As far as we are concerned, the answer to both of these questions is YES, so let’s explain why, starting by defining what we mean by each of these different indicators.
Read MoreWhat is the Three Lines of Defence Model?
The Three Lines of Defence is a model that the Financial Services Authority (which became the Financial Conduct Authority) encourages firms to adopt to provide clarity of responsibilities and accountabilities in between the three lines, and ensures effective independent oversight and assurance activities take place covering key decisions and processes.
Read More
Press Release: StratexSystems' CEO and co-founder’s book Risk-Based Performance Management to be published in Arabic
21st May 2015, London, UK. StratexSystems, a market leading Enterprise GRC (Governance, Risk and Compliance) technology provider is pleased to announce that Risk-Based Performance Management: Integrating Strategy and Risk Management – the book authored by its CEO and co-founder, Andrew Smart – is soon to be published in Arabic.
Read More
Risk-Based Performance Management Book by StratexSystems CEO
Pulling together into a single framework the two separate disciplines of strategy management and risk management, this book, written by StratexSystems CEO- Andrew Smart provides a practical guide for organisations to shape and execute sustainable strategies with full understanding of how much risk they are willing to accept in pursuit of strategic goals.
The book is available from Amazon and Palgrave Macmillan.
Book Reviews:
‘This is the best handbook I have read on Risk Based Performance Management… It equips the manager with the knowledge, tools and road maps to successfully develop and implement RBPM in their organization’
−Kieran Rigby, CEO, GAB Robins Group, United Kingdom
‘Grounded in compelling research and rich practical experience, readers and their organizations will gain greatly from their insights.’
−Brian Brodie, Former CEO, Homeloan Management Limited, United Kingdom
‘Risk management has been often overlooked in strategy literature despite its immense importance. Smart and Creelman argue convincingly why, and in the light of recent crises, risk management and strategy should be integrated and show how.’
−Professor Hasan Cavusoglu, Ph.D. Sauder School of Business, Canada
‘Not only an essential read but a necessary culture for any business attempting to compete and succeed post the financial crisis era.’
−Amer Shashati, Enterprise Risk Consultant, Saudi Telecom Group, Saudi Arabia
‘Risk-Based Performance Management is a must read for all Strategy Execution practitioners. The book has made a tangible contribution towards successfully integrating Enterprise Risk Management with Enterprise Performance Management.’
−Rafael Lemaitre, Partner, ShiftIn Partners, United Arab Emirates
Businesses benefit from harnessing the opportunity in risk
"Businesses benefit from harnessing the opportunity in risk" - Originally posted HERE by Patricia O'Connell.
Risk has evolved over the last decade from “an exercise in ticking boxes” to an area of strategic focus that is an engine for corporate growth and profit as well as a force for societal change.
And corporations are directly profiting from changing their treatment of risk in their organizations. Linda Conrad, director of strategic business risk at Zurich North America told Advisen that two of its divisions saved 27 percent and 29 percent respectively on their risk-based capital (RBC) consumption as a result of reviewing the way it treated risk.
Conrad described the results of the insurer’s internal approach to risk with its focus on Enterprise Cost of Risk, which includes the risk expenses that derive from other business activities considered “less insurable.”
Using what it calls Total Risk Profiling, Zurich moved from an asset-based approach to a risk-based approach for operational risk quantification and capital allocation, Conrad said at the RIMS conference in Denver in April.
On a smaller but no less dramatic scale, a 2013 World Bank report describes how farmers manage risk profitably. Access to such tools as rainfall insurance means that they can invest in such necessities as fertilizer and seed rather than having to save their capital as a hedge against weather-related calamity.
On a more holistic level, Mangient CEO and author Andrew Smart notes that companies are increasingly looking at the relationship between risk and strategy.
One driver of this development was the global financial crisis of 2008-2009. “It was a failure of strategy and risk,” notes Smart, CEO of London-based Manigent and co-author of Risk-Based Performance Management: Integrating Strategy and Risk.
