Strategic Risk Management
By
Bernardo Sichel, Director of Consulting, DSI
THE NEED TO TAKE STRATEGIC RISKS
Strategic decisions entail risks. There is no guarantee that entering a new market segment, committing to a certain technology, or developing a new product will result in financial success. The world is an increasingly complex and uncertain place. Yet, making bold strategic decisions1, and committing the resources and capabilities they require, is an important way of achieving competitive advantage in the marketplace2.
In the face of rising complexity and uncertainty, many companies play it safe and avoid taking strategic risks. They only develop strategies that are resilient across different futures (all initiatives are robust, but with a limited pay-off) or combine them with more daring strategic actions as long as they can be deployed in a flexible way (increasing commitments as new private or market information is garnered). While some of these approaches are necessary, they are not sufficient for maximum wealth creation. There is evidence that robust strategies alone are suboptimal in terms of their risk-return profile3 and that flexible options sometimes do not achieve or sustain advantages in the face of competition or other dynamic forces with temporary windows of opportunity4.
If bold strategies by nature entail high risks, and are an unavoidable component of an optimal portfolio, we then need a better approach to manage the inherent strategic risk.
THE NEED FOR A DIFFERENT APPROACH
In recent decades the world has becomes a much more complex and uncertain place. Think about the debacle of Long Term Capital Management (LTCM) due to sudden changes in market prices, the recent woes of Countrywide in the US or Northern Rock in the UK due to the subprime market implosion and a surge in mortgage delinquencies, or the delays and cost overruns in the Airbus 380 due to problems with wiring installations and political infighting among its parent members.
As a result of this increased complexity and uncertainty, firms have increased their focus on risk management. Organizations in industries like financial services (market and credit risk) and energy (market and operational risk) have been at the forefront of this movement. In this progression, new processes, systems (e.g. advanced risk analytics), structures (e.g. governance models) and tools (e.g. Value at Risk) have been developed to manage different types of risks (e.g. market, credit, operational risks). Even integrated approaches (i.e. Enterprise Risk Management) have been devised to seamlessly and effectively manage all risks affecting a corporation.
Despite all these efforts, strategic risk has remained a secondary thought for many companies. As highlighted by several studies5, strategic risk is the most important category as measured by the potential impact it can have on a company’s performance/survival. Despite all the advances in risk management, there is still not a common definition or an accepted approach to dealing with strategic risk.
A couple of intriguing suggestions to define strategic risks have been provided by Robert L. Simmons of Harvard Business School and Adrian Slywotzky from Mercer Management Consulting. The former defines strategic risk as “an unexpected event or set of conditions that significantly reduces the ability of managers to implement their intended business strategy”6. The latter defines it as “an array of external events and trends that can devastate a company’s growth trajectory and shareholder value”7. While both definitions provide a solid starting point on the topic, we at DSI, provide an alternative one: “The potential for economic loss suffered due to a negative impact on a company’s strategy from changes in its marketplace and competitive environments”. These changes include significant variations in demand, competitive moves by new entrants and current players, and emergence of disruptive technologies or business models, among others.
Regarding approaches to managing strategic risks, there is even less consensus than around its definition. Furthermore, not even all companies agree on the need to conduct a risk analysis on their strategies8. Many organizations are content with discounting their strategies’ “forecasted” cash flows using a risk-adjusted rate. This might be complemented with some kind of sensitivity analysis or Monte Carlo simulation to capture the potential volatility of returns. These exercises, however, are incomplete at best. Without a deep understanding of what factors could derail a strategy (i.e. risk identification), how these factors could change in the future (e.g. scenario view), and how these factors could interact with each other (i.e. systems view), there is no possibility of assessing or mitigating their potential impact.
