The importance of strategic risk management to the modern organisation

A. Introduction

Risk is part of every human endeavour. In human history, in the broadest sense, we are still hunters and gatherers, risk and survival always went hand in hand. And even today, from the moment we get up in the morning, drive or take public transportation to get to school or to work until we get back into our beds, we are exposed to risks of different degrees. As the former prime minister of the United Kingdom Harold Macmillan said in short words: “To be alive at all involves some risk.” However, Warren Buffet once expressed that “risk comes from not knowing what you're doing”. Therefore appropriate risk evaluation and management is necessary for everyone every day.

The following will explain why a proper risk management is crucial for every firm. It will discuss the benefits and challenges of risk management and with reference to the automotive industry the key risks will be outlined within the risk categories Strategic Risk, Operational Risk, Environmental Risk, Financial Risk and Reputational Risk and it will be discussed how these can be managed.

B. The Importance of Strategic Risk Management

Organisations always face numerous risks no matter how big or small they are. While mostly being defined as probability or threat of damage, injury, liability, loss or any other negative occurrence that is caused by external or internal vulnerabilities, the International Standards Office (ISO, 2009) defines risk as the “effect of uncertainty on objectives”. However, to make a business thrive, taking risks is unavoidable.

Michael Dell (1999) once said, “There’s no risk in preserving the status-quo, but there’s no profit, either”. Therefore it is essential for firms to manage risks in the best possible way, to actively seek, and understand the major risks they face and set operations in place that will enable them to manage any risk to their advantage.

1. What is Risk Management

Traditional risk management sees its purpose in removing or reducing risk exposures. Today it must be looked at from a much broader perspective where increasing exposures to some risk is paramount to success. Expressed in short words risk management “is the continuing process to identify, analyse, evaluate and treat loss exposures and monitor risk control and financial resources to mitigate the adverse effects of loss” (Marquette University, 2015).

Key to maintaining an efficient risk programme is to increase the understanding and transmission of risk issues internal to a company. To be efficient this type of framework should be aligned with the company’s overall objectives, corporate focus and strategic direction. It should be designed to help increasing overall savings and may outline which department or operation is showing a cost increase or decrease when considered isolated.

Aven and Vinnem (2007, p. 1) point out the many purposes of risk management and its main function to ensure appropriate measures to safeguard an entity’s people, the environment and other assets from actions with damaging consequences. It combines measures to avoid or minimize the occurrence of threats and their potential harm, including e.g. efforts of balancing different burdens, especially costs. Risk management must not be neglected by any organisation, even more, it is their responsibility to operate it. Entities incorporating risk management, see it as a proper framework for obtaining higher levels of performance.

Risk analyses are measures to conduct and support decision-making processes. They can include cause analyses and risk description followed by a risk treatment involving the expansion and implementation of measures to moderate, advert, minimise, maintain or transfer risk. Aven and Vinnem summarised it well in saying: “Risk management involves achieving an appropriate balance between realising opportunities for gains while minimising losses” (Aven & Vinnem, 2007).

2. Benefits of Risk Management

Passenheim explains “risks should no longer be regarded isolated but be identified, analysed and controlled within the framework of all interacting risks” (Passenheim, 2013). He argues that often a logical alignment of risk management with strategic business goals is missing though crucial within the interpretation of an integrated strategic enterprise risk management. This implies for a firm that all established subsystems have to be brought together with the goal to develop an integrated, dynamic, corporate risk management system.

Plans, agendas and budgets are an assertion of the basis of what needs to be completed, combined with an estimation of how much time, money and labour is needed to achieve it. Often these are taken as guidelines only and more credibility is given to risk management plans as they help identifying potential risk and create a more impartial description of the chores and related budgets.

Communication and discussion of risk is recognized as not only a process to provide information to senior management, but a way to share risk information within and across operations of the company and therefore allow better insights and decision making concerning risk at all levels.

In terms of project delivery, teams that are given tasks they perceive impossible will more likely inherit a demotivated attitude. Providing objectives seen as achievable therefore is important to encourage teams, gain their commitment and to increase probability of success.

