Risk management is much wider than simple financial or operational risk. Concepts such as ‘strategic risk management’, ‘integrated risk management’ and ‘enterprise risk management’ now describe the wider application of such thinking, tools and techniques.
There is a common view that strategic risk is about managing risk ‘strategically’ rather than examining strategic risk as a category similar to operational, financial and other risk areas. This common view causes confusion and may be one of the reasons that strategic risk is not further researched or specifically managed.
As outlined in my previous strategic risk blogs, one of the reasons for a lack of research is that there is no commonly accepted standard definition of strategic risk.
Much of this is no doubt due to the complexity of the concept of strategic risk, which suggests that no single quantitative measure will prove satisfactory in all strategic situations. Those risks that can be precisely quantified receive most of the attention from academic researchers, as well as corporate risk managers, while ‘soft risks’, however significant, often receive little notice (cf. PricewaterhouseCoopers 2005). In order to further the literature, the need for a common understanding on strategic risk must be developed.
Slywotzky and Drzik (2005) attempt to find this common understanding, defining strategic risk as “an array of external events and trends that can devastate a company’s growth trajectory and shareholder value” (p. 80). They further categorize strategic risk into seven major classes: industry, technology, brand, competitor, customer, project, and stagnation.
It is important to note that Slywotzky and Drzik’s 2005 definition and categorization of strategic risk focuses principally on the external environment. Managers, however, in focusing on the external environment, may miss internal risks to the organization that have as much importance strategically as external ones.
Strategic risks cannot just be viewed or managed externally.
Another definition of strategic risk is explained in terms of the Basel II regulation in the financial services sector.
Within this regulation, strategic risk is identified as a potentially significant risk in Pillar II of the Basel II framework, but no definition is provided. In its Pillar II guidelines, the Committee of European Banking Supervisors (CEBS) suggests the following: strategic risk is “the current or prospective risk to earnings and capital arising from changes in the business environment and from adverse business decisions, improper implementation of decisions or lack of responsiveness to changes in the business environment” (Allen, 2007).
The distinction in terms of the regulatory guidance is that strategic risk needs to be both externally and internally identified, managed and controlled. ‘Implementation’ and ‘lack of responsiveness’ manifest the need for internal control and focus in managing strategic risk.
Yet it is unclear how organizations should go about this external and internal identification, management and control.
Allen, B. (2007). The best laid plans… Risk, 29(7), 142-143.
PricewaterhouseCoopers. (2005). Risk Perspectives. London.
Slywotzky, A., J; Drzik, J. (2005). Countering the Biggest Risk of All. Harvard Business Review, (April). 78-88.