What is Strategic Risk Assessment?
Strategic risk assessment is the process of identifying, measuring, and ranking the risks that could threaten a company’s long-term goals — things like market shifts, regulation, technology disruption, or geopolitical change. It feeds the board’s decisions about strategy, investment, and capital allocation.
How It Works
- Risks are identified through interviews, workshops, and external scanning
- Each risk is scored on likelihood and impact, often on a 5×5 heat map
- Top risks are assigned an owner and a mitigation plan
- The portfolio of risks is reviewed at least annually by the board or audit committee
- Different from operational risk assessment, which focuses on day-to-day process failures
Saudi Context
In Saudi Arabia, listed companies follow CMA Corporate Governance Regulations that require the board to review the company’s risk profile at least annually. Many large groups have adopted ISO 31000 and COSO ERM as their reference frameworks.
Example
A Saudi healthcare group runs a strategic risk workshop. The top risks identified are regulatory change in CCHI rules, talent shortage of clinical staff, and cybersecurity. The board approves dedicated mitigation owners and budget for each, and reviews progress quarterly.