MANAGING STRATEGIC RISK!!

At a time when business environments are getting more and more competitive, profit margins are becoming thin and resources scarce, organisations are using strategic planning as a source of competitive advantage. As the saying goes “failing to plan is planning to fail” and “if you don’t know where you are going then any road can get you there”. Strategic planning is basically the coming up of a course of action over the long term so as to achieve an organisation’s mission and vision. What must be emphasised from the onset is that the strategy an organisation adopts will always come with it’s own risks.

It would be a great injustice to this paper for the author to continue the course of discussion without providing a definition of key terms. As Quarantelli (1995) puts it “So a main reason we need clarification (of terms) is because otherwise scholars who think they are communicating with one another are really talking of somewhat different phenomena”. Chandler (1962) defines strategy as “the determination of the basic long-term goals and objectives of an enterprise, and the adoption of courses of action and the allocation of resources for carrying out these goals”. According to the International Federation of Accountants (IFAC), risk is defined as “Uncertain future events which could influence the achievement of the organisation’s strategic, operational and financial objectives”. Risk can be either upside (positive) or downside (negative i.e things going wrong). For purposes of this paper risk will be perceived in a down side way.

Having defined the terms Strategy and risk, a tentative definition of strategic risk adopted from CIMA is hence provided “these are risks stemming from the entity’s strategy and pose the greatest threat to the achievement of the strategy”. Because strategic risks have a bearing on the continued existence of an organisation and the achievement of its objectives, it is of utmost importance that the organisation puts in place measures to manage such risks. Risk management is the process of identifying, quantifying, mitigating and monitoring risks in an organisation while strategic risk management is about managing those risks that could negatively affect the achievement of the organisation’s strategy. “Strategic Risk Management is a process for identifying, assessing and managing risks and uncertainties, affected by internal and external events or scenarios, that could inhibit an organization’s ability to achieve its strategy and strategic objectives with the ultimate goal of creating and protecting shareholder and stakeholder value. It is a primary component and necessary foundation of Enterprise Risk Management” (Anderson et al., 2011).

 The trend in most institutions in Zambia is that management will come up with a strategic plan and insert a clause in the strategic plan to say the organisation will prepare a risk policy and risk register as documents to support the achievement of the strategic plan. The author argues that this is the wrong way to go about it. The risk policy must be in place before the strategic plan process starts and the risk register should be developed hand in hand with the strategic plan.

Risk management tools should be applied at the strategic planning level. At the time of drafting the strategic plan the organisation must have already defined its risk appetite and this must serve as a guide to those drafting the strategic plan as to the level of risk they can take in achieving the organisation’s objectives.

When management is drafting the strategic plan, they must for each course of action and determined objective identify the risk that could negate the achievement of that course of action or objective, quantify the risk, come up with ways of mitigating that risk( i.e transfer, avoid, accept or reduce) and put in place mechanisms for monitoring the identified risks. Risks should not come as a surprise to management when implementing the course of action (during the strategy implementation phase) but rather they should be identified and planned for at the strategic planning level.

When a course of action or objective is proposed at strategic planning level, the next questions should be what are the risks? What could be there net effect? How do we manage them? And what mechanisms do we put in place in order to monitor them? Risks such as liquidity risk, financial risks, reputational risks to name a few must all be identified at strategic planning level.

The Board of an organisation has a role to play in ensuring that the strategic plan that the management of an organisation tables for approval before them must have the necessary risk considerations and these must be documented.

In conclusion, strategic planning is an important aspect of the organisation achieving its mission and vision. How well management puts in place measures to identify, quantify, mitigate and monitor risks at the planning stage will determine to a greater extent the level of efficiency and effectiveness in the achievement of that strategy.