The nature of the crisis forced companies of all kinds around the world to look at the relationship between risk and strategy. Eventually, it escalated the movement from risk as loss prevention and mitigation to being seen, by necessity, as something that could enable growth.
And in turn, the increased scrutiny of risk led to regulation that aided the aggregation and harnessing of data that could be used in a different way. “Informed decisions impact the bottom line,” says Scott Addis, president and CEO of The Addis Group and Addis Intellectual Capital. “People typically tell a business leader what they want to hear rather than what they know to be true. Risk management based on knowledge leads to better decisions, which drives profit growth.”
Michael Christian, CEO of Risk Strategies Company observed that “organizations have more data at their fingertips than they did 10 years ago, as well as more tools to help risk managers and now CFOs analyze them and understand where risks are and how to address them.” The aggregation of the data puts risk more squarely in the C-Suite, he says. “The CFO will be looking at it more deeply, and the CFO should have a direct line to the CEO, making them more aware of risk’s impact on the bottom line.
“For smart companies, the establishment of minimum frameworks and ISO, COSO, and SOX have helped them identify the right path.”
The need for discipline and focus around data was “an unintended consequence” – a positive one — of the financial crisis, according to Todd Macumber, president of the risk services division of brokerage Hub International. “Some [companies] still take a ‘check the box approach’ to the requirements of regulation and others use it to their advantage to perform better.”
Michael Christian said: “Companies have been forced to focus on risk because you can’t afford to make a mistake. You can’t sweep it under a carpet. A positive byproduct of this, he believes, is a greater focus on product quality. “You don’t want it to come out in the news that you’ve had a major product or cyber failure or production problems.”
He cites the automobile manufacturers as a prime example of the dangers of not managing risk. “They’ve hidden some of their issues. And that hurts their brand, the whole enterprise, and their reputation.”
Finally, there needs to be alignment between risk and strategy, and according to Smart, that’s best achieved by assessing risk appetite.
“Companies need to decide how much risk they’re willing to take on to achieve their goals,” he said. “And often the most challenging conversations is ‘where are we not taking enough risk?’”
While risk has evolved to a strategic tool for some companies, its role will continue to grow as new risks emerge along with tools and techniques for management.
Yet both the greatest risk and the ability to overcome it is within the purview of any company, says Hub’s Macumber. “Whether you’re using Word and Excel or sophisticated risk-assessment tools, culture has to be part of the toolbox,” he said. “Without management and executive commitment and support, you won’t have the resources, the expertise, and the attitude to achieve the necessary results. Whether it’s risk prevention, risk management, or competitive advantage, it all begins with executive buy-in.”
StratexSystems Sponsor Risk-Based Performance Management Book Launch
StratexSystems are sponsoring the RBPM Book Launch on May 21st. Andrew Smart will be hosting the book launch for his newest publication: Risk-Based Performance Management - Integrating Strategy & Risk. The event will be held from 6pm-9pm at the Royal Suite, Grange Hotel, St Pauls, London. Both Andrew and co-author, James Creelman will talk briefly about their experiences implementing the RBPM methodology within real-world organisations. This will be followed by an authors Q&A session and refreshments.
Complimentary food & drink will be provided in the Royal Suite for the duration of the event. All our guests that attend this free event will receive a complimentary, signed copy of the book.
You can Register your attendance HERE.
StratexSystems proudly sponsor Manigent's 2014 Integrated Strategy and Risk Management Research Project
Inviting senior business leaders to participate in crucial new research into the integrated management of risk in the strategy execution process.
The need to integrate risk management into the strategic and operational decision-making has never been so great as we move out of recession and focus on growth. Many boards and regulators are asking the question – are we in better shape now than 2008/09? Have the lessons been learnt and embedded. To generate this insight we have partnered with Manigent to undertake a global survey into the status of risk management & specifically how it has changed over the last 5 years.
