How To Integrate Risk Insights Into Decision Making and Strategic Planning – A FinTech Start-up Case Study

As I write this Opinion Article I am taken aback to 2005 when I submitted an MBA Dissertation Proposal on Integrating Risk Identificantion Into Objective Setting Process which was 1st rejected, the reason being there wasn’t much Academic Literature written about the Topic at the Time. I had to motivate and defend my Research Topic which to my delight was eventually accepted.

In 2005 as a prelude to my research on Integrating Risk Identification to Objective Setting Process I made the following observation. “during the past five years risk management has evolved to such an extent that most companies have devloped formal risk management systems whereby their risk identification processes are integrated into their objective setting processes, albeit with different forms of integration. The Integration of the Risk Identification into the Objectve Setting Process has been recognised as an essential step in the Risk Management Process as it facilitates identification of those risks that may affect the achievement of business objectives and ensure that plans are developed to mitigate the risks identified.Managenent of Risks is essential to the success of any business whether profit making or non-profit making”

I further made the following observations as per the direct extracts below from the MBA Dissertation Research work concluded in 2006.

  1. “Events such as corporate collapses of organisations like Enron (2001) have generally been attributed to poor corporate governance and risk management and events such as these have hightened the need, for corporates to put in place formalised risk management programmes as a mechanism to help identify and manage risks that corporates are faced with in today’s business environment”
  2. “Those individual organisations which have not integrated their risk management processes with strategic managenent processes are less likely to reap the benefits of risk management”
  3. “Risk Identification Process involves Identificantion of Anticipated Threats and/or Opportunities that may affect the achievement of Objectives.
  4. “Integrating the Risk Identification Process with the Objective Setting Process lays a Foundation for Ensuring that when an Organisation is crafting it’s Strategy to achieve objectives it takes into consideration the risks that are a treat to the achievement of of objectives, and likewise the opportunities that need to be exploited”
  5. “Objective Setting alone can not predict exactly how the market and business environment will evolve and what issues will surface in the coming days in order to craft the organisation’s strategy. Therefore Risk Idenification provides critical input into the Strategic Management Process for an Organisation to survive the unpredictable and turbulent business climate”
  6. “Risk Identification Techniques: Risk Identification Techniques such as facilitated workshops or inteviews serve as a platform for managers to identify and brainstorm possible events that may turn out to be risks to the business”
  7. “Description of Risks: Once Risks have been identified they need to be described in a manner that identifies the event that will occur and the impact that event will have on the of objectives should it occur. This allows for a proper analysis of risks as they relate to the criticality to the achievement of objectives”
  8. “Integrating Risk Identification can help to overcome: failure by Organisations to identify risks that may affect the achievement of objectives, the difficulty of denial that threats may emerge and should provide a basis for integrating risk mitigation strategies with other strategic actions to achieve objectives. Integrating Risk Identification into Objective Setting can lead to Cultural Change”
  9. “Employ Organisation defined Techniques to identify the Events that may be Risks and those that may be Opportunities”
  10. “Ensuring that the whole process of risk management get’s integrated into the Strategic Management Process is underpinned by integrating the Risk Identification Process into the Objective Setting Process as it is practically impossible to devise strategies to manage risks if they are now known and make those strategies part of the action plans to be taken to achieve business objectives”
  11. Benefits derived from integrating the Risk Identification Process into the Objective Setting Process steps are a confirmation that the integration is a value add in effectively integrating the Risk Management Process with the Strategic Management Process ….. Without the integration there would be a misalignment not only with the Budget Process but also with the Strategic Planning Process as the Strategic Planning Process will not take into consideration actions that are needed to mitigate the risks and this may lead to failure to achieve Objectives”
  12. “The success in Integrating Risk Identification Process into the Objective Setting Process within the individual business entities is dependent on the Culture and Capabilities of its Employees”

A Risk Management Process Developed in 2005 as part of an MBA Dissertation Titled: Integrating Risk Managment Into Objective Setting Proccess. https://researchspace.ukzn.ac.za/bitstream/handle/10413/1102/Ndlela_Ngqalabutho_2007.pdf?sequence=1


An Integrated Risk Identification Process Developed in 2005 as part of an MBA Dissertation Titled: Integrating Risk Identification Process Into Objective Setting Process. https://researchspace.ukzn.ac.za/bitstream/handle/10413/1102/Ndlela_Ngqalabutho_2007.pdf?sequence=1


It is against this background that one has observed some Risk Management Professionals rehashing knowledge that is older than 20 Years as New Knowledge. One of the key Strategy Development Principles is that before you develop any new Strategy you must have a clear understanding of the Strategic Baseline and it is in this respect that Risk Managment Thought Leaders should have a very clear understanding of Risk Management Knowledge that has been developed in the past 20 Years at least. This will prevent rehashing old ideas as knew knowledge.

