Introduction to Risk-Based Performance Management Webinar
6th February 2014
Webinar Overview:
To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy (performance management), Risk & Compliance.
By attending this webinar, attendees will gain insights into the Risk-Based Performance Management methodology. This methodology, which builds on, and integrates the Balanced Scorecard, COSO and ISO31000 frameworks, provides a proven approach which enables organisations to streamline their management and regulatory reporting while delivering real business value.
Webinar Objectives:
Understand the scale of management and regulatory reporting required, and therefore the opportunity to streamline the process and reduce costs.
To gain an understanding of the Risk-Based Performance Management methodology.
To develop an understanding of risk appetite and develop a clear, actionable framework for defining your risk appetite.
To understand the relationship between strategic objectives, risk appetite and risk exposure, and tools for managing this relationship.
To understand the role of strategic objectives and key risks, how to define, integrate and align these.
To understand the role of initiatives and actions, and how they are aligned to drive your complete change agenda.
To understand the role of risk and control assessment, key indicators and how assessment and indicator data can be used together to drive better decision-making.
To gain an understanding of the Risk-Based Performance Management Maturity Model and how it can be used before, during and after implementation of a new strategy and risk framework.
About Risk Based Performance:
Risk-Based Performance Management (RBPM) is a strategic management methodology that integrates enterprise strategy, performance and risk management to enable organisations to align risk-taking to strategy to drive sustainable strategic execution. The RBPM methodology is designed to place risk management and specifically, risk appetite at the core of organisational strategy execution.
Building on existing management frameworks, such as the Balanced Scorecard, COSO and ISO31000 frameworks, RBPM developed as a result of a series of engagements completed with clients in the UK financial services industry in 2006/07. The methodology was further refined during a year-long academic research project involving 21 financial services organisations in the city of London.
Links:
Video of presentation: http://www.youtube.com/watch?v=br15778Hpfg
www.manigent.com
www.riskbasedperformance.com
http://www.amazon.co.uk/Risk-Based-Performance-Management-Integrating-Strategy/
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
Introduction to Risk Based Performance Management Feb 6th 2014 Webinar
1. Integrating Strategy & Risk
Management
an Introduction to Risk-Based Performance Management
Manigent webinar
6 February 2014
2. Introductions
CEO & Co-founder of Manigent, a
thought-leadership consultancy firm
focused on strategy execution and
risk management
15 years plus in strategy and risk
management
2006/07 -12 month / 21 organisation
research project into the integration
of strategy and risk management
2008 - Created the Risk-Based
Performance Management
methodology during various strategy
and risk related engagements in the
city
Page 2
3. The credit crunch and its subsequent fall-out has
rewritten the rules on strategy execution and risk
management
Page 3
4. Post credit crunch, regulatory bodies have been more
aggressive and active
Page 4
5. As we enter the recovery and growth phase, managing risk
to drive and sustain competitive advantage will be critical
Page 5
6. Risk-Based Performance Management (RBPM) is a holistic
and integrated approach to strategy execution and risk
management
What are we trying to
achieve?
What is our Risk Appetite?
Strategy
Management
Appetite
Are we on track?
Performance
Management
Risk
Management
Governance & Communications
Culture
Page 6
Are we operating
within appetite?
8. Since its inception, the Balanced Scorecard has
continued to evolve.
Performance Measurement
Performance Management
Strategy Execution
Raison d'être for Balanced
Scorecard was to provide a
‘balanced’ set of performance
measurements.
With adoption, the Balanced
Scorecard evolved to become more
focused on strategy.
The Balanced Scorecard is now
positioned as a framework for
enhancing strategic execution.
“What you measure is what you
get”
- Kaplan & Norton, 1992
Introduced the 5 principles
A closed loop system of strategic
execution
1.
Translate the Strategy into operational
terms
2.
3.
Make Strategy a continual process
4.
Make Strategy everyone’s everyday job
5.
Page 8
Mobilise change through executive
leadership
Align the organisation to the Strategy
1.
Develop the Strategy
2.
Plan the Strategy
3.
Align the organisation
4.
Plan operations
5.
Monitor and Learn
6.
Test and Adapt the Strategy
9. Unlike the Balanced Scorecard, Risk Management has
evolved via a series of standards.
