What's Your Question?

How to Create a Strategic Plan

Looking for a way to take your company in a new and profitable direction? It starts with strategic planning. Keep reading to learn what a strategic plan is, why you need it and how you can strategically create one.

What Is a Strategic Plan?

When it comes to business and finance, strategic planning will help you allocate your resources, energy and assets. When implemented, a strategic plan will begin to move your operations in a more profitable direction. The primary goal of the plan is to ensure you and any other stakeholders are on the same page and striving to reach the same goal.

Creating a strategic plan requires a disciplined effort. Once you put the plan into action, it will influence the segment of customers that you target, how you serve those customers and the experience those customers have.

Assess the Current Infrastructure and Operations

The first step in creating a strategic plan is to carefully assess your existing infrastructure and operations. You can do this through a SWOT analysis, which is an analysis of the company’s strengths, weaknesses, opportunities and threats. The goal here is to pinpoint the resources that you use to carry out your day-to-day operations, to look at your monthly revenue patterns, to list any company challenges related to the customer experience and, most importantly, to look at your marketing methods and ways to improve the overall customer experience.

Creation of Mission Statement and Objectives

The next step is to create a mission statement. You may already have one, but it’s important to note your mission at the top of the strategic plan document you create. This ensures everyone is focused on the same goal. Your mission statement should cover why you started the company and what you intend to accomplish through the products and services that you offer.

In addition to the mission statement, make sure to outline both short- and long-term objectives. List the objectives according to their priority and designate certain managers or employees to be responsible for each one. Also, jot down the resources that will be used to achieve each objective.

Measure Performance

Now that you know what you’re trying to achieve and who is responsible for each goal, it’s time to deploy the plan and measure its progress. A weekly meeting is extremely important for all managers and stakeholders provide feedback. Your goal is to determine if the company is headed in the right direction. If not, you’ll need to revise the strategic plan accordingly.

Strategic Plans Are Ongoing

Once your strategic plan helps you achieve several objectives, it’s smart to regroup and set new objectives. As your company grows, you can set new goals to ensure the company keeps moving forward. You can share the success of your strategic plan with potential investors as a way to tap into new capital funding.


risk management and strategic planning


Controversial thoughts about modern day risk management in non-financial companies, training and consulting services.

risk management and strategic planning

4 steps to integrate risk management into strategic planning

Let me first start by saying integrating risk management into strategic planning is NOT doing a strategic risk assessment or even having a risk conversation at the strategy setting meeting, it is so much more. You will also find it difficult to relate if the objectives have not been defined or documented in your company or if the objectives are not measurable. 

Kevin W Knight, during his first visit to Russia a few years ago, said ‘ risk management is a journey… not a destination’. Risk practitioners are free to start their integration journey at any process or point in time, however, I believe that evaluating strategic [email protected] can be considered a good starting point. The reason why I think this is a good starting point is because it is relatively simple to implement, yet has an immediate and a significant impact on senior management decision making.


Any kind of risk analysis should start by taking a high-level objective and breaking it down into more tactical, operational key performance indicators (KPIs) and targets. When breaking down any objectives it is important to follow the McKinsey MECE principle (ME – Mutually Exclusive, CE – Collectively Exhaustive) to avoid unnecessary duplication and overlapping. Most of the time strategic objectives are already broken down into more tactical KPIs and targets by the strategy department or HR, so this saves the risk manager a lot of time.

This is a critical step to make sure risk managers understand the business logic behind each objective and helps make risk analysis more focused.

Important note, while it should be management’s responsibility to identify and assess risks, the business reality in your company may be that sometimes the risk manager should take the responsibility for performing risk assessment on strategic objectives and take the lead. 

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –




Once the strategic objectives have been broken down into more tactical, manageable pieces, risk managers need to use the strategy document, financial model, business plan or the budgeting model to determine key assumptions made by the management.

Most assumptions are associated with some form of uncertainty and hence require risk analysis. Risk analysis helps to put unrealistic management assumptions under the spotlight. Common criteria for selecting management assumptions for further risk analysis include:

  • The assumption is associated with high uncertainty.
  • The assumption impact is properly reflected in the financial model (for example, it makes no sense to assess foreign exchange risk if in the financial model all foreign currency costs are fixed in local currency and a change in currency insignificantly affects the calculation).
  • The organisation has reliable statistics or experts to determine the possible range of values and the possible distribution of values.
  • There are reliable external sources of information to determine the possible range of values and the possible distribution of values.

For example, a large investment company may have the following risky assumptions: the expected rate of return for different types of investment, an asset sale timeframe, timing and the cost of external financing, rate of expected co-investment, exchange rates and so on.

Concurrently, risk managers should perform a classic risk assessment to determine whether all significant risks were captured in the management assumptions analysis. The risk assessment should include a review of existing management and financial reports, industry research, auditors’ reports, insurance and third party inspections, as well as interviews with key employees.

By the end of this step risk managers should have a list of management assumptions . For every management assumption identified, risk managers should work with the process owners, internal auditors and utilise internal and external information sources to determine the ranges of possible values and their likely distribution shape .




The next step includes performing a scenario analysis or the Monte-Carlo simulation to assess the effect of uncertainty on the company’s strategic objectives. Risk modeling may be performed in a dedicated risk model or within the existing financial or budget model. There is a variety of different software options that can be used for risk modeling. All examples in this guide were performed using the Palisade @Risk software package , which extends the basic functionality of MS Excel or MS Project to perform powerful, visual, yet simple risk modeling.

When modeling risks it is critical to consider the correlations between different assumptions. One of the useful tools for an in-depth risk analysis and identification of interdependencies is a bow-tie diagram. Bow-tie diagrams can be done manually or using the Palisade Big Picture software . Such analysis helps to determine the causes and consequences of each risk, improves the modeling of them as well as identifying the correlations between different management assumptions and events.

The outcome of risk analysis helps to determine the risk-adjusted probability of achieving strategic objectives and the key risks that may negatively or positively affect the achievement of these strategic objectives. The result is [email protected].



Risk managers should discuss the outcomes of risk analysis with the executive team to see whether the results are reasonable, realistic and actionable. If indeed the results of risk analysis are significant, then the management with the help from the risk manager may need to:

  • Revise the assumptions used in the strategy.
  • Consider sharing some of the risk with third parties by using hedging, outsourcing or insurance mechanisms.
  • Consider reducing risk by adopting alternative approaches for achieving the same objective or implementing appropriate risk control measures.
  • Accept risk and develop a business continuity / disaster recovery plan to minimise the impact of risks should they eventuate.
  • Or, perhaps, change the strategy altogether (the most likely option in our case)

Based on the risk analysis outcomes it may be required for the management to review or update the entire strategy or just elements of it. This is one of the reasons why it is highly recommended to perform risk analysis before the strategy is finalised.

At a later stage, the risk manager should work with the internal audit to determine whether the risks identified during the risk analysis are in fact controlled and the agreed risk mitigations are implemented.


Please comment, share and like.

– – – – – – – – – – – – – – – – – – – – –

RISK-ACADEMY offers decision making and risk management training and consulting services. Our corporate risk management training programs are specifically designed to promote risk-based decision making and integrating risk management into business processes. Risk managers all over the world call us in to help sell idea of integrating risk analysis into decision making and using quantitative risk analysis techniques. Check out most popular course for decision makers  or our dedicated programs to help risk managers learn the foundations of quant risk analysis . We can also help audit risk management effectiveness or develop a roadmap for risk management integration into decision making  

Check out other decision making books

risk management and strategic planning

RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko , known for his risk management blog , has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.

Please share to improve risk literacy

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Skype (Opens in new window)
  • Click to print (Opens in new window)
  • Click to email a link to a friend (Opens in new window)

risk management and strategic planning

Published by Alex Sidorenko

View all posts by Alex Sidorenko

16 thoughts on “ 4 steps to integrate risk management into strategic planning ”

Hi Alex,Congratulations for the very nice presentation!

