Strategic Planning Society Webinar- Integrating Strategy and Risk Management

Integrating Strategy and Risk Management

Strategic Webinar Series20 February 2014

Agenda

1. Opening remarks - Fiona Carter, Chief Executive Officer, SPS

2. Integrating Strategy and Risk Management – Andrew Smart CEO of Manigent and StratexSystems will talk about:

• The need for new approaches

• Seven management disciplines

• The strategy map and risk appetite

3. Q&A session - moderated by Fiona Carter

2

The Strategic Planning Society SPS was formed in 1967 and is a global network dedicated to the

development of strategic thinking, strategic management and strategic leadership (www.sps.org.uk).

Our Members are individuals, corporate organizations and business schools.

SPS supports Members to develop their strategic management and leadership capabilities

3

Our Missionimprove the practice,

development and recognition of strategic management

Our Visiona dynamic, global strategic management community

SPS Strategic Webinar series

A monthly series of Webinars launched in 2013 for SPS Members worldwide

To share knowledge and best practice, provide insight and practical recommendations for strategic managers and leaders

Speakers are from both business and academia

Become a Member: www.sps.org.uk/join-sps/

4

Integrating Strategy and Risk Management

• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.

• The regulatory environment has become more intense and intrusive.• The balanced scorecard and risk management approaches have evolved as silo

processes over approximately 20 years – an approach that integrates both is a natural evolution.

• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.

• In this webinar, Andrew will expand on these arguments, illustrating the changes through how he sees seven key characteristics of a strategy-focused, risk-aware culture.

5

Our speaker

6

Andrew Smart

• Andrew Smart is the Co-Founder and CEO of Manigent, a specialist strategy execution and risk management consultancy based in London, UK. He is also the Co-Founder and CEO of StratexSystems, a technology firm that develops and sells an integrated strategy and risk management solutions.

• He is the architect of the Risk-Based Performance Management methodology and has more than 15 years experience delivering strategy execution and risk management solutions in the UK, Europe and the Middle East.

• His professional focus over the last two years has been delivering Risk & Control Frameworks and RMP/Section 166 projects, primarily in the City of London.

• He holds an MBA from Henley Business School and is a Professional member of the Institute of Operational Risk.

Integrating Strategy & Risk Managementan Introduction to Risk-Based Performance Management

SPS webinar20 February 2014

Page 8

Introductions

CEO & Co-founder of Manigent, a thought-leadership consultancy firm focused on strategy execution and risk management

15 years plus in strategy and risk management

2006/07 -12 month / 21 organisation research project into the integration of strategy and risk management

2008 - Created the Risk-Based Performance Management methodology during various strategy and risk related engagements in the city

Poll question

Do you integrate risk management into your strategic execution process?

Page 10

The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management

http://business.timesonline.co.uk/tol/business/industry_sectors/banking_and_finance/article4761892.ece

Page 11

Post credit crunch, the regulatory environment has become more intensive and more intrusive

Page 12

As we enter the recovery and growth phase, managing risk to drive and sustain competitive advantage will be critical

Page 13

Risk-Based Performance Management (RBPM) is a holistic and integrated approach to strategy execution and risk management

Performance Management

Risk Management

Strategy Management

Appetite

What are we trying to achieve?

Are we on track?

What is our Risk Appetite?

Are we operating within appetite?

Governance & Communications

Culture

Integrating Strategy Execution and Risk management approaches

Page 15

Since its inception, the Balanced Scorecard has continued to evolve.

Raison d'être for Balanced Scorecard was to provide a ‘balanced’ set of performance measurements.

“What you measure is what you get” - Kaplan & Norton, 1992

Performance Measurement

With adoption, the Balanced Scorecard evolved to become more focused on strategy.

Introduced the 5 principles1. Translate the Strategy into operational

terms

2. Mobilise change through executive leadership

3. Make Strategy a continual process

4. Make Strategy everyone’s everyday job

5. Align the organisation to the Strategy


The Balanced Scorecard is now positioned as a framework for enhancing strategic execution.

A closed loop system of strategic execution1. Develop the Strategy

2. Plan the Strategy

3. Align the organisation

4. Plan operations

5. Monitor and Learn

6. Test and Adapt the Strategy

Strategy Execution

Page 16

COSO - Internal Controls framework (1994)Provided a common definition of internal control and a framework against which internal control systems can be assessed and improved.

