The reason companies and their executives so often fail to systematically manage strategic risks is rooted in the way companies define the risks they face.
A dictionary defines risk as “a prospect of loss.” A more precise definition found in financial theory is “the potential for a worse outcome than one is expecting.” Better outcomes than expected do not constitute risk (though economists may refer to them as “upside risk”).
If risk is clearly defined in the literature, strategic risk is not. Surprisingly little research has been done into strategic risks. The more notable works in recent years have been by two professors, Robert Simons and Elizabeth Teisberg.
Simons defines strategic risk as “an unexpected event or set of conditions that significantly reduces the ability of managers to implement their intended business strategy.” He recognizes three main types of strategic risk: operational, asset-impairment, and competitive. The first two have to do with the company’s assets and processes. The last relates specifically to external events—changes in the competitive environment. For reasons outlined below, I will focus on the latter, as this has been the weakest link for many companies. Moreover, while it is clear that operational and asset-impairment risks—a defective manufacturing process or a reduction in the value of a firm’s financial assets—can hamper managers’ ability to implement their strategy, my concern is not limited to implementation. The risk I call strategic is the risk that the strategy itself is misaligned with market conditions.
Companies find it easier to deal with Simons’s first two categories of risk. This is because risk management in large companies has always been defined in functional terms and then compartmentalized. Companies recognize financial, operational, and public relations risks, and these are handled separately by various departments in the organization.
Financial risk, for example, is the most familiar type of risk to most corporations. It deals with the risk that financial markets and default by debtors pose to the firm’s cash flow and balance sheet. A famous example of financial markets’ risk is Procter & Gamble‘s loss of $157 million on two interest swaps with Bankers Trust back in 1994. Other examples include UBS, the Swiss-based global bank, which bought $1.2 billion of Japanese banks’ shares in 1997 and lost $600 million when the Japanese banks collapsed during November 1997. LTCM (Long Term Capital Management), an investment company, lost a cool $2 billion betting on the wrong spread between rates on various financial instruments. It also faced another financial hazard—liquidity risk—when it could not sell its assets fast enough to cover $3.6 billion of margin calls. A credit risk example is Chase Manhattan, which almost collapsed in the 1980s when Brazil defaulted on its debt. The financial community, being the leader in researching (financial) risk, has devised sophisticated tools (not all successful, however, as the examples above demonstrate) to manage it. Nonfinancial companies followed, with the chief financial officer (CFO) taking the role of chief risk manager in the typical large company, protecting the firm against the variability of currency, stock, and bond markets as well as changes in the prices of essential raw materials.
Businesses recognize another class of risk: operational. This is the risk that originates from operations. Exxon’s Valdez oil spill in Alaska and Union Carbide’s toxic explosion in its Bhopal plant in India are examples of health and environmental risk from operations. Most companies (at least in the Western world) have devised elaborate procedures and processes to deal with operational risk, including crisis management contingency routines.
Then there are public relations risks. Johnson & Johnson’s famous handling of the Tylenol poisoning demonstrated how companies that are prepared to handle a PR crisis can do well despite the initial customer reaction.
Strategic risk stemming from the competitive environment, especially the strategy risk I term “industry dissonance,” is much more difficult to manage. Its identification is no one’s job and everyone’s job. Its management is the responsibility of executives (especially business unit’s executives), but they are often too busy to worry about matters as ambiguous as future strategic risks. Existing financial policies and operational safeguards are helpless against the risk of industry dissonance because assumptions about the industry’s future direction, which underlie industry dissonance, are cross-functional. These assumptions underlie companies’ overall strategies, not just their financial or operational strategies. When a company’s strategy no longer fits the emerging reality of the industry and the market in which it competes, risk becomes a strategic rather than a functional issue in that the company’s overall strategy must be adjusted. Since strategy is a pattern of functional policies and activities, not just one overriding vision, many different adjustments may be needed. For example, marketing, human resources, production, and sales activities and policies may have to change in response to a change in buyers’ preferences. Purchasing, manufacturing, logistics, and selling policies may have to be adjusted in reaction to or in anticipation of a significant change in the structure of the supply chain.
Functional “silos” in corporations dictate that no one in particular is actually in charge of managing this risk of industry dissonance. Companies need a system that cuts across functions. In the case of corporate strategy, when a corporation is made of related businesses so strategy is not a mere portfolio shifting, tensions between business units and the parent company create substantial barriers to the systematic management of strategic risks that cut across several units or sectors. Presidents of divisions or general managers of business units are as “siloed”—i.e., insulated inside their areas—as functional managers are when it comes to looking at the overall external picture in the industry. Balanced Scorecards and other recent management tools have had almost no effect on this endemic problem.