COSO
COSO - Internal Controls
framework (1994)
Provided a common definition of
internal control and a framework
against which internal control
systems can be assessed and
improved.
COSO – ERM framework (2004)
The framework defines essential
enterprise risk management
components, discusses key ERM
principles and concepts
Various Government standards
Various standards were created,
often influenced by the COSO
frameworks.
ISO 31000:2009
The Risk Management Standard,
2002 (IRM, AIRMIC, ALARM)
ISO 31010:2009
Orange Book, 2004 (HM Treasury)
AS/NZS 4360:2004
BS31100, 2008 (British Standards)
Various
Page 9
ISO 31000 & ISO 31010
Provides principles and generic
guidelines on risk management.
Provides guidance on selection and
application of systematic
techniques for risk assessment.
10. We believe that Integrating strategy and risk
management is the next, natural evolution
Risk-Based Performance
Management
Risk-based performance
Management enables executives
to manage with one eye on
strategy & one eye on risk.
Comprehensive strategic execution
framework
•
•
Integrated performance and risk
reporting and analytics
•
Page 10
Aligns strategic intent with risk rppetite
Embedded governance and ownership
model
11. Other experts also recognise the need for new approaches,
and are looking at the integration of performance and risk
management ...
What went wrong in Financial Services?
1. Wrong measures of risk or, at least,
very limited understanding of the
properties of the risk measures being
used
2. Incorrect data used to estimate risk
measures
3. Failure to understand correlations
across risk measures
4. Managing local risks and ignoring
global ones
5. Treating risk management as a
compliance issue, not a strategic one
6. Taking big bets that unlikely events
will not occur
7. Senior executives and boards striving
for short-term gains while ignoring the
risk exposure associated with
generating high profits
Now is the time to enhance the
BSC with Key Risk Indicators
(KRIs) and integrate
performance and risk
management.
Value-at-Risk Calculation typically assumes that
probability of gains and losses follows a normal
distribution.
What about Black Swan events?
VaR does not account for liquidity risk; it
assumes you can get out of a position overnight.
VaR is like “an airbag that works all the time,
except when you have an accident.”
Dr Robert Kaplan is focusing on measurement of risk
Page 11
E&Y suggested a ‘rebalanced’ scorecard
12. Other experts also recognise the need for new approaches,
and are looking at the integration of performance and risk
management ...
What went wrong in Financial Services?
1. Wrong measures of risk or, at least,
very limited understanding of the
properties of the risk measures being
used
2. Incorrect data used to estimate risk
measures
3. Failure to understand correlations
across risk measures
4. Managing local risks and ignoring
global ones
5. Treating risk management as a
compliance issue, not a strategic one
6. Taking big bets that unlikely events
will not occur
7. Senior executives and boards striving
for short-term gains while ignoring the
risk exposure associated with
generating high profits
Now is the time to enhance the
BSC with Key Risk Indicators
(KRIs) and integrate
performance and risk
management.
Value-at-Risk Calculation typically assumes that
probability of gains and losses follows a normal
distribution.
What about Black Swan events?
VaR does not account for liquidity risk; it
assumes you can get out of a position overnight.
VaR is like “an airbag that works all the
time, except when you have an accident.”
Dr Robert Kaplan is focusing on measurement of risk
Page 12
E&Y suggested a ‘rebalanced’ scorecard
13. Kaplan & Norton on Risk and the Balanced
Scorecard
HBR June 2012
• Three categories of Risk
– Preventable Risks
– Strategy Risks
– External Risks
Managing Risk is very
different from managing
Strategy
Page 13
14. Risk and the Balanced Scorecard - What we
think…
Managing Risk is not different to,
but a fundamental part of,
managing strategy
Page 14
16. Risk-Based Performance Management (RBPM) is a holistic
and integrated approach to strategy execution and risk
management
What are we trying to
achieve?
What is our Risk Appetite?
Strategy
Management
Appetite
Are we on track?
Performance
Management
Risk
Management
Governance & Communications
Culture
Page 16
Are we operating
within appetite?
17. The Risk-Based Performance Management (RBPM)
methodology is based on seven management disciplines
Business Drivers
Capital
Income
2. Manage
Performance
1. Set
Strategy
Appetite
Page 17
Share Price
?
