The Need for Strategic Risk Management

In today’s business environment, risk is expected to occur. Due to this state of uncertainty, most organizations have set risk-management processes in place to identify, assess, and respond to these inevitable risks. Within this risk identification process, often there is a gap of crucial importance - strategic risk management, according to a recent thought paper by McKinsey & Company. Strategic risk management is the process of identifying, assessing, and managing the risk in the organization’s business strategy that includes taking action when risks are realized. 

In order to fill this gap in strategic risk management, top decision makers in an organization must exhibit intentional effort to identify and manage emerging strategic risks. The leading role to be played in guiding this process often falls into the hands of the CFO. The CFO’s role in stewarding the financial health of the company ultimately establishes key opportunities to implement elements of strategic risk management aligned with other activities the CFO already performs.

Actions and Decisions of Line Management to Monitor Strategic Risks

Due to the unavoidable state of risk in an organization’s day-to-day activities, the first line of defense resides in the actions and decisions of line management. The paper provides an example of a risk register for the line of management that they use to defend against undesirable or excessive risk throughout the business. 

The board of directors plays a leading role in overall risk oversight. The board of directors is appointed to act on behalf of the shareholders to run the day-to-day affairs of the business. Due to this gap in risk management and control, most organizations attempt to bridge the gap between the two by establishing a small central risk function. This small central risk function manages a comprehensive list of risks that are identified throughout the business, with a severity assessment, probability, and mitigation actions for who is ultimately responsible. This process is then put into a description of risk responsibilities for top management and the board. The synthesis of duties suffers in four areas that the author provides as follows:

  1. Risks are biased toward current operations and rarely include risks that affect plans related to future growth.
  2. This approach misses crucial external factors that may be the most important risks which people view as beyond their control.
  3. The entirety of the process is viewed as a monotonous review of the knowledge already attained by the participants.
  4. Risk management processed in this way does not produce timely effects to achieve strategic success.

CFOs Steps Toward Improvement in Strategic Risk Management

Along with the management of financial-operation risks, CFOs can broaden their involvement by stewarding their company’s financial health through implementing the following steps in strategic risk management. The McKinsey thought paperprovides steps with examples from capital-intensive companies to illustrate the steps that the CFO can take to improve the process of strategic risk management in their organization. 

Step 1: Build a tight link between risk management and business-planning processes

In this process, CFOs must pinpoint where and how risk will ultimately affect the business plan. The paper includes an exhibit (Exhibit 2) in which it annotates a specific list of priority risks on its executive management reports. By pinpointing where and how risks will affect the plans of the business, the executive committee is able to focus on the relating challenges and actions that are required to meet the performance goals. 



CFOs must also incorporate systematic stress testing as part of financial planning. This provides management with a greater confidence that the business plan encompasses a range of potential macroeconomic scenarios. The paper provides an exhibit (Exhibit 3) illustrating leading real-estate firm forecasts of key financial metrics under comprehensive macroeconomic scenarios. 


CFOs should apply probabilistic “financials at risk” modeling for major investment decisions. This provides insights on the possibility of success. The paper provides an example of this modeling in Exhibit 4. 


Step 2: Lead a corporate-level discussion of risk preference, focusing on what risk choices will most likely deliver economic profit for the company

The CFO is in charge of equity, the ultimate risk capital of the organization. Taking risks is a necessary step toward growth; therefore the CFO must lead the top management of the company in executing a proper risk appetite and evaluating the possible implications. 


Step 3: Use risk analytics to inform investment and strategic decisions

CFOs typically lead discussion on proposals and solutions that are presented to top management during the decision making process. In these situations, a similar type of risk assessment as discussed about should be implemented. The CFO must define the right set of foundational financial and risk analytics associated with the options to ensure that every value or deficiency is brought to the company’s attention before moving forward. Another option to improve these capital-expenditure decisions is to employ analytical risk-adjusted valuation methodologies. The author provided an example of this in Exhibit 5 relaying a European energy utility company reranking potential of capital investments by incorporating risk. 

Addressing Deficiencies to Strengthen Strategic Risk Oversight

Addressing these deficiencies in strategic risk management helps focus the business plan towards a futuristic perspective. Focusing on supporting investment and strategic decisions relating to the business plan and assessment of risk preference creates improvement within the strategic risk management process. CFOs play an impacting role in strategic risk management. To achieve desired improvement, the crucial steps of embedding risk in financial planning, setting appropriate risk preferences, and instilling risk-oriented approaches in management decision-making can produce a balanced risk and return to create increased value for the organization.  

Click below to download thought paper.

Link: McKinsey&Company

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2013-04-01