The research will focus on the following areas;
Integrating risk into strategic and operational decision-making. Applying risk appetite as a Board level management and control tool, not so much a regulatory ‘tick-box’ exercise. Lessons learnt from the credit crunch and how they have been applied today.
The initial survey will take 10 minutes to complete and will provide you with: Insights into emerging best practice around the integration of risk management into organisational strategic and operational decision-making. Insights into the use of risk appetite and the expectations of regulators Guidance to enable you to compare your firm with your peers from a strategy execution and risk management approach perspective.
The research questionnaire can be found here: http://fluidsurveys.com/s/integrated-strategy-and-risk-research/
Further information about the research can be found here: http://www.riskbasedperformance.com/research-2014/
The results of this research project will be made available to you via an interim report in May 2014. You will also have the opportunity to be interviewed face to face, after which a final report with a board briefing of findings will be made available to you.
Download the press release HERE
Should you have a question related to this research, or wish to partake in a short interview to aid us further, please drop us a line: William Rice william.rice@stratexsystems.com 07795 196690 Manigent Research Leader, Colin Lobley colin.lobley@manigent.com 07795 196283
Risk-Based Performance Management Webinar
Introduction to Risk-Based Performance Management Webinar
6th February 2014
Webinar Overview:
To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy (performance management), Risk & Compliance.
By attending this webinar, attendees will gain insights into the Risk-Based Performance Management methodology. This methodology, which builds on, and integrates the Balanced Scorecard, COSO and ISO31000 frameworks, provides a proven approach which enables organisations to streamline their management and regulatory reporting while delivering real business value.
Webinar Objectives:
- Understand the scale of management and regulatory reporting required, and therefore the opportunity to streamline the process and reduce costs.
- To gain an understanding of the Risk-Based Performance Management methodology.
- To develop an understanding of risk appetite and develop a clear, actionable framework for defining your risk appetite.
- To understand the relationship between strategic objectives, risk appetite and risk exposure, and tools for managing this relationship.
- To understand the role of strategic objectives and key risks, how to define, integrate and align these.
- To understand the role of initiatives and actions, and how they are aligned to drive your complete change agenda.
- To understand the role of risk and control assessment, key indicators and how assessment and indicator data can be used together to drive better decision-making.
- To gain an understanding of the Risk-Based Performance Management Maturity Model and how it can be used before, during and after implementation of a new strategy and risk framework.
Who should attend?
This webinar is recommended for executives, managers and analysts who are seeking the best practical knowledge and hands on experience in developing and implementing a streamlined management and regulatory reporting framework, with a particular emphasis on financial services organisations.
The webinar is FREE to attend
About the speaker:
Andrew Smart is the CEO & Founder at StratexSystems and is also a Founder of Manigent, a management and consultancy organisation which delivers performance and risk management solutions to Financial Services and other regulated industries within the UK & Europe.Andrew is also the creator of the Risk-Based Performance Management methodology. He holds an MBA from Henley Business School and is a Professional member of the Institute of Operational Risk. He has recently published a book entitled, "Risk-Based Performance Managaement- Integrating Strategy & Risk" which is available from Amazon.
About Risk Based Performance:
Risk-Based Performance Management (RBPM) is a strategic management methodology that integrates enterprise strategy, performance and risk management to enable organisations to align risk-taking to strategy to drive sustainable strategic execution. The RBPM methodology is designed to place risk management and specifically, risk appetite at the core of organisational strategy execution.
Building on existing management frameworks, such as the Balanced Scorecard, COSO and ISO31000 frameworks, RBPM developed as a result of a series of engagements completed with clients in the UK financial services industry in 2006/07. The methodology was further refined during a year-long academic research project involving 21 financial services organisations in the city of London.
