Upload
andrew-smart
View
114
Download
7
Tags:
Embed Size (px)
DESCRIPTION
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management. • The balanced scorecard and risk management approaches have evolved as silo processes over approximately 20 years – an approach that integrates both is a natural evolution. • To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
Citation preview
Integrating Strategy and Risk Management
Strategic Webinar Series20 February 2014
Agenda
1. Opening remarks - Fiona Carter, Chief Executive Officer, SPS
2. Integrating Strategy and Risk Management – Andrew Smart CEO of Manigent and StratexSystems will talk about:
• The need for new approaches
• Seven management disciplines
• The strategy map and risk appetite
3. Q&A session - moderated by Fiona Carter
2
The Strategic Planning Society SPS was formed in 1967 and is a global network dedicated to the
development of strategic thinking, strategic management and strategic leadership (www.sps.org.uk).
Our Members are individuals, corporate organizations and business schools.
SPS supports Members to develop their strategic management and leadership capabilities
3
Our Missionimprove the practice,
development and recognition of strategic management
Our Visiona dynamic, global strategic management community
SPS Strategic Webinar series
A monthly series of Webinars launched in 2013 for SPS Members worldwide
To share knowledge and best practice, provide insight and practical recommendations for strategic managers and leaders
Speakers are from both business and academia
Become a Member: www.sps.org.uk/join-sps/
4
Integrating Strategy and Risk Management
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.
• The regulatory environment has become more intense and intrusive.• The balanced scorecard and risk management approaches have evolved as silo
processes over approximately 20 years – an approach that integrates both is a natural evolution.
• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
• In this webinar, Andrew will expand on these arguments, illustrating the changes through how he sees seven key characteristics of a strategy-focused, risk-aware culture.
5
Our speaker
6
Andrew Smart
• Andrew Smart is the Co-Founder and CEO of Manigent, a specialist strategy execution and risk management consultancy based in London, UK. He is also the Co-Founder and CEO of StratexSystems, a technology firm that develops and sells an integrated strategy and risk management solutions.
• He is the architect of the Risk-Based Performance Management methodology and has more than 15 years experience delivering strategy execution and risk management solutions in the UK, Europe and the Middle East.
• His professional focus over the last two years has been delivering Risk & Control Frameworks and RMP/Section 166 projects, primarily in the City of London.
• He holds an MBA from Henley Business School and is a Professional member of the Institute of Operational Risk.
Integrating Strategy & Risk Managementan Introduction to Risk-Based Performance Management
SPS webinar20 February 2014
Page 8
Introductions
CEO & Co-founder of Manigent, a thought-leadership consultancy firm focused on strategy execution and risk management
15 years plus in strategy and risk management
2006/07 -12 month / 21 organisation research project into the integration of strategy and risk management
2008 - Created the Risk-Based Performance Management methodology during various strategy and risk related engagements in the city
Poll question
Do you integrate risk management into your strategic execution process?
Page 10
The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management
Page 11
Post credit crunch, the regulatory environment has become more intensive and more intrusive
Page 12
As we enter the recovery and growth phase, managing risk to drive and sustain competitive advantage will be critical
Page 13
Risk-Based Performance Management (RBPM) is a holistic and integrated approach to strategy execution and risk management
Performance Management
Risk Management
Strategy Management
Appetite
What are we trying to achieve?
Are we on track?
What is our Risk Appetite?
Are we operating within appetite?
Governance & Communications
Culture
Integrating Strategy Execution and Risk management approaches
Page 15
Since its inception, the Balanced Scorecard has continued to evolve.
Raison d'être for Balanced Scorecard was to provide a ‘balanced’ set of performance measurements.
“What you measure is what you get” - Kaplan & Norton, 1992
Performance Measurement
With adoption, the Balanced Scorecard evolved to become more focused on strategy.
Introduced the 5 principles1. Translate the Strategy into operational
terms
2. Mobilise change through executive leadership
3. Make Strategy a continual process
4. Make Strategy everyone’s everyday job
5. Align the organisation to the Strategy
Performance Management
The Balanced Scorecard is now positioned as a framework for enhancing strategic execution.
A closed loop system of strategic execution1. Develop the Strategy
2. Plan the Strategy
3. Align the organisation
4. Plan operations
5. Monitor and Learn
6. Test and Adapt the Strategy
Strategy Execution
Page 16
COSO - Internal Controls framework (1994)Provided a common definition of internal control and a framework against which internal control systems can be assessed and improved.
