Risk strategy

Watcharee Ariyamang
Learning outcomes
› explain the importance of dynamic business models and
the relationship with strategy, tactics, operations and
compliance (STOC) activities;
› outline the components and the importance of the
business model and how this is supported by the
resilience of the organization;
› explain the importance of corporate social responsibility,
including supply chain, ethical trading risks and the
importance of reputation;
The topics
› Type of business process › Components of the
› Strategy and tactics business model
› Effective and efficient › Risk management and the
operations business model
› Ensuring compliance › Reputation and corporate
governance
› Reporting performance › CSR and risk management
› Supply chain and ethical
trading
› Importance of reputation
Dynamic business models
› Organizations will often establish business objectives and strategic
objectives as separate documents.
› When seeking to ensure that risk management makes a full contribution to
the organization, it is important to view both of these sets of objectives and
explore the relationship between them.
STRATEGIC OBJECTIVES
› Definition: A strategic objective is
a high-level goal for an
organization.
› It describes measurable steps to
achieve a goal and sets the
deadline for an organization.
› A strategic objective is specific
and measurable.
› Strategic objectives help
businesses align with
organizational goals and improve
decision-making and productivity.
It affects the whole organization
and its culture.
BUSINESS OBJECTIVES
› Business objectives will often
relate to the annual budget that
has been produced by the
organization.
› This budget will contain details of
the anticipated sales as income
and the cost of sales as
expenditure.
› Underpinning the business
objectives of the organization will
be the business delivery model (or
business model for short) that the
organization has developed.
strategic objectives
Types of Strategic Objectives
• Financial Strategic Objectives
• Growth Strategic Objectives
• Operating Strategic Objective
• Learning Strategic Objective
• Customer strategic Objective
Financial Strategic Objectives

These strategies let organizations focus on financial needs such as

where to spend money, where they can cut costs, reviewing cash
flow, analyzing financial growth, etc. Here, they can project profiles,
determine a budget for the organization and the departments, etc.

Examples
› Increase profits by 10% in the next five years
› Increase spending on marketing by 25%
› Decrease overhead cost by 10%
› Provide bonuses to shareholders
› Increase sales by 20% in the next two years
Growth Strategic Objectives

Growth strategic objectives help organizations expand their

footprints. These are long-term plans where organizations
outline exact steps on how they will expand their business.
They can enter new markets with current products or launch
new products in existing markets.

Examples
› Launch two new products in the next year
› Expand presence in three new geographic areas
› Acquire 10% more distribution to increase market share
› Acquire startup companies to increase the portfolio
Operations Strategic Objectives

Here, businesses can set objectives so they can improve their

processes to increase efficiency and reduce product errors.

Examples
› Use simpler processes to improve efficiency
› Use standard parts to reduce cost
› Invest in research and development
› Increase the production by 10% in one year
› Reduce wastage by 50% in the next two years
› Improve interdepartmental communication
› Establish two strategic alliances in the next six months
Learning Strategic Objectives

Skillful employees perform better. Organizations can set learning strategic

objectives to train employees so they can perform better and reduce process
errors. Strategic learning guides what training organizations offer to their
employees.

Examples
› Provide training via a particular course to employees
› Offer two training sessions per month to a group of employees
› Send senior managers to overseas branches to learn skills
› Offer employees further education opportunities
› Offer certificate programs
› Conduct HSE training
› Create a knowledge base and encourage employees to use it
Customer Strategic Objectives
This strategic objective is applicable to organizations’ services to
customers. Organizations can set customer strategic objectives to improve
customer service, user experience, etc.

Examples
› Shorten waiting periods by 25% in the next three months
› Increase customer satisfaction by 80% in one year
› Offer incentives or coupons to repeat customers
› Create a brand loyalty program
› Offer free delivery
› Achieve 90% customer retention rate
› Optimum utilization of customer database
Summary for strategic objective

› Strategic objectives are the top layer of the strategic plan

of organizations.
› They provide direction to an organization and make the
decision-making process easy.
› This creates a boundary that an organization strives to
achieve.
› Once the objectives are achieved, organizations can
create new strategic objectives.
Importance of Business Objectives
› Gives Direction To Business Enterprise ; Setting up objectives provides a
vision for a business that is very important in order to attain success. Without any vision, a
business will ultimately end up wasting its resources and incur huge losses