  • Pingback: Risk Management Could Be a Powerful Tool, But it Just isn’t (part 1) – RISK-ACADEMY Blog
  • Pingback: Here is a small lesson I learned a while back – RISK-ACADEMY Blog
  • Pingback: RISK-ACADEMY top blog posts in 2017 – RISK-ACADEMY Blog
  • Pingback: COSO ERM 2017 – full review by Alex Sidorenko (part 1) – RISK-ACADEMY Blog
  • Pingback: COSO ERM 2017 – full review by Alex Sidorenko (part 2) – RISK-ACADEMY Blog
  • Pingback: 4 steps to integrate risk management into strategic planning - РИСК-АКАДЕМИЯ АНО ДПО ИСАР
  • Pingback: COSO ERM 2017 – full review by Alex Sidorenko (part 1) RISK-ACADEMY Blog
  • Pingback: 4 steps to integrate risk management into strategic planning - RISK OWNER by RISK-ACADEMY
  • Pingback: Most influential risk management articles of 2021 RISK-ACADEMY Blog

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed .

Risk academy logo

5 Steps to Effective Strategic Risk Management

Tape measure analyzing risk and meter showing low risk

Mike Rost SVP, Investor Relations and Corporate Development

Strategic risk management is a crucial, but often overlooked, aspect of enterprise risk management (ERM) . Traditionally, ERM has focused on financial and operational risk. However, the fact is that strategic risk is far more consequential . 

Harnessing the Power of Technology in ERM Download white paper

What is strategic risk? 

Simply put, strategic risks are risks that a company takes that could potentially result in a major loss. 

A company that has superior and unmatched manufacturing processes will still fail if their consumers no longer want their products. This was the lesson that was learned by even the most efficient buggy whip makers once Henry Ford introduced his Model T in 1908. Cellphone handset manufacturers faced a similar crisis when the Apple® iPhone® arrived on the scene. 

Identifying strategic risks enables organizations to develop an effective strategic risk management strategy to effectively combat the root cause and mitigate risk due to competition, market or industry changes, and other external risks such as changes in customer demand.

What is strategic risk management? 

Strategic risk management is the process of identifying, quantifying, and mitigating any risk that affects or is inherent in a company’s business strategy, strategic objectives, and strategy execution. Types of strategic risks may include: 

Shifts in consumer demand and preferences

Legal and regulatory change

Competitive pressure

Merger integration

Technological changes

Senior management turnover

Stakeholder pressure

As industry expert James Lam says, strategic risk is the big stuff, and prioritizing strategic risk management  means sweating the big stuff first. In other words, an effective strategic risk management framework will prioritize understanding the risks that your business faces to take the necessary steps to protect your assets and your business.

Strategic risk is a bell curve

Bell curve distribution of outcomes

Like any risk, strategic risk falls along a classic bell curve, with results along the x-axis and likelihood along the y-axis. The expected result of a given risk strategy would represent the peak of this curve. Most strategic risk planning considers only this peak while ignoring the slopes to either side.

But imagine two strategic risk initiatives, each with a similar expected result. One falls along a narrow, steep curve, indicating a low risk of failure and little upside opportunity. The other is represented by a wider bell, with greater chances of both under- and over-performance. Which to choose? The answer depends on an individual company’s appetite for risk.

Strategic risk management: shifting the curve

Now imagine a third curve with that same expected result. This one rises steeply from the left but slopes more gently downward on the right. Here, downside risk has been minimized, and upside opportunity increased. That is the goal of strategic risk management: to shape the curve in a way that favors success.

How do you measure and manage strategic risk? 

As the saying goes, you can't manage what you can't measure.

In order for us to understand how to manage strategic risk, we must first take a look at how to measure it. A key tenet of enterprise risk management (ERM) is measuring risk with the same yardsticks used to measure results. In this way, companies can calculate how much inherent risk their initiatives contain, monitoring risks to inform key business decisions. 

Strategic risk can measured with two key metrics: 

Economic capital is the amount of equity required to cover unexpected losses based on a predetermined solvency standard. This standard is usually derived from the company's target debt rating. Economic capital is a common currency with which any risk can be quantified. Importantly, it applies the same methodology and assumptions used in determining enterprise value, making it ideal for strategic risk. 

Risk-adjusted return on capital (RAROC) is the anticipated after-tax return on an initiative divided by its economic capital. If RAROC exceeds the company's cost of capital, the initiative is viable and will add value. If RAROC is less than the cost of capital, it will destroy value. 

Five steps for Effective Risk Mitigation Strategies

Managing strategic risk involves five steps which must be integrated within the strategic planning and execution process in order to be effective:

Define business strategy and objectives. There are several frameworks that companies commonly use to plan out strategy, from simple SWOT analysis to the more nuanced and holistic balanced scorecard. The one thing that these frameworks have in common, however, is their failure to address internal and external risk. It is crucial, then, that companies take additional steps to integrate risk management at the planning stage by using a risk management framework, which is a template and guideline used by companies to identify, eliminate and minimize risks.

Establish key performance indicators (KPIs) to measure results. The best KPIs offer hints as to the levers the company can pull to improve them. Thus, overall sales makes a poor KPI, while sales per customer lets the company drill down for answers.

Identify risks that can drive variability in performance. An effective risk strategy will identify the unknowns, such as future customer demand, that will determine results.

Establish key risk indicators (KRIs) and tolerance levels for critical risks. Whereas KPIs measure historical performance, KRIs are forward-looking leading indicators intended to anticipate potential roadblocks. Tolerance levels serve as triggers for action.

Provide integrated risk reporting and monitoring. Finally, companies must monitor results and KRIs on a continuous basis in order to mitigate risks or grasp unexpected opportunities as they arise.

Strategic risk represents the greatest dangers—and opportunities—your company faces. By taking steps to mitigate risk at the enterprise level, companies can shape their future success while minimizing downside exposure.

To learn more, download Strategic Risk Management: The Next Frontier for ERM .

Apple and iPhone are trademarks of Apple Inc., registered in the U.S. and other countries.

Editor's note: This blog post was originally published February 14, 2017, and has been updated.

risk management and strategic planning

Read an analysis of features to evaluate when choosing an ERM solution.

illustration of mike rost at Workiva

SVP, Investor Relations and Corporate Development

As senior vice president of corporate development and investor relations, Mike Rost is a key contributor to the organization's growth with a focus on corporate development initiatives, emerging business areas, and developing relationships with investors and key stakeholders. Since joining Workiva in 2015, he has served in various leadership roles helping to drive the organization's growth, including the scaling of Workiva’s marketing and partner & alliance functions.

With more than 25 years of experience assisting organizations to optimize business processes, Mike has an extensive background in finance, accounting, enterprise performance management and Governance, Risk and Compliance (GRC) technology. Prior to Workiva, Mike served as vice president of marketing at Metricstream and vice president of strategic marketing at Thomson Reuters. Prior to that, he spent more than a decade in product management and marketing positions for SaaS companies and held finance positions at Pillsbury and Rollerblade, Inc.

Mike has been active in industry associations, including the Open Compliance and Ethics Group (OCEG) and the Institute of Internal Auditors (IIA). He was also a founding member of XBRL International (eXtensible Business Reporting Language), the global not for profit consortium for open international standards for digital business reporting. He has also been a frequent speaker at industry conferences on subjects such as finance transformation, data and reporting, and risk and compliance technology. He received his Bachelor of Science in Economics and his MBA from the University of Minnesota.

You May Also Like

Workiva Customer Story Icon

How KBR Makes Informed, Transparent Risk-Based Business Decisions

With hundreds of active projects and multiple business units, KBR was looking for a solution to replace paper processes and empower leaders. Learn why they chose Workiva’s flexible GRC platform.

Workiva Amplify ‘22 Recap: Betting Big on Tomorrow

Accounting for war: the impacts of ukraine, grabbing risk by its horns | best practices for sox, audit, risk, and compliance, tips for laying your corporate governance foundation, online registration is currently unavailable..

