This site uses cookies for analytics and to improve your experience. By clicking Accept, you consent to our use of cookies. Learn more in our privacy policy.

Up & Out #7: The Role of Strategic Intelligence in Enterprise Risk Management

September 3, 2025

In our fifth edition of Up & Out, we outlined a five-step model for embedding strategic intelligence into an organisation’s core operating fabric. This time, we’re building on that approach by outlining how intelligence teams can enable enterprise-wide geopolitical risk management in their organisations.

As geopolitics becomes more antagonistic, the direct and indirect impacts on organisations are multiplying across the demand and supply sides of business models. Consequently, geopolitical risk can impact business lines with differing levels of severity depending on an organisation’s industry and the nature of its business.

Effective geopolitical risk management is essential to helping an organisation achieve its strategic objectives. However, geopolitical risk expertise has not traditionally been a core competence for Enterprise Risk Management (ERM) teams. We now see this gap closing as risk leaders explore the integration of new geopolitical capabilities within their functions.

Infusing Geopolitical Intelligence into Enterprise Risk Frameworks

Intelligence functions are optimised for enhancing geopolitical assessment capabilities within ERM frameworks. Most intelligence teams already assess geopolitical risks for multiple lines of business (LoBs), developing a broad understanding of their organisation’s operational footprint in the process.

This understanding lends itself to supporting enterprise-wide risk activity. By acting as nerve centres or participating in geopolitical risk working groups, intelligence teams can bring greater structure to internal consideration of risk controls, while ensuring that geopolitical risk expertise is applied to all relevant areas of decision-making​.

The aim is not to induce high-level change on how your organisation identifies, monitors, and reports on risk – intelligence teams must dedicate time towards understanding how ERM functions work and show a genuine interest in learning. But the environmental scanning, forecasting, and impact assessment methodologies that intelligence teams use can always inform the development of risk mitigation approaches.

An experienced analyst can also provide company-specific insights to management teams while offering assurance to executive boards that risks are being identified, assessed, and mitigated both proactively and holistically. 

What this might look like: Imagine you lead an intelligence team at a multinational hotel company. Start by asking your ERM colleagues if they include geopolitics in their risk framework – whether as part of a risk taxonomy, in a list of principal risks, or within an emerging risk framework. If they do, ask how you can support with their ongoing activities. If they don’t, then take the initiative and offer to build a geopolitical risk framework with them.

Your chances of success are likely to increase if you map your support on geopolitical risk against orders of priority. For a hotel company, you might focus on the impacts on supply chain efficiency and operational resilience first, before moving on to implications for customer loyalty and legal exposure. You can also ask ERM teams if they have specific geopolitical expertise to support new or existing frameworks and capabilities; if they do, offer to augment this capability. If not, you have another opportunity to be proactive.

You can also request to review of your organisation’s risk management framework and offer suggestions on areas where you see opportunities to integrate strategic intelligence within ERM activities. Such areas could include supporting ERM work on emerging risks, horizon scanning, proactive risk monitoring, and developing scenarios to assess the impact of financial and non-financial risks, risk appetite, and risk reporting. 


Strengthening Understanding Through an Impact Lens

ERM teams require a perspective that evaluates how external events impact the organisation’s operations, finances, strategy, and reputation (an “impact lens”) to cultivate a strong understanding of risk tolerances at the board level. This includes understanding the role of geopolitical events. However, first-line management teams and key control functions often struggle to assess exogenous risks.

Intelligence teams can act as enablers, as they possess the capabilities to assess the level of impact and severity of geopolitical risks. However, this requires transitioning from an operational to a strategic mindset that considers the financial and operational impacts, market footprint, strategy, and reputation of their organisation. For intelligence teams matured within corporate security or crisis management functions, this mindset can take time to develop.

What this might look like: Using the hotel chain example, as an intelligence leader, you can help cultivate a holistic approach to risk management by conducting workshops with risk owners across business functions to understand their strategic objectives, operational footprint, risk criteria, and approved risk tolerances.

If the company’s ERM team is actively tracking supply chain resilience, develop the conversation by providing context behind any ongoing trade route disruptions or sanctions exposure, while aligning your terminology and style for articulating likelihood and impact with theirs. Understanding these criteria will augment your ability to assess the impacts of geopolitical risks and recommend tailored mitigations to support ERM activities.

Reducing Uncertainty and Investing in Preparedness

“Plans are worthless, but planning is everything.”

– Dwight D. Eisenhower

People overestimate their ability to understand and assess risk, and establishing effective controls in any organisation does not eliminate risk. All internal controls have their limitations, particularly when it comes to external events, such as geopolitical risks and the uncertainties they produce, which no organisation can control.

ERM teams must continually invest in preparedness and plan for the unthinkable by adapting their risk controls. This requires good risk intelligence, i.e., understanding the risks to your organisation, managing them appropriately, and ensuring transparency to all relevant decision-makers.​

Unsurprisingly, risk intelligence is the cornerstone of an intelligence team. When you consider this, and that most intelligence teams are cross-functional entities, it is easy to understand how they can be at the forefront of establishing risk controls when it comes to geopolitical risks, or exogenous risks more broadly. 

What this might look like: As an intelligence leader, you can reduce the uncertainty of geopolitical risks by collaborating with your hotel company’s risk owners on environmental scanning and forecasting exercises, or by creating workshops for red-teaming and scenario development. Working alongside ERM teams will also help you understand the organisational architecture and existing levels of maturity, enabling them to test risk controls successfully.

Ensure that you employ creative thinking that extends beyond historical analogies to address Black Swan events. History is a subset of things that could have happened in the past​, so if you are only helping an ERM team prepare for risks based on past events, then you are leaving the organisation unprepared for low-probability, high-impact events.

Intelligence functions are already optimised to enable enterprise-wide geopolitical risk management in their organisations. Many intelligence teams already act as a nerve centre for geopolitical risk assessments in their organisations, and utilising these three overarching approaches to collaborate with ERM teams can further enhance these capabilities within ERM frameworks.