The World at Large needs Visionary Risk Management Leaders who have the ability to anticipate the future and have a clear understanding that the future is shaped by what we do today to mitigate and / or exploit Threats and Opportunities lying ahead. First let me define what I mean by a “Risk Management Leader.” By this, I mean someone or anyone, who is in charge of making a business or a country prosper and achieve its Vision. This could be a CEO, President, Sales Director, CFO, Chief Risk Officer, COO, Engineer, Doctor, Economist, Director General, Minister, Mayor, City Manager, Receptionist or even administration staff. Regardless of what your title is,  you are a Risk Management Leader and have a unique challenge ahead of you to anticipate and shape our Future. As a Risk Management Leader you have to be different and go against the grain to avoid blending into the crowd. Don’t fall into the trap of confusing Crisis Management with Risk Management.

If you have ever looked up the word ‘Education’ in the dictionary, you may have found that besides Enlightenment, it can also mean Indoctrination. A Classic Example of Indoctrination are those that say a Risk Management Leader is a Person with the Tittle Chief Risk Officer / Adviser, Head of Risk, Risk Officer, Risk Champion or whatever the Risk Tittle may be.

Many Transformational Leaders also believe Indoctrination is what our current education model is more aligned to as it teaches us What to Think and not How To Think. It is a system that often keeps us shackled to the past — living by the rules of past generations that have no effect on what we want our future to look like. Often, Indoctrination suppresses our creativity and ingenuity as human beings.

One of the Catastrophic Risk Management Weaknesses we have ever seen in the World, is Failure to Timely Identify, Escalate and Mitigate Risks.

RiskForesights.COM is of the view that Managing Risks is inherent to Human Beings as well as in the Animal Kingdom, it is as old as Human Kind and an Integral Part of our lives. Managing Risks effectively is the ability to timely anticipate both threats and opportunities lying ahead that may either prevent or enhance the achievement of our Vision, Plans to Achieve our Vision and taking pro – active actions to mitigate or exploit the Risks identified. It is interesting to note that George Bush (Junior), Barak Obama and Bill Gates anticipated a Pandemic like COVID – 19 but nothing was proactively done to Mitigate The Risk perharps because the World just wished it away. The Greater Part of the World only reacted when the Risk had materialised and had become a Crisis.

Risk Management Failures are prevalent in most Public and Private Organisations, largely as a result of a weakness we have, which is the Chronic Shortage of Skills in Risk Management. This is evident when you see “Leading Risk Management” Professionals classifying existing and / or deepening of Current Weaknesses and Threats as Risks (most of which have already reached Crisis Proportions), which One Business Leader once described as Checking Your Rear-view Mirror to see what is Infront of your Car. Lack of Skills in Risk Management is also seen, when only Threats are recognised as Risks in most leading Companies and Opportunities Lying Ahead are excluded when Assessing Risks. In Worst Case Scenarios you see some “Risk Professionals” when Identifying Risks they simply make an Objective a Negative.

Based on a the Dissertation I completed in 2006 Titled Integrating Risk Identification Process into The Objective Setting Process, Ndlela_Ngqalabutho_2007.pdf (ukzn.ac.za), and my Experience in Managing Risks over the past 20 Years here are some basic logical lessons in enhancing an Organisation’s Decision Making and Strategic Planning Capabilities. To illustrate how to Integrate Risk Management into Decision Making and Strategic Planning we will use a FinTech Start-up as a Case Study.


Where Are We Now Analysis: Before Envisioning The Future of Your Business or Organisation Understand Your Strategic Baseline and Risk Maturity Levels. Use the following tools to understand your current Position or Situation in relation to where you want to be. (Tools – PESTLE Analysis, SWOT Analysis and Porter’s Five) to understand the FinTech Landscape in your Country or Region or Globally. At a minimum PESTLE and SWOT Analysis will give you insights into the current business conditions that may in the future be a Source of Risks.


Where Could We Go – Option / Scenario Formulation: As this stage you formulate options and weigh options available to you and your Decision you take should be informed by Strategic Risks you have Identified. Unlike Operational Risks there is no hard and fast rule on how to Identify and Assess Strategic Risk Scenarios, however an indepth understanding of the current environment such as PESTLE Analysis, SWOT Analysis and PORTER’s Five Forces will equip you with information on variables that can evolve to become Threats or Opportunities in the next 3 to 5 Years or more (e.g. Young Population in Africa is a Source of Opportunities the next 5 Years of Youth who will be comfortable using FinTechs as Banking Platforms).

Analyse current Global, Regional, Country and Industry Risks to identify Opportunity Risks for which you will develop Solutions for. (e.g. FinTechs can develop solutions to minimise the eminent Digital Devide in 3rd World Countries by developing Solutions that will be accessible to the Poorest of the Poor. FinTechs that are Born Digital and Global are better Positioned to develop Solutions that will prevent Cyber Attacks in the Financial Services Industry).