Please email [email protected] to register for this event.

Our forms are currently down.

Please contact us at [email protected]


Strategic Risk Management: Complete Overview (With Examples)

Download our free Risk Management Strategy Template Download this template

As businesses continue to operate in an increasingly competitive and uncertain environment exacerbated by threats to their operations, such as cyberattacks, supply chain disruptions, and climate catastrophes, strategic risk management has become a key factor in ensuring an organization's success.

According to Racounteur 85% of business leaders feel they are operating in a moderate to high-risk environment, and 79% of boards believe that improved risk management will be critical in enabling their organization to protect and build value in the next five years.

It is clear that organizations need to be prepared for the different types of strategic risk coming their way and have strong strategic risk management in place to not only reduce the impact on their operations but even take advantage of the context and transform it into an opportunity.

In this article, we'll dive into the world of strategic risk, the different types of strategic risks, and how to manage them to reduce the chances of disruption. We'll also give you real-life examples and a ready-to-use, free Risk Management Template to help your business be in control and start your journey toward effective strategic risk management.

Free Template Download our free Risk Management Strategy Template Download this template

What Is Strategic Risk?

Strategic risk is the probability of the organization’s strategy failing. It is an estimation of the future success of the chosen strategy. Since strategy is a set of clear decisions, strategic risk reflects the aggregate of the risks of those decisions.

At its core, strategic risks affect an organization's overall strategy. It can sometimes be difficult to spot and manage.

This means that particularly at an executive level, leaders and teams need to be able to look for strategic risks and, instead of categorizing them as things to hedge or mitigate, develop the acumen to ask the appropriate questions:

  • Are we going to resist this, avoid it, or maybe push it away?
  • Or do we embrace it, use it as an indicator for the market and take it as an opportunity for a strategic change?

🤓Want to learn more? Download our FREE Strategic Risk Guide (PDF) with examples, definitions, and a clear framework to help you and your organization better manage strategic risk.

What Is Strategic Risk Management?

Strategic risk management is the process of recognizing risks, identifying their causes and effects, and taking the relevant actions to mitigate them. Risks arise from inside and outside factors such as manufacturing failures, economic changes, shifts in consumer tastes, etc. 

Strategic risk can disrupt a business’s ability to accomplish its goals , break out in the market or even survive. Effective, efficient management puts the power in leaders’ hands to avoid potential obstacles to success and maximize their performance.

Why Is Strategic Risk Management Important?

Organizations that fail to do proper risk management face significant threats. At times, they face existential threats. Kodak was a pioneer in the photography space (they actually filed a patent for one of the first digital cameras), but they lost the digital camera race . Blockbuster made $6 billion in revenue at its peak, but there is only one store left in the world ! MySpace was once one of the dominant social networks until Facebook came along . 

You could argue that these companies failed to innovate. Maybe, but they also failed to evaluate the threat properly and the risk involved in not dealing with it.

Every great company takes risks.

Smartphones, eReaders, car-sharing services, even natural cleaning products — so much of what we as consumers now take for granted was a brave step, once upon a time. But Apple , Amazon , Zipcar, and Method didn’t launch their category-defining products overnight.

These organizations safeguarded their success with a strong risk management strategy. They knew what success would look like, which factors could cause them to fail, what failure could cost them, and how they would respond to obstacles in their path.

Managing strategic risk is an essential activity for all businesses, whether you’re launching an innovative solution to market or just trying to stay ahead of the competition.

Understanding the dangers (however small) and their potential impact (however minor) empowers leaders at different levels to make smart, well-informed decisions. 

But that’s easier said than done. Risk management is a dynamic process - it shifts focus as internal and external influences change. It also requires joined-up thinking and communication across an organization. 

If you’re tasked with strategic planning and execution within your business, it can seem like an insurmountable task. Yet, armed with the right information, you can help ensure that your organization achieves its goals.

The Two Kinds Of Strategic Risk Factors

One of the first things you need to do to better manage risks is learn to identify them. There are mainly 2 kinds of strategic risk factors that you should look out for.

1. Internal strategic risk factors

Every business has strategic objectives and established routines.

Strategic risk relates to the dangers companies face in trying to accomplish their strategic objectives. Even though your plan might seem viable and on track for success, analyzing the strategic risks involved can help organizations identify obstacles (or opportunities)—and address them before it’s too late.

Strategic risks relate to a business’s internal choices, such as product development routines, advertising, communication tools, sales processes, investments in cutting-edge technologies, and more. These examples all directly impact function, performance, and overall results.

2. External strategic risk factors

Some strategic risks originate outside the company.

These could apply to the current or projected environment into which products will be released. 

It’s often easier to understand strategic risk through real-world examples. For instance, a new type of smartphone might be in high demand today, but economic changes could lead to a drop in commercial interest, leaving the business in a totally different position than it might have expected. 

Or a competitor may release a groundbreaking product or innovative service that fills the gap first, creating significant risk to the success of a strategy.

And let’s not forget that technology’s swift evolution could cause a new product to become obsolete within a few months—I’m sure that the manufacturers of wired headphones felt their stomachs drop when they saw Apple had cut the headphone jack.

These types of risks pose a real danger to companies. Investing in a business model with little chance of achieving the envisioned success can lead to severe financial strain, loss of revenue, and damage to reputation.

And none of these are easy to recover from.

Strategic Risk Assessment: How To Identify Strategic Risks?

Recognizing and taking action on strategic risks is vital to mitigate costly problems.

In your strategic risk management toolkit, you’ll need two essentials:

  • An in-depth understanding of where your organization stands . This includes your target audience, market sector, competitors, and the environment in which your business operates.
  • A clear awareness of your organization’s core strategic goals , from conception to proposed execution .

Gathering data on both areas can take time and investment, but it’s worthwhile to achieve accurate insights into strategic risks.

The more information you have to draw upon, the more likely it is that you’ll be able to implement processes and safeguards that facilitate organizational success.

Teams have a choice of different approaches when identifying strategic risks. 

how to identify strategic risks infographic cascade

Initiate “What if” discussions

Gather employees from across the business to explore ‘what-if’ scenarios .

By mind mapping risk factors collaboratively —with a mix of perspectives and experiences from different departments—Heads of Strategy, Change Managers, and Business Analysts may discover risks they wouldn’t have thought of on their own.

All potential risks are worth considering, no matter how unlikely they may seem at first. That’s why participants should be encouraged to let their minds wander and suggest virtually any viable risk that occurs to them.

It’s best to have a long list that can be reduced through elimination: underestimating risks can lead to businesses being unprepared down the line.

📚 Recommended reading: Risk Matrix: How To Use It In Strategic Planning

Gather input from all stakeholders

Speak with the whole range of stakeholders and consider their views on strategic risks.

If you consult a wide enough group, you’ll gather expanded perspectives about your organization or issues and not just the ones from your core employees.

Collecting a wide range of perspectives creates a holistic view of risk factors which can prove hugely beneficial when trying to understand the dangers the organization faces.

Their broad awareness of how the company operates can raise unexpected possibilities that need to be factored in.

Strategic Risk Examples

The specific strategic risks relevant to your business will largely depend on your industry, sector, product range, consumer base, and many other factors. That being said, there are some broad types of strategic risk, each of which should be on your radar.

types of strategic risks example infographic cascade

Regulatory risks

Let’s demonstrate the importance of regulatory risks with an example.

Imagine an organization working on a new product or planning a fresh service set to transform the market. Perhaps it spots a gap in the industry and finds a way to fill it, yet needs years to bring it to fruition.

However, in this time, regulations change and the product or service suddenly becomes unacceptable. The company can’t deliver the result of its hard work to the target audience, risking a substantial loss of revenue.

Fortunately, the organization had prepared for unexpected regulatory change. Now, elements of the completed project can be incorporated into another or adapted to offer a slightly different solution.