The Organizations that do apply a formal risk management process to deal with their strategic risks often apply techniques that are appropriate for other types of risks (e.g. market, operational). The typical approach includes identification of individual risks, assessment of their impact on the organization’s performance, and management through risk avoidance, transfer and/or hedging techniques. While much better than doing nothing, this high-level approach does not fully capture the complexities and intricacies of strategic risk management. An ideal strategic management approach needs to expand the identification section to include the possibility of multiple futures (i.e. scenarios), expand the assessment section to incorporate systems thinking (e.g. influence diagrams, system dynamics models), expand beyond the typical hedging and insurance type options to manage risks (e.g. real options and strategic portfolios), and incorporate monitoring as crucial component for strategic preemption and adaptation.
In the remainder of article, we expand on a proposed Strategic Risk Management approach (SRM) and use Mattel’s recent product recall as an illustrative example of how an organization might benefit from using this process.
OUR APPROACH TO STRATEGIC RISK MANAGEMENT (SRM)
Our SRM approach (see Figure 1) covers six steps including the three typical modules of risk management (identification, assessment and management) plus a fourth module (monitoring).
Figure 1 - DSI's Strategic Risk Management Approach
[click image to enlarge]
Risk Identification
The risk identification module is divided in two distinct and complementary steps: hazard identification and scenario development. The objective of the former is to surface the hazards/risks impacting an organization’s strategy, including its main drivers and the stakeholders who could impact them. The objective of the latter is to develop set of plausible futures or scenarios that look at various hazards in combination rather than isolation.
The value of this expanded approach is an extension from one to several assumptions behind key strategic hazards/perceptions. Strategic risks are by nature multi-faceted (e.g. competitive dynamics) and require a more comprehensive treatment than other types of risks. Scenarios that cover a wide range of possibilities provide a better backdrop for surfacing and testing the impact of different types of strategic risks. Scenarios not only provide multiple potential outcomes for various hazards in combination, but they also make sure that risk outcomes and stakeholder behaviors are consistent across scenarios.
In hindsight, Mattel could have clearly benefited from developing multiple scenarios to identify/understand some of the key strategic risks/hazards it was exposed to and the role of different stakeholders influencing their outcomes. Unreliable overseas contractors and product flaws are typically part of the realm of operational risk. However, when these risks work in tandem and reach the proportions that led to the massive recalls of Mattel and Fisher Price toys, the issue becomes a strategic one. Scenarios that envisioned the significant breakdown in product quality and safety, and the reaction of government officials in both sides of the ocean, could have helped foresee and mitigate the losses incurred.
Risk Assessment
The objective of the risk assessment module is to qualify the likelihood, influence, and consequence of the strategic risks. The value of this expanded approach is to move beyond the individual risks to provide an aggregated view of the interaction among the various risks and assess the impact under each one of the scenarios.
One of the most impressive aspects around the Mattel story was the level that the toy recalls reached after all was said and done. By some accounts, the recalls reached more than 9.75 million toys in the US and 18.6 million globally9 with significant current and future losses incurred by the Company. How can any risk management exercise (let alone an operational risk management exercise) focused on individual risks foresee this level of damage? Mattel would have benefited from coupling its risks (through influence diagrams and system dynamics models) and understanding how a first recall could trigger a second one, and a third one. And then how could regulators in the US and China could get involved in an area of low individual probability (i.e. a snowball scenario).
Risk Management
The objective of risk management is to eliminate, mitigate, or transfer the key risks. The value of this expanded approach lies in the techniques used to manage the strategic risks. Given that risk-taking is a necessary condition to achieve competitive advantage, the goal is not to completely eliminate the factors that create the exposure (e.g. the strategic commitments), but rather to improve the risk-reward proposition of the overall strategy or set of initiatives. Apart from the typical actions prescribed from the risk management handbook (e.g. hedges, insurance) there are at least other important actions that can be added to the toolkit: changing the risk-return profile of individual initiatives10 (i.e. designing initiatives as real options) and changing the risk-reward profile of the entire strategic portfolio11 (i.e. balancing a portfolio of no regret moves, flexible options, and selected bets12).
