Risk Management and Strategic Fit: The Critical Connection
Tags: align internal objectives, effective risk management, external environment, organisational strategy, risk management, risk management software, strategic fit
This article considers the vital relationship between strategic fit and risk management. It examines the part risk managers should play in ensuring the organisation is well positioned against ‘foundational’ exposure. Finally, it provides an example of how to do this using risk management software as a mechanism to streamline the process and improve oversight.
Strategic Fit hasn't really received much by way of coverage in risk management literature, yet it plays a fundamental role. Within risk management circles, not everyone will be entirely familiar with the term ‘Strategic Fit', although the concept is highly relevant, and quite easy to grasp. So what is it?
Strategic Fit concerns itself with how the organisation engages with two critical areas:
- The organisation's external environment
- The organisation's internal environment.
Consider your own situation; your organisation has a primary purpose for existing which it is required to realise. Yet your organisation exists within an external environment, an environment that presents both opportunities and threats that could support or derail this purpose.
To maximise the possibility of success your organisation must correctly align itself to its external environment. This means ensuring the organisation identifies these opportunities and threats then develops a strategy designed to optimise its ability to meet and overcome the threats, whilst exploiting the opportunities. This is a challenge is faced by the leaders of every type of organisation. It matters not whether your organisation is a private sector company aiming to sell more products or services, a local council looking to prioritise and meet the needs of constituents within tight budgetary constraints, or a police force looking to reduce crime, the threat of crime, or the perception of crime within its communities. The ability of your organisation to realise success is in large degree related to its ability to correctly align itself to its external environment.
But let's assume you get this first part right; your organisation has devised a strategy to successfully align itself with its external environment, with clearly defined and measurable objectives, at a strategic level. The next task is to ensure that the activities, child objectives, and resources required to underpin this strategy are correctly defined and implemented at each subordinate level within the organisation. The larger the organisation, the more challenging this is to do.
From a risk management standpoint, how well your organisation aligns itself to its external environment, and aligns itself internally, to meet its strategic objectives, will have a considerable impact on the organisation's risk management workload. If the organisation is poorly aligned to meet the threats and opportunities present in its external environment then this misalignment will manifest itself in the form of risk – risk that movements by competitors, legislation, technology, markets, or the economy will directly threaten your organisation and its objectives. Equally, tangible opportunities will be missed because your organisation is not geared up to exploit them. Risk management professionals will spend a lot of their time dealing with risks that arise as a direct result of external strategic misalignment, internal strategic misalignment, or both.
Since the general rule has always been that prevention is better than cure, and history demonstrates that in the vast majority of instances the cost of preventative action is actually considerably less than the cost of remedy, risk management professionals and leaders might want to reflect on the significance of strategic fit, as it is likely to be a primary source of risk and missed opportunity to the organisation.
Is there a solution?
From a risk management perspective, there are steps that can be taken to reduce the impact of a poor strategic fit. For instance, having a Chief Risk Officer can ensure risk management representation at senior management level. This can ensure greater risk management input and insight into organisational strategy during development, and provide the risk function with early sight of potential threats or opportunities as identified in a strategic environmental audit. Early awareness of identified risk, or the identified potential for risk, improves the opportunity for preparedness and risk oversight.
Risk management can play a part in working with senior management and managers at all levels within the organisation to consider how effectively aligned the organisation is internally. Whilst it is entirely understandable that events may occur out of nowhere in the external environment that the organisation is forced to respond to, poor internal alignment is something that is within the organisation's control. Some within the risk management arena may consider this outside the scope of their remit, but are risk managers supposed to sit back where internal misalignment is likely and wait for the risks to manifest themselves, or should early engagement and actions to examine internal alignment be considered in order to engage in the exact kind of impact preventative activities risk management is intended to deliver.
The two key steps here would appear to be:
1. From an external fit perspective, early sight of a through corporate environmental analysis, out of which the risk team glean a deep understanding of the environmental threats and opportunities – along with understanding the drivers that may trigger the emergence of some of these risks.
2. From an internal fit perspective, examining the organisation, to see if the organisation is realistically aligned internally to deliver on its strategy. This may mean looking at the strategic objectives, and then viewing the child or grand child objectives and resources at each descending tier within the organisation to ensure they have been developed and defined in a manner consistent with the requirements to make the realisation of the strategic objectives a reality.
From the perspective of a risk management software provider, Epiphany has factored this into its risk management software solution (Risk Network). However, as general word of advice, the key here is to ensure that any strategic objective can be realised through the sum of its component parts (child objectives), and that any such calculation also factors in timeline and resource requirements. There is no point confirming that a machine can produce the desired number of widgets if that volume of widgets takes twice the time or twice the cost needed to effectively realise the strategic objective.
