The development or revision of a strategic plan is an ideal occasion to initiate a more systematic approach to managing risk, by integrating risk management into the development of the new plan and its subsidiary business plans.
The figure below shows how this can take place so that the two activities are integrated. Our experience is that if risk management is run in parallel to organisational processes such as strategic planning or project management, rather than embedded within them, invariably it is viewed as less relevant and so it is much harder to create true value for the organisation.
In August Grant Purdy facilitated a study for a major mining contractor in South America that:
- Developed the basis for future risk management in the company, particularly in terms of a suite of risk criteria, a risk register system and a suitable process for risk assessment
- Prepared for and stress tested the draft five-year strategic plan, using risk assessment to challenge the draft plan objectives
- Developed risk treatment plans, with actions to support the achievement of the new plan objectives
- Identified the key controls that the company should monitor in the future, to ensure their effectiveness and thereby support the achievement of the strategic objectives
- Provided the basis for governance oversight and reporting on risk.
As a result of this study, several key objectives were changed and the company developed a series of detailed actions that have become the basis for the business plan for the next year. The company also had the foundations for a new framework for the management of risk. Grant was able to help the senior executives identify the most important controls that would have to be maintained to ensure their business was successful and achieved sustained growth.