Organizational risk can take many forms, from the threat of a cyberattack to supply chain bottlenecks, social media disasters, or a large workforce turnover. Among the different categories of risk, strategic risks are those that stand to do the most damage to an organization because they cut right to the heart of an organization’s ability to execute its strategy or continue its business operations. For that reason, the identification and assessment of strategic risk should be a core part of every organization’s ERM program.
Drawing from the results of our Emerging Practices in Enterprise Risk Management (ERM) study, this article examines:
- the amount of time organizations spend on strategic risk;
- processes and practices that leading organizations use to identify and assess strategic risk; and
- how organizations integrate ERM with organizational strategy as a way of managing strategic risk.