The world gets riskier by the moment, with events moving at a breakneck pace and decisions being made at a moment's notice. Companies need to compete for resources as never before, with brand and reputation critical to their success. Boards have high expectations for management, and are required to operate the business in ways they never anticipated.

These dynamics are forcing companies to look at the world in a whole different way. The practices of the 20th century may not work in the 21st, forcing businesses to find new and better ways to do things.

In this environment risk takes on a whole new meaning, and the traditional principles of risk management (see box below) are not adequate to address it.

Box: Traditional Risk Management Principles (available in full paper)

What is needed is a new way to address risk that takes into account the changing needs of business. A more modern set of risk management principles is set forth below:

  • Risk management becomes a systematic, comprehensive and integrated activity

  • Risk is quantified to make informed decisions

  • Risk is not automatically avoided; it is weighed against opportunity and optimized to ensure appropriate return

  • Economic decisions (capital allocation, risk mitigation, etc.) consider potential risk as well as historical costs

  • Risk mitigation and financing ensure a minimum total cash flow needed for strategic investments

Key to this new way of looking at risk and risk management, is understanding risk from multiple perspectives. Traditional risk assessments for companies have concentrated on Hazard risk, with little or no attention paid to Financial, Operational and Strategic risk. Yet, a recent study indicates these other 3 risks are most often attributable to declines in shareholder value, and thus of major concern to senior management.

Figure: The Changing Nature of Risk Management (available in full paper)

A strategic risk assessment (SRA) takes into account risks from all four categories, and quantifies them to provide a level of understanding rarely seen today.

The goals of an SRA include:

  • Development of a comprehensive risk profile for the company

  • Identification of risks that may have been overlooked

  • Assessment of the potential frequency and severity of identified risks

  • Development of a tool to advise management and the Board regarding unprotected risks

  • illustrate their impact on finances, Compilation of the information necessary to refine the risk management program, and Development of a tool for identifying and refining existing risk control practices

What is involved in a strategic risk assessment? First and foremost, the risk assessment process requires the support and involvement of the highest levels of the company's management. This includes not only issuing a statement of support for the project, but also taking an active role in some part of the process (most likely by being in the first group of interviews.)

This content is only available via PDF.
You can access this article if you purchase or spend a download.