Risk Managers’ Role in Strategic Risk Management

Nowadays Strategic Risk Management (SRM) is smoking hot discussion topic amongst risk managers. Traditionally strategy formation comes under the ambit of CXOs and Board. The CFO and strategy consultants do the number crunching, operation heads present the business case and board approves the same. However, SRM is gathering viral attention hence the question that needs an answer is – where does the Chief Risk Officer (CRO) fit into this game plan and what value addition do they provide to management?

The pet peeve of CROs is that they are not involved at board level and of CEOs is that CROs don’t provide value addition at strategic level. The tug of war can end if CROs are able to provide value addition at strategic level as this will get them the desired visibility at board level. I am presenting some of my thoughts on role risk managers can play in strategic risk management field. Let us discuss these and share your viewpoint with me.

To put forth a CEO’s perspective, Andy Groove in an interview in 2003 had said on strategy None of us have a real understanding of where we are heading. I don’t. I have senses about it. But decisions don’t wait; investment decisions or personal decisions don’t wait for that picture to be clarified. You have to make them when you have to make them.”  

This indicates the basic challenges CXOs face in strategy formation and implementation. Some strategies for example of Facebook, Google, and Apple worked in the long run despite the odds, and some failed although the conditions were favorable.  When we see known brand names suddenly collapsing due to adoption of incorrect strategies, our reactions range from –  “In my wildest imagination I didn’t think this strategy was incorrect” to “Why didn’t the company see it, disaster was written all over it, except a neon sign stating so.” Then what does it take a strategy to be successful, plain luck and intuition or is there more to it.

In my view, corporate strategy is akin to a war strategy, and the same rules apply. To quote Sun Pin from Art of War:

“One who knows the enemy and knows himself will not be endangered in a hundred engagements. One who does not know the enemy but knows himself will sometimes be victorious and sometimes meet with defeat. One who knows neither the enemy nor himself will invariably be defeated in every engagement.”  

Hence, to formulate a winning strategy to gain market share and profits, or for any other business segment, having accurate information is essential. The best way forward for CROs is to understand the limitations of the strategy formation process and provide the support to remove the roadblocks.

1.    Establishing a Strategy Approval Process

The assumption is that CXOs and Boards have numerous strategies to choose from and an informed decision making process is followed to make critical decisions. In some organizations, this is not true. The situation reminds me of Dilbert strip saying “Once again are only line of profitable business is intentional billing errors.”

The catch is that when business heads present a strategy to CEO and board, the other CXOs rarely raise objections and there is limited healthy debate. Reasons vary from attempting to be politically correct towards the business head presenting the strategy, or presenting views contrary to the CEO, to lack of interest as they themselves have a large organization to manage. Whatever be the case, strategies sometimes do not get the due attention they warrant. This generally results in the organization not having an alternative strategy to choose and weigh the pros and cons.

On the other hand, when an organization has a formal strategy approval process, the board is able to take informed decisions. There is less reliance on gut feel, intuition and half-baked information. A formal strategy approval process includes steps for formation of strategy, the required whetting and due diligence, developing alternative strategies, evaluating past failures and presentation to the board. CROs as a first step can introduce a formal process or review the existing one and suggest improvements.

2.    Focusing On Organization Psychology

Organization and CXO behaviour and attitudes affect strategy selection. CXOs are generally confident and over optimistic by temperament. They are unable to identify their blind spots in their thinking and are sometimes caught in a psychic trap. Their teams do not give them a candid picture due to fear of punishment, corporate orthodoxy and confirmation bias. Hence, while the assumption is that all pros and cons are evaluated, this is rarely so.

Secondly, reports indicate that organizations that are doing badly are prone to take higher strategic risks. This could be because of organization culture and a desperate need to show revenues. This can also be attributed to distorted perceptions of reality. An outsider would think that if management had a lick of sense, the strategy wouldn’t be chosen. However, the internal perceptions are such that all resources are committed to it.

The third aspect is that some strategies are not offered by staff because of fear of failure. The psychology is that if the risk is high in a strategy, a staff may not present it because the probability of reward is low and punishment is high. If employees are individually responsible for strategy formation, failure of a strategy results in job loss, decline in bonus etc. Hence, personal interests supersede the desire to contribute to corporate success. In such cases, employees actively deceive the organization for personal safety and interest.