At this Stage when you formulate your Vision it should be informed by Global, Regional, Country and Industry Risks as these may be a Source of Opportunities to Exploit in the Medium and Long Term. These Risks should also inform the Strategic Objectives you formulate. (e.g. Setting up New Operations in a Country as it’s Strategic Intent it want’s to be a leader in 4IR Tecehologies and will be introducing Tax Incentives For Tech Companies). At this Stage have an understanding of the resources required to optimise downside risks and/or to exploit opportunities identified this should inform your decsion as to where Do You Want To go.


Where Do We Want To Go – Option Selection: Here you firm up your Vision and Decide what your Focus Areas and related Strategic Objectives will be, to achieve your Vision. You need to have clarity on the Risk Scenarios associated with the Vision you have set yourself and the related Strategic Objectives. An In-depth understanding of Strategic Risk Scenarios will assist you to set SMART Strategic Objectives. (e.g. Understanding a Risk Scenario that relates to a prolonged Economic Stagnation due to the COVID Scars taking too long to heal, will certainly inform what Strategic Objectives you set for your FinTech Start-up)


What Will Help us Get There – Mobilise Support and Resources: When you decide what Financial (Budget) and Non – Financial Resources are needed to successfully execute your plans include Risk Optimisation and Exploitation Action Plans. Risk Optimisation and Exploitation Plans should be an Integral Part of your Strategy Blue Print and Operational Plans. There is no need for seperate Risk Registers that are monitored seperately in a Committee called a Risk Committee. When you Communicate and Cascade your Strategy, include Significant Risks, Risk Optimisation and Exploitation Plans as an Integral Aspect of your Strategic Plan or Operational Plan.


What Do We Do Now – Implementation: Risk Management KPIs should be set as an Integral Part of your Organisation’s Annual Performance Plans. As you monitor the implementation of your Strategy and taking corrective action where required include Risk Optimisation and Exploitation Plans. Review and Reporting on the effectiveness of your Risk Management Initiatives should be done as an Integral Part Strategy and Operational Performance Reports. There is no need to develop seperate parallel Risk Management Procceses that do not add value in managing the business.


Risk Management Culture: The Success of Integrating Risk Insights Into Decision Making and Strategic Planning, is dependent on Upskilling (Training) Your Employees (Team) in Integrated Risk Management as well as walking The Talk by Senior Management and having very clear Risk Management KPIs that are an Integral Part of all Employees Performance Management and Development System.


An Illustration of Integrating Risk Insights Into Decision Making and Strategic Planning Procceses


Concluding Remarks

While some may argue that Imagination is more Important than Existing Knowledge, the Intellectual Poverty displayed by some Risk Management Professionals who rehash old Risk Management Concepts as knew Concepts should be a cause for concern, as it does not add anything knew in the Existing Risk Management Knowledge and should be discouraged or else Risk Management will not be seen as a Business Enabler but a Compliance Imperative or a Money Making Scheme.

As we move forward we should avoid the “Poor Scalptor Syndrome, who blame his Tools for their shoddy work” instead of focusing on improving their skills. One has to ask the Question why are the 12 Risk Management Concepts which were clearly articulated in the Research conducted in 2005/06 to be precise, are still being rehashed as New Risk Management Knowledge instead of perharps conducting a dignostic of why 20 Years latter we still talking about the same Risk Management Concepts that have not been fully embedded and integrated with some Organisations’ Decision Making and Strategic Planning Procceses. The Answer partly lies on the Risk Management Improvement Opportunities below:

  1. Improve Risk Management Skills and Capabilities at Early Learning Stages: Institutions of Higher Learning should Introduce Basic Strategic Planning and Integrated Risk Management Modules to all Certificate, Diploma, Degree and Post Graduate Programmes. In the context of Africa Business Schools should consider introducing Integrated Risk Management Modules in all MBA Programmes as well as Risk Management Short Courses just their American and European Counterparts have done. Managing Risks should be a way of life and culture, it does not belong to a few High Priests.
  2. Risk Management KPIs: Make Risk Management KPIs an Integral Part of an Organsation’s KPIs and every employee in an Organisation should have Risk Management KPIs as an Integral Part of their Individual Performance and Developmement.
  3. Transparency and Risk Disclosure: The Outcome of an Effective Risk Management Programme is Timely Identification of Risks, Proactive and Effective Optimisation and/or Exploitation of Risks. It is time Regulatory Authorities shoul make in compulsory for Organisations to disclose their Top 6 to 10 Risks and how effective are they managing these Risks (both Downside Risks and Upside Risks)

Leave a Reply