Crafting The Strategic Risk Mitigation Plan

Whoever we are and whatever our businesses, we are forced to pause and consider for a moment, the new force that disrupt us. And before we even begin to make sense of the magnitude of the pax intermittitur known as Covid-19 to everyone these days, a barrage of unsolicited information and grim stories from countries near and far hit us full force in the face.

As the situation shifted from the probability to the reality of movement control order (MCO) and lockdown in harder hit places, we scrambled to postpone scheduled engagements, installed all sorts of online apps to pick up where we left, and suddenly the already precariously imbalanced work life are beginning to tip over. Work from home (WFH) seems to be the best alternative, and then becoming the only alternative in matter of days.

Soon, we begin to read messages from friends lamenting the distractions from children as childcare centres are closed, some work longer hours than usual and a hosts of other conundrums, while at the same time keeping up with streams of statements and directives from selfappointed pundits, organisations, authorities and government.

Are we ready for crisis and the risks that come with it? For instance the UK initial mitigation strategy involving herd immunity raised eyebrows as it was deemed at odd with others, which was changed drastically after the Imperial College Covid-19 Response Team presented the non-pharmaceutical interventions (NPIs) mitigation strategy scenarios. The US President had to bark order to force companies like GM and Ford to produce more ventilators, and the image of a tearful Italian President addressing the press as Italy led the world in the highest
Covid-19 death toll.

As Covid-19 grounds countries to a halt, so too are the organizations. So how should organizations respond to strategic risk of this unprecedented magnitude? This set of looming threats called the strategic risks send many managers Zoom-ed, Webexed, Skype-d and Google Hang-ed Out to the virtual meeting rooms. Some probably found themselves in a situation not quite unlike the Titanic’s lookouts in the crow’s nest watching the ship sailed towards the looming iceberg on the fateful night of April 14, 1912.

Strategic risk

Adrian Slywotzky and John Drzik write about Countering the Biggest Risk of All in the Harvard Business Review to help us understand that the key to surviving strategic risks is knowing how to assess and respond to them. “A strategic risk is an array of external events and trends that can devastate a company’s growth trajectory and shareholders’ value”, Slywotzky and Drzik

They proposed a Manager’s Guide to Strategic Risk which include identifying and  assessing risks, mapping risks, quantifying risks, identifying the potential upside for each risk, developing risk mitigation action plans, and adjusting capital decisions accordingly. Executing the strategic risk mitigation plan (SRMP) when crisis is unfolding requires a highly strategy-supportive ecosystem with the top management at the frontline because it is easily the most demanding part of the strategic management process – that is, if there is an SRMP ready to be executed. The problem is, according to Slywotzky and Drzik, organizations tend to treat risk management as an extension of audit or regulatory compliance processes, managers would find themselves ill prepared and under-sieged in the face of unprecedented risk such as Covid-19 pandemic with mere rudimentary mitigation plan.

Unfortunately, managers often view strategic risk as ‘managing risk strategically’, says Craig Rowe, CEO of ClearRisk. Strategic risk is often overlooked in the enterprise risk management (ERM) because of ERM’s deep root in finance. James Lam, an industry expert who has studied ERM found that strategic risks cause 60% of market cap decline while other risks combined account for 40% (where financial risks account only for 10%), indicating that strategic risks are far more consequential yet neglected. The managers must understand the speed, breadth and depth of strategic risks in preparing SRMP.

Developing and Executing SRMP

When crafting SRMP, each manager has to think through the answer to: “What has to be done in my area to execute my piece of the strategic plan, and what actions should I take to get the process under way – even in the face of unprecedented challenges and risk?”

  1. Identify Risk
    Identify risk posed to the strategic objective or key performance indicator (KPI) and set target. If nothing is being done, the organization’s vision and mission could be compromised.
  2. Determine Strategic Risk Triggers
    Begin the “If” of “If … Then” Scenario Planning. Slywotzky and Drzik have outlined seven categories of strategic risk triggers, and they are industry, technology, brand, competitor, customer, project and stagnation. Amy Webb, on the other hand, writes about The 11 Sources of Disruption Every Company Must Monitor in the MIT SMR’s 2020 which is part of the Deloitte Spring 2020 Special Collection entitled Disruption 2020. She lists eleven sources of ‘macro change that are typically outside a leader’s control’ representing potential strategic risks such as wealth distribution, education, infrastructure, government, geopolitics, economy, public health, demographics, environment, media and telecommunications, technology.
  3. Describe the Strategic Risk
    Explain the challenges and threats posed by the strategic risk and the potential adverse results that will follow. Determine the key risk indicator (KRI) which is a measure used to identify potential losses.
  4. Develop Strategic Risk Mitigation Plan
    Continue the “Then” of “If … Then” Scenario Planning. Assign multifunctional team responsible for each strategic risk identified and identify as many alternative plans (Plan A,B,C and so on) to avoid or minimize the impact of Strategic Risk trigger.
  5. Discuss Strategic Concerns
    Identify the potential threats which may frustrate the proposed SRMPs.
  6. Risk Analysis Components
    The impact (the effect or influence of the strategic risk) and likelihood (the chance or probability of the strategic risk will occur) are analyzed to determine the risk score and risk matrix grade in order to assist decision making on the implementation of the SRMP, the responsible person and contingency budget.

Table 1: A strategic risk map

Strategic risk map such as depicted in Table 1 shall be of great help so that the SRMP can be seen at a glance. A comprehensive SRMP may allow managers to turn defensive move into an offensive opportunity. It is crucial for managers to always find ways to improve the odds
of success apart from mitigating risks.

As Slywotzky and Drzik put it, “The greatest opportunities are often concealed within the defensive countermeasures.”





Dr. Helen Tan @DrHT is a Senior Lecturer and Strategist,

teaches Strategic Management, Negotiation and Strategic Decision Making at

Universiti Teknologi Malaysia.

She is @DrHT00971192 on Twitter and can be reached via email,