Peter Winther Schrøder

Strategic risk analyses

This chapter will discuss a variety of analytical tools that may be adopted for risk management purposes. Initially, common tools applicable to analyze trends and emerging issues within predictable and known business environments are put forward, and a resemblance to strategic management is revealed through examples. Uncertainty is added to the spectrum, and the use of templates such as scenario planning and real options is outlined. It is shown how these approaches may enable the corporation to evaluate the effect of a changing risk landscape and to take necessary precautionary measures. Environmental uncertainty affects the corporation and introduces unexpected events that can cause major deviations to plans. The relevance of contingency planning is discussed and it is argued that it may work in simple and predictable environments to handle more severe deviations. However, it is subsequently argued that it must be complemented by a culture of mindfulness known from high reliability organizations in more complex and unpredictable environments. The chapter is rounded off with a discussion of risk management under unknowable environmental conditions as it must deal with ‘unk unks’. The role of values, behaviour and corporate culture in dealing with uncertainty and unforeseeable events is considered. Environmental scanning in a predictable world Corporations often face environmental changes that seem to come out of thin air. The previous chapter suggested that nearly 90 per cent of the drops in shareholder value can be attributed to strategic and operational risk events.

Strategic Risk Management Practice: Strategic risk management – amendments to the ERM framework

In this chapter the critique of the existing enterprise-wide risk management approaches is extended with the aim of proposing amendments to the ERM frameworks in ways that take account of unexpected and hard-to-quantify strategic risk events. This outlines a suggestive strategic risk management paradigm that incorporates existing risk management practices into corporate strategy-making processes, while ensuring an appropriate balance between restrictive central management control systems and flexible response capabilities. The relationship to corporate strategy The various ERM frameworks do not establish a convincing link between the proposed formal risk management practices and the dynamic corporate strategy-making processes for framing strategic direction and adjusting operational objectives. The ERM frameworks are preoccupied with various ways in which corporate management can successfully achieve and fulfil predetermined strategic goals. Furthermore, it is common practice in many companies to consider risk management activities and the corporate planning process as two entirely separate management processes. This might be ascribed to the fact that a primary concern of current risk management approaches in many companies is to obtain protection against potential downside effects, while realizing significant cost savings. Accordingly, risk management is typically not perceived as an integral part of strategic management considerations or as part of the creation of new business opportunities, which is a central aim of dynamic strategy-making. Yet, many of the key components within the formal risk management cycle are comparable to central elements of the strategic planning process (Figure 8.1).

Strategic Risk Management Practice: Strategic risk management

In the preceding chapters, we have looked into the many ways in which the corporation can manage the adverse economic influences caused by a variety of risk factors. These risks include environmental hazards and market volatilities that can be recorded and thereby have a basis for quantification and instrumentation to diversify and hedge exposures. They comprise operational disruptions from irregular internal processes, errors, fraud, etc. where exact exposures are difficult to determine and are often managed by imposing exposure limits and internal controls. They also count various strategic risks that not only may be hard to quantify, but also difficult to foresee and thus require firm-specific response capabilities to observe subtle environmental changes and enable the organization to reconfigure and adapt. The effective handling of such diverse, complex and partially interacting risks must include a combination of different risk management approaches rather than adopting a single unified enterprise-wide framework. Drawing on the previous discussions, it seems clear that effective risk management requires an amalgam of centralized risk monitoring and coordinating processes supported by specialized risk functions in combination with a general ability to respond decentrally where new risk events arise. In the following, we will discuss further how these integrated risk management processes may be organized and how they can accomplish the commonly stated purpose in risk management of avoiding downside losses and at the same time exploiting upside potentials.

Strategic Risk Management Practice: The strategic nature of corporate risk management

Contemporary institutions are exposed to a variety of risks ranging from natural catastrophes and uncontrolled human behaviours to different strategic exposures that may hit the organization in unexpected ways. This chapter describes, partially by illustrative examples, the diverse nature of the corporate risk landscape and how related exposures seem to increase. The chapter discusses how different approaches to risk management may enable corporate executives to deal more effectively with these important challenges. The relationship between positive risk management outcomes and performance is explored and the question about uncovering an effective risk management model is developed. 1.1 The nature of risk management Risks are everywhere, as evidenced by many corporate events reported in the popular press, including major corporate scandals around once venerable companies like the Maxwell group, Baring Brothers, WorldCom, Enron, Parmalat and so on. We also witness a steady increase in man-made disasters around the world and even the emergence of mega-catastrophes caused by wilful human actions that have both direct and indirect economic effects. These developments have intensified our focus on corporate and public risks and the risk management processes that may be needed to circumvent the adverse economic impacts from such events. All the while, we have seen a public risk perception aimed at reducing system errors, operational malfunctions and uncontrolled human behaviours that affect the way in which we try to deal with corporate risks. 1 Hence, corporate risk management has become an essential topic and arguably constitutes a new lens through which we may conceive corporate strategy development – because poor risk management may lead to bankruptcy, whereas good risk management practices can excel corporate performance outcomes. Hence, risk management may be seen as a process that lets the organization achieve its full potential and gain optimal economic returns, or to use strategy jargon, effective risk management may be seen as a way in which to create sustainable competitive