Management may therefore tend to view every strategic decision as a deviation from the current status quo (i.e. their reference point). Failures are felt more acutely than gains resulting in excessive risk aversion and lack of risk-taking and underinvestment. This effect is more prevalent when decisions cannot be pooled and diversified across an individual’s career or across the organisation.Source: D. P. Lovallo and O. Sibony, Distortions and Deceptions in Strategic Decisions, The McKinsey Quarterly, 2001, No. 1
82Suggested actions to address cognitive biasesType of decisionFocusPossible ActionsFrequent small decisionsReduce loss aversion●Culture and incentive system that rewards a balanced approach to risk-taking and profit ●Increased use of technology to replace human based decisions where it is suitable and possible ●Learning environment that gives rapid feedback (includes monitoring systems that backtest decisions)Large unique decisions (the most common strategic decisions)Reduce optimism bias●Culture that embraces challenge ●Governance around strategy setting process ○ensure multiple options considered ○formalise decision-making criteria ○recognise the impacts on stakeholders including competitors ○integrate with the risk management process and subject proposals to risk analysis ○independent and post-implementation reviews ●Governance of implementation ○clear accountability and responsibility ○aligned incentives ○monitoring of key performance targets ○monitoring of key risks indicators
83Strategic risk management guidance in ISO 31000:2009A.Manage the setting of strategy as a risk like all management activities. Intent of principle(b) is that risk management is an integral part of all organisational processes.B. Design and tailor the risk management frameworkto give effect to principle (b) (4.3.4)C. Understand the current strategy when undertaking the risk process: ●Articulating objectives (126.96.36.199 ) ●Establishing the internal context (5.3.3) ●Establishing the external context (5.3.4) ●Defining risk criteria (5.3.5) ●Changing the strategy as a treatment (5.3.6)
84COSO Strategic risk management frameworkThe ISO 31000 standard has relatively little to say about how to manage strategic risk. In many places, the strategy is taken as a given. In 2017 COSO released an updated ERM guidance that expressly considers how to manage strategic risk. Their framework has three components of strategic risk. COSO componentOur definitionComparison1.Risks to executing the strategy Risk of badly executing the strategysame2.Implications arising from the strategyThe risk of choosing a bad strategyrisks not well understood causing immediate sustainability issues3.Risk of the strategy not aligning with objectives and stakeholdersrisks well understood but strategy is a poor fit to the organisation causing long term sustainability issuesSource: F. Martens and S. J. Perraglia, Risk Through the Eyes of Strategy, PWC
85COSO Component 1: Strategy execution risk ▪
You've reached the end of your free preview.
Want to read all 112 pages?
- Three '16
- risk principles