Tom Cooper is currently an Assistant Professor at Memorial University in the area of strategic management. As a member of ClearRisk Board of Advisors, Tom’s research and blogging focuses primarily on the interplay between strategy, risk and compliance as well as their effects on corporate responsibility. ‘Strategic Risk as an Element of Operational Risk’ is the fourth in this ongoing series.
Although the Basel II guidance on strategic risk is regulatory driven, this definition of strategic risk provides little assistance on how strategic risk might be identified and analyzed. There is also considerable potential overlap with the standard Basel II definition of operational risk, which is: “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”.
The Basel II guidelines are not alone in identifying strategic risk within an operational sphere. Chapman further defines strategic risk from an operational perspective as:
Adopting the wrong business strategy, failing to execute a well-thought out strategy or not modifying a successful strategy over time to reflect changes in the business environment are forms of operational risk. Strategic risk, then, may be defined as the risk associated with initial strategy selection, execution, or modification over time, resulting in a lack of achievement of overall objectives.
Viewing strategic risk as an operational risk may be trivial, but it is vital in terms of implementation and the resources dedicated to it.
Also, viewing strategic risk as operational confuses the situation by not clearly distinguishing between the inherent external risks the organization faces and the potential inadequacies in the internal governance and management processes in place. While the Chapman definition more fully encompasses both the internal and external issues surrounding strategic risk, its focus on placing strategic risk within an operational environment may lead to confusion.
An alternative definition may be seen as that where “strategic risk can be seen as the probability and consequences of a failure of strategy”. The interesting element of this definition is that it focuses on the ‘strategic’ element of the definition rather than solely the ‘risk’ element.
It is important to note that strategic risk is not just about the management of risk but also that of strategy. For example, the likely return from a particular strategy may be seen as an important part of the acceptability of that strategy. Investigating the risk of pursuing a particular strategy should therefore be another method of examining the acceptability.
From examining the literature, what is needed is an understanding of what is strategic risk as well as a focus on managing risks strategically. It is clear that there is too much overlap between operational and strategic risk. Organizations need to separate the operational and strategic risks or there may be a failure of appropriate identification, management and control.
As a starting point, the Johnson et al. definition may make the most sense and provide a reference for future research. Examining strategic risk as a failure of strategy results in strategic risk management being about how to lessen or eliminate this failure.
ClearRisk's cloud-based Claims, Incident, and Risk management system allows organizations to better control their risk management activities. We are proud to help our customers introduce new risk management initiatives and lower the cost of risk. Want more information?
If you found this article helpful, you may be interested in: