Glasgow Caledonian University Risk Management Research brief

SCENARIO

You serve on the board of a regional strategic committee for your local Chamber of Commerce. Due to the COVID-19 pandemic, the committee has decided to develop some resources for local small businesses to develop their risk management strategies. You are assigned the task of writing a research brief on the importance of risk management to the strategic planning process for small businesses.

INSTRUCTIONS

Create a research brief that addresses the following:

The importance of strategic risk management

How strategic risk management affects organizational goals

The role of corporate governance

With all of the changes that occur in a global environment, organizations have to think about contingency plans while thinking of strategic priorities. Strategic risk management is something that needs to be at the forefront of strategic planning because sometimes things do not always go as planned. Most organizations use contingency planning as an addendum to their strategic plans to account for things that may go wrong. Strategic risks can be classified as those risks that have a significant impact on an organization’s ability to achieve the goals and objectives that were set during strategic planning.To be effective, organizations should form a strategic risk management committee (SRMC), which is a group of executives from every department/group of the enterprise. Using a cross-functional group allows for different perspectives, and they can advocate for various risks that are inherent in their respective areas. Since many large organizations are global with locations worldwide, there will be different types of risks, such as economic, political, and legal, that organizations have to take into consideration. Listed in the media piece below are some key attributes that organizations have to think about when forming an SRMC:Key Attributes When Forming an SRMCDiversity in departmental representationThis means that all significant areas of an organization are represented so that the contingency plan is representative of everyone. As an example, large organizations such as Amazon, Apple, GE, and Google have multiple departments. Still, they have a risk management division and an SRMC that represents every department in the organization to ensure that each department has purview to any potential risks that they might face. Smaller organizations may not have multiple departments, but an SRMC is still important because you will have to plan for risks in the organization.Focus on risk management advocatesOrganizations should embrace the use of risk management as a proactive step to mitigate future risks and stakeholders should champion this effort. Larger organizations typically have what is called a “risk champion” for every large initiative that the organization wants to undertake. The champion ensures that respective teams are encouraging and “touting” the importance of looking at risk in every task that assists in the achievement of a strategic goal. The term “risk management” is something that should be in every strategic plan with an advocate.Communication transparencyOnce a contingency plan is drafted, it needs to be communicated to the entire organization so that everyone is aware of the strategy. For instance, imagine that you work for a large organization, and you learn about a data breach by listening to the news, this would not make you feel trust or loyalty to an organization. The proper way to handle this type of situation would be to communicate the information internally before letting the general public know.No matter what size the organization is, there needs to be a strong emphasis on risk as a way of the culture. Managing risks ties into the gap analysis of strategic planning because you are proactively looking for issues that might arise.Once the SRMC is created, organizations can use a typical structure of Enterprise Risk Management (ERM) to manage any risks as they arise. Not all risks will threaten the overall health of an organization, but others can put an organization out of business. The significant risks that an organization might face have created an increased focus on strategic risks and risk management. Strategic risks can be categorized are those risks are crucial to the organization’s ability to achieve and execute strategic goals and objectives. From a financial perspective, strategic risks could harm business valuation and the viability of an organization. Whereas, strategic risk management is coined as the overall process of the identification, assessment, and management of any risks in an organization’s strategic plan.If you don’t have a risk culture that fosters identifying and discussing risk, reviewing and learning from breaches, and deriving opportunities from potential risks then it is unlikely that a company will be able to develop an effective strategic management risk committee.Risk is something that is inevitable but how an organization responds to it is an essential part of any strategic or operational planning process.5 hours agoOnce organizations establish that risk is inherent, they can begin to understand how risks affect organizational goals. The first thing that organizations should do is a strategic risk assessment where the most significant threats facing an enterprise are reviewed and evaluated. By conducting an initial risk assessment, an organization can bring together all key stakeholders in an organization. The overall strategic risk assessment process can be customized to an organization’s specific needs and organizational goals. For risk management to be effective, the organization must design a reporting process that reflects the current state of the organization and how risks have impacted the strategy.The next major step in implementing a risk culture is to integrate risk management into the performance measurement processes. As stated before, strategic risk management is an ongoing continuous activity that does not happen once a year and should be considered a core process for organizations. The inclusion of a risk management focus on strategic planning and performance management of goals is where organizations will see the most benefit. Depending on the size of the organization, this could be a complex activity. Listed in the media piece below are instances where organizations can alter their strategic plans to include a risk management focus:Instances Where Organizations can Alter Their Strategic Plans to Include a Risk Management FocusIncorporate a risk focus in the strategic planThis includes developing the mission, values, and vision; strategic analysis; and strategy formulation with a focus on risk to the organization. Placing an emphasis on risk in your strategic plan shows that you acknowledge that things might go wrong. While goals and objectives are being discussed, the organization also needs to discuss the risks associated with achieving these items.Develop a strategy that includes risk management techniquesIf an organization truly understands the influence of risk management on their strategic plan, more organizations would use risk management techniques. Risk management strategies contain some of the following elements to ensure that a risk perspective is included in the overall strategy:Strategy maps – these will outline how the strategy would be implemented and executed by outlining a contingency plan for any risks.Strategic risk themes – these themes could address any type of risk that is associated with the overall project, task, or objective.Risk initiatives – this could be a framework of the organization’s objectives as it relates to mitigating risk for the upcoming year.For instance, imagine that you worked for an organization that did not incorporate risk management techniques into their overall strategy, there would be no safety net if a problem arose. By outlining these areas, an organization could develop a strategic risk management framework that allows for the incorporation of risk measures on balanced scorecards and other performance measures.Align key stakeholders in the organizationThis would include the alignment of all areas of an organization, from the board of directors, employees, business and support units. This alignment would ensure that the organization has proper governance and control over the risk management process. The stage includes aligning business units, support units, employees, and boards of directors. The governance structure of any organization should provide a checks and balances system. For instance, back in 2008, when the United States went into a significant economic downturn, several of the largest financial institutions examined the role of the CEO. During this time, it was not uncommon for the CEO to hold the position of Chairman of the Board, which from a governance perspective should not happen. Reliable guidance was given from the Securities and Exchange Commission to change this alignment so that there would be proper oversight from a risk perspective. The lack of alignment before this guidance led to many hasty decisions by CEOs at that time due to unlimited power and no oversight, which ultimately affected the organizational goals of the companies involved.Incorporate risk management routines in the operational planThis would include adding a risk element to the following plans: budgeting, capacity, operating, quality, and sales. This addition ensures that every area of an organization has some type of risk emphasis. By incorporating risk management in these plans, this enables the organization to establish a “risk review” as an agenda item for business review meetings.Risks can affect every aspect of an organization, especially strategic goals. There should always be a “what-if” analysis occurring as strategic goals and objectives are being developed. In today’s business environment, the risk is not something that can be ignored by any organization.Additional ResourcesGatti, C., & Vagnali, G. (2016). Evaluating corporate strategic plans risk-based approach. Journal of Financial Management & Analysis, 29(1), 15-26.Calandro, J. (2015). A leader’s guide to strategic risk management. Strategy & Leadership, 43(1), 26-35.Kaplan, S., & Gans, J. (2018). Structured anticipation: How to anticipate strategic threats to survival. Rotman Management, 97–100.4 hours agoCorporate governance can be classified as a risk management system that directs and controls the activities of an organization. To provide oversight, many organizations have a board of directors who are responsible for influencing and enforcing corporate governance. Other responsibilities of the board of directors may include assisting with setting an organization’s strategic goals and objectives, providing oversight for goal implementation, supervision for the management team of an organization, and reporting to shareholders if the organization is publicly traded.To mitigate some of the potential risks of an organization, which are operational, market, and credit, organizations have created an additional structure outside of the Board of Directors, which is an operating committee (OC). The OC provides an extra layer of risk mitigation because executives from the major areas of an organization are represented on this committee. The goal of a governance structure is to call attention to any potential loss in the overall value of public and private corporations caused by a conflict of interest in the operating management committee.Let’s begin by looking at the corporate governance framework, which consists of 3 major areas:Explicit and implicit contracts – these contracts can be between an organization and an internal or external stakeholder. Given the increase of external contractors in organizations, this has become increasingly important in managing data risk and confidentiality, which could be a problem if not managed properly.Conflict of interest policy – from time to time, there may be a differing of opinion or conflicting interests of stakeholders in an organization. The board must ensure that there is a policy that clarifies duties, privileges, and roles so that conflicts of interest do not occur. If they do, there should be a process to handle the conflict in the risk management process.Checks and balances system – every governance and risk management strategy should have detailed procedures for the control and supervision of information, to provide oversight to all of an organization’s processes.Risk management should be the focus when a conflict of interest arises, which has led many companies to seek external members of the Board of Directors, which will eliminate the risk of self-serving decision making. Past scandals in the financial arena have provided the mitigation of the potential risks associated with taxes and finances, such as the Sarbanes Oxley law.From a governance perspective, the Board of Directors of an organization should provide the necessary strategic risk management and oversight for the leader of the organization. Listed below are some of the governance structures for several types of organizations:Not for profit – typically, a not for profit is run by an Executive Director or CEO, who reports directly to the Board of Directors for oversight. This reporting structure mitigates any potential risks associated with major strategic decisions being made without any input from more than one party. For instance, if an Executive Director wants to purchase a new computer system for the office, the Board of Directors must approve the expenditure before purchasing.Publicly traded business – publicly traded organizations have a similar reporting structure as the not for profit, where the CEO or President reports to the Board of Directors for oversight. Before financial reforms that were developed from the 2008 economic downturn, CEOs of major companies could hold dual roles, acting as the CEO and Chairman of the Board, which was a governance issue that was highlighted with the economic downturn. Many of the organizations that went bankrupt were being run with a dual role CEO, which did not provide much oversight for making decisions. From a risk perspective, this was a problem in the making, which is what happened during that time period.Sole proprietor or small business – for the sole proprietor or small business, a large or elaborate governance structure is not possible due to size, which creates an issue from a risk management perspective. Business owners have to be very explicit with their grievance policies with customers due to the lack of oversight.Corporate governance, not to be confused with operational management, is solely about how the Board of Directors sets and models the value of an organization. Risk management should be an integral part of every organization’s strategic goals and objectives.Additional ResourcesSchroeder, H. (2014). An art and science approach to strategic risk management. Strategic Direction, 30(4), 28-30. http://dx.doi.org/10.1108/SD-04-2014-0056 Permanent link:Puchley, T., & Toppi, C. (2018). ERM: Evolving from risk assessment to strategic risk management. Healthcare Financial Management, 1–5.