RIMS Defines Strategic Risk Management

RIMS on Tuesday released a definition for a growing discipline within risk management: Strategic Risk Management (SRM). RIMS defines SRM as a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization’s strategy and strategy execution.

Published on May 4, 2011

RIMS Board of Directors identified strategic risk management as an emerging practice several years ago, viewing it as the next step in the evolution of enterprise risk management. In 2009 the board commissioned an external study that found that organizations are seeking direction from a global leading authority that can provide services in these evolving practices.

“While many organizations have included strategic risk management as an integral part of their respective enterprise risk management practices, others are developing or practicing strategic risk management as a distinct discipline outside of a formal enterprise-wide risk management model,” says Carol Fox, RIMS Director of Strategic and Enterprise Risk Practice. “RIMS aims to be the leading global authority on SRM at all levels.”
RIMS emphasizes that SRM represents an important evolution in enterprise risk management, based on the following guiding principles:

    A.    Value-driven: Specifies the foundation and approach for creating, capturing and protecting enterprise value, while serving as a source of competitive advantage
    B.    Reflective: Addresses the unintended consequences and potential exposures arising from, and created by, operational plans designed to execute strategy
    C.    Structured: Evaluates risk and reward trade-offs within the organization’s appetite for risk and its risk control framework
    D.    Informed: Increases risk intelligence and risk-informed decision making with respect to strategic decisions at the board and executive management level
    E.    Dynamic: Recognizes the positive as well as negative impact on enterprise value (e.g. on earnings, cash flow, capital, reputation and differentiating position) arising from emerging and dynamic changes in the environment
    F.    Process-based: Represents an applied method and process in effective strategic decision-making, operational implementation of decisions and responsiveness to industry, economic or technological changes
    G.    Condition-based: Evaluates strategies in the context of significant internal and external conditions, such as organizational capabilities, environments, forces, events, trends and stakeholders
    H.    Consequential: Prioritizes and manages strategic exposures by relevance, importance and uncertainty in risk taking as well as mitigating strategic risks[1]
    I.    Interdisciplinary: Encompasses the intersection of strategic planning, risk management and strategy execution
    J.    Scenario-driven: Focuses on the calculation of investment, resource needs and capital allocation through scenario and stress testing

Recognizing that strategic risk management is an evolving practice, RIMS has formed a Strategic Risk Management Development Council to complement the strong work of its ERM Committee in this focused area. This advisory council is comprised of strategic and enterprise risk management practitioners as well as a published academic on the topic. In creating the council, RIMS emphasizes that SRM is not meant to supplant ERM, nor is this focus on SRM intended to create a new risk management silo. RIMS envisions the convergence of ERM and SRM as more organizations formally adopt enterprise risk management.