COSO – ERM framework (2004)The framework defines essential enterprise risk management components, discusses key ERM principles and concepts

Unlike the Balanced Scorecard, Risk Management has evolved via a series of standards.

COSO

Various standards were created, often influenced by the COSO frameworks.

The Risk Management Standard, 2002 (IRM, AIRMIC, ALARM)

Orange Book, 2004 (HM Treasury)

AS/NZS 4360:2004

BS31100, 2008 (British Standards)

Various Government standards

ISO 31000:2009

Provides principles and generic guidelines on risk management.

ISO 31010:2009

Provides guidance on selection and application of systematic techniques for risk assessment.

ISO 31000 & ISO 31010

Various

Page 17

We believe that Integrating strategy and risk management is the next, natural evolution

Risk-BasedPerformance Management enables executives to take an integrated approach and operate their business within appetite.

Comprehensive strategic execution framework• Aligns strategic intent with risk rppetite

• Integrated performance and risk reporting and analytics

• Embedded governance and ownership model

Risk-Based Performance Management

Page 18

Other experts also recognise the need for new approaches, and are looking at the integration of performance and risk management ...

What went wrong in Financial Services?1. Wrong measures of risk or, at least,

very limited understanding of the properties of the risk measures being used

2. Incorrect data used to estimate risk measures

3. Failure to understand correlations across risk measures

4. Managing local risks and ignoring global ones

5. Treating risk management as a compliance issue, not a strategic one

6. Taking big bets that unlikely events will not occur

7. Senior executives and boards striving for short-term gains while ignoring the risk exposure associated with generating high profits

Value-at-Risk Calculation typically assumes that probability of gains and losses follows a normal

distribution.What about Black Swan events?

VaR does not account for liquidity risk; it assumes you can get out of a position overnight.

VaR is like “an airbag that works all the time, except when you have an accident.”

Now is the time to enhance the BSC with Key Risk Indicators

(KRIs) and integrate performance and risk

management.

Dr Robert Kaplan is focusing on measurement of riskE&Y suggested a ‘re-balanced’ scorecard

Page 19

Other experts also recognise the need for new approaches, and are looking at the integration of performance and risk management ...

What went wrong in Financial Services?1. Wrong measures of risk or, at least,

very limited understanding of the properties of the risk measures being used

2. Incorrect data used to estimate risk measures

3. Failure to understand correlations across risk measures

4. Managing local risks and ignoring global ones

5. Treating risk management as a compliance issue, not a strategic one

6. Taking big bets that unlikely events will not occur

7. Senior executives and boards striving for short-term gains while ignoring the risk exposure associated with generating high profits

Value-at-Risk Calculation typically assumes that probability of gains and losses follows a normal

distribution.What about Black Swan events?

VaR does not account for liquidity risk; it assumes you can get out of a position overnight.

VaR is like “an airbag that works all the time, except when you have an accident.”

Now is the time to enhance the BSC with Key Risk Indicators

(KRIs) and integrate performance and risk

management.

Dr Robert Kaplan is focusing on measurement of riskE&Y suggested a ‘re-balanced’ scorecard

However the focus is measurement via

indicators ... where is the strategic

alignment?

Page 20

Kaplan on Risk and the Balanced ScorecardHBR June 2012

• Three categories of Risk– Preventable Risks– Strategy Risks– External Risks

Managing Risk is very different from managing

Strategy

Page 21

Risk and the Balanced Scorecard - What we think…

Managing Risk is not different to, but a fundamental part of,

managing strategy

Page 22

Risk-Based Performance Management (RBPM) is a holistic and integrated approach to strategy execution and risk management


Risk Management

Strategy Management

Appetite


Are we on track?

What is our Risk Appetite?

Are we operating within appetite?

Governance & Communications

Culture

Page 23

The Risk-Based Performance Management (RBPM) methodology is based on seven management disciplines

Business Drivers

Shareholder Value

2. Manage Performance

3. Manage Risk

1. Set Strategy

5.Governance

6.Communications

7.Culture

Capital ?Income

Share Price ?Economic value add

4. Appetite Alignment

Reputation

Profit

Appetite Appetite

Page 24

Discipline 1: Set Strategy

Strategy: “to develop a sustainable (and defendable) position which enables the organisation to achieve its objectives while operating within defined risk appetite boundaries”

“One major problem that led to the current financial crisis was that although objectives had been created, there was no articulation of risk appetite or

identification of those responsible when risks were incurred”

A clear articulation of strategy is important but it must include an expression of the amount and type of risk that the organisation is willing to accept

Page 25

“Within the RBPM approach, we define ‘manage performance’ as the continuous process of monitoring objectives and their KPIs, identifying root causes of underperformance and making adjustments.”