Risk analysis creates an early awareness whether a potential project presents obstacles and/or opportunities. In severe cases some risk analyses may expose projects that are just unable to meet their goals, are not financially viable or could prove to be a potential threat. In circumstances like these businesses can make the decision not to bid or to abandon the project before they become heavily involved.

The larger organizations the more individuals may be involved in managing risk. An aligned corporate risk management program combined with the day to day risk management can improve the utilisation of the framework and tools used to perform critical risk management functions consistently. Eliminating redundant processes improves efficiency as resources can be allocated more effectively.

Risk analysis involves examining a project’s strengths and weaknesses. Often, when more people are involved, a project work goes unfinished because one member leaves it to another causing delays in the assessment progress. Where the ownership of a project is ambiguous, risk management can offer each risk to be assigned individually. Supporting better structure, reports, and analyses through standardized processes that track enterprise risks can improve the focus of decision makers for risk mitigation.

The basis of a successful plan involves calculated risk-taking. When risk management is not present, however, the outcome becomes uncertain and potential opportunities remain unexploited. Organisations are able to take greater levels of risk with reduced levels of contingency by applying risk management techniques to their plans. They should ensure appropriate mitigation and put in place fall-back plans so to increase the overall ROI.

3. Challenges and Limitations of Risk Management

As always, with benefits there are challenges too. Types of risk and their severity are ever increasing. Critical risk exposures exist despite investments to improve risk capability. Risk management needs to go beyond serving as protection to support business growth. Today, the bigger a company the more likely it considers risk a higher priority. Furthermore, outstanding risk management capabilities may provide some level of competitive advantage.

Decision-making in situations involving high risks and large uncertainties may proof to be difficult as the consequences are hard to predict. In such situations a number of tools are available, including risk-, uncertainty-, and cost-effectiveness analyses, risk-acceptance criteria (tolerability limits), cost-benefit analyses (expected net present value calculations). However, these tools have limitations as they are based on numerous assumptions, but also on individual value judgements reflecting ethical, strategic and political concerns. Other challenges are the assessment of uncertainties and assignment of probabilities, distinguishing between objective knowledge and subjective judgements, treatment of uncertainties and the way of dealing with intangibles.

C. Key Risks in the Automotive Industry

One of the primary objectives of firms operating internationally must be the logical alignment of risk management with their strategic business goals. Miller (1992) recognised correctly that “a firm's strategy deals with the alignment of the organization to its uncertain environment”. Therefore a firms organizational strategic choices determine their exposure to uncertain environmental and organizational components that impact their performance.

There are several approaches how to categorise risk factors. Kaplan and Mikes (2012) discuss risks within a framework of preventable risks, strategy risks and external risks. They argue that too often risk management is treated as a compliance issue. However, the list of individual risks facing an organisation is potentially endless, but for the purpose of this paper, with reference to the automotive industry, risks are looked at under the areas strategic, operational, environmental, financial and reputational.

1. Strategic Risk

Strategic risks are not generally undesirable. Every company voluntarily accepts some risks in order to generate superior returns from its strategy. Key risk factors within this category:

  • changes in the macroeconomic environment,

  • changes in the industry or the market,

  • growth in emerging markets, and

  • Joint ventures and acquisitions.

The worldwide automotive market is highly competitive and volatile. Factors affecting competition include product quality and features, safety, reliability, fuel economy, pricing and customer service. Increased competition may lead to lower vehicle unit sales, which may result in a further downward price pressure. Demand for vehicles depends to a large extent on social, political and economic conditions in a given market and the introduction of new vehicles and technologies.

For example, German car manufacturer’s revenues come from sales in markets worldwide, 77 percent of cars produced in Germany in 2014 were ultimately destined for international markets and in 2013 every fifth car in the world carried a German brand. The German car industry is responsible for 20 percent of total German industry revenue (VDA, 2014) and therefore economic conditions in international markets are particularly important to them. The ability to respond adequately to the changes in the automotive market and to maintain its competitiveness will be fundamental to the future success of German cars in existing and new markets and to maintain its market share.

To manage strategic risks it is important to continuously focus on building and enhancing the quality of products and services. Building client relationships is crucial to create long-term contracts and brand loyalty, e.g. by tailored delivery of products and services. As always, reducing costs is critical. One of the ways to achieve this is through improved manufacturing efficiency, enabling increased utilization of existing facilities, high production volumes and resulting greater economies of scale in procurement. Distribution and logistics are other key areas often targeted for cost savings via efficiency improvements.