According to the Company, Mattel employs more than 1,500 quality control and safety employees in China, where it manufactures 65% of all its products13. It is therefore difficult to provide an opinion on the operational aspects of the issue. We can, however, comment on the somewhat aggressive posture taken by the Company in terms of its quality and safety standards (even in the wake of initial meetings with the US regulators). Some of the ad-hoc actions taken by the industry include embracing mandatory testing, accepting inspections by government, and developing standard recall procedures. This will carry some additional costs, but it begs the question if the industry leader (Mattel) should have not pushed for some of them to avoid the potential loss of close to $30 million in Q2 alone.
Risk Monitoring
An additional module in our strategic risk management approach includes risk monitoring. The aim of this activity is to monitor the environment to see early whether negative scenarios are emerging. The intent is to expand an organization’s strategic risk appetite without necessarily increasing its exposure (at least not to the same magnitude). A solid monitoring system allows organizations to detect and process changes in the environment before the information becomes available or digestible to competitors. This information can enable them to reduce their sole dependency on strong commitments to achieve competitive advantages (because they can adapt before they need to make those commitments) and/or start the contingency actions before the risks deliver their full impact.
Finalizing in Mattel’s case, they could have monitored the defects and recalls on several other Chinese manufactured products (e.g. pet food scare and more recently on its own competitor RC2 during the Spring). This could have provided much of the needed time to eliminate or mitigate some of its own exposure to Chinese contractors.
BENEFITS OF SRM
Managing strategic risks using our proposed approach enables organizations to take on the necessary strategic risks while managing the downside. Other specific benefits include the following:
- An understanding of an organization’s risk exposure under different futures
- An understanding of the risks’ interdependencies and potential impact
- An ability to explore efficient hedging/mitigation tactics through individual actions, portfolio moves and/or strategic preemption and adaptation.
- The use of a consistent approach and common language
* If you would like to comment on the contents of this article or learn more about DSI’s approach to strategic risk management, contact the author sichel@thinkdsi.com.
Notes
1Pankaj Ghemawat, Commitment: the dynamic of strategy, (New York: Free Press, 1992).
2Aswath Damodaran, Strategic Risk Taking: A Framework for Risk Management, (Philadelphia: Wharton School Publishing, 2008).
3Eric Beinhocker, “Robust Adaptive Strategies,” Sloan Management Review (Spring 1999).
4Michael Raynor, The Strategy Paradox: Why Committing to Success leads to Failure (and What to Do about It), (Boston: Harvard Business School Press, 2007).
5Ajit Kambil and Vikram Mahidar, “The Value Killer,” Deloitte Research (2005). According to this study, two-thirds of the surveyed companies identified strategic issues (e.g. pricing pressures, demand shortages) as the most important factors impacting their performance/survival.
6Robert L. Simons, "Note on Identifying Strategic Risks," Harvard Business School Note 199-031.
7Adrian Slywotzky and John Drizik, “Countering the Biggest Risk of All,” Harvard Business Review (April 2005).
8This is evidenced by DSI’s own experience working with multiple Fortune 500 companies, especially non-financial ones; it is also interesting that risk management does not appear as one of the most used management tools in Bain’s "Management Tools and Trends Study" (2007).
9“Mattel Recall May Impact Holiday Shopping Season,” The Boston Globe (August 14, 2007).
10Paul J.H. Schoemaker, Ph.D., Profiting from Uncertainty: Strategies for Succeeding No Matter What the Future Brings, ( New York: The Free Press, 2002).
11James Lam, Enterprise Risk Management: From Incentives to Controls, (Hoboken: Wiley, 2003).
12Hugh Courtney, 20/20 Foresight: Crafting Strategies in an Uncertain World, (Boston: Harvard Business School Press, 2001).
13“Mattel Head Faces Congress on Recalls,” Financial Post (September 11, 2007).
