Strategic risk thinking, mindset and decision making are common phrases used in the boardroom and executive management discussion fora. These phrases simply mean taking business decisions and actions that are key to the long-term survival, growth, success and sustainability of a company while keeping in mind the information about known risk exposures and the sizes of the risks to the company.
Are you a beginner in the GRC space or an experienced one but finding it challenging to:
a) interpret these terminologies – strategic thinking, mindset and decision making?
b) comprehend how to compute values for the key risk strategic decision-making elements?
c) interpret the implications of the risk computation results on your company?
d) leverage the computed risk information to drive strategic business decisions and choice of actions for navigating the risks in line with the company’s risk appetite and mindset?
This blog post provides some insights on what to do.
Risk Defined
Risks are uncertain events that can have negative or positive impacts on assets and operations leading to the inability or ability to achieve specific predefined goals and objectives. Risk is everywhere, but the most talked and written about is the negative risks that impact organizations, because of adverse effects on the achievement of the organizational strategic pillars that ensure the long-term success and continuity of the organization. Below are some examples of the popular organizational strategic pillars that ensure long term success and continuity of the organizations:
- Revenue Growth.
- Exceptional customer experience.
- Best choice place to work.
- Cost Optimization.
- Profit Maximization.
- Brand Protection.
Below are some examples of the adverse effects negative risk events can have on the organization’s strategic objectives:
- Injury and deaths resulting litigations, lawsuits and heavy compensations
- Damage and loss of critical Physical and logical assets
- Data protection and confidentiality breaches
- Financial loss,
- Service and project delays and cost overruns
- Operational disruptions.
- Customer dissatisfaction
- Regulatory penalty and fine
- Company license withdrawal and liquidation Distrust, reputational damage and loss of goodwill.
The uncertainties in the risk definition create worries of what surprises can spring up in the future. However, the drive to stay connected and committed to the organizational strategic pillars spurs the business leaders to adopt good risk treatment actions to effectively navigate the risks.
A risk could be known, unknown or emerging.
Known risks are matured and well-understood risks. Emerging risks are developing or evolving risks and are not yet well understood. As emerging risks are developing, the trends are understudied to learn more about the behaviours. Unknown risks are not yet discovered.
A good risk management principle is to focus on managing known risks and keeping watch over emerging risk trends to learn more and master the characteristics and detect when status has upgraded to known risks while digging deeper to uncover unknown risks.