SlideShare a Scribd company logo

Strategically+Speaking+October+2015

Andrew Smart
Andrew Smart
1 of 9
Download to read offline
How do you integrate strategy and risk management? In this series, Palladium asks expert strategy practitioners to share their experiences and opinions. We asked: In today’s globally connected eocnomies, organisations face growing strategic risk. Risk might come from many places: disrup- tive technologies, competition from suprising sources, local and global economic condi- tions and political change, amongst others. As the execution of any strategy requires some level of risk-taking, it could be argued that strategy and risk are flip sides of the same coin. How can organisations integrate strat- egy management and risk management to strengthen the likelihood of successful strat- egy execution? And how can organisations exploit positive opportunities from risk as well as mitigate the potential downside? Strategically Speaking October 2015 Copyright © 2015 Palladium
2 | Strategically Speaking October 2015 Copyright © 2015 Palladium Andrew Smart CEO, Manigent The mismanagement of strategic risk is the number one cause of shareholder value destruction, according to a 2012 study by Booz & Co. (now Strategy&). In the wake of the 2008/09 credit crisis, that finding is perhaps not surprising. What might be surprising is that Booz & Co. completed a similar study in 2004 in the wake of the scandals at Enron, Tyco and Worldcom that reached the same conclusion. Both of these studies focused on the companies that were the biggest losers of shareholder value over the previous ten years and sought to understand why. Out of the 1053 companies in the 2012 study, 103 had annualised returns relative to their respective industry benchmarks that were worse than negative 10%. The results of the study were unambiguous. When analysing the root cause of the destruction in shareholder value, strategic failures were identified a remarkable 81% of the time. In ap- proximately half the instances studied, the loss of value hap- pened gradually, over months and years; however in the other half, the loss of value happened very quickly, sometimes days and weeks. While there was a storm of new regulation post the scandals at Enron, etc., there has been an absolute tsunami of new regu- lation and regulatory change post the credit crisis. This has resulted in a significant increase in focus and attention paid to risk management. So why is it that with such a focus on risk management, the number one cause of shareholder value de- struction remains poor strategic risk management? One of the main reasons is that the risk agenda is shaped and driven primarily by governments and regulatory bodies, not by the board and the executive. Therefore, an organisation’s investment in risk is driven by regulatory demands and meeting the regulators’ expectations of the level of risk management re- quired by the firm rather than by the board and executive teams demanding improvements in risk management to enhance the ability of the firm to deliver its business plan and achieve its operational and strategic objectives. The argument that the risk management agenda is been driven by the regulatory agenda is supported by a recent whitepaper from CEB, a leading member-based advisory company whose membership includes 90% of the Fortune 500, 75% of the Dow Jones Asian Titans and 85% of the FTSE 100. CEB compared the likelihood of risk failures occurring by risk type to the time spent by executives and assurance/audit staff focused on each risk type. They found that while strategic risks were the most likely to lead to a significant decline in share- holder value (supporting the Booz & Co. findings), executives and the assurance/audit staff were spending most of their time on operational and financial reporting risk. CEB found that of the most significant risk failures that resulted in a drop in shareholder value, 86% were strategic risk failures, yet the firms spend only 6% of their time on these risks compared to 42% on operational risk and 39% on financial reporting risks. It is clear that the risk agenda in financial services and other sectors is been driven by meeting the demands of the regula- tor rather than meeting the demands of the business and its shareholders. Until this changes and there is a proper focus on strategic risk management and embedding risk into the strate- gic and operational decision-making processes, firms will con- tinue to experience surprises that cause massive destruction in shareholder value, loss of jobs and destruction of livelihoods, such as what is happening with Volkswagen right now.
