There’s | 7 1. Advance Advance strategic thinking to improve value creation Organizations are not created to manage risk, they are created to generate value as part of a broader aspirational purpose; as a result, they need to focus on the risks that directly impact their purpose and business strategy. Organizations that methodically identify, assess and respond to the risks that impact their business strategy are better equipped to define risk responses that reduce the negative impact of risk while maximizing its upward potential. They think strategically about risk. 1. Identifying and assessing the risks that impact your business Organizations need to continuously evaluate their business strategies and determine the level of risk exposure they are willing to accept to generate value, otherwise known as their risk appetite. This approach better enables organizations to effectively and methodically identify and assess their risk landscape in the context of their business, as depicted in the graphic on page 2. In this year’s GRC survey, 77% of respondents only evaluate their organization’s risk profile on an annual basis, limiting their ability to adjust their business strategy based on changes to their risk landscape. In the table below, some of the potential risks associated with each business strategy are identified, applying the three risk categories — strategic, preventable and external. Each business strategy requires taking a strategic risk in search of higher reward (e.g., high ROI). They each also introduce preventable risks that must be dealt with as a result. Lastly, external risks may exist that could negatively impact each strategy. Business strategies Strategic risks Preventable risks External risks Expansion into new and emerging markets Minimal ROI in new sales and distribution channels Non-compliance with new legal and regulatory requirements Government actions to block market penetration or expansion Acquisitions or joint ventures Underperforming assets acquired through acquisition Failure to detect accounting or financial irregularities Political reform or action blocking M&A transactions Development of social and mobile platforms Low adoption rate of digital platforms by consumers Disruption to customer interfaces and transactions Natural disaster impacting IT supporting infrastructure Transformation of finance and accounting functions Disruption to business and customer support processes Changes to existing risk and controls framework Economic shift requiring cuts to capital expenditure Organizations that exhibit advanced strategic thinking: 1. Identify and assess the risks that impact their business 2. Design risk response plans 77% of respondents evaluate their organization’s risk profile on an annual basis, limiting their ability to adjust their business strategy based on changes to their risk landscape.