In a recent survey, Deloitte and Forbes Research evaluated the strategic risk management practices of more than 300 large global businesses. The vast majority of survey respondents (81 percent) said their company explicitly manages strategic risks, which Deloitte defines as risks that affect, or are created by, an organization’s business strategy and strategic objectives. And almost all (94 percent) said they’ve changed the way they approach strategic risk management over the past three years.
Anecdotally, the report quotes Dr. Georg Klein, chief risk and internal control officer, corporate finance and controlling, for Siemens AG, as saying: “In former times, we were very much focused on quantifiable risks and had the tendency to quantify risks in order to report them as part of our enterprise risk management. However, we found that some of the most relevant risks might only have a financial implication after a couple of years, or it might even be quite hard to have a sensible estimate on the financial impact of these risks. So we decided to consciously expand from a pure quantification approach of risks to a more qualitative approach that allows integration of soft data for issues such as regulation, media, or reputation. This provides a more comprehensive picture of the challenges that are in front of the company.”