This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice ( for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Facing (and embracing) strategic risks

Futuristic chart
Posted on May 2, 2016

Risk management has undergone an evolution in recent years in an attempt to make its techniques and processes more adaptable to shifts in business and the economy, and more responsive to the demands of C-suite executives. And those same executives, including CFOs, are finding that by focusing on strategic risks, they are better equipped to identify what could undermine their future success, adapt to new challenges, and take advantage of emerging opportunities.

What exactly are strategic risks? In short, they are the risks that threaten to disrupt the assumptions at the core of an organization’s strategy. Think everything from black swans (unpredicted rare events) to political upheavals and financial crises, as well as new technologies that can render a business model obsolete. When asked to name specific risks that will impact their business strategy over the next three years, C-level executives surveyed by Forbes Insights on behalf of Deloitte Touche Tohmatsu Limited (DTTL) ranked pace of innovation (30%) and increased regulation (30%) as the main ones, but many reported not fully applying their ‘risk sensing’ capabilities to strategic risks1.

Often hard to spot and manage, strategic risks typically do not respond to traditional risk management approaches, such as hedging or mitigation. Since such risks can also point to an organization’s next opportunity that forces executives to make a choice: “Are we going to try to resist this, avoid it, and push it off if possible? Or are we going to embrace it as an indicator of where the market is going and where our next big opportunity may be?” In this article, we’ll discuss the barriers to recognizing and responding to strategic risks and outline some of the tools available to help harness them.

The challenge is us

Part of the trouble many organizations have in navigating strategic risks is inevitable; organizations are populated by humans, and human thinking is inherently flawed. The growing discipline of behavioral economics has shed light on just how hard-wired humans are for some key cognitive biases that tend to keep executives from seeing the strategic risks that may be on the horizon. For example:

The overconfidence bias convinces us to trust our gut when we shouldn’t, and makes us unable to calibrate the limits of our own knowledge. We don’t know what we don’t know, and we overestimate the truth of what we believe.

The availability bias encourages us to inflate the importance and likelihood of things we saw or read recently, giving us a distorted view of what is really important.

The confirmation bias causes us to pay more attention to information that fits what we already believe while discounting information that may contradict what we currently believe.

And perhaps worst of all, the optimism bias fools us into thinking that nothing bad will happen and all our plans will work out as we intend.2

These and other biases can cause companies to misunderstand the likelihood of events that could reshape their businesses and confound their ability to respond to them. Furthermore, some common organizational constraints—everything from poor internal communication to bureaucracy and groupthink—may conspire to prevent executives from making the choices they’d like to make with the kind of clarity they’d like to have.

Tools for risk detection

To aid in the identification and tracking of emerging strategic risks—and future opportunities—companies have a number of tools at their disposal. Specifically:

Scenario planning can help organizations see a set of both risks and opportunities more broadly, to imagine potential futures that might challenge their current strategic assumptions, and to spot potential sources of risk that may not surface in other ways. By rigorously exploring uncertainties in the environment and involving multiple stakeholders, scenario planning can also address the cognitive biases that impede the risk/strategy discussion and offer alternative paths for when risks materialize.

Risk sensing technologies can also be useful in identifying and tracking potential strategic risks. There have been a number of advances over the last few years in data analytics and the ability to analyze huge sets of structured and unstructured data for a variety of risks, both internal and external. For example, the ability of the Internet of Things to make the performance of physical objects visible digitally has allowed power plant operators to monitor the condition of key machinery in real time. Even more, they can then use that data to create accurate digital models of the machinery to examine how it would react in different scenarios, say if demand for electricity spiked at an unexpected time.3 Using such tools, organizations may also be able to monitor their environment for those signals, or changes, both inside and outside the company that point to new technologies, new regulations, new social trends, and new customer behaviors. Yet, while some 80% of companies surveyed in the Forbes Insights/DTTL report say they use risk-sensing tools, those tools are more focused on such risks as financial and compliance risks, rather than strategic risks.4

Horizon scanning can inform the discussion. In their recent article Pattern of disruption: Anticipating disruptive strategies in a world of unicorns, black swans, and exponentials, leading researchers from Deloitte’s Center for the Edge identified nine patterns of disruption—ways that disruptors created new value through a new approach under specific market conditions—that seem generalizable in both the past and the future.5 For example, by unbundling products and services or by shortening the value chain, competitors have been able to upend certain marketplaces—and some incumbents’ businesses. And while these patterns can’t describe every possible challenge a business will encounter, they do help make sense of the changing dynamics many companies are experiencing. Moreover, armed with this understanding, executives can start asking the right questions of their business and the world around them to not only anticipate changes, but also make the “unexpected” expected.

Finally, a strategic risk decision framework can help executives and boards zero in on the risks that could upend the business or open up new opportunities. An effort should be made to not just present information, but to present it in ways consistent with people’s ability to manage and navigate it, and in ways that help break down built-in institutional challenges or biases to getting and acting on information. This is where the combination of scenario planning, horizon scanning, and risk sensing can create a platform for early discovery and decisive action on potential threats.

CFOs as risk integrators

CFOs’ voices are magnified since they serve as strategic advisors on a host of issues—the allocation of resources against strategy, investment options, and capital decisions, and the management of a portfolio of financial risk assets—and in that capacity, they are well positioned to connect the CEO, the board, and other senior stakeholders in the conversation about strategic risks.

Strategic risk is the next frontier of risk management, one that will generate a more nuanced conversation about the risks that are sometimes imposed on companies and the opportunities for new businesses. Armed with the right tools, leaders can accelerate how quickly they discover such risks and fit them into their ongoing risk management processes. Those that do are going to see how strategic risk—and the ability to name it, track it, and deal with it—can turn into an important organizational resource going forward.



1 Risk sensing: The (evolving) state of the art, Forbes Insights on behalf of Deloitte Touche Tohmatsu Limited (DTTL), October 2015.

2In the heat of corporate crisis: Mind over matter,” Marlo Karp and Rhoda Woo, Deloitte Review Issue 17, July 2015.

3 Stephen Lawson, “Cloud-based ‘digital twins’ could make power plants more efficient,” PC World, September 29, 2105,

4 Risk sensing: The (evolving) state of the art, Forbes Insights on behalf of Deloitte Touche Tohmatsu Limited (DTTL), October 2015.

5Pattern of disruption: Anticipating disruptive strategies in a world of unicorns, black swans, and exponentials,” John Hagel, John Seeley Brown, Maggie Wooll, Andrew de Maar, Deloitte University Press, September 2015.



Jacqueline Bukaluk

Jacqueline Bukaluk
National Leader, Enterprise Risk and Governance
Jacqueline is Deloitte’s National Leader for Enterprise Risk and Governance and a member of the firm’s Global Strategic Risk Council. She advises financial services clients on risk, governance and regulatory issues..

Susan Hwang

Susan Hwang
Partner, Enterprise Risk and Governance
Susan is a Partner in Deloitte’s Governance, Regulatory and Risk practice and chairs Deloitte’s bi-monthly Risk Roundtable attended by senior risk officers from a broad range of industry sectors. Susan advices clients on strategic risk, enterprise risk management, governance and regulatory issues.

Prashant Masand

Prashant Masand
Senior Manager, Enterprise Risk and Governance
Prashant is a Senior Manager in Deloitte’s Governance, Regulatory and Risk practice and leads innovation in governance, risk and regulatory services. Prashant advices clients on risk, governance and regulatory issues.


Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.