The lesson here? 

It’s vital for companies to stay updated on all regulations relevant to their market and be aware of upcoming changes as early as possible. 

Competitor risks

Most industries are fiercely competitive. Companies can lose ground if their market rivals release a similar product at a similar or lower cost. Pricing may even be irrelevant if the product is suitably superior. 

Competitor analysis can help mitigate this strategic risk: businesses should never operate in a vacuum.

📚 Recommended read: 6 Competitive Analysis Frameworks: How to Leave Your Competition In the Dust

Economic risks

Economic risks are harder to predict, but they pose a real danger to even the most well-realized strategy. For example, economic changes can lead a business’s target audience to lose much of its disposable income or scale back on perceived luxuries.

Customer research is imperative to stay aware of what target audiences desire, their spending habits, lifestyles, financial situations, and more. 

Change risks

Change risks refer to the challenges that arise from changes in technology, market trends, consumer preferences, or industry standards. 

For instance, a company heavily invested in a particular technology may face significant risks if a disruptive innovation renders their current technology obsolete. Having a strong change management strategy to adapt to change and embracing innovation are key strategies to mitigate this risk.

Reputational risks

Reputational risks arise when a company's actions or associations damage its brand image and public perception. Negative publicity, customer dissatisfaction, product recalls, or ethical controversies can all contribute to reputational risks. 

Safeguarding the company's reputation through transparent communication, ethical practices, and proactive crisis management is crucial.

Governance risks

Governance risks refer to the effectiveness and integrity of a company's management and decision-making processes. Weak corporate governance, lack of oversight, non-compliance with regulations, or unethical behavior by key executives can lead to significant strategic risks. 

Establishing robust governance frameworks, maintaining transparency, and fostering a culture of accountability are essential to mitigate these risks.

Political risks

Political risks stem from changes in government policies, regulations, or geopolitical events. These risks can impact businesses operating domestically or internationally. Political instability, trade restrictions, sanctions, or changes in tax policies can disrupt operations and affect profitability. 

Companies must closely monitor political developments and have contingency plans to navigate such risks effectively.

Financial risks

Financial risks involve challenges related to capital management, funding, cash flow, and financial stability. Factors such as market volatility, credit risks, liquidity constraints, or inadequate financial planning can expose a company to strategic risks. 

Implementing sound financial strategies, conducting risk assessments, and maintaining a healthy balance sheet are crucial in managing these risks effectively.

Operational risks

Operational risks are inherent in day-to-day business activities and processes. These risks encompass issues such as supply chain disruptions, equipment failures, cybersecurity breaches, human errors, or natural disasters. 

Ensuring robust operational processes, implementing contingency plans, and investing in risk mitigation measures can help minimize the impact of operational risks.

Managing Strategic Risk Vs. Operational Risk

Strategic risks and operational risks are two distinct kinds. While strategic risks originate from both internal and external forces, operational risks stem solely from the internal processes within a business and they stand to disrupt workflow. 

However, the biggest difference between them is the level of the decisions they reflect.

Strategic risks reflect the risk of the decisions at a higher level, where the overall strategic plan is considered. The operational risks reflect the risk of the decisions at a lower level, the operational level, where the execution of the strategic plan is outlined.

Simply put, strategic risk is about what you do, and operational risk is how you do it.

Operational risks examples

Operational risks are critical to consider and must be dealt with as soon as possible. They directly impact a business’s work and can tie in with strategic risks, as the resources, processes, or staff available may be unable to achieve the established goals. 

One example of operational risk is outdated machinery. They can cause a slowdown in production, delay completion, and ultimately damage employee morale. In this case, the operational risk might stem from what appears to be a non-critical problem but has the potential to drag productivity down to rock bottom. So the decision of whether to upgrade the machinery should be considered.

Another example of operational risk is a company’s current payroll system. Let’s say they outsource to a small team with a weak reputation purely because it’s a cheaper alternative to working with a more reliable payroll solution . But this option could create a higher risk of late payments, processing errors, or other issues with the potential to frustrate the company’s most valuable asset: its employees.

Risk Mitigation Strategies

Implementing effective risk mitigation strategies is essential for businesses to navigate uncertainties and protect their long-term success. By identifying potential risks and proactively addressing them, companies can minimize the impact of adverse events and capitalize on opportunities for growth.

risk mitigation strategies examples infographic cascade

Discuss opportunities and risks separately

This is something that needs to happen before the risk identification process. Mixing in the same conversation potential opportunities and their risks handicaps the opportunity conversation.

You want your people to free their minds, brainstorm ideas, and locate all possible growth and incremental opportunities. Don’t allow that process to shrink and miss out on great opportunities. Discuss risks in a different meeting on a different day.

Distribute resources at the operational level

Once you have decided on your company’s strategy, you’ll have to align every department and person with it.

Allocate your resources in a way that serves your overall strategy to succeed. That means starving certain departments or regions to feed the ones that contribute the most to your strategic objectives.

Mitigating strategic risks is often nothing more than focusing on a great execution of your strategic plan.

Align your incentive structure

Focus on execution takes another form besides resource redistribution.

You have to visit and align with your strategic objectives the incentive structure of your top and middle management. This is a crucial step in executing your strategy because it eradicates internal conflicts.

If your leadership team is rewarded according to an older strategic plan, don’t expect them to take care of your new plan’s risks. They simply won’t have the incentive to do so.

Strategy Risk Management Examples

Let’s examine two specific real-life examples of strategic risk. One that happened a little while ago, and one that is still happening now.

Complacency vs Disruption

Before Netflix, HBO Go, Amazon Prime, Disney + , and all the other streaming platforms, people used to go to Blockbuster.

In its prime, Blockbuster had over 9,000 locations around the world and became synonymous with movie rental. It had a huge slice of the market share and looked pretty peachy until the late nineties. Until 1997, when a little company called Netflix came knocking.

At the time, Netflix didn't stream. It simply delivered rentals in the mail for a set fee each month. There were no late fees (which was one of the biggest gripes from Blockbuster customers), and movie delivery was very convenient.

Netflix was a pretty obvious strategic risk to Blockbuster, which needed to manage it somehow. This could also be seen as a clear opportunity for Blockbuster since they were in a position to buy Netflix but refused to do so.

Yes, Blockbuster passed on the $50 Million deal with Netflix and sealed its fate in the process.

Comparing Revenue for Blockbuster and Netflix, 1998-2016 - Slow Reveal  Graphs

Regulatory complexity

This story is still in development, so who knows how it will end.

Uber is known as the company that shook the cab industry around the world, but things are still changing. Uber is a tech company and understands that change happens, and risk evolves faster than ever before.

This is why they began investing in self-driving technology early on. At first glance, this seems counter-intuitive since moving in this direction could really upset the thousands of Uber drivers out there, but Uber gets it.

They know that if they do nothing, someone else will sweep in and, soon enough, turn Uber into another Blockbuster story.

Uber is a great example of strategic risk management since they not only have to manage things like implementing self-driving cars, but they have also had to navigate through complex regulatory risks in multiple countries.

They have also faced issues around customer safety, assaults, and constant battles with all kinds of protests and regulatory issues.

How To Measure Strategic Risk

So now you know the strategic risks your organization faces, you need a quantifiable figure to measure them. We suggest the following metrics and tools:

Economic Capital

This relates to the amount of equity a business needs to cover any unplanned losses, according to a standard of solvency (based on the organization’s ideal debt rating). 

This metric allows businesses to quantify all types of risks related to launching new products, acquiring enterprises, expanding into different territories, or internal transformation . Then, it can take the necessary actions to mitigate against it.

RAROC: Risk-Adjusted Return On Capital

This applies to the expected after-tax return on a scheme once divided by the economic capital. 

Companies can leverage this metric to determine if a strategy is viable and offers value, helping to guide leaders’ decision-making process. Any initiative with a RAROC below the capital amount offers no value and should be scrapped (sorry!).

