top of page

Uniting Strategy and Risk Management to Seize Opportunity in Uncertainty

Developing systems to strategically mitigate risks and capitalize on opportunities

Few things are as essential to long-term value creation as the ability to successfully and repeatedly anticipate and navigate strategic risks. Yet in too many C-suites, a risk-averse culture reigns that puts their organizations in jeopardy of losing out to nimbler rivals. True strategic risk management is the discipline of anticipating, preparing for, capitalizing on or mitigating, and learning from the disruptions that could either enhance or impair the organization’s ability to achieve one or more strategic objectives. In our experience, at most companies, this crucial capability is rarely functionally embedded in the organization, core to the culture, or integrated into the strategy development and planning process.

By not linking risk management and strategic planning more closely, companies may be less likely to turn potential strategic disruptions to their advantage. Being the first to adopt an emerging technology that could radically transform the economics of the business may have potential operational or legal downsides. Making moves to shape or influence the evolution of regulations or an entire sector could lead to negative press or undesired outcomes. But each could also bring a step change in competitive advantage.

It’s time for leaders to think more strategically about risk. By building an anticipatory strategic risk intelligence capability and mindset—a foresight superpower—organizations can expand their thinking on risk, broadening their focus beyond mere reactive and defensive value protection, to one that embraces risk proactively to create value.

The Status Quo

Nearly all companies have some version of a risk management and compliance function to address financial risk, legal and regulatory violations, disaster recovery plans, and the like. And they also have a strategic planning function that drives annual budgets and regular, if at times perfunctory, updates to medium-term plans.

But in too many cases, these functions operate in silos. Traditional risk and compliance departments have typically viewed risk as a negative—something to mitigate or defend against, rather than to embrace thoughtfully and strategically. While risk aversion may make sense when seeing only the potential negative impact, risk by definition is a two-sided coin with challenge on one side and opportunity on the other. Given that, addressing risks, particularly at the strategic level, requires a more nuanced approach.

Rethinking Your Approach to Risk

In our experience, those organizations best able to prosper in today’s uncertain, fast-paced, and complex business environment exhibit four best practices that enable them to sustain and extend competitive advantage by taking a smarter and more strategic approach to risk.

They see risk as a two-sided coin. Disruption creates both winners and losers. And you can only be one of the winners if you can see both sides of the coin—and are able not just to avoid the challenges, but also to envision and decisively embrace the potential opportunities within strategic risks. For most organizations, getting there requires a reboot of how they think about and evaluate risk. For example, instead of only taking a defensive posture and asking “How do we avoid a bad outcome?”, also explore potential offensive moves by asking, “How might we outflank the risk itself?”—or “How might we leverage the risk to leapfrog rivals?”

Faced with uncertainty about the future regulatory environment around climate change, many energy companies have taken a largely risk-averse wait-and-see approach. By contrast, Ørsted, an organization that had been responsible for one third of Denmark’s CO2 output, turned over the coin: by taking time to envision and anticipate future value pools, it saw the “green” in green energy. As a result, it seized the opportunity to shift its growth strategy toward sustainable energy and is now the global leader in offshore wind.

They systematically explore a broader range of strategic implications of the key potential disruptions they face, and then focus on the ones that matter. Not every possible disruption presents a strategic risk—only those that have the potential to impact an organization achieving one or more of its strategic objectives. AI, blockchain, and nanotech are common examples today, but each organization will have its own list. Best practice companies systematically explore the strategic implications of key disruptions—but then focus on the short list that makes a difference. For Sears in the 1990s, its failure to seriously understand and address the threat to its middle-of-the-road department store model from discounters like Walmart, big box stores like Home Depot and Best Buy, and specialty stores like Gap and The Limited set it on a course that led to its acquisition by Kmart. Its cautious risk appetite, combined with its misreading of the strategic environment, were a poor match for the radical disruption and aggressive competitive marketplace it faced. The risk was knowable and compete-able, yet Sears held back—choosing to double down on apparel while under-resourcing more fundamental business model innovations—allowing others to transform the retailing landscape.

The best organizations can rapidly triage the portfolio of disruptions they face. They elevate those that could affect a strategic objective and address them with a cross-functional, more in-depth, and more creative approach. And they delegate the rest to other levels of the organization.

They seek to understand which risks might materialize when—and why. They go beyond the “what” and “so what” to the “now what,” focusing not just on how the strategic environment could shift, but also on what moves they could make to get ahead of the shift, or even shape or accelerate it, to put rivals at a disadvantage. They concentrate on better understanding and preparing for the potential impact of the disruption, rather than getting distracted with academic debates on the relative probability of it happening. This action-oriented approach builds alignment across the enterprise, preparing it to act decisively to either proactively trigger a disruption, or to move rapidly if and when a particular disruption starts to materialize.

And they also explicitly explore and assess their risk appetite across a range of potential disruptions and scenarios. Based on their understanding of the impact of a particular disruption and the attractiveness of a specific set of moves, they determine how best to balance the tradeoff between value protection and value creation in pursuit of their strategic ambition.

They build a strategic risk intelligence capability. Foresight analytics and modalities like war gaming and competitive simulations are becoming critical capabilities to help organizations explore uncharted territory. They help anticipate disruptions, support strategic decision making, enhance competitive advantage, and boost resilience. Similar to emergency drills for first responders, these data-driven immersive experiential exercises—for example, tabletop exercises, war games, and full-blown scenario planning—can prompt business leaders across multiple functions to think through and act out situations they had not previously envisioned. The objective is not to predict precisely what will happen in the future, but rather to create an early-warning system by anticipating multiple possible futures, challenging the assumptions underlying existing plans, identifying gaps and vulnerabilities, envisioning potential moves by competitors, highlighting possible value creation opportunities, understanding key triggers, and developing a strong sensing “watchtower” capability to track critical strategic indicators. Taken together, this helps an organization foster and embody a culture of “test, fail fast, learn faster” that will be foundational in helping build strategic resilience.

Walmart, for example, has developed a machine learning tool that helps it anticipate disruptions—whether resulting from natural disasters, geopolitical shifts, pandemic, or other factors—on both the demand and supply sides of their business.1 This tool better enables the company to take the necessary strategic and operational steps to have the right inventory available where it’s needed, shortly before it’s needed.

They incorporate a risk lens into their strategic planning processes and a strategic lens into their risk management processes. While the conceptual ideal would be to integrate strategy development and risk management into one foresight superpower, at a minimum this is about elevating the importance of understanding and preparing for strategic risk with executive leadership and the board, and then ultimately throughout the organization. It’s about integrating risk intelligence into the strategic planning process and moving the chief risk officer and chief strategy officer not just to the “big table,” but near the head of that table and actively engaging with each other.

It’s about institutionalizing what we call an Uncertainty Advantage—and creating a strategy-led, risk-intelligent organization that doesn’t just survive disruption, but actually thrives on it.

While the traditional approaches to risk management and strategic planning have served companies well in the past, today’s more volatile and fast-moving strategic environment calls for a newer, more dynamic approach to risks. Rather than trying to predict the future, the winning approach to strategic risk management begins with imagining, understanding, and preparing for multiple diverse futures that emerge at the intersections of the critical uncertainties you face. This approach typically reveals both challenges and opportunities that live in the seams and gaps between existing plans. It seeks to maximize value creation while not forgetting about value protection. And it calls for a culture of anticipatory preparedness, strategic humility, and a risk-intelligent willingness to act to shape and own the futures as they unfold.


bottom of page