Strategic risk (Ofer Abarbanel online library)

Strategic risk is the risk that failed business decisions, or lack thereof, may pose to a company.[1] Strategic risk is often a major factor in determining a company’s worth, particularly observable if the company experiences a sharp decline in a short period of time. Due to this and its influence on compliance risk, it is a leading factor in modern risk management.

Financial distress and strategic risk

In 2004, James Lam Associates[2] researched the main cause for financial distress at companies that publicly traded. The research question was: when a company faces a major market value decline which is a 30 percent relative decline, what was the main cause?[3] The research team found that 76 S&P500 companies had suffered a dramatic decline in market value in a month, after analyzing the market value data of S&P500 companies from 1982 to 2003.[3] The JLA research team determined the root case of their market value decline by reviewing news reports, regulatory filings, and company statements. These 76 companies worked with a cross major industries such as energy, materials, industrials, telecommunications, consumer products, health care, utilities, and financials. Overall, the JLA’s study found that 61 percent of occurrences were due to strategic risks (i.e. consumer demand, M&A, competitive threats), 30 percent were caused by operational risks, and 9 percent were due to financial risks.[4] Yet, in practice, a lot of Enterprise Risk Management (ERM) programs downplay or ignore strategic risks.

Importance of strategic risk

The importance of strategic risk has risen along with both “regulatory and stakeholder expectations”. In 2005, the Corporate Executive Board—now under Gartner—published a study on Fortune 1000 companies between the years 1998 and 2002, and the types of risks that affected them the most. These companies comprised the top 20% who faced the most drastic “market value declines”, and the number one risk they had in common was strategic risk (the second and third being operational and financial risk, respectively).[5]

There are many possible kinds of strategic risk. For example, according to a different study by CEB, published 2010, companies whose cultures do not put a strong emphasis on integrity, have been found to be 10 times more likely to commit unethical acts than those who do. CEB’s Dan Currell states that such a factor may seem obvious, but is difficult to enforce in reality. A firm must establish an environment in which employees feel comfortable in communicating with each other, both managers and subordinates alike.[6] Not addressing the strategic risk—or simply changing one’s corporate culture—is much more likely to incur compliance and other business risks. CEB’s Matthew Dixon states several factors that are not wrong, but ineffective in today’s most common customer service strategies—chiefly, the idea that a customer service worker should do everything they can to please the customer, or what many call “going the extra mile”. Instead, Dixon claims a defensive approach, where the customer service worker is instead responsive, would be much less costly and require generally less resources, including “burn[ing] out” one’s employees and improved concentration.[7]

Declines in market value

Deloitte & Touche LLP and Deloitte Research, a part of Deloitte Services LP, conducted research in 2005 and analyzed the major declines the shareholders experienced in market value.[citation needed] The Corporate Executive Board and James Lam & Associates research also did research on the same however they used different organizations and time frame.[citation needed]

Deloitte Research approached Thomson Financial Global 100 Companies from 1994 to 2003 to complete the research. Their discovery was astonishing as they noticed, compared to the Morgan Stanley Financial World Index, the stock price decrease just after one month.

The main conclusion to this research was that most of the companies that had large losses had more than one type of risk. Out of the 100 largest declines the most affected group was strategic risk management with an astonishing 66 companies involved.

The second largest decline involved 62 companies claim business decline due to external events. The third decline involved operational risk with 61 companies claiming operational risk. The last high percentage of risk would include 37 companies claiming financial risk. Most companies overall lacked intelligence to offer quick responses to developing problems.

Overall most companies failed to plan for high impact risks and meet customer needs, business and economic trends, and technology trends.[citation needed]

Implementation and assessment methods

Implementation of the risk management plan requires the company to consider a couple factors for the success and effectiveness of the risk management plan. First, the firm must assign responsibility to a risk manager or managers to ensure the management plan can be carried out and individuals risks’ owners are identified. This assignment gives individuals adequate authority and access to resources to ensure the success of the management plan. Therefore, it is important that the management team sets a clear outline as to who is responsible and for what areas of the strategic risks. Secondly, in a broader sense, the company must remain committed to the plan. This commitment should include providing adequate financial and human resources for risk managers to carry out the implementation of the plan. Most importantly, the risk manager must understands that evolving nature of the risk management plan, and to adjust the plan accordingly to reflect the changes in the phrases or stages of a strategy. For example, a risk being addressed may not be as important as previously thought; therefore, the management team should reflect such change in its plan and allocate resources originated from this risk to other ones. Also, certain risks addressed will or will not occur at a particular stage or phase of a project, and the management team should update such change to keep the plan current. Keeping a current plan frees up resources to those risks identified as more current or severe. Certain risks might result in overspending or under, affecting the resources available for the management plan. Thus, the adequacy of the financial and human resources for the success of the risk management plan should be frequently reevaluated to give as much advance warning as possible for excess contingency or future inadequacy.