2. Operational Risk

Operational risk could be defined as the risk of loss resulting from inadequate or failed internal processes, people and systems. Hereunder the following key risks are to be found:

  • Product quality, liability and compliance

  • Supply Chain

  • Innovation process

  • IT

  • People

Complying with laws and regulations is challenging not only in the car manufacturing industry. Regulatory frameworks are often very different from those in the parent company’s country and tend to change more often than emerging economies. However, the only response to political risk is compliance. One could say that political risk cannot be managed and there are no specific steps for this area of risk. However, ensuring to stay on the right side of the law, to meet all statutory requirements and to adapt to changes in government policy is of major importance. Active communication with local government institutions to build relationships with government departments and political parties may help to stay as up to date as possible, get first-hand information and to put forward the company’s view.

As supply chains have become more global and efficient they developed rapidly in the past decades making them more exposed to different and higher levels of risk. Natural disasters and economic disruptions have caused immense financial and reputational damage to global supply chains (Schmidt & Van den Bossche, 2013). The sheer complexity and cost of the end product keep logistics and value chain risks more in the forefront of automotive companies, which have typically made substantial capital investments for which returns are dependent on maintaining high utilization with repeatable quality. To limit exposure to supply chain risk Blos et al. (2009) recommend to implement better supply chain communication. Furthermore they suggest to have SCRM and business continuity planning training programs in place and to create the position of a chief risk officer to manage the supply chain risks.

Facing the risk from the innovation process with new innovative competitively priced products that meet customer demand on a timely basis may seem natural, however, in today’s automotive market it is critical to meet the customer’s demand for quality, safety and reliability.

3. Environmental Risk

Environmental risk refer to changes in the political, economic, social and financial environment over which an organisation has little or no influence. These include:

  • Legislative changes, regulations

  • Climate changes, natural disasters

  • Loss of business, economic slowdown

A good example is Toyota and the Great East Japan Earthquake on March 11, 2011 after which Toyota temporarily had to suspend operations at all of its domestic factories.

4. Environmental Risk

Financial key risk factors relate to the financial operation of a business. Amongst these are:

  • Credit, liquidity, currency, interest rate and cash flow risk

  • Treasury and Tax

  • Pensions, Accounting and reporting

The sensitivity to fluctuations in foreign currency exchange rates and the principal exposure to fluctuations in the value of the Japanese yen, the U.S. dollar and the Euro could be managed through hedging which is a good instrument to manage exposure to financial risk. In the automotive industry hedging could be done on both external and internal hedges, as a high percentage of their transactions take place within the organization. To limit exposures firms could also work with different suppliers to spread the risk, pushing the risk on to customers, keeping cash flows to a minimum, setting limits on credit and on fixed investment and financing.

A good tax policy could help manage tax across the entire business as well as setting out processes, protocols and responsibilities. Christoffersen (2012, pp. 4-5) argues that “risk management can help reduce taxes by reducing the volatility of earnings”. To lower the volatility of future pre-tax income may lower the net present value of future tax payments and therefore increase the company’s value.

5. Reputational Risk

Reputational risk is caused by failing to address some other risk. Although this is within the organisations’ control it requires the organisation to take a wider view of its role in society and to consider how it is seen by its customers, suppliers, competitors and regulators. Reputational key risks include:

  • Products and Services

  • Innovation and Performance

  • Workplace and Leadership

  • Governance and Corporate Citizenship

Reputation may be considered as the emotional connection between a firms and its stakeholders and therefore reputational risk could be any negative event that could reduce the firm’s perception in the public.

Volkswagen AG just recently delivered a classic example of the importance to proactively manage threats posed by reputational risk. German cars generally are known for quality, reliability, efficiency and fuel economy; VW’s brand identity as the ‘people’s car’ was founded on these values and just recently they added environmental friendliness with models like the Polo Bluemotion. Within a few days that public image of German cars and especially of VW as the people’s car, is damaged so badly it will take years to recover if at all. The economic value associated with reputational risk is immense, VW lost half of its value in just a few days, the reputational, not to speak of the financial, damage, is disastrous.

