Integrating Risk into your Balanced Scorecard
-
Upload
andrew-smart -
Category
Business
-
view
3.135 -
download
0
Transcript of Integrating Risk into your Balanced Scorecard
Integrating Risk Into Your Balanced
Scorecard
Prepared for:
StratexSystems Webinar Series27 September 2012 4 October 2012
Page 2
Content
Recapping on the Balanced Scorecard
Recapping on Risk Management
Integrating Risk into your Balanced Scorecard
Use of Business Drivers to define levels of Appetite & Exposure
Use of Risk taxonomy to identify Risks per Objective
Page 3
The Balanced Scorecard was introduced in 1992
“What you measure is what you get”
Raison d'être for Balanced Scorecard was to provide a ‘balanced’ set of performance measurements.
Page 4
The Balanced Scorecard was followed by the
Strategy Map in 2000
Strategy Map is a powerful tool for visualising Strategy, showing the cause & effect relationships and tensions within
the strategy.
Page 5
Over the last 20 years, the Balanced Scorecard
has continued to evolve…
Raison d'être for Balanced Scorecard was to provide a ‘balanced’ set of performance measurements.
“What you measure is what you get” - Kaplan & Norton, 1992
Performance Measurement
With adoption, the Balanced Scorecard evolved to become more focused on strategy.
Introduced the 5 principles
1. Translate the Strategy into operational terms
2. Mobilise change through executive leadership
3. Make Strategy a continual process
4. Make Strategy everyone’s everyday job
5. Align the organisation to the Strategy
Performance Management
The Balanced Scorecard is now positioned as a framework for enhancing strategic execution.
A closed loop system of strategic execution
1. Develop the Strategy
2. Plan the Strategy
3. Align the organisation
4. Plan operations
5. Monitor and Learn
6. Test and Adapt the Strategy
Strategy Execution
Page 6
The credit crunch and subsequent fall-out is
rewriting the rules on strategy execution (and risk
management)
Page 7
Kaplan & Norton on Risk and the Balanced
Scorecard
HBR June 2012
Three categories of
Risk
Preventable Risks
Strategy Risks
External Risks
Managing Risk is very
different from managing
Strategy
Page 8
Kaplan & Norton on Risk and the Balanced
Scorecard
- What we think…
The 3 categories are just a relatively simple risk taxonomy
Managing Risk is not different to, but a fundamental part of, managing strategy
From the father of BSC, no direction on how to
integrate Risk in the BSC.
Page 9
So what do we mean when we say “Risk”?
The possibility that an event will occur and adversely affect the achievement of objectives. COSO Integrated Risk
Management Framework
the effect of uncertainty on objectives, whether positive or negative.
ISO31000
The uncertainty of future events that will impact on the achievement of
objectives, either positively (opportunities) or negatively (threats).
Andrew Smart
The uncertainty of future events, incorporating both lost opportunities
as well as threats materialising, which will impact our ability to
achieve business objectives. Client
No organisation can create value without taking risk.
“ You have to speculate to accumulate”
Page 10
What is Risk Management
As much about exploiting opportunities as preventing potential problems.
Risk Management is an essential part of good management
“coordinated activities to direct and control and organization with regard to risk”
risk management framework; “set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management processes throughout the organization”
risk management process; “systematic application of management policies, procedures and practices to the tasks of communication, consultation, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk”
ISO31000
Page 11
There are two major risk management standards
which have influenced our thinking…
COSO1994 & 2004
ISO310002009
Page 12
Over the last 20 or so years Strategy & Risk
Management frameworks have evolved largely in
isolation
Balanced Scorecard
1992
ISO310002009
Page 13
So to the question…. How to integrate Risk into
the Balanced Scorecard?
1. Use Business Drivers to define levels of risk appetite
and risk-taking
Links risk management in the strategic process
Shapes the conversation about risk
Enables the monitoring of the alignment of risk-taking to
strategy
Enables us to answer the question: Are we operating within
Appetite?
2. Use your Risk taxonomy to enable the Risk
Identification process per objective
Page 14
Risk Appetite has a central role to play in the integration of
strategy and risk management
The COSO definition provides „What, Who, When and
Why‟ of risk appetite
What: the amount and type of risk
Who: an organisational entity
When: over a defined time horizon
Why: to achieve the objectives of the entity
Risk appetite is the amount and type of risk that is acceptable to be taken by an
organisational entity over a defined time period, to achieve the objectives of that entity – COSO Enterprise Risk Management
Risk appetite sets the boundaries within which strategy is executed
– StratexSystems
Page 15
Risk Appetite should be
integrated into your
organisational strategic
framework
Business Goals
Business Model
Business Drivers
Internal Analysis External Analysis
Business Objectives
Strategy
Appetite
Appetite Alignment
Risk ManagementPerformance Management
Appetite
Identify strengths & weaknesses
Identify threats & opportunities
Is our business model fit for
purpose?