Decision trees

Businesses on all scales can utilize both metrics to measure strategic risk, but the stakes will be different for a small enterprise than for a global corporation. The former may never recover from a bad investment, while the latter has a higher chance of weathering the storm. 

As a result, companies may use a decision tree to map the possible outcomes of a decision. This enables teams to determine which choices yield which results and prepare for all eventualities. Specific turning points can be identified and handled appropriately. 

The 7-Step Strategic Risk Management Framework

Now you have all the information, you need to capture it in one place: the strategic risk management framework . This is where you bring together all the resources (employees, technologies, capital, etc.) required to mitigate losses caused by internal or external forces.

Exactly how your framework is structured is your choice, but the following is a great strategic risk management step-by-step approach:

strategic risk management framework in 7 steps infographic cascade

Implement A Long-term Strategic Risk Management Strategy

Managing strategic risk is an ongoing process.

It enables organizations to minimize their danger of experiencing severe losses and, ultimately, failure. It doesn’t guarantee every project will be a success (far from it!), but it will provide all the necessary tools to make better decisions in the long run. 

Remember to take your time, even if there’s market pressure to act fast. Trying to rush this process could lead to missed threats or opportunities in your risk analysis. Stay on top of your strategic risk management well into the future, that’s the key to organizational success.

Execute An Effective Risk Management Strategy With Cascade 🚀

Cascade is the world’s #1 strategy execution platform, remediating the chaos of running a business to help you move forward. Cascade serves as your organization's brain, offering a unified platform that spans your entire ecosystem. With Cascade, you can gain a clear picture of potential threats and create a strong risk management strategy to proactively address them.

Signal risks before they happen

Once you've identified your risks, Cascade enables you to seamlessly incorporate them into your strategic plan, ensuring alignment throughout your organization.

Adding risks is very simple:

Based on these factors, Cascade automatically calculates and displays a Risk Score (Likelihood * Impact) to assess the severity of each risk, guiding your decision-making process.

risk creation in cascade strategy execution platform

Add mitigations

Cascade empowers you to take proactive measures by adding mitigations to each identified risk. Mitigations are steps that can be implemented to avoid or minimize the occurrence and impact of risks. With a few clicks, you can expand the risk and add relevant mitigations.

As you progress with each mitigation, you can mark its completion using the checkboxes. Cascade keeps track of the number of completed mitigations, providing visibility into your progress.

example of mitigation strategy adding in cascade strategy execution platform

Report your risks’ progress

Cascade offers a comprehensive risk reporting functionality to ensure that you stay informed about the progress of your risk management strategy. You can easily create detailed risk reports containing essential information such as risk title, owners and collaborators, risk type, status, mitigation status, and risk score. These reports can be saved and shared with stakeholders, enabling effective communication and collaboration.

Example of risk report in Cascade Strategy Execution Platform.

Create a risk dashboard

Leverage Cascade's Risk Distribution Scatter Plot widget , available in Dashboards or Reports, to visually represent the count of risks within specific entities (e.g., objectives, measures, projects, or actions). The widget provides valuable insights into likelihood, impact, and risk scores, enabling you to monitor and analyze risks effectively.

Example of Risk Dashboard in Cascade Strategy Execution Platform

👉🏼For more detailed information on our Risk Management features, visit our Knowledge Base .

8 Free Strategic Risk Management Templates To Get You Started!

Don’t know where to start? Check out these free strategy templates built by our experts to kickstart your risk management journey:

Ready to up your Risk Management Strategy? Get started with a free plan in Cascade or book a demo with one of our strategist experts to help you develop your strategy. 

Popular articles

risk management and strategic planning

Strategic Control Simplified: A 6-Step Process And Tools

risk management and strategic planning

Organizational Strategy: How To Keep It On Track (+ Templates)

risk management and strategic planning

Build A Digital Transformation Roadmap Step-By-Step + Free Template

risk management and strategic planning

4 PMO Templates And Tools To Deliver Your Portfolio Value

Your toolkit for strategy success.

risk management and strategic planning

Predator Free NZ Trust

Predator Free NZ Trust

Get involved in backyard trapping

When working towards your goals, it’s crucial to create a specific ‘roadmap’ for how you’ll get there. That’s where strategic planning comes in.

On this page, what is a strategic plan, what should a strategic plan include, what is a swot analysis, risk management, incorporating mātauranga māori .

In order to succeed, community groups need to have a vision and a mission. For example, your vision might be for a predator free New Zealand. Your mission, or the reason for your group’s existence, might be to reduce predators and create a safe habitat for vulnerable species in a particular region.

A strategic plan is a record of your vision, goals and objectives, documented in a realistic, straightforward way. It usually covers about five years, but it doesn’t have to be a novel-sized document – a couple of pages is fine. In fact, the clearer and more concise your strategic plan is, the more likely people are to read, understand and follow it. 

A kakapo on a mossy branch in a forest

A strategic plan should include:

A strategic plan provides everyone with a clear direction and also ensures that group leaders and stakeholders are in agreement. Keep your plan short and realistic, send out a draft to gather feedback from members and any stakeholders, and then share it. Refer to it regularly, update it as required, and make sure everyone has a copy of the latest version. 

Here are some examples of strategic plans from NZ organisations:

SWOT stands for Strengths, Weaknesses, Opportunities and Threats. Analysing your group’s SWOTs (and those outside your group) will help your overall strategy – all it takes is a quick chart like this:

Your strategic plan should include a section on risk management. Risk management is about identifying anything that might go wrong with your project and what its potential impact would be. An awareness of risks helps you to prepare for them, so that you’re not blindsided or ‘putting out fires’ as problems arise. Risks are anything that might adversely affect your project, from bad weather to running out of money.

A kea on a rock with its feathers being tussled

Consider the obstacles that might come up for your group in particular. Examples might be accidents, illnesses, weather conditions, natural disasters, a lack of equipment, the loss of a key group member, financial problems, legal issues (e.g. around consents and permits required for use of toxins/traps or access to property), and recruitment. 

Once you‘ve identified some risks (write down at least five, in order of importance or probability) you can think about ways to avoid them (if possible), or at least minimise them so they won’t have a destructive impact on the project. 

Mātauranga Māori is increasingly being woven into Aotearoa New Zealand’s conservation planning. This includes relationship building and partnerships with mana whenua (Māori groups such as iwi, with ownership or a connection to the area involved in the project), incorporating tikanga (customs/protocol) into community work, and forming a deeper understanding of our environment through indigenous knowledge and skills (mātauranga).

Sign up to our newsletter

Please wait while your request is being verified...

practical risk training simplified for busy people

Training objective

The objective of this practical and simplified mini-training is to show you the essentials of how to integrate risk management into your strategic and corporate planning without over-engineering and complicating it.

What you’ll learn

How to integrate risk management into strategic and corporate planning

[Slide 3] Let’s get the basics right

Many organisations continue to struggle to integrate their risk management into their strategic and corporate planning efforts and to gain value from this integration.

One key reason for this is an over-engineered integrated risk and planning approach.

The integration of risk management and planning must start with a clear understanding of your organisational purpose, corporate strategies and goals, and customer value proposition.

To have that clear understanding, you should have an answer to this key question, “Are you solving the right problems?”

Let us use Disney as an illustration.

Disney’s goals under the leadership of Bob Iger were to create high-quality branded content, embrace technology for brand relevance and become a more global company.

From the very start of his tenure as CEO of Disney, Iger repeated these same three core pillars of the company’s growth strategy. That is, to develop the best creative content possible, to foster innovation that utilizes the latest technology, and to expand into new markets around the world.

In explaining these three goals and related strategies, Iger emphasizes the importance of goal setting in an organization’s leadership to encourage creativity and reduce anxiety caused by a lack of organizational direction.