Wilson (2000, p. 380) argues that “a good ‘control’ for or mitigating action for reputational risk is strong ethical values and integrity of the firm’s employees and a good public relations machine when things do go wrong”. It seems essential to incorporate an outside-in perspective into the corporate risk management program providing an integrated outline of the most important potential risks.

D. Conclusions

It appears obvious that a good risk management is essential for any company. However, in the automotive industry, according to Ernst & Young (Ernst & Young, 2008), there is only evidence of leading practices of corporate risk management, but no clear framework for managing risk is recognisable.

Key risk priorities in the industry include market or competitive risks, political risks and currency risks. As all strategies risk management starts with obtaining the right information. With regard to pricing, for example, the world market has to be understood and more than ever in car manufacturing industry it is essential to produce on the minimum efficient scale to improve sales from mass production. Supply chains are highly vulnerable, even more in emerging markets. It is highly important to maintain backup sources or ‘double sourcing’ of supply. The ability to get supplies from other suppliers gives much higher flexibility. Mitigation tactics for workforce risk is another important concern. The need of information regarding staff motivation, improved public relations efforts and of local law should never be underestimated.

The need to identify and manage a wide spectrum of risks, including everything from currency fluctuations to cultural differences, political and legislative uncertainty and heated competition, environmental risks and the importance of documenting procedures and maintaining the morale of overseas workers, cannot be stressed enough.

However, a good corporate risk management framework is indispensable but to go with Warren Buffet, it is essential to “always know what you are doing”, to be informed and always to expect the unexpected.


Aven, T. & Vinnem, J. E., 2007. Risk Management. London: Springer-Verlag.

Blos, M. F., Quaddus, M., Wee, H. & Watanabe, K., 2009. Supply chain risk management (SCRM): a case study on the automotive and electronic industries in Brazil. Supply Chain Management: An International Journal, 14(4), pp. 247-252.

Christoffersen, P. F., 2012. Elements of Financial Risk Management. 2nd ed. Waltham(MA): Elsevier/Academic Press.

Dell, M., 1999. Direct from Dell - Strategies that revolutionized an industry. London: Harper Collins.

Ernst & Young, 2008. Risk management in emerging markets: Insights and findings from the automotive sector, London: Ernst & Young Global Ltd..

Germany Trade & Invest, 2015. Automotive Industry: Germany – The World’s Automotive Hub of Innovation. [Online] Available at:,t=industry--market-numbers,did=247736.html [Accessed 24 10 2015].

Hampton, J. J., 2009. Fundamentals of enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity. New York(NY): AMACOM.

Harner, M. M., 2010. Barriers to Effective Risk Management. Seton Hall Law Review, Volume 40, pp. 1323-1365.

IPA, 2011. Finance: MSc in Business and Management. Dublin: Institute of Public Administration, Education Division.

ISO, 2009. ISO 31000: Risk management - Principles and guidelines. Geneva: International Standards Office.

Kaplan, R. S. & Mikes, A., 2012. Managing Risk: A New Framework. Harvard Business Review, June, pp. 48-60.

Marquette University, 2015. What is Risk Management?. [Online]
Available at: [Accessed 19 10 2015].

Miller, K. D., 1992. A Framework for Integrated Risk Management in International Business. Journal of International Business Studies, 23(2), pp. 311-331.

Neef, D., 2003. Managing Corporate Reputation and Risk. Burlington(MA): Elsevier/Butterworth–Heinemann.

Passenheim, O., 2013. Enterprise Risk Management. 2nd ed. Holstebro: Ventus Publishing.

Schmidt, B. & Van den Bossche, P., 2013. Buckle Up: Six Driving Forces in Manufacturing to Take On Now. [Online] Available at: [Accessed 21 10 2015].

Thomson Reuters, 2014. Enterprise Risk Management for the Automotive Industry. [Online]
Available at: [Accessed 23 10 2015].

VDA, 2014. Annual Report 2014, Berlin: Verband der Automobilindustrie.

Wilson, D., 2000. Operational risk. In: M. Lore & L. Borodovsky, eds. The Professional’s Handbook of Financial Risk Management. Woburn(MA): Elsevier/Butterworth-Heinemann, pp. 377-412.