Is our business model fit for
purpose?
Are we operating within appetite?
Manage threats & opportunities
Are we on-track to deliver?
Manage strengths & weaknesses
Appetite
Sett
ing
Exec
uti
on
Form
ula
tio
n
SettingFrom high-level strategies to specific business objectivesDefine specific business objectives and appetite for specific entity’sAllocation of scarce resources by entity, risk category, product lines
ExecutionAre we on-track to achieve our business objectives Are we operating within appetite (are we taking too much, or not enough risk?)Do we have the right level of controls in place to meet internal and external compliance drivers?Are we aligning our change agenda to our strategic agenda?
FormulationDevelopment of high-level strategies and allocation of scarce resources, including capitalGiven our business context, what is our appetite for risk? Given our appetite, have we got the right business model?Are we comfortable with the assumptions we have made?
Page 16
Risk Appetite is the „glue‟ that brings together
Strategy & Risk
Performance Management
Risk Management
Strategy Management
Appetite
What are we trying to achieve?
Are we on track?
What is our Risk Appetite?
Are we operating within appetite?
Governance & Communications
Culture
Page 17
We use „key‟ Drivers to define levels of risk appetite and
shape the conversation around risk (and strategy)
Business drivers
Capital
Income
Reputation
Shareholder value
Share price
Economic value add
Profit
Strategy
Align Risk-taking to Strategy
Manage Risk
Manage Performance
Appetite
Governance Communication
Culture
Page 18
Using drivers to frame appetite setting enables the Board to
set clear operating boundaries
Business Drivers Low Moderate High ExtremeCapacity
Limit
IncomeX% Capital
@RiskX% Capital
@RiskX% Capital
@RiskX% Capital
@Risk
CapitalUp to X £M
X £M to Y £M
X £M to Y £M
X £M to Y £M
Above X £M
ReputationUp to X vol.
Bad coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Page 19
Appetite Alignment Matrix is a key tool for
monitoring the alignment of Risk-taking to Strategy
Enabling monitoring of risks which are outside of Appetite
Shows where we are taking to much and not enough risk
Changes the risk conversation
Answers the question:
Are we operating with in Appetite?
Page 20
So to the question…. How to integrate Risk into
the Balanced Scorecard?
1. Use Business Drivers to define levels of risk appetite
and risk-taking
Links risk management in the strategic process
Shapes the conversation about risk
Enables the monitoring of the alignment of risk-taking to
strategy
Enables us to answer the question: Are we operating within
Appetite?
2. Use your Risk taxonomy to enable the Risk
Identification process per objective
Page 21
Common categorisation of risk
Strategic Riskuncertainty related to
strategic choices
Execution Riskuncertainty related to
execution of the chosen strategy
Operational Riskuncertainty related
to processes, people, technology,
change etc
Credit Riskuncertainty related to a counterparty's ability to meet their
obligations
Market Credituncertainty related to the market value of a
portfolio
Riskuncertainty of future
events that will impact on the achievement of
objectives
Page 22
The Strategy Map articulates how
an organisation creates valueFi
nan
cial
Cu
sto
me
rIn
tern
al P
roce
ssLe
arn
ing
&
Gro
wth
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Objective KPIs InitiativesTargets
Increase Investment
Returns by 25%
YTD % Increase in investment
returns25%
Implement new portfolio mgtsystem
Objective Statement of what
strategy must achieve and what’s
critical to its success
KPIsHow success in achieving the
strategy will be measured and
tracked
Targets The level of
performance or rate of
improvement needed
Initiatives Key action programs
required to achieve Priorities
Page 23
However, to create value, risk-
taking must be aligned to
strategy…Fin
anci
alC
ust
om
er
Inte
rnal
Pro
cess
Lear
nin
g &
G
row
th
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Objective Appetite AlignmentExposure
Increase Investment
Returns by 25%
Objective Statement of what
strategy must achieve and what’s
critical to its success
Appetite How much risk
are we willing to run to achieve the
objective?
ExposureHow much risk
are we currently running?
Alignment Is our current
risk-taking aligned to appetite?