› Bring Down The Risk Of Failure ; Corporate objectives play an effective

role in saving businesses from chances of getting failure. When objectives are
decided, business know what to do, when to do and how to do.
› Set Time Frame ; It helps in easy documentation and understanding of the
overall journey of the business, that it wishes to cover within the stipulated period of
time.
› Enhance Goodwill Of The Business ; Business enterprises are easily
able to build goodwill in the market by setting customer satisfaction as their key
objective
› Helps In Motivating Employees ; Business objectives help businesses in
the proper delegation of responsibilities among their people.
Business Objectives example
› I will increase my sales output by learning and
implementing point-of-sale conversion frameworks.
› I'll measure success by comparing week-over-week sales
growth to median sales across players on my baseball
team.
› Source: https://www.referenceforbusiness.com/business-
plans/Business-Plans-Volume-04/Coffee-House.html
 Types of business processes : core process
› The core process is what drives your business.
› It is the main operation that produces the deliverables for
consumer consumption.
› It makes up for a majority of the profit a business enjoys.
› Furthermore, it is like the primary process responsible for
creating a major revenue stream.
› Core processes change according to the development in the
sector.
› Value of products changes in the market every day.
› Thus, it would help if you made the necessary changes from
time to time to improve your business efficiency.
› Source: https://www.notifyvisitors.com/pb/blog/business-
processes
Core process’s example
For a SaaS provider, the primary source of income would be creating efficient software.

For a core process to be successful, it involves various activities from a variety of departments.
A core process development orients towards the whole business and not towards the
departments.
So, think for the whole organization and not just for the success of a department.

The following are some processes that you can consider as the core/primary process:
› Product/service creation and development.
› Good marketing plans.
› Services related to post-sales of the product/service.
› Efficient management of all these three elements improves the credibility of your business.
Types of business processes : management
process
› The management of these processes is very similar
to that of a project management lifecycle.
› It also goes through initiation, planning, execution,
monitoring, and control.
› Whatever the type of process, there is a process that
overlooks the management known as management
processes.
› Without them, you can’t effectively manage any
process throughout its lifecycle.
› It deals with redundant plans and measures the
threats that come with each process.
› You can create smart changes to your core process.
But, it depends on the effectiveness of your
management process to carry it out as desired.
Management process’s example
You must understand that managing processes does not directly
add to your revenue stream.
Rather, they optimize your revenue-generating processes to
support your business.

The following are some examples of management processes:

› Training of new employees.

› Actions a CEO takes to launch a new product.
› Managing the routine tasks.
Types of business processes : support
process
› Support processes do not generate
income of any sort.
› They exist to help you ensure the
smooth movement of core
processes.
› These processes aren’t unnecessary
just because they do not produce
money.
› They make sure that your money-
making processes do what they
should be doing.
Support process’s example
The following are some areas where you can find these processes:

