STRATEGIC RISK MANAGEMENT FRAMEWORK EXAMINED
One of the most important ways SRM is beneficial for an organization is its ability to create opportunities for interaction and risk discovery (sometimes called "risk sensing") across organizational boundaries. This has not always been the case with previous ERM frameworks, where conceptual frameworks were overly formalized and yielded very narrow risk estimates. For most active SRM practitioners, this has proven not to be the case. Even in the area of insurance, where dialogues around risk estimates of frequency and severity are common, the effort to cross internal organizational boundaries has sometimes been met with significant resistance or dismissal.
An illustration of the SRM approach as described by RIMS is shown in Exhibit 25.1.
While first impressions might suggest that the SRM framework is a closed system, in actuality it is a continuous cycle with a robust opportunity for various parts of an organization to recognize and examine risk profiles within the context of a strategy setting, with the focus toward establishing the trade-off between risk transfer and risk assumption.
Moreover, the notion of risk appetite and risk tolerance combined with scenario and stress testing speaks to a more comprehensive analytical framework. The intent of this framework is to drive a different set of "analytically informed" discussions among decision makers who may also be asking whether the risk profile of the organization constitutes a competitive opportunity.
As Fox and Merrifield point out:
Strategic risk management focuses on the risks that may impede or accelerate the organization's strategic objectives for creating value, whether that value is
Exhibit 25.1 Strategic Risk Management Diagram
Source: RIMS Strategic Risk Management Implementation Guide 2012.
expressed as market share, profit, service provision, donor levels, social impact, or other benefit. Strategic risk management serves as a source of competitive advantage for decision making in two aspects: risk to the objectives themselves and risks arising from the plans to meet the objectives. While many organizations include risks to the objectives themselves, little consideration generally is given to the risks arising from the plans to meet the objectives, nor to the additional opportunities evolving from the underlying strategy and from emerging and dynamic risks. When addressed early and linked to the control framework, strategic adjustments can be made relatively quickly.
Fox and Merrifield, RIMS Strategic Risk Management Implementation
The fundamental difference between traditional risk assessment and SRM is the conscious effort to define advantage or exploitable risk profiles that can be used to sustainably differentiate or distinguish the organization in a competitively noisy environment.
-  "Details of Risk Appetite and Tolerance," theirm.org/publications/documents/IRM_Risk_Appetite_Consultation_Paper_Final_Web.pdf.