Discipline 2: Manage Performance

KPIs

Processes Initiatives

Objectives

Page 26

Discipline 3: Manage Risk

“In the context of Risk-Based Performance Management, Risk Management is about understanding and exploiting opportunities and threats (the risk the organisation faces in pursuit of its objectives), and the continuous monitoring and management of those risks to ensure the organisation executes its strategy while operating within appetite”

Page 27

Discipline 4: Appetite Alignment

“Appetite Alignment is the process of continuously aligning current risk exposure to the defined risk appetite, which by implication encapsulates the strategy of the organisation. To translate into simple terms, it is about understanding whether the current level of risk-taking is aligned to the chosen business strategy, i.e. are we operating within appetite?”

Page 28

Discipline 5: Governance

“Governance is the process and practices which define the strategic, operating and decision-making boundaries of an organisation (or organisational unit), and how decisions are made and implemented.”

Page 29

Discipline 6: Communications

“When a firm’s risk appetite is properly defined and clearly communicated, it becomes a powerful management tool to clarify all dimensions of enterprise-wide risk and enhances overall business and financial performance”

The Five C’s: 1. Clarify2. Credible3. Concise4. Context 5. Consistent

“all the good-to-great companies had a penchant for intense dialogue. Phases like “loud debate”, “heated discussions”, and

healthy conflict” peppered the articles and interview transcripts from all the companies. They didn’t use discussion as a sham process to let people “have their say” so they could “buy in” to a predetermined decision. The process was more

like a heated scientific debate, with people engaged in a search for the best answers”. Jim Colins

Page 30

Discipline 7: Culture

Culture comprises an organisation’s widely shared values, symbols, behaviours and assumptions.

“the way we do things around here”

The seven key characteristics of a Strategy-Focused, Risk-Aware Culture1. Driven by a compelling vision2. Live by a clear set of values3. Led with integrity4. Align risk-taking to strategy5. Established clear accountabilities6. Engage in high quality conversations7. Incentives are aligned to appetite

Culture is perhaps the ultimate strategy and risk management tool

Page 31

Underpinning the Risk-Based Performance Management approach is a clear change process

Define Strategic

Goals

Define Strengths & Weaknesses

Define Business Drivers

Define the Strategy

Define Processes

Define Initiatives

Define Operational

Risks

Define Operational

Controls

Define Indicators

Assess Risks & Controls

Monitor Appetite

Alignment

Define Strategic

Risks

Define Strategic Controls

Define the Business Model

Define Risk Appetite

Align Risk Appetite &

Strategy

Define Strategic

Objectives

Board Executive

Formulation Execution

Page 32

Organisational progress in implementing the approach can be reviewed using the a Maturity Model

Based on the RBPM Seven disciplines

Provides a snapshot of your organisational Strategy & Risk maturity

Provides a ‘slice’ by organisation behaviour

“How mature is your integrated strategy & risk management

approach?”

Stra

tegy

Perf

orm

ance

M

anag

emen

t

Risk

Man

agem

ent

Appe

tite

Alig

nmen

t

Gov

erna

nce

Com

mun

icati

ons

Cultu

re

Manage

Operationalise

Monitor

Improve

Initial

ExemplaryExpert

ProficientCompetent

Poll question

Who defines your organizational risk appetite?

Page 34

Central to this integrated model for Strategy and Risk Management is the Strategy Map

Page 35

The Strategy Map articulates how an organisation creates valueFi

nanc

ial

Cust

omer

Inte

rnal

Pr

oces

sLe

arni

ng &

G

row

th

Drive sales execution

Sustainable Growth

“We align our incentives to our

appetite & desired behaviours”

“Their fees are clear and fair”

Deliver Revenue Growth

Objective KPIs InitiativesTargets


YTD % Increase in income 25%

Implement new sales process

Objective Statement of what

strategy must achieve and what’s

critical to its success

KPIs How success in achieving the

strategy will be measured and

tracked

Targets The level of

performance or rate of

improvement needed

Initiatives Key action programs

required to achieve Priorities

Page 36

However, to create value, risk-taking must be aligned to strategyFi

nanc

ial

Cust

omer

Inte

rnal

Pr

oces

sLe

arni

ng &

G

row

th

Sustainable Growth Objective Appetite AlignmentExposure





Appetite How much risk

are we willing to run to achieve the

objective?