5.Governance
4. Appetite
Alignment
3. Manage
Risk
Shareholder Value
Reputation
Appetite
7.Culture
6.Communications
Economic value
add
Profit
?
18. Discipline 1: Set Strategy
Strategy: “to develop a sustainable (and defendable) position which
enables the organisation to achieve its objectives while operating within
defined risk appetite boundaries”
“One major problem that led to the current financial crisis was that although objectives had
been created, there was no articulation of risk appetite or identification of those responsible
when risks were incurred”
A clear articulation of strategy is important but it must include an
expression of the amount and type of risk that the organisation is willing
to accept
Page 18
19. Discipline 2: Manage Performance
“Within the RBPM approach, we define „manage
performance‟ as the continuous process of monitoring
objectives and their KPIs, identifying root causes of
underperformance and making adjustments.”
Objectives
Processes
Initiatives
KPIs
Page 19
20. Discipline 3: Manage Risk
“In the context of Risk-Based Performance Management, Risk
Management is about understanding and exploiting opportunities and
threats (the risk the organisation faces in pursuit of its objectives), and
the continuous monitoring and management of those risks to ensure
the organisation executes its strategy while operating within appetite”
Page 20
21. Discipline 4: Appetite Alignment
“Appetite Alignment is the process of continuously aligning current risk
exposure to the defined risk appetite, which by implication
encapsulates the strategy of the organisation. To translate into simple
terms, it is about understanding whether the current level of risk-taking
is aligned to the chosen business strategy, i.e. are we operating
within appetite?”
Page 21
22. Discipline 5: Governance
“Governance is the process and practices which define the
strategic, operating and decision-making boundaries of an
organisation (or organisational unit), and how decisions are
made and implemented.”
Page 22
23. Discipline 6: Communications
“When a firm‟s risk appetite is properly defined and
clearly communicated, it becomes a powerful
management tool to clarify all dimensions of enterprisewide risk and enhances overall business and financial
performance”
The Five C‟s:
1. Clarify
2. Credible
3. Concise
4. Context
5. Consistent
Page 23
“all the good-to-great companies had a penchant for intense
dialogue. Phases like “loud debate”, “heated discussions”, and
healthy conflict” peppered the articles and interview
transcripts from all the companies. They didn’t use discussion
as a sham process to let people “have their say” so they could
“buy in” to a predetermined decision. The process was more
like a heated scientific debate, with people engaged in a
search for the best answers”. Jim Colins
24. Discipline 7: Culture
Culture comprises an organisation‟s widely shared values, symbols,
behaviours and assumptions.
“the way we do things around here”
The seven key characteristics of a Strategy-Focused, Risk-Aware
Culture
1.
2.
3.
4.
5.
6.
7.
Driven by a compelling vision
Live by a clear set of values
Led with integrity
Align risk-taking to strategy
Established clear accountabilities
Engage in high quality conversations
Incentives are aligned to appetite
Culture is perhaps the ultimate strategy and risk management tool
Page 24
25. Underpinning the Risk-Based Performance Management
approach is a clear change process
Execution
Formulation
Define
Strengths &
Weaknesses
Define
Strategic
Goals
Define
Business
Drivers
Align Risk
Appetite &
Strategy
Board
Define
Strategic
Controls
Define
Strategic
Objectives
Define the
Strategy
Define the
Business
Model
Page 25
Define
Strategic
Risks
Define Risk
Appetite
Define
Indicators
Define
Processes
Define
Initiatives
Define
Operational
Risks
Define
Operational
Controls
Executive
Assess Risks
& Controls
Monitor
Appetite
Alignment
26. Advantages of integrating strategy management & risk
management
Aligning risk appetite and strategy – the board and senior management
should evaluate the organisation‟s risk appetite in evaluating strategic alternatives,
setting related objectives, and developing mechanisms to manage related risks.
Enhancing risk response decisions – actively managing emerging risk
provides the rigor to identify and select among alternative risk responses: risk
avoidance, reduction, sharing, and acceptance.
Reducing operational surprises and losses – organisation‟s are able to
identify potential events and establish responses, reducing surprises and associated
costs or losses.