› Accounts department.
› HR department.
› IT department(excluding IT businesses).
› Finance department.
Imagine you are a manufacturing company that produces automobile parts.
The core process is the development of products related to the automobile.
But it would help if you also had additional processes like IT to support the
core process.
Your IT personnel will take care of the smooth running of computer systems
and networks so that you can run the primary processes.
Summary for core process
› A core process is one that is fundamental to the continued success (or
even existence) of the organization.
› Core processes ensure that the organization is able to achieve the
mission and corporate objectives and fulfil stakeholder expectations.
› Each core process creates value and is designed to deliver one or more
of the stakeholder expectations.
› There are four basic types of core process. These are processes
designed, implemented and managed to ensure the following:
●● development and delivery of strategy;
●● management of tactics, projects and enhancements;
●● continuity and monitoring of routine operations;
●● activities that are designed to ensure compliance.
Group work (30 Minutes)
› From case Source:
https://www.referenceforbusiness.com/business-plans/Business-
Plans-Volume-04/Coffee-House.html
› To make presentation from this case, choose the point to present
that relate to Strategy objective (Financial Strategic Objectives,
Growth Strategic Objectives, Operating Strategic Objective,
Learning Strategic Objective, Customer strategic Objective),
business objective and describe core process.
› The challenge is which the best representation of chapter's
concept.
Strategy and business model
› The business model is a critical part of a company's
overall strategy.
› It is the foundation upon which the rest of the strategy is
built. The business model must be aligned with the
company's overall mission and goals.
› It should be designed to achieve the company's desired
financial results.
Strategy and tactics
› Tactics are the means by which the
organization will deliver the business
strategy.
› Tactics need to be correctly
selected, implemented and
controlled to ensure the
effectiveness and efficiency of
operations and they should also
deliver reliability of financial
reporting and compliance with
applicable laws and regulations.
› The intended outcome is effective,
efficient and compliant core
business processes.
Risk management and business strategy
› Business strategy is the statement of what the
organization intends to achieve and how it plans to
achieve it, and is based on the strategic decisions about
the future of the organization.
› Establishing a detailed business strategy enables the
organization to deliver its mission, objectives, strategy
and plans.
› The overall objective of risk management input into
strategy is to ensure effective and efficient strategy and
strategic decisions that will deliver the desired outcomes.
Risk management and tactics
› The main risk management inputs into tactics and
projects will be risk assessment, risk response
enhancement and the review and monitoring activities.
› Effective tactics mean that the core processes are the
correct ones for delivering what is required.
› Established core processes may be fully efficient, but that
does not mean that they are the correct or most effective
core processes that the organization could employ.
› In order to ensure that core processes are fully effective,
change will be required by way of projects that will be
designed to ensure that strategy is delivered
Effective and efficient operations
› The overall objective of risk management input into
operations is to achieve operational efficiency that is
protected from unplanned disruption.
› Disruption of operations is likely to be caused by a
hazard risk materializing.
› The design of efficient operational core processes that
are free from disruption will provide the organization with
significant competitive advantage or place the
organization in a better position to deliver value for
money.
Ensuring compliance
› The reasons for undertaking risk management activities are described as
mandatory, assurance, decision making, and effective and efficient core
processes (MADE2).

› There is a clear link between the reasons for undertaking risk management
and the effectiveness and efficiency of core processes.

› Mandatory requirements are fulfilled by organizations, because they are

required by stakeholders.

› Stakeholders who can impose mandatory requirements include regulators,

customers/clients and financiers.

› Mandatory requirements have to be fulfilled and this will be undertaken by

the organization by ensuring that effective and efficient compliance core
processes exist within the organization.
Reporting performance
› Operational reports indicate how well the strategy is being delivered.
› Data needs to be available on an ongoing basis, so that management can
respond and modify the business core processes as necessary.
› Operational reports also provide information that can be used to prepare
reports to stakeholders on the performance of the organization.
› However, the organization needs to decide what will be reported and
disclosed to stakeholders and the format that will be used for those
reports.
› To ensure accurate reporting and disclosure, appropriate control
activities need to be applied.
The main risk management input into
reporting of performance is
› the risk assessment of the reporting lines and the data-
handling procedures.
› The SOX duties have increased the attention paid to the
control of reporting procedures.
› Section 404 of SOX requires that financial reports and the
financial reporting procedures are attested by external
auditors to confirm that they are accurate.
What is business model ?
› A business model is a company's plan for generating revenue and
profit.
› It includes the company's value proposition, which is the unique
combination of products or services that the company offers to its
customers.
› The business model also includes the company's go-to-market
strategy, which is the way the company will reach its target market
and sell its products or services.
Different types of business models
› There are many different types of business models, and
the right model for a particular company will depend on
its industry, its target market, and its unique value
proposition.
› For example, a company that sells physical goods will
have a different business model than a company that
provides services.
› A company that sells to consumers will have a different
business model than a company that sells to businesses.
There are four main types of business models:
› product, service, subscription, and advertising.
Components of the business model
› All organizations will have a business model that
represents how they deliver the customer offering.
› Organizations that are public sector, third sector or would
otherwise consider themselves to be a non-commercial
organization will still have a means of delivering their
vision and/or mission statement.
› The means of delivering the defined customer offering is
the business model of the organization
› Customers receive the offering from the organization
because it utilizes the resources that it has available.
Components of the business model
› Figure 20.1 illustrates the components of the business
model as customer, offering, resources and resilience
(CORR).
Customer includes analysis of customer segments,
recruitment and retention, as well as how products or
services will be delivered.
Offering refers to the customer value proposition and the
related benefits that are delivered to those customers.
Resources include the data, capabilities and assets of the
organization, as well as partnerships and networks.
Resilience of the organization is reputational (based on
ethos and culture) and financial resilience (based on
expenditure and revenue).
It is important for organizations to understand
the business model,
› so that they can undertake a strengths, weaknesses,
opportunities and threats (SWOT) analysis of the existing
business model.
› A risk assessment of the existing business model will
enable the organization to evaluate the efficiency of the
existing arrangements and identify the events that could
disrupt the efficient delivery of the offering, as well as
identifying opportunities for improving operational and
compliance efficiency.
 What Is a SWOT Analysis?