COSO – ERM framework (2004)The framework defines essential enterprise risk management components, discusses key ERM principles and concepts
Unlike the Balanced Scorecard, Risk Management has evolved via a series of standards.
COSO
Various standards were created, often influenced by the COSO frameworks.
The Risk Management Standard, 2002 (IRM, AIRMIC, ALARM)
Orange Book, 2004 (HM Treasury)
AS/NZS 4360:2004
BS31100, 2008 (British Standards)
Various Government standards
ISO 31000:2009
Provides principles and generic guidelines on risk management.
ISO 31010:2009
Provides guidance on selection and application of systematic techniques for risk assessment.
ISO 31000 & ISO 31010
Various
Page 17
We believe that Integrating strategy and risk management is the next, natural evolution
Risk-BasedPerformance Management enables executives to take an integrated approach and operate their business within appetite.
Comprehensive strategic execution framework• Aligns strategic intent with risk rppetite
• Integrated performance and risk reporting and analytics
• Embedded governance and ownership model
Risk-Based Performance Management
Page 18
Other experts also recognise the need for new approaches, and are looking at the integration of performance and risk management ...
What went wrong in Financial Services?1. Wrong measures of risk or, at least,
very limited understanding of the properties of the risk measures being used
2. Incorrect data used to estimate risk measures
3. Failure to understand correlations across risk measures
4. Managing local risks and ignoring global ones
5. Treating risk management as a compliance issue, not a strategic one
6. Taking big bets that unlikely events will not occur
7. Senior executives and boards striving for short-term gains while ignoring the risk exposure associated with generating high profits
Value-at-Risk Calculation typically assumes that probability of gains and losses follows a normal
distribution.What about Black Swan events?
VaR does not account for liquidity risk; it assumes you can get out of a position overnight.
VaR is like “an airbag that works all the time, except when you have an accident.”
Now is the time to enhance the BSC with Key Risk Indicators
(KRIs) and integrate performance and risk
management.
Dr Robert Kaplan is focusing on measurement of riskE&Y suggested a ‘re-balanced’ scorecard
Page 19
Other experts also recognise the need for new approaches, and are looking at the integration of performance and risk management ...
What went wrong in Financial Services?1. Wrong measures of risk or, at least,
very limited understanding of the properties of the risk measures being used
2. Incorrect data used to estimate risk measures
3. Failure to understand correlations across risk measures
4. Managing local risks and ignoring global ones
5. Treating risk management as a compliance issue, not a strategic one
6. Taking big bets that unlikely events will not occur
7. Senior executives and boards striving for short-term gains while ignoring the risk exposure associated with generating high profits
Value-at-Risk Calculation typically assumes that probability of gains and losses follows a normal
distribution.What about Black Swan events?
VaR does not account for liquidity risk; it assumes you can get out of a position overnight.
VaR is like “an airbag that works all the time, except when you have an accident.”
Now is the time to enhance the BSC with Key Risk Indicators
(KRIs) and integrate performance and risk
management.
Dr Robert Kaplan is focusing on measurement of riskE&Y suggested a ‘re-balanced’ scorecard
However the focus is measurement via
indicators ... where is the strategic
alignment?
Page 20
Kaplan on Risk and the Balanced ScorecardHBR June 2012
• Three categories of Risk– Preventable Risks– Strategy Risks– External Risks
Managing Risk is very different from managing
Strategy
Page 21
Risk and the Balanced Scorecard - What we think…
Managing Risk is not different to, but a fundamental part of,
managing strategy
Page 22
Risk-Based Performance Management (RBPM) is a holistic and integrated approach to strategy execution and risk management
Performance Management
Risk Management
Strategy Management
Appetite
What are we trying to achieve?
Are we on track?
What is our Risk Appetite?
Are we operating within appetite?
Governance & Communications
Culture
Page 23
The Risk-Based Performance Management (RBPM) methodology is based on seven management disciplines
Business Drivers
Shareholder Value
2. Manage Performance
3. Manage Risk
1. Set Strategy
5.Governance
6.Communications
7.Culture
Capital ?Income
Share Price ?Economic value add
4. Appetite Alignment
Reputation
Profit
Appetite Appetite
Page 24
Discipline 1: Set Strategy
Strategy: “to develop a sustainable (and defendable) position which enables the organisation to achieve its objectives while operating within defined risk appetite boundaries”
“One major problem that led to the current financial crisis was that although objectives had been created, there was no articulation of risk appetite or
identification of those responsible when risks were incurred”
A clear articulation of strategy is important but it must include an expression of the amount and type of risk that the organisation is willing to accept
Page 25
“Within the RBPM approach, we define ‘manage performance’ as the continuous process of monitoring objectives and their KPIs, identifying root causes of underperformance and making adjustments.”