Whatever approach you take, the ability to document organisation objectives, to view the linkages and contributions made by each child objective and subordinate organisational tiers toward the realisation of strategic aims can be a very powerful tool. This is not just for risk managers, as good risk management is an organisational activity and not just the function of specialist risk professionals. When managers within an organisation are clear on their contribution to a strategic objective, and can ensure activities within their span of control are focused on realising those objectives, at that point the organisation becomes internally strategically aligned, and reaps the rewards of additional strategic focus.
How Risk Network supports good strategic fit:
The approach Epiphany adopts is as follows:
1. Organisational Structure: A mirror of your organisation is created in Risk Network. This may sound complex but it is actually quite easy to do, typically taking just a few minutes to complete. It literally means inputting your organisation's structure, its tiers, divisions, departments, and functions with their labels into Risk Network (you can do this straight off your structure chart). Risk Network is designed so that it understands where all of these organisation elements sit within your organisational structure.
2. Strategic Objectives: Strategic objectives are input into this model of your organisation at the highest organisational level. Risk Network allows you to record comprehensive information about each strategic objective; defining exactly what it entails and how it ties into the organisation's mission and values. This can then be made visible down through the organisation to help overcome the already noted communication challenges relating to organisational strategy.
3. Child Objectives: Risk Network enables you to realise internal strategic alignment. Child objectives are recorded in Risk Network at each appropriate subordinate level within your organisation. These are linked to the relevant strategic objective, ensuring all strategic objectives are effectively supported by child objectives right down though the organisation. Using Risk Network you can select any strategic objective and immediately see all of its child objectives wherever they sit down through the organisational structure. These child objectives can be viewed in detail to ensure they have been developed to meet the requirements of the parent strategic objective. This gives your organisation a very powerful tool to keep the organisation aligned internally.
4. Risks: Risk Network not only gives you a comprehensive risk management framework, it allows you to capture external risks against the appropriate objective at the appropriate level within the organisation. Risks that threaten the organisation at a strategic level can be recorded at that level, with the key participants and actions engaged to manage the risk response. This ensures the organisation stays responsive to emerging environmental risk and remains strategically aligned to its external environment.
Overall, the Epiphany approach to risk management will enable your organisation to keep itself aligned to its external environment, realise very effective internal alignment, with clear oversight over activities, improve the clarity and communications of strategic objectives, and improve focus across the organisation, which in turn improves performance. Finally, Risk Network can also capture and report on the progress of any objective, allowing your organisation to see how the realisation of child objectives keeps the realisation of strategic aims on track. These are capabilities a spreadsheet simply cannot match.
If you would like to see how Risk Network helps organisations realise greater strategic alignment, and optimise the management of risk, contact us. Our product managers are happy to give you a presentation that explains how Risk Network functions, and its framework for managing risk. You are free to consider the Risk Network approach and determine if it suits your organisational needs.
If you have any thoughts or comments on this article, please feel free to submit them.
Comments (2)
the idea that you can use risk management software to sort out a companys strategy is a new one. but i dont see it working. risk managers do not have the skill to be involved in strategic planning. most of these people would not be capable of 'aligning' the organisation (to steal your phrase).
you have too much faith in the skill of risk managers. risk managers are middle managers, not corporate leaders.
Just responding to your comment. I work for Epiphany as an Account Manager - just disclosing my bias.
We don't expect Risk Managers to write the corporate strategy. The organisations leaders devise the strategy and the specific objectives they are aiming to achieve. These objectives are captured and placed on Risk Network in a very user friendly format - so they are clear, easy to understand and meet the SMART requirement.
This allows managers and personnel at all levels to engage in the process of aligning their activities to the corporate mission. Whilst this is typically driven from the top down, it also helps communicate the organisation's objectives, keep them clear and in the fore of peoples minds, and offers a reference point to clarify any questions on the organisations direction or priorities.
Risk Managers don't need to lead this process, but they are a part of it, and Risk Network give the organisation the ability to see its objectives from the very top and how they break into component parts. This means they can check that all activities are aligned and the organisation is positioned to go after its objectives in an efficient and effective manner.
Risk Managers need to know this, as having parts of the organisation out of sync with strategy would obviously be a concern, would be a cause of waste, and could undermine the realisation of strategic or departmental objectives.
Organisations often invest heavily in the realisation of strategic aims. Therefore it makes sense to deploy systems that monitor those aims, keeping them on track, enabling them to identify and respond to risks as they emerge. Risk Managers are able to do this with Risk Network.
Risk Management is often under valued in organisations. However, as you can see, it can play a key role in supporting the organisation in the realisation of its objectives.
Hopefully this clarifies the article, and helps with your point of contention.