Moderate High Over-exposed
Page 24
Effective risk management
supports value creation and
protection...Fin
anci
alC
ust
om
er
Inte
rnal
Pro
cess
Lear
nin
g &
G
row
th
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Objective Risks MitigationThresholds
Increase Investment
Returns by 25%
Unexpected changes in interest rates
Unexpected Equity movements
Appetite Tolerances
Controls Initiatives Policy &
procedures Processes
Objective Statement of what
strategy must achieve and what’s
critical to its success
RisksThe threats and
opportunities (risks) exist which may
impact achievement of objectives
ThresholdsThe appetite and
tolerance thresholds used to monitor risk
Mitigation The activities undertaken to manage risk
Page 25
Many different types of risks
make up the organisational risk
universeFin
anci
alC
ust
om
er
Inte
rnal
Pro
cess
Lear
nin
g &
G
row
th
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Increase Investment Returns by 25%
Strategic Risk
Operational Risk
Insurance Risk
Finance Risk
Hazard Risk
Page 26
Many different types of risks
make up the organisational risk
universeFin
anci
alC
ust
om
er
Inte
rnal
Pro
cess
Lear
nin
g &
G
row
th
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Increase Investment Returns by 25%
Strategic Risk
Operational Risk
Insurance Risk
Finance Risk
Hazard Risk
Unexpected changes in interest
rates
Unexpected Equity movements
Page 27
Risk categorises can be used to support risk
identification and integration of risk in the Balanced
Scorecard
Increase Investment Returns by 25%
Insurance Risk
Underwriting Risk
Operational Risk
Strategic Risk
Hazard Risk
Financial RiskBusiness Risk
Reputation Risk
Process Risk
Market RiskCredit Risk
Liquidity Risk
People Risk
System Risk
External Events
Legal Risk
Claims Mgt Risk
Reinsurance RiskProduct Risk
Premium Risk
Civil disruption
Health & Safety
Accidents
Natural
Page 28
How do we define a risk?
The risk of (what, where, when)….. caused by (how) ……resulting in..…(impact/consequences)
Examples
The risk of financial deficit at end of year caused by decreased in-patient activity and revenue, resulting in rationalisation of service offerings.
The risk of exceeding A&E waiting times, caused by increased demand and staff vacancies, resulting in not meeting community expectations and adverse patient outcomes
Page 29
Where do we define Risks?
Objectives
Key Risks
Key Controls
Page 30
The Objectives, Risks and Controls structure is
central to Stratex solutions
30
Objectives
KPIs Actions Key Risks
KRIs Actions Assessment Key Controls
KCIs Actions Assessment
Events
Certification
Risk Appetite Processes Initiatives Systems
People & Roles
Assets
Operational enablers are aligned to strategy
Governance Commentary WorkflowsAudit Trails
Build a strategy focused, risk aware culture
Page 31
So to the question…. How to integrate Risk into
the Balanced Scorecard?
1. Use Business Drivers to define levels of risk appetite
and risk-taking
Links risk management in the strategic process
Shapes the conversation about risk
Enables the monitoring of the alignment of risk-taking to
strategy
Enables us to answer the question: Are we operating within
Appetite?
2. Use your Risk taxonomy to enable the Risk
Identification process per objective
Page 32
Q&A
Page 33
About StratexSystems
“StratexPoint enabled us to reduce the value of our operational losses by 94%, the volume by 63% and our economic capital provision by 23%” - Head of Operational Risk, HML -Skipton group
Our missionTo provide an integrated strategy and risk management solutions which enhances strategy execution, enhance capital efficiency by 15% and reduce operational losses 25% while providing 100% confidence that your business is operating within appetite.
Page 34
Post credit crunch, Financial Services clients face
challenges beyond traditional „Risk Management‟
Lack of an integrated, enterprise-wide solution
Too many spreadsheets
Systems reinforce silo processes
Compliance focused risk tools
Intensive and intrusive FSA oversight
Board and Senior Management pressure
Political pressure to reform and do things differently
Basel 3, Solvency 2, S166
Confidence in our approachProven partnersLow RiskKeep us out of the newspaperCost effective
Deliver strategy Reduce capital provisionReduce operational lossesReduce / eliminate finesEnable the right culture
“Operate within Appetite”
Page 35
Examples of where our solution has added real
and tangible business value
60%
23%
182
Op lossesHML seen a 60% reduction in operational losses within 18 months
Regulatory capitalHML also seen a 23% reduction in regulatory capital
InitiativesConsolidated global portfolio of major initiatives to enable single view of status & risk
Page 36
Demonstration
Page 37
Free trial of StratexLive
Stratex Bootcamp
30 day free use of StratexLive Regular ‘coaching’ session online Load your own data Add your own users START NOW