[Slide 4] Vertically translate and cascade strategy and objectives across all levels

Once your strategies and objectives are known and understood, translate and cascade these strategies and objectives into shorter-term operational, project, and programme objectives for each level of the organisation, right down to every individual in the organisation. These translated and cascaded objectives will form part of the individual’s accountabilities as documented in their performance scorecards.

The translation and cascading of strategies and objectives occur within a given hierarchy of objectives and plans. The hierarchy of objectives will be encapsulated in a hierarchy of plans. Your plans will show how your corporate strategy is driven top-down and aligned across all organisational levels and initiatives. These initiatives may consist of any number of portfolio, programmes, and projects used as effective management tools for executing the organisation’s corporate strategy.

Everyone across all levels of the organisation and throughout the organisation should understand and be ultimately accountable for the achievement of the corporate strategy and strategic objectives. Individually, they have clear measurable shorter-term objectives that must strategically align with and fully support or complement each other. To achieve longer-term success, manage the short-term performance of all employees at the individual level.

Employees must understand how they can personally influence strategy execution and how their work is important to the overall outcomes. Develop appropriate incentive and reward programmes, as well as clearly articulated career progression and succession paths. Align and synchronise all personal performance scorecards towards the achievement of the corporate strategy. The right organisational design, structure, and culture can effectively facilitate this.

Define the acceptable level of risk that everyone can take at each organisational level based on the organisation’s overall risk appetite. The organisation’s risk appetite statement reflects the board’s view on what degree or level of risk is acceptable or unacceptable to the business in executing its stated corporate strategy. This will enable executives, managers, and employees to make informed and rational business decisions about the risks and opportunities they can take in pursuit of objectives and key performance indicators.

Collectively, all these components form part of the vertical alignment process. Vertical alignment is the systematic synchronisation of organisational levels, people, processes, systems, plans, objectives, incentives, and relationships that align the business, budgets, and operations to the corporate strategy. Hence, the importance of the clear articulation of your corporate strategy.

[Slide 5] Horizontally translate and allocated strategy and objectives across value chain and supporting activities

Apart from vertical alignment, organisations must also horizontally integrate and align objectives and key performance indicators to optimise workflows, collaboration and teamwork across processes, value chains, functional areas, and organisational boundaries. The aim of this horizontal integration is to minimise the silo effect that plague many organisations into inefficiencies and in-fighting or finger-pointing.

Customers do not see the process boundaries and silos within organisations. They only care about the final product or service delivered to them.

Typically, and as an example, procurement measures cycle times to improve customer satisfaction with the procurement process. However, from the customer’s viewpoint, the end-to-end customer experience process, beginning with the need identification to the actual product delivery, represents the complete procurement cycle for the customer.

To capture this entire end-to-end cycle and improve customer experience, business units across the value chain must be involved to complete the organisational-wide procurement value chain for the customer. Each action in the value chain sequence is dependent upon the performance of the action that came before it. The quality of the series of actions is limited to the quality of the weakest performance in the sequence.

Horizontal integration is about synergising and synchronising objectives and key performance indicators of business units, departments, and support functions along the end-to-end value chain using tools like service level agreements and lean management. Enterprise-wide collaboration, communication, and integration breaks down organisational boundaries and silos. Individuals and teams must cooperate and collaborate to deliver the required value to the customer. Waste or non-value adding activities are to be minimised or eliminated. Policies and procedures must inter-operate and work in concert and harmony with each other across organisational boundaries to fully support and drive performance and value creation.

[Slide 6] Identify and manage risks and issues at all levels with proper governance arrangements

Risks and issues linked to the achievement of objectives are identified and managed at all levels and escalated or cascaded as required based on business rules.

Strategic risks and issues are linked to the achievement of the corporate strategy. These are opportunities or threats to an organisation’s ability to set and execute its overall corporate strategy. Enterprise risk management effectively requires an organisation to take an enterprise-wide view of risks and controls. This will determine whether the organisation’s residual risk profile is commensurate with its overall risk appetite and tolerance relative to the achievement of its strategic objectives.

Linked to the achievement of business unit objectives are business unit risks and issues. And link to the achievement of operational or project objectives, are operational and project risks.

Identify the organisation’s overall risk profile from different perspectives – organisational or enterprise-wide level. At the business unit level. And at the portfolio, program, and project level.

While risks are rated individually to the objectives they impact, it is also important to bring risks together in a portfolio view that pinpoints inter-relationships between risks across the organization. Correlations may exist. Increased exposure to one risk may cause a decrease or increase in another. Concentrations of risks may also be identified through this portfolio view.

Risks in different business units may be within the risk tolerance thresholds of individual units. However, taken together, these individual business unit risks may exceed the organisation’s risk appetite threshold.

Governance committees and teams at all organisational levels monitor and review performance and risk information. They escalate crucial information based on agreed business rules and triggers. Institute the appropriate governance arrangements and structure across all organisational levels to drive performance, accountability, and strategy execution.

Risks and issues must be discussed within the context of organisational performance and strategy execution since risk management is about increasing the likelihood and extent of success. Therefore, avoid looking at a risk matrix or a risk register without information on the achievement of corporate strategy and performance measures.

Related training videos

risk management and strategic planning

Back to All Posts

The Relationship Between Strategic Planning and Risk Management

by Funding For Good | Mar 13, 2023 | Strategic Planning

A chessboard with two white pieces and two black pieces, showing how integrating risk management into strategic planning can strengthen an organization.

As leaders, we often think of strategic planning as a project for when things are already going well. We imagine tackling questions of how to grow—our budget, our impact and our teams. But planning isn’t just for the good times. There’s a strong relationship between strategic planning and risk management—and the two work especially well when paired together.

Risk Management on Our Minds

The sudden collapse of Silicon Valley Bank is a shock to investors and Wall Street. Everyone’s wondering whether it’s a sign of things to come. Is a financial crisis brewing?

While Silicon Valley Bank’s failure doesn’t directly affect most small businesses and nonprofit organizations, it does add to a moment already rife with economic uncertainty. Between inflation, interest rate hikes, and talk of a recession on the horizon, there’s plenty of uncertainty to go around. So it’s natural for leaders to take a step back and consider risk management.

Traditionally, risk management is often synonymous with compliance. This encompasses areas like legal and regulatory compliance, financial management, governance, insurance, cybersecurity, and workplace oversight. Organizations are also increasingly considering reputational risk management, which can involve preparing crisis communications plans.

But a critical area for both nonprofit and business leaders is strategic risks . The strategic decisions we make today will affect our organizations’ ability to weather an operating environment that is rapidly changing . That’s where strategic planning plays a key role in your organization’s risk management.

Read more: The Complete Guide to Nonprofit Strategic Planning

The Relationship Between Risk Management and Strategic Planning

One of the first steps in the strategic planning process is using tools like an environmental scan and SWOT analysis to understand the external and internal factors that affect an organization today—and in the future. At Funding for Good, we increasingly hear from leaders wondering how to manage the multitude of external threats and trends that could impact their organizations.

The Value of Environmental Scans

A structured environmental scan enables leaders to consider a broad range of potential threats and opportunities without getting overwhelmed. For example, a PESTLE analysis guides leaders to think through how external political, economic, social, technological, legal, and environmental factors could affect operations.

Coupling an environmental scan with consideration of more traditional risk management topics helps leaders understand the true scope of challenges they may face. Which is the first step in preparing to weather them head-on.

Integrating Risk Management and Strategic Planning

The Stanford Social Innovation Review explains that:

Nonprofits can’t effectively engage in strategic planning until they understand the risks they face.

The same is true for businesses. That’s why Funding for Good always begins our strategic planning process with a SWOTA analysis that assesses each organization’s strengths, weaknesses, opportunities, threats, and achievements (a special addition we make to the traditional SWOT analysis).

This approach allows stakeholders to create ambitious visions and goals—all while staying grounded in the realities that may affect implementation. Indeed, assessing your organization’s risks won’t be helpful unless you also create a plan to address those risks.