Discipline 2: Manage Performance
KPIs
Processes Initiatives
Objectives
Page 26
Discipline 3: Manage Risk
“In the context of Risk-Based Performance Management, Risk Management is about understanding and exploiting opportunities and threats (the risk the organisation faces in pursuit of its objectives), and the continuous monitoring and management of those risks to ensure the organisation executes its strategy while operating within appetite”
Page 27
Discipline 4: Appetite Alignment
“Appetite Alignment is the process of continuously aligning current risk exposure to the defined risk appetite, which by implication encapsulates the strategy of the organisation. To translate into simple terms, it is about understanding whether the current level of risk-taking is aligned to the chosen business strategy, i.e. are we operating within appetite?”
Page 28
Discipline 5: Governance
“Governance is the process and practices which define the strategic, operating and decision-making boundaries of an organisation (or organisational unit), and how decisions are made and implemented.”
Page 29
Discipline 6: Communications
“When a firm’s risk appetite is properly defined and clearly communicated, it becomes a powerful management tool to clarify all dimensions of enterprise-wide risk and enhances overall business and financial performance”
The Five C’s: 1. Clarify2. Credible3. Concise4. Context 5. Consistent
“all the good-to-great companies had a penchant for intense dialogue. Phases like “loud debate”, “heated discussions”, and
healthy conflict” peppered the articles and interview transcripts from all the companies. They didn’t use discussion as a sham process to let people “have their say” so they could “buy in” to a predetermined decision. The process was more
like a heated scientific debate, with people engaged in a search for the best answers”. Jim Colins
Page 30
Discipline 7: Culture
Culture comprises an organisation’s widely shared values, symbols, behaviours and assumptions.
“the way we do things around here”
The seven key characteristics of a Strategy-Focused, Risk-Aware Culture1. Driven by a compelling vision2. Live by a clear set of values3. Led with integrity4. Align risk-taking to strategy5. Established clear accountabilities6. Engage in high quality conversations7. Incentives are aligned to appetite
Culture is perhaps the ultimate strategy and risk management tool
Page 31
Underpinning the Risk-Based Performance Management approach is a clear change process
Define Strategic
Goals
Define Strengths & Weaknesses
Define Business Drivers
Define the Strategy
Define Processes
Define Initiatives
Define Operational
Risks
Define Operational
Controls
Define Indicators
Assess Risks & Controls
Monitor Appetite
Alignment
Define Strategic
Risks
Define Strategic Controls
Define the Business Model
Define Risk Appetite
Align Risk Appetite &
Strategy
Define Strategic
Objectives
Board Executive
Formulation Execution
Page 32
Organisational progress in implementing the approach can be reviewed using the a Maturity Model
Based on the RBPM Seven disciplines
Provides a snapshot of your organisational Strategy & Risk maturity
Provides a ‘slice’ by organisation behaviour
“How mature is your integrated strategy & risk management
approach?”
Stra
tegy
Perf
orm
ance
M
anag
emen
t
Risk
Man
agem
ent
Appe
tite
Alig
nmen
t
Gov
erna
nce
Com
mun
icati
ons
Cultu
re
Manage
Operationalise
Monitor
Improve
Initial
ExemplaryExpert
ProficientCompetent
Poll question
Who defines your organizational risk appetite?
Page 34
Central to this integrated model for Strategy and Risk Management is the Strategy Map
Page 35
The Strategy Map articulates how an organisation creates valueFi
nanc
ial
Cust
omer
Inte
rnal
Pr
oces
sLe
arni
ng &
G
row
th
Drive sales execution
Sustainable Growth
“We align our incentives to our
appetite & desired behaviours”
“Their fees are clear and fair”
Deliver Revenue Growth
Objective KPIs InitiativesTargets
Drive sales execution
YTD % Increase in income 25%
Implement new sales process
Objective Statement of what
strategy must achieve and what’s
critical to its success
KPIs How success in achieving the
strategy will be measured and
tracked
Targets The level of
performance or rate of
improvement needed
Initiatives Key action programs
required to achieve Priorities
Page 36
However, to create value, risk-taking must be aligned to strategyFi
nanc
ial
Cust
omer
Inte
rnal
Pr
oces
sLe
arni
ng &
G
row
th
Sustainable Growth Objective Appetite AlignmentExposure
Drive sales execution
Objective Statement of what
strategy must achieve and what’s
critical to its success
Appetite How much risk
are we willing to run to achieve the
objective?
