Blog
One major problem that led to the current financial crisis was that although objectives had been created, there was no articulation of risk appetite or identification of those responsible when risks were incurred - COSO
Read the full COSO Thought-leadership paper; Enterprise Risk Management — Understanding and Communicating Risk Appetite
We have been hard at work to produce our first Windows 8 App- StratexStudio, which will be available for preview and purchase on the Windows 8 App Store from October 26th onwards. Please find below a few screenshots of our endeavours. Making an App that could work well on both touch-screen Tablets and PC environments was a challenge that our team of developers really enjoyed applying their combined knowledge towards and we are very proud of their outcome.
The Stratex Systems Webinar for the 27th of September 2012 has been postponed due to illness of our speaker, Andrew Smart. We apologise for the inconvenience this may cause you and we greatly appreciate your time. We hope that you will be able to attend our amended webinar date this Oct 4th 2012 and become inspired as well as gain valuable knowledge from Andrew. Thank you for your patience and time. More information can be found HERE about our webinars. We hope you all have a lovely weekend. See you next week!
This was the reaction of a senior board advisor who took a little time out of his busy schedule to review the roll-out of the StratexPoint solution at his organisation. As our consultants ‘walked through’ the solution they deployed at the end of rapid, 4 week deployment, the group of senior executives were clearly impressed with the speed that their large, manual spreadsheets had been transformed into a enterprise-wide risk management solution. As our consultants ticked off the high-level requirements of an ERM solution, there was a surprising reaction when we opened with a Strategy Map. "Strategy Maps; Wow I didn’t know SharePoint could do that!" This was the reaction from one senior board advisor. Of course, the Strategy Map was not SharePoint, it is a key dashboard within StratexPoint and StratexLive, and this single dashboard has positioned risk management as a key part of the board level strategy process.
Well done Team.
With the Risk-Based Performance Management methodology there are three ‘scorecards’ which we use to visualise strategy and risk management data and inform the management conversation and decision-making. The three scorecards are:
Each of the Scorecards have a similar structure but different content. The basic structure of the scorecards show the main item, the accountability for the item and related indicators. This means that for the Performance Scorecard we would present the Organisations (or Business Unit) Objectives, the Accountable person for each Objective, Appetite Alignment status, Aggregated Objective Score (based on the underlying KPIs), Key Performance Indicators (KPIs), and KPI score.
The Performance Scorecard is designed to enable a management team to focus on the performance of the Organisation with each of the Accountable people speaking to their Objectives. Typically the Performance Scorecard is used in conjunction with the Strategy Map providing an additional level of detail.
An example of a Performance Scorecard from StratexSystems.
The Risk Scorecard would include the Organisations Key Risk, the Accountable person for each Risk, Appetite Alignment status, Aggregated Risk Score (based on underlying KRIs), Key Risk Assessment data, Current Risk Exposure (in currency value), Key Risk Indicators (KRIs) and KRI score. The Risk Scorecard is designed to enable a management team to focus on the organisation’s risk profile. It enables the management team to review the Risk Appetite Alignment, -are we operating within appetite or are we outside? It provides risk assessment data and exposure values alongside KRI status data so current risk taking can be discussed as can any emerging trends shown up from the indicators. It also highlights any mixed messages that might be coming from the risk assessment results and the indicator data. Naturally they should be giving the same message but often, particularly in less mature risk management environment, they can be different which can highlight the need for further work to embed the process and develop the knowledge, skills and culture. Again, each of the Accountable people should be in the room and around the table and speak to, and lead the discussion around their risks.
An example of a Risk Scorecard from StratexSystems.
The Control Scorecard would include the Organisation's Key Controls, the Accountable person for each Control, Aggregated Control Score (based on the underlying KCIs), Key Control Assessment data, Key Control Indicator data and KCI score. Like the previous two scorecards, the Control Scorecard brings focus to, and informs the management conversation and decision-making, in this case around the controls environment and effectiveness within the organisation. Again, each Accountable should lead the discussion about their controls.
An example of a Control Scorecard from StratexSystems.
Each of the three scorecards above have an important role in, informing the management conversation and decision-making around strategy execution and risk management. Individually, they ‘speak’ to and align each of the three lines of defence. The Performance Scorecard would be the primary tool for the First line, the Risk Scorecard would be the primary tool for the second line and the Control Scorecard would be the primary tool for the Third line. However each of the three lines are going to draw information and insights from each of the Scorecard’s and they will help reduce the silos that can be so problematic between the lines.
A key benefit of the Risk-Based Performance Management methodology is that it provides an overarching framework to bring together and align the organisation so that the strategy is delivered, sustainably and within appetite.
The Strategy map is one of the most important tools developed by Kaplan and Norton as part of their Balanced Scorecard approach. It is designed to provide a relatively simple way of distilling strategy into a collection of objectives and showing the causal relationships between objectives.
The Strategy map provides a tool for explaining and demonstrating how intangible assets, such as people, information systems, culture, processes etc, create customer outcomes and ultimately deliver tangible financial benefits for shareholders. A well constructed Strategy map should be
In March 2000, The Royal Bank of Scotland (RBS) acquired the UK-bank NatWest in a £21 billion deal that was then the largest take-over in British banking history. The acquisition was considered at the time to be a masterstroke of strategy and execution. Thus began a ‘golden period’ in RBS’s near 300 year history. RBS embarked on an ambitious strategy to transition from a regional to global financial services firm and one that drove aggressive revenue growth. RBS’s stock price grew and performed well in the early years of the 2000s and by 2007 the now global financial player was viewed by most analysts as a highly successful bank. For instance:
Then the Credit Crunch and disaster: RBS essentially failed in October 2008. To prevent collapse the UK Government injected
Today the FT is reporting that the FSA has written to the Chairman of the UK’s nine largest banks and building societies regarding the robustness of their IT Infrastructure and demanding the names of the individuals who will be held accountable for any IT failures.
The FSA’s actions are not surprising given the recent IT failures seen at RBS however it does raise yet another challenge for firms as they review their approach to IT Risk Management and seek the ways and means to incorporate ‘IT Risk Management’ into their wider Risk Management agenda.
In this blog post we set out how how the Stratex solution can assist firms to meet the challenge of driving forward their IT Risk Management framework, and importantly how this can be done as part of wider Enterprise Risk Management framework.
“A key role of a board is to set the basic goals for a firm’s strategy and to ensure that they are within the agreed risk appetite. This requires that a board assure itself that a detailed consideration of risks is part of the process of considering future strategy” - The failure of the Royal Bank of Scotland, Financial Services Authority Board Report, December 2011
We are one of the only software companies in the world to provide an integrated, Risk-based Performance solution powered by Microsoft's SharePoint platform.
Our goal is simple – to help businesses execute strategy while operating within their acceptable level of risk exposure.
Very few organisations are capable of obtaining a single enterprise-wide view of their performance and risk management information. Instead the tendency is to employ multiple tools that operate in silos; rarely communicate with one another; provide conflicting information; and contribute to poor decision-making.
We believe performance and risk are essentially different sides of the same coin. To effectively manage either, they must be managed as an integrated process with a single, integrated solution. StratexSystems provides that solution.
StratexSystems | 156 Blackfriars Road, London, SE1 8EN
