Integrating Risk into your Balanced Scorecard

5,123 views

Published on

Pulling together into a single framework the two separate disciplines of strategy management and risk management, and how it is possible to integrate it with Balanced Scorecard. This presentation provides a practical guide for organizations to shape and execute sustainable strategies with full understanding of how much risk they are willing to accept in pursuit of strategic goals.

Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.

Published in: Business, Economy & Finance
0 Comments
8 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,123
On SlideShare
0
From Embeds
0
Number of Embeds
607
Actions
Shares
0
Downloads
271
Comments
0
Likes
8
Embeds 0
No embeds

No notes for slide
  • Introduced in 1992 at a time of transition in how business created value, from creating value out of tangible assets to creating it out of intangible assetsDesigned as a performance management tool Answered the question – How are we performing?
  • Strategy Map introduced in the HBR article: Having trouble with your strategy, then Map it, in the year 2000Powerful tool which enabled a strategy to be expressed on a single page, showing the cause & effect relationship between objectives and tensions within the Map
  • BSC has evolved from Performance Management to Strategy Execution frameworkWhat about risk?
  • Credit Crunch and subsequent fall-out forcing organisations to re-think how they execute strategyRe-writing the rules with a greater emphasis on Risk and specifically Risk AppetiteBoards & Regulators more active stakeholders
  • Integrating Risk into your Balanced Scorecard

