Part 2: Understanding the Siloed Functions between Risk and Strategic Planning

This is part of an ongoing series focusing on aligning strategy and risk management. It is worth reading the first article of this series. Part 1 is here.

As we mentioned in Part 1, One of the challenges risk and strategy are not aligned and integrated is that in many organisations, risk management and strategic planning operate in silos, often residing in different departments with distinct objectives. This article explores that aspect in more detail.

This segregation between risk and strategy can lead to a lack of collaboration and integration, resulting in missed opportunities to enhance the overall organisational resilience and strategic success.

Let's first look at why this challenge around siloed functions happens.

1. Different Functions: Risk management and strategic planning typically exist in separate functions within an organisation

2. Distinct Objectives: Not always, but in most organisations, Each function has its own set of objectives. Strategic planning aims to ensure the organisation achieves its strategy, vision, and mission. While risk management focuses on protecting the organisation. In most cases, although both these objectives may seem to be driving to same outcome, they are not aligned.

3. Lack of Mutual Understanding: Teams within these functions may not be educated on how each impacts the other. Which is a double whammy. As these teams are not educated themselves, they can not educate others.

4. Focus on Tactical Day-to-Day Activities: I do what is in front of me, my day-to-day grunt work. Both functions often get bogged down with day-to-day tasks.

Now, we can probably write a few chapters on how we can improve and solve these challenges, which will go beyond the confines of this short article. But, let's touch on a few aspects.

1. Cross-Functional Committee Participation: Encourage members of the risk management team to participate in strategic planning committees and vice versa

2. Integrated Reporting: Develop and share with a broader audience, reports that connect risk assessments with strategic objectives. Hear feedback, improve and repeat the cycle.

3. Data Integration and System Interconnectivity: I can't emphasise this enough. This needs its bold wording. Connect data and systems used by both functions.

4. Regular Joint Meetings: Hold regular meetings between the governance committees of both functions. These meetings can facilitate ongoing dialogue, ensuring that risk considerations are integrated into strategic planning and vice versa.

5. Board and A&RC Education: Educate the Board and Audit & Risk Committee (A&RC) to enquire whether strategic plans have considered potential risks and whether risk mitigation strategies align with strategic goals. This top-down approach can drive greater integration across the organisation.

More to come in Part 3.