Strategic risks can expose an organization to loss and even extinction when unrecognized or unmanaged. Think of the many well-known companies that have ceased to exist due to a failure to recognize the risks coming from new technology, changing customer preferences, heightened competition, new regulatory burdens or socio-economic volatility.
It has always been the responsibility of the board, CEO and senior leadership team to develop, approve and execute the strategy to analyze the risks involved in the direction they have chosen to take. Generally, however, none of the individuals in these roles are trained in discerning risks and some are not inclined to. They are more focused on preserving the status quo, if it is currently positive, or on chasing new opportunities while discounting the risks. The chief risk officer is keenly aware of marketplace risks and knowledgeable about risk management, but if he or she not involved in strategy setting or strategic discussions in their companies, such insight is likely missing when strategic decisions are being made.
Companies underestimate strategic risks to their detriment. To that end, the following are three common strategic risk areas that companies need to take seriously.
The Risk in Too Much Expansion
The risks inherent in significant growth are many and varied. Most management teams know there are risks to major expansion efforts, but do not alwaysdo a thorough analysis on each one with the right group of experts. Some of the specific risks associated with over-expansion include:
- Expanding into areas that do not share the same characteristics or competitive landscape as currently successful markets or locations.
- Expanding at the wrong time, such as when retail store chains expanded rapidly while online sales were on the rise.
- Expanding despite the existence of problematic internal indicators, such as diminishing customer satisfaction or lack of innovation, that need more urgent attention.
The Risk of Maintaining the Status Quo
Although it has become clear over recent decades that innovation is an essential business characteristic, there are still companies that are not innovating or not innovating enough. Some companies choose to maintain the status quo because they fear change or because they simply lack the skill to innovate. This opens them up to a number of risks.
First, the lack of or slow adoption of new technology has decimated more than one industry sector over the years. At the same time, other industry sectors have tweaked or dramatically modified their business models to integrate the new technology within their customer-facing or back-office operations in a timely fashion. For example, COVID-19 has accelerated the spread of telemedicine, which requires providers to use many different types of advanced technology.
Societal or customer preference changes can also sneak up on companies focused solely on business-as-usual. For example, as consumers have become more health-conscious, some companies continued producing non-healthy foods and their sales and profitability were affected. Other companies were quick to make product modifications or to diversify into different product lines. The risks to such companies should have been identified and addressed before they became disadvantaged in the marketplace.
Legal and regulatory change can also create risks for companies. This is especially the case now when the attention on climate change is creating restrictions for industries from energy to transportation to manufacturing. As social inflation raises the levels of jury awards, insurers that recognized the trend early put more emphasis on such things as arbitration within policy terms and settlement negotiation training for staff, for example.
The Risk of Rapid Growth
While investors like to see growth, rapid growth can carry risk. Amid rapid growth all the attention is generally focused on getting more products or services out the door. That often means concomitant risks or unintended consequences are ignored.
For example, rapid growth can get ahead of the talent or infrastructure needed to support it. This can strain the bandwidth of management and potentially lead to poor decision-making. In such a scenario, quality diminishes and customer dissatisfaction increases, resulting in growth or profit reversal. Rapid growth can also require cash outlays in advance of new revenue, which can destabilize the balance sheet and even lead to insolvency. Many neighborhood restaurants have failed after becoming the “in” place to eat (in pre-COVID 19 times) because they did not recognize and manage the risks inherent in rapid and significant growth.
Managing Strategic Risks
Like any other risk, strategic risk can be avoided or mitigated by the actions that management teams might put in place before the risks reach damaging or unmanageable levels.
Without the involvement of the CRO in strategic planning, however, there is strong potential that strategic risks will not be treated as risks. It is not that the CRO is expected to be the only person who will identify each risk or develop the appropriate mitigation. What the CRO will be expected to do is: 1) ask the questions that will help identify strategic risks, 2) solicit and contribute to developing mitigation plans to address the risks, and 3) record and monitor the risks and mitigations. In other words, the CRO can provide diligence, insight and structure to better ensure that strategic risks are managed well.