Identifying strategic objectives and risks
Enterprise risk management (ERM) programs enable organizations to balance risks and opportunities in order to achieve their strategic objectives. While ERM can focus entirely on evaluating the negative impact of an organization's exposure to uncertainty, it can also be used to identify potential opportunities. In this article, we discuss how to identify strategic objectives and risks using the Strategy app.
What are strategic objectives and risks?
Strategic objectives are high-level goals that align with an organization's strategy.
Strategic risks are risks that affect an organization's strategic objectives. These risks can be uncertainties or opportunities, and are normally the key matters that concern the board.
Where do I identify strategic objectives and risks?
At Diligent, we use the Strategy app to define our strategic objectives and risks. Our ERM program enables us to align on our values, vision, and valuation, accelerate our growth agenda in our go-to-market capability and product innovation, and ensure we always deliver the best experience to our customers.
The big picture
- The Strategy Map represents your organization's business and legal entity structure using a two column layout that illustrates operating segments and strategic objectives.
- The Risk Library is a curated repository of general and industry-specific risks that you can use to import into your Risk Profile.
Within the Strategy Map, you can associate operating segments and strategic objectives. Within the Risk Profile, you can link risks to the strategic objectives defined in your Strategy Map to assess risk and visualize risk aggregations.
Steps
Ready for a tour?
Let's take a closer look at these features in context.
1. Model your business structure and objectives
In Strategy, you can model your business and legal entity structure to help assess your organization's strategic risks, define the behaviors that characterize your organization's core values and attitudes towards risk, and define your organizational risk appetite in alignment with the strategy of your risk management program.
Example
Scenario
You are a risk professional that needs to model your business and legal entity structure in order to help assess your organization's strategic risks. Your organization is comprised of several departments, with each department associated to a relevant strategic objective.
Process
Help topic Setting up your Strategy Map
First, you customize the column labels as follows:
- Left column Departments
- Right column Strategic Objectives
Then, using your organization's 10-K report (Vandelay), you add your organization's departments and strategic objectives to the Strategy Map, and associate the departments to the relevant strategic objectives.
Result
Your Strategy Map is setup as follows:
2. Add risks to your risk profile
The Strategy app provides common key risks disclosed across a given industry within its Risk Library. Risks are curated and normalized from S&P 500 10-k reports, Basel, and more. Each industry-specific risk is populated with a full description, and can be easily imported to your organization's risk profile.
Tip
Some industry-specific risks are available by subscribing to content suites offered through the Content & Intelligence Gallery , a central repository for industry-specific content that can be used in Diligent products.
Example
Scenario
Now that you've set up your Strategy Map, you're ready to begin the process of adding risks to your organizational risk profile. You want to ensure that the risks you identify are ones that will impact the achievement of your organization's strategic objectives.
Process
Help topic Importing and adding risks
Using the Vandelay 10-K report as a reference, you manually add the following risks to your organization's risk profile:
- Latex formula
- Litigation risk
- Retailer risk
- International compliance risk
Then, you import the following risks from the Manufacturing - Engineering and Technology industry list in Risk Library:
- Data-breach of sensitive information
- Inability to manage indebtedness
- Non-compliance with environmental laws and regulations
- Non-compliance with industry laws and regulations
- Supply chain risk
- Top talent loss
Result
Your risk profile now contains 10 strategic risks:
3. Define risk attributes
To support a consistent risk taxonomy, you can define custom fields that capture different risk attributes to help you characterize, assess, and report on risks. You can classify risks into one or more categories, specify risk owners, provide information about the organizational risk appetite, and rank risks to help determine which risks may need to be mitigated first.
Example
Scenario
You have added all your strategic risks to one central location, but you want to set yourself up for success when it comes time to assess and report on risks. To do this, you need to capture additional details about each risk in your organizational risk profile, and configure the different risk states within the risk profile to align with your organization's terminology.
Process
Help topic Defining risk attributes
First, you define a series of risk attributes fields that will apply to each risk identified. Then, you characterize and categorize each risk using the defined risk attributes. For example, you characterize the Top talent loss risk as follows:
Finally, you customize your risk profile's column headers to align with your organization's preferred terminology: Assess, Accept, Avoid, Monitor, and Transfer.
Result
You have characterized and categorized each identified risk, and customized your risk profile for your organization.
What's next?
Learn how to implement enterprise risk management
The Strategy app allows organizations to develop a common set of assessment criteria, and assess and prioritize risk.
To find out more, see Implementing enterprise risk management.
Enroll in an Academy course
Continue to build your knowledge on the concepts introduced in this article by taking the STRAT 100 learning path.
Academy is Diligent's online training resource center. Academy courses are included at no extra cost for any user with a Diligent One subscription. For more information, see Academy.