Why isn’t Strategic Risk included in ERM?
Many ERM systems exclude Strategic Risk. The ERM systems usually include Market, Credit, Insurance and Operational Risk. But not Strategic Risk.
Perhaps the assumption is that the ERM systems are about managing capital for the fluctuations and extreme losses of the business.
More likely, strategic risk is left out for two reasons. First of all, the CEO and senior officers probably do not want to delegate this work. Concerns about strategic risk are quite high in the priorities of a senior management team. It is also a major concern of boards.
The second reason is that ERM has been highly focused on “measurable” risks and few feel that they can measure things like reputation risk and strategic risk. So it may well be that risk managers are not asking to be given responsibility for helping with strategic risk.
But CROs need to remember that strategic risk is real, is very large and is not on their list of risks. Because when they go to the board and top management with their “holistic” risk presentations, they will have a difficult time if the fail to ever even mention strategic risks.
In a the average company, their risk of failure averages between 2% for the largest and most secure firms and 5% for all other firms. (Based upon studies of corporate longevity. Fortune 500 firms have an average lifespan of about 40 years and an average firm only14.5 years.)
When other studies look at cause of major problems for firms, strategic risk make up about 70% of the events that result in a stock drop of 20% or more and operational risks, 20% and financial risks only 10%.
While those statistics are not widely known, it seems likely that a risk presentation that totally ignores strategic risk will strike board members who are generally aware of what causes problems for firms to wrinkle their brows with disbelief.
Now insurers, for example, have a different risk profile. Their Financial and insurance risks are thought to be about 4 times as large as their operational risk. Making a rough just ice adjustment to the figures above, one migh estimate that Insurance and Financial Risks are perhaps 55% of the total risk profile, Operational risk about 12% and Strategic risk about 33%.
So there is a range for thinking about strategic risk for insurers – between 33% and 70% of total risk.
Think about that before the next time you talk to your board about the firm’s risk profile.Explore posts in the same categories: Enterprise Risk Management, Strategic Risk comment below, or link to this permanent URL from your own site.