The following is taken from an interview with the CIMA “Excellence in Leadership“ magazine. To read the glossy version click here.
“Strategic Risk Management – Taking the Long View”
Most companies have risk management processes in place, but there is too much focus on operational risk and not enough on strategic risk, De-Risk’s Keith Baxter tells Mark Stuart.
Strategic risks are, by definition, the risks that could threaten your business strategy. Keith Baxter, who runs De-Risk, a specialised consultancy that provides enterprise risk management solutions across all business sectors, says: ‘Fail to identify the strategic risks and you fail as a business, no matter how well you manage your operational and project risks.
‘For example, you can successfully deliver a new product to market, but if the market has changed while you were designing and manufacturing and no longer wants the product, your strategy will fail. If this is a key new product, such as a car launch for instance, it could spell financial disaster.’
There is also confusion over the difference between enterprise risk and strategic risk. ‘Enterprise risk is the total risk to your business and strategic risk is a subset of enterprise risk,’ explains Baxter. ‘The strategic part is the most important, yet many companies don’t consider it.’
For Baxter, one big problem with identifying strategic risks is that you can’t brainstorm them: ‘You get too much noise and everyone gets distracted by irrelevancies. Instead, capture your business strategy first – write it down and make it specific with numbers and dates. Ensure that it is communicated to the rest of the board, and to at least
two management levels down.
The next step is to break down the strategy into its constituent assumptions – things that need to happen, both externally and internally – to ensure the strategy is met. Focusing on assumptions rather than risks works well, as people are more comfortable discussing positives than negatives.
Show these assumptions to the board and top-level management, and obtain ratings to identify which are “safe” assumptions, “risky” ones, etc. It is also important to test these assumptions by bringing in one or two industry experts to make sure that the board is not falling into the trap of insular thinking.
‘At that point you may start to see patterns – you’ll see where people have consensus on stable assumptions, where they agree that the assumptions are at risk and, most interestingly, where there’s a lack of consensus because different managers are not seeing eye-to-eye.
It’s the assumptions that some people think are safe and others believe to be risky that are the really dangerous ones – they represent risks that would not be identified by any traditional risk process.’
Baxter continues: ‘An effective strategic risk management process must also include escalated project and operational risks that have strategic implications. The danger here is that nothing gets escalated or too much gets escalated and the board can’t see the wood for the trees.
Only risks that have a potential impact on business strategy or require board intervention should be escalated. Everything else should be managed at lower levels in the organisation. To control this efficiently in a large organisation, you will need an automated software tool.’
Baxter sums it up by offering an example of his assumption-based strategic risk management approach in action. ‘We worked on a large government programme which was halfway through a five-year plan. Programme risks were being escalated but senior management perceived everything to be ticking along satisfactorily. We set up a strategic risk assessment with the executive team and in just a fortnight it became clear that the programme was not going to meet the strategic objectives of the department. They re-scoped it and re-launched it two months later and it is heading for a successful outcome.
‘It wasn’t a case of telling the board what we thought their risks were; it was simply a matter of capturing their assumptions and presenting them in such a way that the managers would realise that what they were planning wasn’t going to work. Our approach is about making senior management see the risks within their own strategic assumptions. It’s the purity of the process that gets the message over.’
Keith – thanks for this – very interesting. One question that came to mind was – how does this approach handle strategic opportunities?
Hi Keith – yes, very interesting article (as usual). Do you find that senior management and even board members don’t always realise that they are making assumptions as they go about their planning, strategic or otherwise? And perhaps, that even if they do realise they are making assumptions they haven’t compared them with the assumptions other managers / board members are making about the same piece of planning? Seems to me it happens all the time in all areas of business (and life!).
While you’re at it, could you tell me why I always seem to make the wrong assumptions about the men I get involved with and what they want from a relationship??? Then, let’s have the meaning of life…
Keith – thought provoking article again.
I think, as can be inferred from the article, that understanding the strategic assumptions is of course critical, but I would pose the question (perhaps rhetorical!), isn’t it very difficult to identify, extract and analyse the strategic assumptions? My point is that at the executive level, assumptions are often engrained in the individuals’ and corporate “mindset” to the point where acknowledging them as having a sensitivity or stability issue demands some self-effacing behaviour on the part of senior managers – not, typically, a natural thing.
So, how does one effectively probe the minds to understand the usually undocumented strategic assumptions, without getting senior execs offside? I think that brainstorming risks is less threatening, as it’s often seen as ‘clever’ or ‘insightful’ to be the one to identify such, but acknowledging the vulnerability of one’s core assumptions is perhaps perceived as more threatening.
Looking forward to your thoughts.
