Spotlight on Risk: Strategic vs. Reputational Risk

When we discuss risk there is a common confusion regarding strategic and reputational risk. Many, in all honesty, will interchange these two risks –one for the other. While this is common and there are similarities between the two, they are very different risk that we will highlight here.

Strategic risk is defined as risks that negatively impact the organization’s ability to implement a business strategy. Strategic risks include, but are not limited to, those items inherent in the strategy itself and external events or actions that impact the strategy. For example, a growth strategy without sufficient resources to expand is an inherent strategic risk and would exist with or without outside stimuli. On the other hand, a growth strategy that is impacted by new regulations prohibiting expansion is an external strategic risk because the new regulation negatively impacts the ability to deliver on the strategy.

Reputation risks consist of those risks that impact a businesses image or, in more simple terms, what the outside world thinks of a business. A good example of reputation risk is when an officer steals from the company. Clients or customers may shy away from dealing with that company because of the actions of this officer. The business takes a reputation hit, loses credibility and customers, and spends months or more trying to regain customer’s confidence.

While each of these risks is standalone they do not always impact the business individually. Strategic risks can also have impact to compliance, operational, technological and other risks within the business. Similarly, reputational risk can impact fraud, operational, credit and compliance. Also, we should not forget that strategic risk has an impact on reputation risk and vice versa. The interconnectedness of risks can make it difficult to discern problems and resolve them quickly. So it is imperative that each risk be defined properly.

As with risk management in general one must understand the actual risk and its impact or relationship with other risks. That is why combined risk assurance can be a valuable approach to risk management. Additionally, GRC software and methodology can aid in aligning risk relationships and clarify the actual impact to the business.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Governance

Risk

Compliance

Governance

Risk

Compliance

New Jersey