Seizing opportunities - by considering a full range of potential events,
management is positioned to identify and proactively realize opportunities.
Improving deployment of capital - obtaining robust risk information allows
management to effectively assess overall capital needs and enhance capital
allocation.
Page 26
27. Implementing a Risk-Based Performance
Management approach brings a range of benefits
“Deploying Risk-Based Performance Management has enabled us to
realise a 94% reduction in the value of errors and a 63% reduction in
the volume of errors.– Head of Operational Risk, Mortgage Services
Provider
“we were able to reduce our operational losses by over to 50% in the first
year of using Risk-Based Performance Management ” – Investment
banking client
"Coupled with the implementation of a new risk management framework,
significant business benefits are emerging“ – Source: Annual
accounts of a Financial Services client
“Using Risk-Based Performance Management has delivered a more
focused, structured Risk framework, enabling us to focus on the vital few
– the number of Key Risk dropped from 120+ to just 10! - Investment
banking client
Page 27
28. Central to this integrated model for Strategy and Risk
Management is the Strategy Map
Page 28
29. Financial
Customer
Internal Process
Learning &
Growth
Page 29
Deliver Revenue
Growth
The Strategy Map articulates how
an organisation creates value
Objective
Statement of what
strategy must
achieve and what’s
critical to its
success
KPIs
How success in
achieving the
strategy will be
measured and
tracked
Targets
The level of
performance or
rate of
improvement
needed
Initiatives
Key action
programs
required to
achieve Priorities
Sustainable Growth
Objective
KPIs
Targets
Initiatives
Drive sales execution
Drive sales
execution
YTD % Increase
in income
“Their fees are
clear and fair”
“We align our
incentives to our
appetite & desired
behaviours”
25%
Implement
new sales
process
30. Financial
Customer
Internal Process
Learning &
Growth
Page 30
Deliver Revenue
Growth
However, to create value, risktaking must be aligned to strategy
Objective
Statement of what
strategy must
achieve and what’s
critical to its
success
Appetite
How much risk
are we willing to
run to achieve the
objective?
Exposure
How much risk
are we currently
running?
Alignment
Is our current
risk-taking
aligned to
appetite?
Sustainable Growth
Objective
Appetite
Exposure
Alignment
Drive sales execution
Drive sales
execution
Moderate
High
Over-exposed
“Their fees are
clear and fair”
“We align our
incentives to our
appetite & desired
behaviours”
31. Financial
Customer
Internal Process
Learning &
Growth
Page 31
Deliver Revenue
Growth
“Their fees are
clear and fair”
Sustainable Growth
Drive sales execution
“We align our
incentives to our
appetite & desired
behaviours”
Effective risk management supports
value creation and value protection
Objective
Statement of what
strategy must
achieve and what’s
critical to its
success
The threats and
opportunities (risks)
exist which may
impact achievement
of objectives
Objective
Risks
Drive sales
execution
Risks
Mis-selling
resulting in
reputation
loss
Thresholds
The appetite and
tolerance
thresholds used
to monitor risk
Mitigation
The activities
undertaken to
manage risk
Thresholds
Mitigation
Appetite
Tolerances
Controls
Initiatives
Policy &
procedures
Processes
32. The Risk Map is structured around the 4 perspectives to
provide a snapshot of the current level of Risk Exposure
(„Heat‟)
The 4 perspectives
are aligned to the
Strategy Map
Often the risks are
defined as „impacts‟
not „events‟ i.e. the
impact maybe on
the customer but the
event was
operational
Page 32
33. Appetite Alignment Matrix is one of our key innovations and
a key tool for monitoring the alignment of risk-taking to
strategy
Enables monitoring of
the alignment of risktaking to strategy
Enables the
monitoring of risks
which are outside of
appetite
Are we operating within Appetite?
