In today’s fast-paced digital economy, strategic risk management is a fundamental aspect of any successful business, but despite this, the concept remains widely misunderstood.

Strategic risks are those that arise from the decisions that directors take concerning an organization’s objectives.

They form an intricate part of any business plan, and their mismanagement could lead to catastrophic results. But what exactly is strategic risk and how does it affect businesses?

Key Takeaways

  • Understanding Strategic Risk: Recognizing the impact of strategic decisions on business objectives is crucial for risk management.
  • Types of Strategic Risk: Businesses must plan for various types of strategic risks including change, regulatory, reputational, and governance risks.
  • Real-world Examples: Highlighting major cases like Kodak, Facebook, Volkswagen, and Enron shows the critical importance and potential impact of strategic risks.
  • Effective Management Strategies: Employing comprehensive risk management strategies can mitigate potential losses and leverage opportunities for growth.

What Is Strategic Risk?

Strategic risks stem from the fundamental decisions about the objectives of an organization. They are the risks associated with failing to achieve these objectives.

Often, they are subdivided into two categories:

  1. Business risks;
  2. Non-business risks.

Business risks derive from the decisions about the products or services that the organization supplies.

They encompass risks associated with developing and marketing those products or services, economic risks affecting product sales and costs, and risks arising from changes in the technological environment that impact on sales and production.

Non-business risks, on the other hand, do not derive from the products or services supplied.

These can include risks associated with the long-term sources of finance used, these levels of strategic risk are determined by how the organization is positioned relative to its environment, including competitor actions and technological advancements.

The 4 Common Types of Strategic Risk That You Need to Know

There are several common types of strategic risks that businesses should be aware of and plan for, including change risk, regulatory risk, reputational risk, and governance risk.

1. Change Risk

Change risk is the inherent risk of introducing any change to your business model, platform, marketing strategy, products, or almost anything related to your business. In our ever-evolving digital landscape, change is inevitable, and the ability to adapt becomes paramount.

Whether it’s integrating new software or altering business operations, change introduces risk. It’s absolutely vital to know what risk you are taking when you make any significant changes so that you can prepare for them. Nevertheless, it’s also important that you aren’t afraid of change. It’s a necessary part of progress and staying competitive.

2. Regulatory Risk

Regulatory risks are any potential threat of new regulations (or new enforcement of regulations) that could disrupt business operations, create new responsibilities, or demand new technologies. These risks can include anything between the need to make small changes to your product, to a fee or even a crushing lawsuit.

Regulatory enforcement could also distract business leaders from their core operations as they must put in place new governance processes and control measures. It’s important to be aware of relevant regulations so that you can remain compliant and avoid any unnecessary regulatory risk.

3. Reputational Risk

Reputational risks pertain to the threat of damage to a firm’s reputation. A company’s reputation is one of its most valuable assets, and any harm to it can lead to significant losses.

This risk could emerge from various situations, such as data breaches, unethical practices, or poor customer service.

4. Governance Risk

Governance risk refers to the risks brought about by poor governance, risk, and compliance processes within your organization.

This includes everything from inadequate data management to a lack of internal controls and can have severe ramifications for a company if not managed effectively.

Important Strategic Risk Examples

The following examples illustrate strategic risk and the potential impact of these risks on businesses:

Example 1 – Governance and Change Risk – Kodak Cameras

Kodak’s fall from grace serves as a poignant example of governance risk. Kodak, once a behemoth in the world of photography and tech in general, found itself on the brink of extinction due to its failure to embrace the digital revolution in time.

Ironically, Kodak was the pioneer of digital photography, but its over-reliance on the lucrative film market and fear of cannibalizing film sales led to strategic inertia.

The company was unable to pivot its business model to fit the digital era, it held onto the belief that film-based photography would always remain dominant, disregarding the rapid strides in digital technology.

The world moved towards digital cameras, and later to smartphones, while Kodak continued to concentrate on selling traditional film. Kodak executives may have been worrying too much about change risk and decided to focus on old, proven technology instead of innovating further.

It wasn’t until 2012 when Kodak had already filed for bankruptcy protection, that the company began to refocus its strategies towards digital technologies and services.