[…] Click here to read the rest at his blogξ https://www.de-risk.com/blog/?p=52 […]
Keith, good article. I found your ascertion that “one big problem with identifying strategic risks is that you can’t brainstorm them: ‘You get too much noise and everyone gets distracted by irrelevancies”. As with any risk analysis a company’s risk is based on the perspective of who is looking at it. Who is to say that the board members will identify that really strategic risk, because they are focussed on perhaps profit, market competitors, etc, when perhaps the real risk is down the supply chain somewhere – a critical resource/material, a critical supplier, a critical production process, etc, which someone further down the company may see – i.e. the storeman or maintenance technician. For instance, the board has broadened its sourcing across a number of manufacturers to spread product sourcing and supply chain risk. However, only the repair manager knows that all the suppliers source critical components from one unique component manufacturer further down the supply chain, thus, all ‘safe’ products have a common and strategic product manufacture and through-life support risk. Thus, I believe everyone in the company has a legitimate input to strategic risk management and contributing strategic assumptions as they will see were real pinch-points strategic risks may occur. Letting the Board do the strategic assumption and risk work will inevitably be driven by CEO pressure, ‘group think’ and ‘peer mirroring’, unless you have a few persuasive and trusted mavericks involved (know anyone fitting the maverick role?)
I agree with Julie that strategic risk management must be flexible and open to exploiting strategic benefits when they appear.
I can see a direct link between strategic risk/benefit management and your previous information on Black Swan events (just reading Taleb’s ‘The Black Swan’ book). If you can do some really interesting strategic risk analysis, then perhaps you can either be able to deal with a Black Swan better, or by thinking the unthinkable turn a potential Black Swan into a Gray Swan, or “White Swan” if you generate a market winning product, etc, thus an opportunity! This is what I’m trying to do with the impact of climate change, energy/resource scarcity on our operations – identify seemingly disconnected events or developments that could gestate a Black Swan scenario, but also to look at how we could perhaps intervene or influence these event impacts on our operations to turn an inevitability climate change/scare resource issue into a positive operational opportunity.
Cheers, Maurice
Julie – Opportunities should be captured very naturally with ABCD. Once the strategy has been broken down into its constituent assumptions, these assumptions represent what needs to happen in order to meet the strategy. When rated for Sensitivity, the impact could be either negative or positive ie it could be a D because a massive opportunity exists rather than the normal situation of a massive threat. And similarly then for Stability which becomes an indication of the confidence in assumption being “better” rather than “worse”.
Jane – I think that you have put your finger on the key point here – also echoed and expanded upon by Terry. There are always two types of assumptions – explicit that peopel are aware of and implicit that they are not aware of until they are probed or challenged appropriately. It is the latter type that requires the intervention of an outside consultant/industry expert as it will open up the senior management thinking.
Not sure if I would recommend a formal assumption analysis for your personal life but it is definitely the same process in action!
Terry – on the question of brainstorming, I agree that some organisational cultures can work effectively this way but only if the process is structured rigorously aroud the strategic objectives. This must be the starting point and breaking this down into the constituent assumptions means that you can focus on the assumptions as effectively these are “sub-objectives”. Once this is done you can get the veiws of senior management by either doing one-on-one interviews or doing a workshop. I have used both effectively in the past but, on balance, interviews tend to be more effective as they ensure that participants are open and contribute equally and also interviews take less of participants time than workshops.
Maurice – couldnt agree more. Strategic risk management has to be both top-down and bottom up, with appropriate risks being escalated from operational levels.
There is clearly a link between strategic risk management and Black Swans but the former addresses things that you think are likely to happen wheras the latter addresses (massive impacts) that you dont think will happen. I think that this distinction is important as you will deal with strategic risks differently from Black Swans.
Good luck with reading The Black Swan – if you make it to the end you are a better man than me!
How do you cope with different scenarios for strategic risk assessments?
Hi Don – Scenarios are a natural part of strategic risk assessments. Each scenario can be treated like a “project” in its own right. Therefore each scenario will have a unique set of assumptions to be assessed. This is very useful when trying to assess the potential upside/downside of pursuing a particular strategy as once the assessments are done, it
[…] This post was mentioned on Twitter by Thomas M. Bragg, Keith Baxter. Keith Baxter said: Strategic Risk Management – blog update http://bit.ly/7nxmaI #riskmanagement […]
Keith, as Black Swan events can have a negative or positive flavour, I believe strategic risk management should be alive to these swans and recognise that they can offer significant opportunities in business as well as disruption – i.e. strategic opportunities/benefit management. However, I think this requires a very different approach and willingness to react quickly to take advantage of such events. Do you have any experience of where strategic risk management has been used to rapidly develop a business opportunity, change a company’s direction, or move into a competitor’s trade space?
{Not finished the book yet – it’s an uphill struggle, but I will prevail}
Maurice – the simple answer is no! We have used strategic risk management many times in a “defensive” way to stop enterprises going wrong but not to take advantage of opportunities. I think that this says something about the attitudes of board members and is probably also affected by the economic climate now. Of course there is nothing to stop the process being applied to identifying strategic opportunities but I think that it required re-setting mindsets first.