Risk management consultancy and training services

Call Us:

(+61) 400 666 142


Canberra ACT 2600

Strategic v Operational Risk

Strategic v Operational Risk

Hello, and welcome to this session.

What I’m going to talk about here is the difference between strategic and operational risk. This is an area that I’m often asked the difference between the two.

When I look at a lot of strategic risk registers maintained by boards and senior executives in organisations, what I tend to find is there are a lot of operational risks being pushed off as strategic risk. Now for me strategic risk is something that is outside the control of the organisation, that is out in the environment within which you are operating.

So, things like the legislative environment, regulatory environment, competitive environment are looking at strategic risk. Let’s say a government organisation reduces funding without any commensurate reduction in responsibilities – that is strategic risk to the organisation. For a council, an amalgamation of a number of councils is a strategic risk. But what I’m finding in these strategic risk registers are things like a major fraud event or somebody dies – they are operational risks.

Yes, they might have strategic consequences or consequences that affect the enterprise, but they still need to be managed down at the lower levels of the organisation. They need to be managed at the lower levels of the organisation but operated up to the board; it is not the remit of the board to actually manage those types of risk. They need to be focusing out.


Because they’re setting the strategic direction of the organisation so they need to be aware of the environment so they can adjust strategic direction if necessitated by a change in that environment.

If they are continually focused down in the operational area then they might miss those triggers that would mean they need to change their strategic direction. So the lesson out of all of that is for the board and senior management in terms of strategic risk – look out. For those underneath, your CEO and managers are focused on operational risks in terms of making sure they are managed so we can achieve the strategic direction that is being set by the board.

As a board you cannot focus on those operational risks you are going to become mired down in managing those and not only that it’s not your responsibility, you have given charge to the CEO to do that.

So have a look at your strategic risk registers and actually ask yourself how many of those are strategic.

That’s all I have for this session. As always let’s be careful out there.

Written by Leena Renkauskas

Rod is an accomplished risk consultant with extensive experience in the delivery of professional consultancy services to government, corporate and not-for-profit sectors. Rod takes every opportunity available to ensure his risk management knowledge remains at the ‘cutting edge’ of the discipline. Rod’s Risk Management expertise is highly sought after as is the insight he provides in his risk management training and workshop facilitation. Rod was recognised by the Risk Management Institution of Australia as the 2016 Risk Consultant of the Year and one of the first five Certified Chief Risk Officers in Australasia.