By then, it was a case of too little, too late, illustrating the devastating effects of governance risk and an overemphasis on change risk.

Example 2 – Regulatory Risk – Facebook Meta

Facebook (now Meta) provides an example of regulatory risk in the tech sector.

The social media giant was fined a record $5 billion by the Federal Trade Commission (FTC) in 2019 for privacy violations in the wake of the Cambridge Analytica scandal.

This penalty was the result of Facebook’s lax privacy practices, which allowed third parties like Cambridge Analytics to access the personal information of millions of its users without explicit consent.

Not only did Facebook incur a substantial financial loss, but it also had to make significant changes to its operations to comply with new privacy standards, affecting its business model and operating practices.

Further, these changes affected Facebook’s ability to target ads as accurately as before, affecting its revenue streams.

This case underscores how regulatory risk, if not managed appropriately, can directly impact a company’s profitability and reputation.

Example 3 – Reputational Risk – Volkswagen

The Volkswagen emissions scandal of 2015 offers a textbook example of reputational risk (with a side of regulatory risk). The automobile manufacturer was found to have installed software in 11 million diesel engines worldwide to cheat on emissions tests.

This deceit was not just an operational mishap but a calculated move to mislead regulators and customers about the company’s environmental impact. Volkswagen executives ignored the tremendous reputational and regulatory risks of the decision, just to sell more inefficient diesel engines.

The aftermath came swiftly and brutally. Volkswagen’s reputation as a trustworthy manufacturer was shattered, leading to a significant decrease in sales and plummeting stock prices.

The cost to fix the affected cars, combined with the fines and legal settlements, ran into tens of billions of dollars, the scandal left an indelible mark on the Volkswagen brand, demonstrating the far-reaching implications of reputational risk.

Example 4 – Governance Risk – Enron

The collapse of energy company Enron in 2001 remains one of the most infamous examples of governance risk.

Enron’s management used a series of special-purpose entities to hide debt and inflate profits, painting a picture of a highly profitable company.

When the deceit was eventually uncovered, the entire company evaporated into thin air. It led to one of the biggest bankruptcies in U.S. history. Enron’s shareholders lost billions of dollars and confidence in corporate America took a massive hit.

Enron’s downfall showcases the severity of governance risk, it underscores the necessity for robust corporate governance structures, including transparency and robust internal controls.

How to Excel at Strategic Risk Management

Strategic risk management requires the identification and understanding of potential risks, evaluating their potential impacts, and implementing measures to mitigate them.

This process involves strategies such as risk avoidance, risk acceptance or retention, risk transfer, risk reduction, third-party risk management, and risk spreading.

For example, Facebook could have enacted stronger data privacy measures (risk reduction) to circumvent the heavy fine.

Similarly, Volkswagen could have adhered to emission standards (risk avoidance), thereby eliminating the reputational and regulatory risks.

Enron, on the other hand, could have employed a transparent, legal, and ethical approach to its operations, avoiding the massive losses and legal trouble that followed its downfall.

It’s important to note that risk management is not just about avoiding losses; it’s also about enabling growth.

When a company properly identifies and manages its strategic risks, it is better positioned to seize opportunities that others may see as too risky.

Therefore, companies must view risk management as an essential part of their strategic planning.

How Important Is Strategic Risk Management?

Strategic risk management is critical to the success of any organization, it helps identify potential risks before they become problems, allowing for proactive management.

The examples above demonstrate the dire consequences of ignoring strategic risks.

By properly managing these risks, businesses can protect their assets, improve decision-making processes, and enhance their competitiveness in the market.

In conclusion, strategic risk management isn’t just about protecting against potential downsides; it also provides the strategic flexibility to seize opportunities that come with uncertainty and change.

Ignoring strategic risks can have grave consequences while managing them well can lead to sustained growth and success.


ACCA Global




BBC News


Accounting Tools

Tech Slang

Risk Publishing

What's the Best Crypto to Buy Now?

  • B2C Listed the Top Rated Cryptocurrencies for 2023
  • Get Early Access to Presales & Private Sales
  • KYC Verified & Audited, Public Teams
  • Most Voted for Tokens on CoinSniper
  • Upcoming Listings on Exchanges, NFT Drops