By starting your strategic planning process by mapping threats and opportunities, you also create more dynamic and effective long-term goals and strategies. While traditional risk management planning may get siloed into operations and finance functions, the more holistic approach provided through strategic planning can set your organization up for operational, financial, and programmatic success.

Read more: What are the Steps in Strategic Planning?

Get Your Free Pre-Strategic Planning Checklist

This easy-to-use tool is the perfect place to begin strategic planning. Download it, print it out, and check off tasks as you go!

It's on it's way! Are you ready to get started? We hope so because the download link for the checklist is going to hit your inbox any second now.

We will protect your information, will not share it, and will not misuse it.

Get your free Grant Readiness Checklist

risk management and strategic planning

Blog Categories

Services categories.

risk management and strategic planning

No products in the cart


Risk Management - It's role in strategic planning

Seminararbeit, 2009, 19 seiten, note: 1,7, tobias buchberger (autor:in), table of contents, management summary, list of abbreviations, table of figures.

1 The concept of risk management 1.1 Steps of application 1.2 Its role in strategic planning

2 Practical Situation 2.1 Phase 1 ± Risk Identification 2.2 Phase 2 - Risk Quantification 2.3 Phase 3 ± Risk Management/Government 2.4 Conclusion

List of literature

In organizations are plenty of IS/IT investments to choose from. All of these opportunities compete for the limited resources of the organization. The process of risk management which can be divided into the four phases of Identification, Quantification, Management/Government and Containment helps to analyze possible risks. This is necessary because every forth IS/IT projects fails 1 , because of non identified risks. The aim of Risk Management is to increase the probability of success of IS/IT investments 2 , so that the investments drive to the desired outcome and benefits for the organization. In the following the four steps of risk management will be illustrated with an example of a logistic company which has to decide on two investments. Additionally the role of risk management in strategic planning will be examined.

illustration not visible in this excerpt

Figure 1 - Investments comparison

Figure 2 - Risk Identification of investments

Figure 3 ± Kind of change

Figure 4 - State of readiness

Figure 5 - Likely reaction

Figure 6 - Contextual change

Figure 7 - Quantification of example

1 The concept of risk management

When it comes to the decision of investing in new developments or significant enhancements in exist- ing IT/IS (Information Technology/ Information System) systems, the expected benefits of the invest- ments have to be established, the costs of the systems have to be justified, the involvement of technol- ogy and business changes and the priorities to individual developments across the portfolio have to be allocated. 3 Apart from that one of the main issues of the investment decision in IT/IS systems, is the assessment of the risk. Risk, which is in the failure oriented definition the negative deviation from ex- pectancy 4 , has to be assessed in order to revise the viability of the investment to deliver all of the bene- fits which were expected 5 . The reasons for failure of an investment in IT/IS systems can be divided into five domains. Beside the technical, data and user failure there are organizational failures 6 and fail- ure in the business environment which this paper focuses on 7 , because they are the factors with the highest risk 8 . Organizational failures occur if ISs satisfy the functional needs but do not satisfy the organizational or business needs 9 . For example, a storage-IS, which contains the amounts of goods in a storage, fails to meet the needs of accounting because it does not contain monetary values for the goods. Failures in the business environment result if systems do not assists internal and external busi- ness requirements. This lack of support could be ascribed to changing business practices or changes in the business strategy which cause a gap between target state and actual state of the IS/IT portfolio. 10

These two facts comprise the most potential risk in IS/IT projects. But in most of the projects organizational failures and failures in the business environment are not considered as risky. This is due to the disability to address and identify risks in these categories which could threaten the achievement of the desired outcome. Especially in strategic investments of IS/IT the consequences of failure are significant and the assessment of risks is becoming more difficult. 11

1.1 Steps of application

The process of risk management, which is defined as the systematical handling of risk 12 , can be di- vided into four phases: Identification, Quantification, Management/Government and Containment 13 .

During the phase of Risk Identification the risks are defined and categorized 14 . IS/IT investments have to be reviewed if they satisfy the organizational functions and are appropriate to the business environment and strategy of the organization. This step is the basis of the following steps and has a high importance. The risk quantification conduces to assess the extent of risk. This step can be executed with the help of a checklist which divides the investment into the four parts of

a. Which changes are involved? 15 b. Is the organization ready for the change? 16 c. How will the organization react for the change? 17 d. How dynamic is the context of the change? 18

Constitutive on the risk quantification, decisions have to be made how to deal with risk. Liermann mentions four possibilities, avoiding, decreasing, transferring and taking risk by oneself, to deal with risk. 19 Avoiding risk denotes that the decision maker abdicates the IS/IT investment. This could be reasonable if the investment in an IS/IT project is rated with a high risk and the damage caused by a fail is huge. The second choice is to reduce risk with retaliatory action. This could be for example war- ranties, contracts or insurances for investments in IS/IT. Beyond that it is possible to transfer risk by outsourcing IS/IT systems to an external provider which is responsible for it. At least organizations can take the risk by themselves, if the costs for the other arrangements are too high, if arrangements do not exists or if the risk is acceptable.

The decision which of the arrangements to choose, depends upon the result of the quantification process. If 50% of the category factors are 4 or 5 or the average for any category is 4 or 5 the risk should not be taken by oneself 20 . The decision maker should then pick one of the first three arrangements or he should change the development approach in order to reduce the risk.

Unlike the preceding phases before the risk containment is an ex-post analysis to evaluate the deci- sions and assumption in the former phases 21 . It has to be evaluated if all of the risks have been assessed correctly, if the chosen arrangements have been appropriate and if the investments have been success- ful. Beyond that stakeholders and the management have to be informed about the success of the in- vestment 22 .

1.2 Its role in strategic planning

As a part of the "mananaging investment systems and Technology process",the aim of risk management is to increase the probability of success of IS/IT investments. 23 Organizations dispose over a portfolio of different IS/IT investments which are considered as new and useful developments. Before money is invested into these opportunities the expected benefits of the investments have to be established, the costs have to be justified, the technology and business changes involved have to be defined and at last the risk of the investment has to be assessed. 24 The last step is necessary to identify the threats and implication which threaten the achievement of the desired benefits of the investment. This enables to initiate appropriate arrangements to reduce the risk to successfully implement the new IS/IT project into the application portfolio.

For most of the IS/IT investments exists opportunity costs. This implies that the money used for an investment could have been used for another and that different investments compete for funds and oth- er resources like time and labour. 25 Additionally the fact that every forth IS/IT project fails 26 , increases the demand for an effective risk management to evaluate the critical risks ex-ante and to invest the resources of an organization in those projects which are most promising to deliver the desired outcome and whose risks are manageable. Considering this, risk management can be seen as a process which helps decision makers to pick those investments which will be successful and deliver the desired out- come.

2 Practical Situation

In this chapter a practical situation will be described in which risk management is useful: The CIO (chief information officer) of a half-inferior logistic organization has to decide which of the following two investments he wants to choose. Inside, the organization possesses the needed capabilities and experience to execute the projects. But the willingness of the stakeholders is lower for investment 1 then for investment 2, because the actual solution is still appropriate to fulfill the internal needs. At first the costs, benefits, business and technological changes have to be identified. After this step the risks can be identified, quantified and managed/governed (see chapter 1.2). The Risk Containment is excluded.

2.1 Phase 1 ± Risk Identification

1 C.f.: [Pütt2009].

2 C.f.: [WaPe2002] p.462.

3 c.f.: [WaPe2002] p.420.

