and effectiveness of the control environment,

Rita Gunther McGrath summed it up well with her quote that “Transient advantage is the new normal.”

That third element of strategic risk (failure to adapt to changes in the market) is the most insidious of elements that contribute to the downfall of organisations.

This is mainly because organisations get comfortable whenever they have established a working business strategy, thereby forgetting to continuously scan the operating environment to establish whether the strategy remains buoyant or there is need for some pivoting to remain competitive enough to sustain operations into the foreseeable future.

Strategic risk, therefore, ought to be managed through an agile solution to ensure that the organisation remains nimble enough not to atrophy with changes in the operating environment.

It is critical that organisations note that management of strategic risk is better done, not as a standalone risk category, but as part of a risk strategy that is integrated with the organisation’s vision and objectives, stakeholders’ expectations and management of all the other risk categories, including financial, operational, compliances and reputational risks.

About the Author
Jeremiah Ndhlovu is a Certified Expert in Risk Management (CERM). He has acquired extensive risk management insights in the mining sector through outsource projects including enterprise risk management, combined assurance, process and controls standardisation, internal auditing and external auditing.

This article is for information purposes only.