› A SWOT (strengths,
weaknesses, opportunities,
threats) analysis is a strategic
planning technique that helps
you assess almost any aspect
of your business.
From this case, let to do SWOT analysis !
Strengths Weaknesses
- -
- -
- -

Opportunities Threats
- -
- -
- -
In summary, the business model indicates
› that customers receive the offering from the company because it utilises
available resources.
› The customer offering is underpinned by the resilience of the company.
› The concept of the business model does not apply only to listed
companies, it also applies to other types of organisations.
› All organisations have a business model that defines how they deliver the
customer offering.
› Specifically, public sector, third sector and not-for-profit organisations
will have a business model designed to deliver their vision and/or
mission statement.
Risk management and the business model
› A risk assessment of the components of the business model will enable
any organisation to evaluate the robustness of the existing business
model and identify the events that could impact the efficient and
effective delivery of the customer offering.
› The assessment should also identify opportunities for improving
operational and compliance efficiency.
› This will help the organisation identify the risks it is willing to take – often
defined or characterised as the risk appetite
› Risk assessment of the components of the existing business model will
enable any organisation to identify options for improvements to customer
offering and/or the overall business mode
Reputation and corporate governance
The importance of good standards of corporate social responsibility is widely
recognized and achieving good standards can enhance the organization by:

●● protecting and enhancing reputation, brand and trust;

●● attracting, motivating and retaining talent;

●● managing and mitigating risk;

●● improving operational and cost efficiency;

●● giving the business a license to operate;

●● developing new business opportunities;

●● creating a more secure and prosperous operating environment.

Example of reputation
management

› Nike has a
separate Twitter
account known as
@NikeSupport,
which is purely
dedicated to
handling
customer
queries.
What is CSR ?
› Corporate Social Responsibility is the concept that an enterprise
is accountable for its impact on all relevant stakeholders.
› It is the continuing commitment by business to behave fairly and
responsibly and contribute to economic development, while
improving the quality of life of the workforce and their families,
as well as of the local community and society at large.
CSR and risk management
› The range of topics extends from
health and safety concerns to broader
considerations related to employees,
customers, suppliers, the community,
the environment and
products/services provided by the
organization.
› Both the CSR and risk management
agendas are very broad and they have
a significant overlap.
Supply chain and ethical trading
Failure to ensure appropriate ethical behaviour is increasingly recognized as a
major business risk.

Easy access to information on the internet can result in organizations being

investigated and exposed for unethical trading and/or unfair treatment of
suppliers.

If the unethical behaviour extends into illegal activity, this can undermine the
organization itself.

Illegal behaviour and condoning actions that are outside the governance rules of
the organization can have serious consequences.

The perceived need to bribe officials in certain territories is both unethical and
illegal.
Example of unethical trading
There are several areas where unethical trading can result in damage to reputation,
the loss of future profitability and a refusal on the part of the customers and
suppliers to deal with the organization. These issues include:
●● failure to comply with rules and regulations;
●● trading with undesirable overseas governments;
●● excessive payments to political parties;
●● tax evasion or dubious tax arrangements;
●● inappropriate criticism of competitors;
●● false allegations against competitors;
●● unethical alliances with competitors.
Importance of reputation
› Reputation is a component of the FIRM risk scorecard and
is generally considered to be a consequence of other
events that occur.
› The importance of a good reputation is that customers or
clients will have a desire to trade with that organization.
› Therefore, organizations should look carefully at the
reputation of the sector within which they work, as well as
their own reputation within that sector.
› Many organizations deliberately plan actions that will
enhance their reputation and thereby achieve greater
success.
Components of reputation
› Table 20.2 shows the components of
reputation.
› The four main components of reputation
(CASE) are as listed below:
Capabilities, purpose and resources;
Activities,  processes and finances;
Standards,  services/products and
support;
Ethics,  values and integrity.
Threats to reputation
› Table 20.3 provides examples of
how the threats can arise.
› The importance of brand and
reputation is recognized by all
organizations.
› Several companies that deal
directly with the public have
sought to build a reputation
based on trust and ethical
behaviour.
END