Call to Action 1: Creating Integrating Strategy, Risk and Resilience



This article is part one of a series unpacking the five Call To Actions in IRMSA’s 2021 Risk Report. To learn more about the five CTAs and the report, please read this blog from thryve’s Managing Director.

Integrating strategy, risk and resilience is not a new concept. Forward-looking risk experts have for years noted the synergy between these different areas. The idea of integrating risk and strategy even resonates in traditional strategy tools such as the SWOT analysis. But it took several global challenges such as the 2008 financial crash and the ongoing COVID-19 pandemic to help more people appreciate the value of combining them.

IRMSA identifies three actions that damage a company: mistakes, misses, and malice. Mistakes occur when an organisation does what it shouldn’t have, and misses are when the organisation doesn’t do what it should (or could). Malice is when those in an organisation misbehave for their own benefit and often against their employer.

Traditional risk covers malice and, to a degree, mistakes. Strategy should cover misses, but it often doesn’t have the information to spot all the opportunities. Risk management can inform strategy to that extent, through what thryve calls “sense and respond” risk management. A culture that can align these two functions, along with business continuity, becomes more resilient. The outcome should look like this:

  • Strategy capability to focus on the right things
  • Risk management capability to protect against downside events
  • Risk management capability to pursue enhancing opportunities
  • Business continuity capability to deal with issues that have arisen and need to be addressed

At thryve, we offer a range of software platforms and modules that help build a culture that combines strategy, risk and resilience.

Our Enterprise Risk Management (ERM) service, powered by Riskonnect, bridges risk data silos and creates a single view of your risk position. We study your key objectives and support then with our risk identification, assessment, mitigation, and monitoring processes. As this is a platform service, the project can focus on a specific outcome and scale from there without additional risk to you.

Business continuity is a distinct discipline and should have its own technology services. thryve’s Business Continuity Management (BCM) solution can remove ambiguity and uncertainty through digitising and automating an enterprise-wide plan that can respond to difficult situations with as little disruption as possible. Similar to our ERM offering, BCM uses a flexible technology platform to draw data from different silos in the business, feed them into frameworks aligned to your operations, then delivering reports and dashboards tailored to different parts of the company.

Finally, and crucially, risk managers need to communicate risks to different parties in different ways. thryve’s Risk Management Information System (RMIS) empowers risk decision-makers to consolidate data across silos, automate processes and create reporting tailored to different stakeholders’ requirements.