ExposureHow much risk
are we currently running?
Alignment Is our current risk-taking aligned to
appetite?
Moderate High Over-exposedDrive sales execution
“We align our incentives to our
appetite & desired behaviours”
“Their fees are clear and fair”
Deliver Revenue Growth
Page 37
Effective risk management supports value creation and value protectionFi
nanc
ial
Cust
omer
Inte
rnal
Pr
oces
sLe
arni
ng &
G
row
th
Sustainable Growth Objective Risks MitigationThresholds
Drive sales execution
Mis-selling resulting in reputation loss
Appetite Tolerances
Controls Initiatives Policy &
procedures Processes
Objective Statement of what
strategy must achieve and what’s
critical to its success
RisksThe threats and
opportunities (risks) exist which may
impact achievement of objectives
ThresholdsThe appetite and
tolerance thresholds used to monitor risk
Mitigation The activities undertaken to manage risk
Drive sales execution
“We align our incentives to our
appetite & desired behaviours”
“Their fees are clear and fair”
Deliver Revenue Growth
Page 38
Many different types of risks make up the organisational risk universeFi
nanc
ial
Cust
omer
Inte
rnal
Pr
oces
sLe
arni
ng &
G
row
th
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Increase Investment Returns by 25%
Strategic Risk
Operational Risk
Insurance Risk
Finance Risk
Hazard Risk
Page 39
Many different types of risks make up the organisational risk universeFi
nanc
ial
Cust
omer
Inte
rnal
Pr
oces
sLe
arni
ng &
G
row
th
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Increase Investment Returns by 25%
Strategic Risk
Operational Risk
Insurance Risk
Finance Risk
Hazard Risk
Unexpected changes in interest
rates
Unexpected Equity movements
Page 40
Key Business Drivers are used to frame the definition of risk impact levels, used within both Risk Appetite definition and the Risk Assessment process
Risk Appetite Levels
Income
Reputation
Capital
?
Capital@Risk
Reputation @Risk
Risk Assessments
Key Business Drivers
Appetite Alignment Matrix
Poll question
Does your organization use any tools - such as the appetite alignment matrix - to monitor the alignment of risk taking to strategy?
Page 42
Bringing together these three powerful tools, and the underlying methodology provide the foundation for effective strategy execution
Strategy Map Risk Map
Appetite Alignment Matrix
What are we trying to achieve?
How much risk are we running?
Risk Appetite
How much risk are we willing to
take?
So What? Are we taking
the right amount of risk?
Page 43
Risk-Based Performance Management is proven to enable better execution, better risk management and deliver tangible business benefits
http://www.hml.co.uk/blog/2011/09/23/risk-management-driving-value-from-a-long-game-approach
It [Risk Management] should become part of the firm’s DNA and simply the way business is done – reflected in the effectiveness of management doing the right things.
The true output of effective risk management is a successful organisation that delivers on its strategic objectives and satisfies the needs of key stakeholders - consistently, year on year.
HML started a journey to ingrain a new approach to risk management. In spite of the financial difficulties experienced in our market, significant benefits have been achieved which have made a difference to HML’s bottom line: 94% reduction in the value of errors and a 63% reduction in the volume of errors.
Page 44
Risk-Based Performance Management is proven to enable better execution, better risk management and deliver tangible business benefits
http://www.hml.co.uk/blog/2011/09/23/risk-management-driving-value-from-a-long-game-approach
It [Risk Management] should become part of the firm’s DNA and simply the way business is done – reflected in the effectiveness of management doing the right things.
The true output of effective risk management is a successful organisation that delivers on its strategic objectives and satisfies the needs of key stakeholders - consistently, year on year.
HML started a journey to ingrain a new approach to risk management. In spite of the financial difficulties experienced in our market, significant benefits have been achieved which have made a difference to HML’s bottom line: 94% reduction in the value of errors and a 63% reduction in the volume of errors.
Page 45
Questions
Next on the SPS Calendar
The webinar series continues:
13 March 2014 - The Execution Shortcut
Members can catch up on recordings of previous SPS webinars at
www.sps.org.uk/sps-webinars/
Page 47
Contact details
Andrew SmartCEOManigent & StratexSystems
Email: [email protected]: www.riskbasedperformance.comWeb: www.manigent.com |
www.stratexsystems.com LinkedIn: http://uk.linkedin.com/in/ajsmartTwitter:@AndrewJSmart
Thank-you