Strategic Risk Management Framework

Risk Management and Strategic Planning

Strategic management is the continuing process of aligning the internal capabilities of the organisation with
the external demands of its environment. It involves the formulation and implementation of strategies to
achieve the organisations goals and objectives. It is an iterative process, in which management of change,
monitoring and review are important parts.

A strategic plan is a comprehensive master plan that states how the organisation is going to achieve its
mission and objectives. Anything that has a bearing on that is strategic. Strategic management is the set
of managerial decisions and actions that determines the long run performance of the organisation.

Strategic risk management is the identification and management of risks likely to have a material impact on
the organisations ability to achieve its mission and objectives.

The risks identified and evaluated as a part of the strategic planning process will be risks that affect the
entire agency and its ability to achieve its mission. This is the point at which the agency will identify risks
which will prevent the agency from exploiting its opportunities and strengths, expose its weaknesses and
fail to address threats to the agency.

Strategic Risk Management

There are two elements to the management of risks at a strategic level and these are:

1. The identification/evaluation/management of risks in the strategic decision making process.

Risks are identified at each state of the planning process, for example:
o Examination and evaluation of current mission, objectives, etc.
o External environmental analysis
o Internal environmental analysis
o Development and evaluation of alternative strategies
o Selection of strategies

2. The identification/evaluation/management of risks associated with particular strategies (current) and

their implementation.

As our businesses are going concerns, there are strategic plans in various states of implementation.
Therefore, the particular approach for your agency must reflect the current situation.

The following flow diagram shows how risk identification becomes an integral part of the strategic planning
process.

Page 1 of 4

RiskCover Risk Management Guidelines Last updated 15 July 2016

 Example Strategic Planning Process
Strategic Performance Review
Financial Performance Operational Performance Mission/Vision Existing Goals and
Objectives
Achieved? Did anything go wrong?

Stakeholder Profile
Stakeholder Expectations Impact if not met

Strategic Risk Profile

Environment Scan of Strategic Factors
Internal External
Structure Culture (Beliefs, Resources (Assets, Societal (General Task (Industry
(The Organisation) Expectations, Values) Skills, Competencies, forces) analysis)
Knowledge, Systems)

Strategic Risk Profile

SWOT Analysis
Strengths Weaknesses Opportunities Threats
Risks to strengths Risks that can arise from Risks the accompany Outright risks
weaknesses opportunity

Strategic Formulation
Mission/Vision Goals and Critical Objectives and KPIs Strategies Policies
Success Factors
Achievable? What can go wrong? Are all threats avoided and weaknesses minimised in respect to mission, goals and
objectives?

Strategic Implementation (Operational Planning)

Programs Budgets Procedures
Can anything go wrong in this state that will impact achievement?

Evaluation and Control

Are there any weaknesses in information, management or control systems, or reporting?

Page 2 of 4

RiskCover Risk Management Guidelines Last updated 15 July 2016

 1. Strategic performance review

Strategic Performance Review

Financial Performance Operational Performance Mission/Vision Existing Goals and Objectives
Achieved? Did anything go wrong?

Review how the organisation has performed against previous goals/objectives:

a. Were they achieved?
b. Did something prevent you from achieving your goals/objectives?
c. Were all performance targets met?

This review will highlight anything that should be taken into account for future planning.

2. Stakeholder Profile

Stakeholder Profile
Stakeholder Expectations Impact if not met

Identify who the organisations’ stakeholders are and their expectations. In addition, it is important to
consider what the consequences will be if their expectations are not met.

This should sharpen the focus and ensure that the strategies you are adopting will meet the needs and
expectations of the stakeholders.

3. Environmental Scan

Strategic Risk Profile

Environment Scan of Strategic Factors
Internal External
Structure Culture (Beliefs, Resources (Assets, Societal (General Task (Industry
(The Organisation) Expectations, Values) Skills, Competencies, forces) analysis)
Knowledge, Systems)

Environmental scanning identifies factors which influence what the organisation will do and how it will do it.
It covers both the internal and external environmental factors. From the environmental scan the
organisation can assess where its sits in relation to industry, society’s expectations, and how it is situated
to appropriate respond to market trends or demands.

Page 3 of 4

RiskCover Risk Management Guidelines Last updated 15 July 2016

 4. SWOT

Strategic Risk Profile

SWOT Analysis
Strengths Weaknesses Opportunities Threats
Risks to strengths Risks that can arise from Risks the accompany Outright risks
weaknesses opportunity

A SWOT analysis is used to identify strengths, weaknesses, opportunities and threats. These risks are
then evaluated in terms of impact upon achievement of objectives.

5. Strategy Formulation

Strategic Formulation
Mission/Vision Goals and Critical Objectives and KPIs Strategies Policies
Success Factors
Achievable? What can go wrong? Are all threats avoided and weaknesses minimised in respect to mission, goals and
objectives?

In this stage, strategies are identified to achieve goals and objectives whilst being focused on the
organisations mission/vision. An assessment of the risks and opportunities associated with each proposed
strategy and the potential for impact upon the achievement of objectives, should be an integral part of this
step.

This is the creative stage of developing strategies that will deliver the organisation’s goals and objectives,
mission and vision without exposing it to unacceptable risk.

6. Strategy Implementation

Strategic Implementation (Operational Planning)

Programs Budgets Procedures
Can anything go wrong in this state that will impact achievement?

Once the strategies are decided upon, the process of implementing them carries a new set of risks. Each
of these risks need to be identified and appropriate risk minimisation strategies built into the implementation
plan.

7. Evaluation and Control

Evaluation and Control

Are there any weaknesses in information, management or control systems, or reporting?

There needs to be system reviews which ensure that the process is implemented efficiently and effectively
and progress needs to be reported. Mechanisms need to be put in place to monitor the implementation of
the strategic plan and identify any new risks arise. The annual strategic review process needs to be
programmed so as there is an opportunity for a formal review.

Page 4 of 4

RiskCover Risk Management Guidelines Last updated 15 July 2016