    1. 1. Integrating Risk Into Your Balanced Scorecard Prepared for: StratexSystems Webinar Series 27 September 2012 4 October 2012
    2. 2. Page  2 Content  Recapping on the Balanced Scorecard  Recapping on Risk Management  Integrating Risk into your Balanced Scorecard  Use of Business Drivers to define levels of Appetite & Exposure  Use of Risk taxonomy to identify Risks per Objective
    3. 3. Page  3 The Balanced Scorecard was introduced in 1992 “What you measure is what you get” Raison d'être for Balanced Scorecard was to provide a ‘balanced’ set of performance measurements.
    4. 4. Page  4 The Balanced Scorecard was followed by the Strategy Map in 2000 Strategy Map is a powerful tool for visualising Strategy, showing the cause & effect relationships and tensions within the strategy.
    5. 5. Page  5 Over the last 20 years, the Balanced Scorecard has continued to evolve… Raison d'être for Balanced Scorecard was to provide a ‘balanced’ set of performance measurements. “What you measure is what you get” - Kaplan & Norton, 1992 Performance Measurement With adoption, the Balanced Scorecard evolved to become more focused on strategy. Introduced the 5 principles 1. Translate the Strategy into operational terms 2. Mobilise change through executive leadership 3. Make Strategy a continual process 4. Make Strategy everyone’s everyday job 5. Align the organisation to the Strategy Performance Management The Balanced Scorecard is now positioned as a framework for enhancing strategic execution. A closed loop system of strategic execution 1. Develop the Strategy 2. Plan the Strategy 3. Align the organisation 4. Plan operations 5. Monitor and Learn 6. Test and Adapt the Strategy Strategy Execution
    6. 6. Page  6 The credit crunch and subsequent fall-out is rewriting the rules on strategy execution (and risk management)
    7. 7. Page  7 Kaplan & Norton on Risk and the Balanced Scorecard HBR June 2012  Three categories of Risk  Preventable Risks  Strategy Risks  External Risks Managing Risk is very different from managing Strategy
    8. 8. Page  8 Kaplan & Norton on Risk and the Balanced Scorecard - What we think…  The 3 categories are just a relatively simple risk taxonomy  Managing Risk is not different to, but a fundamental part of, managing strategy From the father of BSC, no direction on how to integrate Risk in the BSC.
    9. 9. Page  9 So what do we mean when we say “Risk”? The possibility that an event will occur and adversely affect the achievement of objectives. COSO Integrated Risk Management Framework the effect of uncertainty on objectives, whether positive or negative. ISO31000 The uncertainty of future events that will impact on the achievement of objectives, either positively (opportunities) or negatively (threats). Andrew Smart The uncertainty of future events, incorporating both lost opportunities as well as threats materialising, which will impact our ability to achieve business objectives. Client No organisation can create value without taking risk. “ You have to speculate to accumulate”
    10. 10. Page  10 What is Risk Management As much about exploiting opportunities as preventing potential problems. Risk Management is an essential part of good management “coordinated activities to direct and control and organization with regard to risk” risk management framework; “set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management processes throughout the organization” risk management process; “systematic application of management policies, procedures and practices to the tasks of communication, consultation, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk” ISO31000
    11. 11. Page  11 There are two major risk management standards which have influenced our thinking… COSO 1994 & 2004 ISO31000 2009
    12. 12. Page  12 Over the last 20 or so years Strategy & Risk Management frameworks have evolved largely in isolation Balanced Scorecard 1992 ISO31000 2009
    13. 13. Page  13 So to the question…. How to integrate Risk into the Balanced Scorecard? 1. Use Business Drivers to define levels of risk appetite and risk-taking  Links risk management in the strategic process  Shapes the conversation about risk  Enables the monitoring of the alignment of risk-taking to strategy  Enables us to answer the question: Are we operating within Appetite? 2. Use your Risk taxonomy to enable the Risk Identification process per objective
    14. 14. Page  14 Risk Appetite has a central role to play in the integration of strategy and risk management  The COSO definition provides „What, Who, When and Why‟ of risk appetite  What: the amount and type of risk  Who: an organisational entity  When: over a defined time horizon  Why: to achieve the objectives of the entity Risk appetite is the amount and type of risk that is acceptable to be taken by an organisational entity over a defined time period, to achieve the objectives of that entity – COSO Enterprise Risk Management Risk appetite sets the boundaries within which strategy is executed – StratexSystems
    15. 15. Page  15 Risk Appetite should be integrated into your organisational strategic framework Business Goals Business Model Business Drivers Internal Analysis External Analysis Business Objectives Strategy Appetite Appetite Alignment Risk Management Performance Management Appetite Identify strengths & weaknesses Identify threats & opportunities Is our business model fit for purpose? Is our business model fit for purpose? Are we operating within appetite? Manage threats & opportunities Are we on-track to deliver? Manage strengths & weaknesses Appetite SettingExecutionFormulation Setting From high-level strategies to specific business objectives Define specific business objectives and appetite for specific entity’s Allocation of scarce resources by entity, risk category, product lines Execution Are we on-track to achieve our business objectives Are we operating within appetite (are we taking too much, or not enough risk?) Do we have the right level of controls in place to meet internal and external compliance drivers? Are we aligning our change agenda to our strategic agenda? Formulation Development of high-level strategies and allocation of scarce resources, including capital Given our business context, what is our appetite for risk? Given our appetite, have we got the right business model? Are we comfortable with the assumptions we have made?
    16. 16. Page  16 Risk Appetite is the „glue‟ that brings together Strategy & Risk Performance Management Risk Management Strategy Management Appetite What are we trying to achieve? Are we on track? What is our Risk Appetite? Are we operating within appetite? Governance & Communications Culture
    17. 17. Page  17 We use „key‟ Drivers to define levels of risk appetite and shape the conversation around risk (and strategy) Business drivers Capital Income Reputation Shareholder value Share price Economic value add Profit Strategy Align Risk-taking to Strategy Manage Risk Manage Performance Appetite Governance Communication Culture
    18. 18. Page  18 Using drivers to frame appetite setting enables the Board to set clear operating boundaries Business Drivers Low Moderate High Extreme Capacity Limit Income X% Capital @Risk X% Capital @Risk X% Capital @Risk X% Capital @Risk Capital Up to X £M X £M to Y £M X £M to Y £M X £M to Y £M Above X £M Reputation Up to X vol. Bad coverage Up to X vol. Bad coverage Up to X vol. Bad coverage Up to X vol. Bad coverage
    19. 19. Page  19 Appetite Alignment Matrix is a key tool for monitoring the alignment of Risk-taking to Strategy  Enabling monitoring of risks which are outside of Appetite  Shows where we are taking to much and not enough risk  Changes the risk conversation  Answers the question: Are we operating with in Appetite?