Developing an organization culture, which is transparent, allows constructive confrontation, rewards initiatives even if not successful is necessary for proper decision making at strategic level. CROs need to focus on building a healthy organization psychology to ensure good strategies are selected.  

3.    Measuring Risk Appetite

CXOs tend to sway from risk avoidance to excessive risk exposure. Without risk taking an organization cannot operate, as complete risk avoidance would damage business. On the other hand, without considering the downside of a strategy, an organization may reduce business value. Management sometimes do not know the total value of risk that an organization can take to leverage business growth.

Another aspect is that sometimes CXOs are unsure in which areas they can undertake risk exposure. For example, while investing in another country, the country laws may prohibit investments beyond certain limits. Hence, if organization is looking for bigger markets these clauses may limit its potential to go solo. Here, at each state of investment risks need to be measured to ensure business continuity.

Hence, the best way to measure risk taking is to assess whether the value of business increases with the risk taking. That is, the upside and downside of a strategy should be evaluated. For example, management may consider future profitability with the negative consequence of higher borrowings for capital investments. CXOs need to focus on exploiting upside risks and reducing potential downside risks. CROs can play an active role in assessing the risk appetite of the organization in total and of its various strategies. As Sun Tzu stated “One who knows when he can fight, and when he cannot fight, will always be victorious.”

4.    Improving Corporate Governance

The underlying assumption in strategy selection is that the one benefitting the organization’s best interests will be chosen. The human factor is ignored as the decision makers primarily consider their own interests first. Studies state that strategic risk taking differs for owner and professionally managed organizations. The three situations are:

a.  Decision-makers having limited stake in equity prefer risk avoidance, as they do not profit from the benefits of risk taking.

b.  Decision-makers having extensive stake in the organization are risk averse, as they fear losing significant portion of their wealth.

c.   Decision-makers owning diversified investment portfolios take balanced risks after considering the types of risks.

 According to the report “The venture capital and private equity investors who provide equity for young, high growth firms are perhaps the closest that we get to this ideal. They invest significant amounts in high-growth, high-risk businesses, but they spread their bets across multiple investments, thus generating diversification benefits.”

 Hence, corporate governance practices of appointing independent directors, formulating investment committees, management pay committees and risk management committees enhance strategic decision quality in organizations. Risk managers should focus on developing corporate governance practices, which ensure independent decision-making.    

5.    Independent Evaluation of Strategy

Strategy makes or breaks the organization, and management is spring-loaded to believe that a strategy presented by a business head is properly evaluated for pros and cons. The assumption is that SWOT analysis covered all threats and opportunities hence risk assessment is complete. However, this is far from the truth. Generally, a rosy picture is presented by the teams if they believe that CEO & board are in favour of a particular strategy or deal. The reasons for not adopting the strategy are not assessed properly.

Secondly, the assumptions taken for particular strategy can be significantly incorrect. For example, when McDonalds entered Indian market they estimated huge market potential. The menu was the same as that served in US. After incurring losses for 2-3 years, the management understood that Indians prefer spicy burgers and do not eat bland food. Now the menu has Chicken Tikka burgers, which no American will be able to fathom that it is a McDonald product.

Last but not the least; the projected numbers may be overly optimistic as the people preparing the strategy are too close to the project to evaluate negatives. Hence, an independent check on the financials is a good move.

One of the techniques to encourage independent evaluation is to develop failure scenarios for the strategy. Assume conditions under which the strategy fails, and then determine risk mitigation plans for those situations. Risk managers should recognise that the strategy is not iron clad and a change in assumptions, financials and additional information can facilitate evaluating the strategic risks.

Closing thoughts

The list above is not exhaustive and risk managers can definitely add more value by developing knowledge management systems to provide accurate market information and crises management teams to facilitate a situation where a strategy is failing. Identifying early warning signs of strategy failure prevents the organization from going too far in the wrong direction. It also ensures that sunk costs for incorrect strategies are minimized and new strategies are adopted at the earliest. Risk managers can play a critical role in this area, the question is –are they willing to take up the challenge?


  1. Strategic Risk Management
  2. Andy Grove on the Confident Leader by HBS
  3. How CFOs can keep strategic decisions on track by Mckinsey Quarterly
  4. Distortions and deceptions in strategic decisions by Mckinsey Quarterly