ExposureHow much risk

are we currently running?

Alignment Is our current risk-taking aligned to

appetite?

Moderate High Over-exposedDrive sales execution





Page 37

Effective risk management supports value creation and value protectionFi

nanc

ial

Cust

omer

Inte

rnal

Pr

oces

sLe

arni

ng &

G

row

th

Sustainable Growth Objective Risks MitigationThresholds


Mis-selling resulting in reputation loss

Appetite Tolerances

Controls Initiatives Policy &

procedures Processes




RisksThe threats and

opportunities (risks) exist which may

impact achievement of objectives

ThresholdsThe appetite and

tolerance thresholds used to monitor risk

Mitigation The activities undertaken to manage risk






Page 38

Many different types of risks make up the organisational risk universeFi

nanc

ial

Cust

omer

Inte

rnal

Pr

oces

sLe

arni

ng &

G

row

th

Increase Investment Returns by 25%

Sustainable Growth

Increase Retention of competent staff by

10%

Increase Shareholder value


Strategic Risk

Operational Risk

Insurance Risk

Finance Risk

Hazard Risk

Page 39

Many different types of risks make up the organisational risk universeFi

nanc

ial

Cust

omer

Inte

rnal

Pr

oces

sLe

arni

ng &

G

row

th


Sustainable Growth

Increase Retention of competent staff by

10%

Increase Shareholder value


Strategic Risk

Operational Risk

Insurance Risk

Finance Risk

Hazard Risk

Unexpected changes in interest

rates

Unexpected Equity movements

Page 40

Key Business Drivers are used to frame the definition of risk impact levels, used within both Risk Appetite definition and the Risk Assessment process

Risk Appetite Levels

Income

Reputation

Capital

?

Capital@Risk

Reputation @Risk

Risk Assessments

Key Business Drivers

Appetite Alignment Matrix

Poll question

Does your organization use any tools - such as the appetite alignment matrix - to monitor the alignment of risk taking to strategy?

Page 42

Bringing together these three powerful tools, and the underlying methodology provide the foundation for effective strategy execution

Strategy Map Risk Map

Appetite Alignment Matrix


How much risk are we running?

Risk Appetite

How much risk are we willing to

take?

So What? Are we taking

the right amount of risk?

Page 43

Risk-Based Performance Management is proven to enable better execution, better risk management and deliver tangible business benefits

http://www.hml.co.uk/blog/2011/09/23/risk-management-driving-value-from-a-long-game-approach

It [Risk Management] should become part of the firm’s DNA and simply the way business is done – reflected in the effectiveness of management doing the right things.

The true output of effective risk management is a successful organisation that delivers on its strategic objectives and satisfies the needs of key stakeholders - consistently, year on year.

HML started a journey to ingrain a new approach to risk management. In spite of the financial difficulties experienced in our market, significant benefits have been achieved which have made a difference to HML’s bottom line: 94% reduction in the value of errors and a 63% reduction in the volume of errors.




Page 44

Risk-Based Performance Management is proven to enable better execution, better risk management and deliver tangible business benefits


It [Risk Management] should become part of the firm’s DNA and simply the way business is done – reflected in the effectiveness of management doing the right things.

The true output of effective risk management is a successful organisation that delivers on its strategic objectives and satisfies the needs of key stakeholders - consistently, year on year.

HML started a journey to ingrain a new approach to risk management. In spite of the financial difficulties experienced in our market, significant benefits have been achieved which have made a difference to HML’s bottom line: 94% reduction in the value of errors and a 63% reduction in the volume of errors.




Page 45

Questions

Next on the SPS Calendar

The webinar series continues:

13 March 2014 - The Execution Shortcut

Members can catch up on recordings of previous SPS webinars at

www.sps.org.uk/sps-webinars/

Page 47

Contact details

Andrew SmartCEOManigent & StratexSystems

Email: [email protected]: www.riskbasedperformance.comWeb: www.manigent.com |

www.stratexsystems.com LinkedIn: http://uk.linkedin.com/in/ajsmartTwitter:@AndrewJSmart

mailto:[email protected]

http://www.riskbasedperformance.com/

http://www.manigent.com/

http://www.stratexsystems.com/

http://uk.linkedin.com/in/ajsmart

Thank-you