Risk Management Blog - ClearRisk

Strategic Risk as an Element of Operational Risk

Posted by Craig Rowe on Tue, Dec 15, 2009 @ 17:12 PM

Tom Cooper is currently an Assistant Professor at Memorial University in the area of strategic management. As a member of ClearRisk Board of Advisors, Tom’s research and blogging focuses primarily on the interplay between strategy, risk and compliance as well as their effects on corporate responsibility. ‘Strategic Risk as an Element of Operational Risk’ is the fourth in this ongoing series.

Although the Basel II guidance on strategic risk is regulatory driven, this definition of strategic risk provides little assistance on how strategic risk might be identified and analyzed. There is also considerable potential overlap with the standard Basel II definition of operational risk, which is: “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events” (Allen, 2007).

The Basel II guidelines are not alone in identifying strategic risk within an operational sphere. Chapman (2006 .p. 225) further defines strategic risk from an operational perspective as:

Adopting the wrong business strategy, failing to execute a well-thought out strategy or not modifying a successful strategy over time to reflect changes in the business environment are forms of operational risk. Strategic risk, then, may be defined as the risk associated with initial strategy selection, execution, or modification over time, resulting in a lack of achievement of overall objectives.

Viewing strategic risk as an operational risk may be trivial, but it is vital in terms of implementation and the resources dedicated to it.

Also, viewing strategic risk as operational confuses the situation by not clearly distinguishing between the inherent external risks the organization faces and the potential inadequacies in the internal governance and management processes in place. While the Chapman definition more fully encompasses both the internal and external issues surrounding strategic risk, its focus on placing strategic risk within an operational environment may lead to confusion.

An alternative definition may be seen as that proposed by (Johnson et al. 2006 p. 369) where “strategic risk can be seen as the probability and consequences of a failure of strategy”. The interesting element of this definition is that it focuses on the ‘strategic’ element of the definition rather than solely the ‘risk’ element.

It is important to note that strategic risk is not just about the management of risk but also that of strategy as outlined by Chapman (2006). For example, the likely return from a particular strategy may be seen as an important part of the acceptability of that strategy. Investigating the risk of pursuing a particular strategy should therefore be another method of examining the acceptability.

From examining the literature, what is needed is an understanding of what is strategic risk as well as a focus on managing risks strategically. It is clear that there is too much overlap between operational and strategic risk. Organizations need to separate the operational and strategic risks or there may be a failure of appropriate identification, management and control.

As a starting point, the Johnson et al. definition may make the most sense and provide a reference for future research. Examining strategic risk as a failure of strategy results in strategic risk management being about how to lessen or eliminate this failure.


Allen, B. (2007). The best laid plans… Risk, 29(7), 142-143.

Chapman, R. J. (2006). Tools and Techniques for Enterprise Risk Management. London: Wiley.

Johnson, G., Scholes, K. and Whittington, R. (2006). Exploring Corporate Strategy. London: FT-Prentice Hall

Tom’s posts are accessible through the blog archive. In previous posts, Tom has explored ‘Strategic’ Risk Management vs. ‘Strategic Risk’ Management and has written blogs on examining strategic risk and why we should care.

photo by user joey.ganoza via Flickr Creative Commonsn-Elem

Topics: strategic risk, managing operational risk