Also shows where we
are taking too much
and not enough risk
Changes the risk
conversation
Page 33
34. The Appetite Alignment Matrix can also guide management
responses to mis-alignments
Over-Exposed
Reduce the level of risk taking;
Increase / Change Controls environment
Implement Initiatives
Stop/review mis-aligned activities
Review Objectives / Business outcomes
Board to approve a waiver
Board to change the risk appetite
Aligned
Continue to monitor and manage
Focus on trends
Under-Exposed
Page 34
Increase the level of risk taking;
Reduce / Change Controls environment
Implement Initiatives
Stop/review mis-aligned activities
Review Objectives / Business outcomes
Board to approve a waiver
Board to change the risk appetite
35. Key Business Drivers are used to frame the definition of
risk impact levels, used within both Risk Appetite definition
and the Risk Assessment process
Risk Appetite Levels
Capital
Income
Reputation
?
Key Business
Drivers
Page 35
Risk Assessments
Capital
@Risk
Reputation
@Risk
Appetite Alignment Matrix
36. Brining together these three powerful tools, and the
underlying methodology provide the foundation for effective
strategy execution
Risk Appetite
Strategy Map
Risk Map
Appetite Alignment Matrix
Page 36
37. Brining together these three powerful tools, and the
underlying methodology provide the foundation for effective
strategy execution
Risk Appetite
Strategy Map
What are we
trying to
achieve?
Risk Map
How much risk
are we willing to
take?
Appetite Alignment Matrix
So What?
Are we taking
the right amount
of risk?
Page 37
How much risk
are we running?
38. Risk-Based Performance Management is proven to enable
better execution, better risk management and deliver
tangible business benefits
It [Risk Management] should become part of the firm’s DNA and simply the way
business is done – reflected in the effectiveness of management doing the right
things.
The true output of effective risk management is a successful organisation that
delivers on its strategic objectives and satisfies the needs of key stakeholders consistently, year on year.
HML started a journey to ingrain a new approach to risk management. In spite of
the financial difficulties experienced in our market, significant benefits have been
achieved which have made a difference to HML’s bottom line: 94% reduction in
the value of errors and a 63% reduction in the volume of errors.
http://www.hml.co.uk/blog/2011/09/23/risk-management-driving-valuefrom-a-long-game-approach
Page 38
39. Risk-Based Performance Management is proven to enable
better execution, better risk management and deliver
tangible business benefits
It [Risk Management] should become part of the firm’s DNA and simply the way
business is done – reflected in the effectiveness of management doing the right
things.
The true output of effective risk management is a successful organisation that
delivers on its strategic objectives and satisfies the needs of key stakeholders consistently, year on year.
HML started a journey to ingrain a new approach to risk management. In spite of
the financial difficulties experienced in our market, significant benefits have been
achieved which have made a difference to HML’s bottom line: 94% reduction in
the value of errors and a 63% reduction in the volume of errors.
http://www.hml.co.uk/blog/2011/09/23/risk-management-driving-valuefrom-a-long-game-approach
Page 39
41. About Manigent
A thought-leadership consultancy firm focused on
strategy execution and risk management
Thought-Leadership
Time-bound, Guaranteed
Delivery
Pragmatic People, Proven
Solutions
We leave capability behind
Page 41
We wrote the book on integrating
strategy and risk management
42. Our Services
Manigent works with clients in the financial services
and other regulated industries globally.
Integrated Strategy & Risk
Manigent 90 Day Change Roadmap
Balanced Scorecard & Strategy Map
Known cost /Low risk
Time-bound delivery
Proven methodology
Focus on 80% Known & 20% Unknown
Enterprise & Operational Risk
Management
Information Risk (Cyber) Management
Conduct Risk Management
Page 42
43. Our experience & expertise
We typically work with large clients who seek to make
lasting and meaningful change in their ability to
execute
Financial Services
Investment Bank - Risk & Controls framework design and implementation
Investment Bank - Middle Office Op Losses and MI diagnostic
FS Outsourcer - FSA RMP solution design and implementation
Inter-dealer broker - Section 166 response design and implementation
Professional Services
Big 4 Audit Firm - Strategy Map/Balanced Scorecard implementation
Telecoms
UK Mobile Operator – Balanced Scorecard Design and Deployment
Defence
FSTE 100 Defence Company – Cyber Strategy & Risk Management
Global Defence Systems Integrator – Cyber Awareness training & culture
change
Government
Legal Services Regulator – Developed their internal risk capability,
processes and framework
Central Banks / Financial Services Regulators – Regulatory Framework
design and deployment
Page 43
Our clients shaped our approach &
methodology