Assessment of the strategic risk must involve a cross-functional team that establish and maintain a review process for the company’s new and current strategy. The cross-functional team should include representatives from key departments within the organization such as management, marketing, legal, operations, and technology. By assembly a cross-function team for the assessment of strategic risk allows the company to obtain a dimensional perspective on its strategy, receiving different inputs to fully grasp the situation. The assessment should establish objective criteria for each strategy. To assess a particular strategy, the team should also consider whether the risks being addressed may be derived from sources such as government policy, macroeconomics, natural, social industrialization and technological uncertainty. For instance, a cosmetic company wants to upgrade its products overseas as a strategy to leverage its revolutionizing technology to gain comparative advantage must consider whether such technology is in compliance with the local government or not.

Mitigating strategic risk

Since strategic risk comes from the business strategy of a company, it is important for top management and the board of directors to be involved in creating a plan to reduce risk in this area. Management should use their knowledge of the company and its industry to formulate a strategy, and work in collaboration with the board of directors to identify and assess possible risks associated with that strategy. It is then the role of the board to decide upon an acceptable level of risk and whether the potential gains from the strategy proposed are worth the risk.[8]

Three approaches to managing strategic risk include:

  • Using independent experts
    • Experts from outside of the firm can be used to periodically assess the risk level of projects
  • Facilitators
    • A central group manages risk across different departments of a company by collecting information from operating managers and creating a comprehensive review of the company’s risk
  • Embedded experts
    • In industries such as financial services where the company’s level of risk is highly variable and dependent upon the actions of traders and investment managers, risk experts can work alongside these employees to continuously monitor and assess their daily actions [9]

Strategic risk management framework

By following a strategic management process, a company can ensure that risk is addressed at every step of

  • Strategic risk profile analysis
    • In this step, risks are identified by examining factors that could affect the business. These could be internal factors, such as the organization’s structure and culture, or external factors such as industry trends, consumer preferences, or the regulatory environment the company is operating in. A SWOT analysis can be performed to evaluate and prioritize certain risks.
  • Formulation of strategic plan
    • Using insight gained from the analysis, the company outlines proposed strategies and defines the objectives and goals needed to carry out its strategic mission/vision. The strategic plan should detail key risk metrics and performance indicators to measure, how they will be measured, and who is responsible for managing them. It should also establish thresholds, or trigger points for these metrics, which will be used to determine when management should take action to mitigate or accept more risk.[10]
  • Implementation
    • During this step, the company puts the strategy into practice through their operations. This includes setting budgets and the organizational structure. This is also where strategic risk is controlled and managed by monitoring the risk metrics identified during the analysis.[11][12]


  1. ^“What is strategic risk? definition and meaning –”. BusinessDictionary. WebFinance Inc. Retrieved December 9, 2018.
  2. ^“James Lam & Associates”. Retrieved 2018-12-10. James Lam Associates (JLA) is an independent consulting firm founded in 2002 by James Lam. The firm is exclusively focused on risk management and works directly with chief risk officers (CROs), CEOs, CFOs, and other executives from global financial institutions, energy firms, multinational companies, and government service organizations The firm offers consulting services in all aspects of risk management and board and executive training services.
  3. ^ Jump up to:ab , Lam. Enterprise risk management : from incentives to controls (Second ed.). Hoboken, New Jersey. ISBN 9781118834367. OCLC 874147295.
  4. ^“Strategic Risk Management: The next frontier for ERM” (PDF). Retrieved 2018-12-10.
  5. ^Lam, James (2014). Enterprise Risk Management. Hoboken, New Jersey: Wiley. pp. 434–437. ISBN 9781118413616.
  6. ^“CEB – Press Release | What the Best Companies Do™”. CEB Global. Arlington, Virginia. September 15, 2010. Retrieved December 9, 2018.
  7. ^Trapp, Roger (September 30, 2013). “Defense Can Be Better Than Offense In Customer Service”. Forbes. Retrieved December 9, 2018.
  8. ^Goodfellow, James L. (2004). “Managing strategic risk: a new partnership between the board and management”. Strategy and Leadership. 32: 45–47. ProQuest 194365701.
  9. ^Kaplan, Robert S.; Mikes, Anette (2012-06-01). “Managing Risks: A New Framework”. Harvard Business Review. Retrieved 2018-12-10.
  10. ^Lam, James (2014). Enterprise Risk Management. John Wiley & Sons, Inc.
  11. ^“Strategic Risk Management Framework” (PDF). Insurance Commission of Western Australia. July 15, 2016.
  12. ^Andersen, Torben J. (September 2005). “A Strategic Management Framework for Multinational Enterprise”.


Ofer Abarbanel online library