    20. 20. Page  20 So to the question…. How to integrate Risk into the Balanced Scorecard? 1. Use Business Drivers to define levels of risk appetite and risk-taking  Links risk management in the strategic process  Shapes the conversation about risk  Enables the monitoring of the alignment of risk-taking to strategy  Enables us to answer the question: Are we operating within Appetite? 2. Use your Risk taxonomy to enable the Risk Identification process per objective
    21. 21. Page  21 Common categorisation of risk Strategic Risk uncertainty related to strategic choices Execution Risk uncertainty related to execution of the chosen strategy Operational Risk uncertainty related to processes, people, technology, change etc Credit Risk uncertainty related to a counterparty's ability to meet their obligations Market Credit uncertainty related to the market value of a portfolio Risk uncertainty of future events that will impact on the achievement of objectives
    22. 22. Page  22 The Strategy Map articulates how an organisation creates value FinancialCustomerInternalProcess Learning& Growth Increase Investment Returns by 25% Sustainable Growth Increase Retention of competent staff by 10% Increase Shareholder value Objective KPIs InitiativesTargets Increase Investment Returns by 25% YTD % Increase in investment returns 25%  Implement new portfolio mgt system Objective Statement of what strategy must achieve and what’s critical to its success KPIs How success in achieving the strategy will be measured and tracked Targets The level of performance or rate of improvement needed Initiatives Key action programs required to achieve Priorities
    23. 23. Page  23 However, to create value, risk- taking must be aligned to strategy… FinancialCustomerInternalProcess Learning& Growth Increase Investment Returns by 25% Sustainable Growth Increase Retention of competent staff by 10% Increase Shareholder value Objective Appetite AlignmentExposure Increase Investment Returns by 25% Objective Statement of what strategy must achieve and what’s critical to its success Appetite How much risk are we willing to run to achieve the objective? Exposure How much risk are we currently running? Alignment Is our current risk-taking aligned to appetite? Moderate High Over-exposed
    24. 24. Page  24 Effective risk management supports value creation and protection... FinancialCustomerInternalProcess Learning& Growth Increase Investment Returns by 25% Sustainable Growth Increase Retention of competent staff by 10% Increase Shareholder value Objective Risks MitigationThresholds Increase Investment Returns by 25%  Unexpected changes in interest rates  Unexpected Equity movements  Appetite  Tolerances  Controls  Initiatives  Policy & procedures  Processes Objective Statement of what strategy must achieve and what’s critical to its success Risks The threats and opportunities (risks) exist which may impact achievement of objectives Thresholds The appetite and tolerance thresholds used to monitor risk Mitigation The activities undertaken to manage risk
    25. 25. Page  25 Many different types of risks make up the organisational risk universe FinancialCustomerInternalProcess Learning& Growth Increase Investment Returns by 25% Sustainable Growth Increase Retention of competent staff by 10% Increase Shareholder value Increase Investment Returns by 25% Strategic Risk Operational Risk Insurance Risk Finance Risk Hazard Risk
    26. 26. Page  26 Many different types of risks make up the organisational risk universe FinancialCustomerInternalProcess Learning& Growth Increase Investment Returns by 25% Sustainable Growth Increase Retention of competent staff by 10% Increase Shareholder value Increase Investment Returns by 25% Strategic Risk Operational Risk Insurance Risk Finance Risk Hazard Risk Unexpected changes in interest rates Unexpected Equity movements
    27. 27. Page  27 Risk categorises can be used to support risk identification and integration of risk in the Balanced Scorecard Increase Investment Returns by 25% Insurance Risk Underwriting Risk Operational Risk Strategic Risk Hazard Risk Financial Risk Business Risk Reputation Risk Process Risk Market Risk Credit Risk Liquidity Risk People Risk System Risk External Events Legal Risk Claims Mgt Risk Reinsurance RiskProduct Risk Premium Risk Civil disruption Health & Safety Accidents Natural
    28. 28. Page  28 How do we define a risk? The risk of (what, where, when)….. caused by (how) ……resulting in..…(impact/consequences) Examples  The risk of financial deficit at end of year caused by decreased in-patient activity and revenue, resulting in rationalisation of service offerings.  The risk of exceeding A&E waiting times, caused by increased demand and staff vacancies, resulting in not meeting community expectations and adverse patient outcomes
    29. 29. Page  29 Where do we define Risks? Objectives Key Risks Key Controls
    30. 30. Page  30 The Objectives, Risks and Controls structure is central to Stratex solutions 30 Objectives KPIs Actions Key Risks KRIs Actions Assessment Key Controls KCIs Actions Assessment Events Certification Risk Appetite Processes Initiatives Systems People & Roles Assets Operational enablers are aligned to strategy Governance Commentary Workflows Audit Trails Build a strategy focused, risk aware culture
    31. 31. Page  31 So to the question…. How to integrate Risk into the Balanced Scorecard? 1. Use Business Drivers to define levels of risk appetite and risk-taking  Links risk management in the strategic process  Shapes the conversation about risk  Enables the monitoring of the alignment of risk-taking to strategy  Enables us to answer the question: Are we operating within Appetite? 2. Use your Risk taxonomy to enable the Risk Identification process per objective
    32. 32. Page  32 Q&A
    33. 33. Page  33 About StratexSystems “StratexPoint enabled us to reduce the value of our operational losses by 94%, the volume by 63% and our economic capital provision by 23%” - Head of Operational Risk, HML - Skipton group Our mission To provide an integrated strategy and risk management solutions which enhances strategy execution, enhance capital efficiency by 15% and reduce operational losses 25% while providing 100% confidence that your business is operating within appetite.
    34. 34. Page  34 Post credit crunch, Financial Services clients face challenges beyond traditional „Risk Management‟ Lack of an integrated, enterprise-wide solution Too many spreadsheets Systems reinforce silo processes Compliance focused risk tools Intensive and intrusive FSA oversight Board and Senior Management pressure Political pressure to reform and do things differently Basel 3, Solvency 2, S166 Confidence in our approach Proven partners Low Risk Keep us out of the newspaper Cost effective Deliver strategy Reduce capital provision Reduce operational losses Reduce / eliminate fines Enable the right culture “Operate within Appetite”
    35. 35. Page  35 Examples of where our solution has added real and tangible business value 60% 23% 182 Op losses HML seen a 60% reduction in operational losses within 18 months Regulatory capital HML also seen a 23% reduction in regulatory capital Initiatives Consolidated global portfolio of major initiatives to enable single view of status & risk
    36. 36. Page  36 Demonstration
    37. 37. Page  37 Free trial of StratexLive Stratex Bootcamp  30 day free use of StratexLive  Regular ‘coaching’ session online  Load your own data  Add your own users  START NOW

    ×