Links:
http://www.riskbasedperformance.com
http://www.amazon.co.uk/Risk-Based-Performance-Management-Integrating-Strategy/
The Three Key Scorecards within Risk-Based Performance Management
With the Risk-Based Performance Management methodology there are three ‘scorecards’ which we use to visualise strategy and risk management data and inform the management conversation and decision-making. The three scorecards are:
- Performance Scorecard
- Risk Scorecard
- Control Scorecard
Each of the Scorecards have a similar structure but different content. The basic structure of the scorecards show the main item, the accountability for the item and related indicators. This means that for the Performance Scorecard we would present the Organisations (or Business Unit) Objectives, the Accountable person for each Objective, Appetite Alignment status, Aggregated Objective Score (based on the underlying KPIs), Key Performance Indicators (KPIs), and KPI score.
The Performance Scorecard is designed to enable a management team to focus on the performance of the Organisation with each of the Accountable people speaking to their Objectives. Typically the Performance Scorecard is used in conjunction with the Strategy Map providing an additional level of detail.
An example of a Performance Scorecard from StratexSystems.
The Risk Scorecard would include the Organisations Key Risk, the Accountable person for each Risk, Appetite Alignment status, Aggregated Risk Score (based on underlying KRIs), Key Risk Assessment data, Current Risk Exposure (in currency value), Key Risk Indicators (KRIs) and KRI score. The Risk Scorecard is designed to enable a management team to focus on the organisation’s risk profile. It enables the management team to review the Risk Appetite Alignment, -are we operating within appetite or are we outside? It provides risk assessment data and exposure values alongside KRI status data so current risk taking can be discussed as can any emerging trends shown up from the indicators. It also highlights any mixed messages that might be coming from the risk assessment results and the indicator data. Naturally they should be giving the same message but often, particularly in less mature risk management environment, they can be different which can highlight the need for further work to embed the process and develop the knowledge, skills and culture. Again, each of the Accountable people should be in the room and around the table and speak to, and lead the discussion around their risks.
An example of a Risk Scorecard from StratexSystems.
The Control Scorecard would include the Organisation's Key Controls, the Accountable person for each Control, Aggregated Control Score (based on the underlying KCIs), Key Control Assessment data, Key Control Indicator data and KCI score. Like the previous two scorecards, the Control Scorecard brings focus to, and informs the management conversation and decision-making, in this case around the controls environment and effectiveness within the organisation. Again, each Accountable should lead the discussion about their controls.
An example of a Control Scorecard from StratexSystems.
Each of the three scorecards above have an important role in, informing the management conversation and decision-making around strategy execution and risk management. Individually, they ‘speak’ to and align each of the three lines of defence. The Performance Scorecard would be the primary tool for the First line, the Risk Scorecard would be the primary tool for the second line and the Control Scorecard would be the primary tool for the Third line. However each of the three lines are going to draw information and insights from each of the Scorecard’s and they will help reduce the silos that can be so problematic between the lines.
A key benefit of the Risk-Based Performance Management methodology is that it provides an overarching framework to bring together and align the organisation so that the strategy is delivered, sustainably and within appetite.
The Failure of the Royal Bank of Scotland: Strategy and Risk Appetite
In March 2000, The Royal Bank of Scotland (RBS) acquired the UK-bank NatWest in a £21 billion deal that was then the largest take-over in British banking history. The acquisition was considered at the time to be a masterstroke of strategy and execution. Thus began a ‘golden period’ in RBS’s near 300 year history. RBS embarked on an ambitious strategy to transition from a regional to global financial services firm and one that drove aggressive revenue growth. RBS’s stock price grew and performed well in the early years of the 2000s and by 2007 the now global financial player was viewed by most analysts as a highly successful bank. For instance:
- From 1997 to 2007 Earnings per share (EPS) had grown from about 50p to close to 250p
- In 2007 RBS reported a record group operating profit of £10.3bn (£7.7bn after tax)
- RBS increased its assets by a multiple of 29 between 1998 and 2008 (assets grew by an average of 41% per year)
- It moved from outside the top 20 global banks by market capitalization prior to its acquisition of NatWest to ninth in the world by 2007
Then the Credit Crunch and disaster: RBS essentially failed in October 2008. To prevent collapse the UK Government injected