4 C.f.: [ScLi2002] p.183.

5 C.f.: [WaPe2002] p.455.

6 C.f.: [LyHi1987].

7 C.f.: [WaPe2002] p.455.

8 C.f.: [EwPr1994].

9 C.f.: [WaPe2002] p.456.

10 C.f.: [WaPe2002] p.456.

11 C.f.: [WaPe2002] p.456f.

12 C.f.: [AhMa2008] p.11.

13 C.f.: [Höls2002] p.13; [Schi2001] p.13; [Fais2009] p.4.

14 C.f.: [FaPW2007] p.514.

15 C.f.: Figure 3 in abbendum.

16 C.f.: Figure 4 in abbendum.

17 C.f.: Figure 5 in abbendum.

18 C.f.: Figure 6 in abbendum.

19 C.f.: [Lier2009].

20 C.f.: [WaPe2002] p.461.

21 C.f.: [Höls2002] p.16.

22 C.f.: [ScLi2002] p.192.

23 C.f.: [WaPe2002] p.462.

24 C.f.: [WaPe2002] p.420.

25 C.f.: [WaPe2002] p.462.

26 C.f.: [Pütt2009].

Titel: Risk Management - It's role in strategic planning

Ähnliche Arbeiten

Titel: Prozesse des Risikomanagements. Das Enterprise Risk Management und seine Herausforderungen

Prozesse des Risikomanagements. Das E...

Titel: Risk  Management In UK Banking - The Role Of Derivatives Hedging In Particular

Risk Management In UK Banking - The ...

Titel: Risk Management Strategies and the Role of Senior Managers

Risk Management Strategies and the Ro...

Titel: Enterprise Risk Management

Enterprise Risk Management

Titel: Corporate Risk Management und Shareholder Value: Ein Überblick

Corporate Risk Management und Shareho...

Titel: Risk-Management für versicherte Kraftfahrzeugflotten

Risk-Management für versicherte Kraft...

Titel: Ansätze des Supply Chain Risk Managements. Big Data und RFID zur Risikosenkung

Ansätze des Supply Chain Risk Managem...

Titel: Risk Management im Rahmen des Controlling

Risk Management im Rahmen des Control...

Titel: Governance Risk Management and Financial Product Development in Islamic Financial Institutions

Governance Risk Management and Financ...

Titel: Group Risk Management. Application of Risk Management in Daimler AG

Group Risk Management. Application of...

Titel: From Traditional Risk Management Approaches to Enterprise Risk Management

From Traditional Risk Management Appr...

Titel: Enterprise Risk Management für Familienunternehmen

Enterprise Risk Management für Famili...

Titel: Strategic Planning. Branchenanalyse, Marktsegmentierung  und Wettbewerbsanalyse im Theaterumfeld

Strategic Planning. Branchenanalyse, ...

Titel: Critical Success Factors für die Implementierung eines Enterprise Risk Management

Critical Success Factors für die Impl...

Titel: Environmental Risk Management - Strategic tool or PR-technique?

Environmental Risk Management - Strat...

Titel: Risk Management

Risk Management

Titel: IT-Risk Management

IT-Risk Management

Titel: Derivatives as efficient Risk Management instruments - Application to Commodity Markets

Derivatives as efficient Risk Managem...

Titel: Risk Management - Eine Einführung

Risk Management - Eine Einführung

Ihre Arbeit hochladen

Ihre Hausarbeit / Abschlussarbeit:

- Publikation als eBook und Buch - Hohes Honorar auf die Verkäufe - Für Sie komplett kostenlos – mit ISBN - Es dauert nur 5 Minuten - Jede Arbeit findet Leser

Kostenlos Autor werden

Titel: Risk Management - It's role in strategic planning

< View additional Gartner strategic planning resources

Develop a Risk Strategic Plan You Can Use

Put your risk management strategic plan on one page with this template.

risk management and strategic planning

Effective risk management strategic planning connects your enterprise strategy to specific initiatives for your function. Done well, your risk management strategy should provide a clear roadmap to deliver on your business goals.

Use this proven one-page risk management strategy template to:

Download Your Risk Strategic Plan Template

Build a better risk management strategy for your business..

risk management and strategic planning

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Contact Information

All fields are required.

Step 2 of 3

Company Information

Step 3 of 3

Please provide the consent below

I have read, understood and accepted Gartner Separate Consent Letter , whereby I agree (1) to provide Gartner with my personal information, and understand that information will be transferred outside of mainland China and processed by Gartner group companies and other legitimate processing parties and (2) to be contacted by Gartner group companies via internet, mobile/telephone and email, for the purposes of sales, marketing and research.

By clicking the "Submit" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

By clicking the "Download Resource" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

About Gartner Risk Strategic Plan Template

Gartner Risk Strategic Planning Template helps risk leaders define the roadmap for executing the key actions required to meet risk strategic goals in alignment to the enterprise business model and goals. Additionally it helps you create and communicate a clear action plan that states where the risk function currently is, where it needs to be, how to get there and how you will measure progress.

Webinar: 7 Key Trends That Will Impact Your Strategic Planning

Inflection points and wild cards continually threaten to shake up industries. However, future-fit organizations survive disruption by actively sensing and responding to changes. This complimentary webinar will help risk executives scope key macro and environmental trends that could impact their organization’s business models and risk management strategies.


  1. Overview of the 5 Types of Strategic Risk

    risk management and strategic planning

  2. Strategic Risk Framework

    risk management and strategic planning

  3. Strategic Risk Assessment Template, Examples, & Checklist for 2022

    risk management and strategic planning

  4. PPT

    risk management and strategic planning

  5. Definitions

    risk management and strategic planning

  6. Strategic Risk Management to Gain Success in the Organizational

    risk management and strategic planning


  1. الاداره الاستراتيجيه:الفصل الثالث

  2. الفصل الأول/ إدارة استراتيجية

  3. الإدارة الاستراتيجية:السكشن السادس

  4. الاداره الاستراتيجيه/سكشن الفصل الخامس/تحليل عوامل البيئه الداخليه

  5. A Minute With Simon

  6. MFC_Financial Management_class 28_Part 6.1 Strategic Planning & Estimation of Short Term Fund


  1. Why Is Strategic Management Important?

    Strategic management is important because it allows an organization to initiate activities, influence activities and be proactive rather than reactive in its strategy so that it has full control over its own destiny.

  2. How to Create a Strategic Plan

    Looking for a way to take your company in a new and profitable direction? It starts with strategic planning. Keep reading to learn what a strategic plan is, why you need it and how you can strategically create one.

  3. How Does Strategic Management Typically Evolve in a Corporation?

    Strategic management typically evolves in a corporation through a four-step process of auditing, development, implementation and evaluation. Most methodologies for strategic management follow the same series of steps.

  4. Integration of Risk Management into Strategic Planning

    Prior to strategy formulation, risk management should assess pre-strategy risks. After the definition of business strategy and strategic

  5. Integrating Enterprise Risk Management (ERM) with strategic planning

    strategic risks. There are three distinct points where. ERM and the strategic planning process can support one another to detect—and manage—different types

  6. 4 steps to integrate risk management into strategic planning

    The outcome of risk analysis helps to determine the risk-adjusted probability of achieving strategic objectives and the key risks that may

  7. 5 Steps to Effective Strategic Risk Management

    Strategic risk management is the process of identifying, quantifying, and mitigating any risk that affects or is inherent in a company's business strategy

  8. Strategic Risk Management: Complete Overview (With Examples)

    Strategic risk management is the process of recognizing risks, identifying their causes and effects, and taking the relevant actions to mitigate

  9. Strategic planning and risk management

    Your strategic plan should include a section on risk management. Risk management is about identifying anything that might go wrong with your project and what

  10. Integrating Risk Management in Strategic Planning

    Organizations need to formulate an effective Risk Management framework to avoid the potential losses of enterprise risks and minimize...

  11. How to integrate risk management into strategic and corporate

    The integration of risk management and planning must start with a clear understanding of your organisational purpose, corporate strategies and goals, and

  12. The Relationship Between Strategic Planning and Risk Management

    Learn how integrating risk management into strategic planning can set your organization up for long-term success.

  13. Risk Management

    As a part of the "mananaging investment systems and Technology process",the aim of risk management is to increase the probability of success of IS/IT

  14. Your one-page Risk Management strategic plan

    Effective risk management strategic planning connects your enterprise strategy to specific initiatives for your function. Done well, your risk management