Strategically Speaking October 2015 | 3 Copyright © 2015 Palladium Robert Kaplan Marvin Bower Professor of Leadership Development, Emeritus, Harvard Business School Going back about eight years, when I first began to look closely at strategic risk, I thought that risk management would become a strategic theme that would appear on the Strategy Map, alongside other themes such as customer service management and operational excellence. I now advocate that risk should not be on a Strategy Map at all, be that as a theme, perspective or objective. The Balanced Scorecard, after all, is about managing and delivering performance, not mitigating risk. Risks (both threats and opportunities) impact each and ev- ery objective on a Strategy Map – financial and non-financial. Identified risks should be managed through a separate risk dashboard. For example, Infosys has a strategy focused on large contracts with large corporations. The concentration of revenues was identified as a significant strategic risk (a large account failure would show up on the income statement). The company identified a strategic risk indicator, credit default swap (CDS) rates, for its risk dashboard. If the CDS rate, the price for insuring against a client’s default, went outside a specified range, then mitigation steps could be taken to cope with the client’s increased risk. Strategic risk management was not explicitly considered when Dave Norton and I developed the XPP. It is now evident that it should be integrated into each of the six stages. During Stage 1, when the company develops and clarifies its strategy, it should also have the first risk discussion, including with the board. How risky are the strategies it is considering, and how much risk can or should the company take on? The Strategy Maps the company builds in Stage 2 are an ideal platform for identifying major risk events and ensuring funds to lower the likelihood of these risks materialising or to mitigate their impact if they should. Aligning the organisation at Stage 3 provides the ideal op- portunity to run risk workshops to gain insights from front-line employees as to the day-to-day risks they see the organisation facing. Engaging employees in risk identification and subse- quent mitigation is also a powerful mechanism for creating a risk-aware culture and for getting the message across that management cares about risk as well as returns. At Stage 4 (plan the operations), we create the risk dashboards that provide early warning signs about trends in risk likelihoods, and at Stage 5 we monitor and review these dashboards and the progress of the investments made to mitigate risk. During Stage 6 (monitor and learn), managers can run war games and conduct scenario analysis to identify external risks to the strategy and decide on the required mitigation plans. I also advocate for a risk office that is separate from the strat- egy office. Risk management requires different skill sets and tools than strategy management. The two have an inherent and unresolvable tension between them: one concentrates effort to maximise positive impact, one diversifies to minimise negative impact. With good data and insights from both strategy and risk officers, the executive team can then make informed decision about how much risk they are willing to take in their strategy implementation efforts and how much to spend on strategy execution and risk management. With a deep knowledge of the performance/risk dynamic, managers might even take on more risk than their competitors – knowing that their risks are visible, that they are tracked through the strategic management system and that the limit of the risk taking is understood. In this way risk management becomes another tool for competitive advantage: as much about saying yes as saying no.
4 | Strategically Speaking October 2015 Copyright © 2015 Palladium Frédéric Desitter Director of Enterprise Risk Management, Sidra Medical Center, Qatar Enterprise Risk Management (ERM) is often defined as the process initiated to strengthen the likelihood of achieving the strategic objectives of the organisation by putting in place the proper approach and tools to anticipate and treat poten- tial threats. From this simple definition it is clear that to jointly deliver value to the organisation, risk management and strategy should be closely related and intertwined amongst the corpo- rate governance processes. So how can organisational leaders benefit from the synergies that clearly exist between ERM and strategy? ERM will naturally contribute to the successful implementation of the strategy by helping to anticipate the pitfalls that could prevent things from happening as planned, especially if ERM, as it should do, helps management to think outside the box and puts the stress on emerging risks. Furthermore, ERM can and should influence the strategy of the organisation by providing some keys to reading the future and therefore contributing to the definition of the strategic objectives of the organisation. Risks and opportunities are often two sides of the same coin, and knowing the risks will put the organisation in a position to turn some of these risks into real strategic opportunities. Risk is often mistakenly understood as “only” managing the downside. An example often given is Kodak, which missed the chance of properly turning the risk of the digital photography revolution into a strategic opportunity by not engaging early in these new technologies. Given Kodak’s role in establishing digital technol- ogy, this oversight is particularly poor management of the op- portunities provided by risk. A smarter approach is to design some strategic objectives around the strategic or emerging risks, to mitigate them where they should and to turn them into opportunities where they can. By taking this approach, risk, which is often seen as a con- straint, transforms into a powerful source of leverage to instigate change and better control the future. Strategy is a proactive approach to anticipating and potentially influencing the future. By helping to better know and understand the unknown, ERM helps make the right choices. Of course, there is still a remaining level of uncertainty attached to the success of the strategy of an organisation, even while implementing ERM appropriately. No strategy is assured of success. However, my experience shows that the organisation has a significantly improved chance of going where it wants to go (the strategy) with the guiding light of ERM – dim though that light may be – than it does in the dark.
Strategically Speaking October 2015 | 5 Copyright © 2015 Palladium Steve Suleski SVP, Chief Governance and Compliance Officer, CUNA Mutual Group The realisation of extreme risk is generally associated in the business world with catastrophe – the destruction of great value, the failure of a once-robust business, the disintegration of a well-known brand or company. Understandably, the focus of an enterprise’s risk management programme has tradition- ally been on these downside risks. Now, however, the use of a broad-based risk management programme can be turned to the plus-side of business endeavours: to manage and balance the risks associated with a new or existing corporate strategy. By applying the discipline and methodology of a mature enter- prise risk management system to strategic objectives, a com- pany not only is able to understand threats to the realisation of its strategy, but it can also allocate or re-allocate its capital and risk budgets to take advantage of additional strategic opportuni- ties. Using and monitoring key risk indicators (KRIs) allows for a real-time view of how and how fast risks are developing, mov- ing, dissipating, etc. across the entire spectrum of a company’s strategic horizon. Clear and actionable strategic risk informa- tion allows senior management and business line leaders to make better judgments about adjustments to approach, levels of investment and risk-sharing opportunities impacting various components of a company’s strategy. A key part of any strategic risk management programme is join- ing periodic discussions about strategic progress with updated analysis of the existing risk environment impacting that progress. Only then can company leaders make adjustments and take advantage of the opportunities that changes to the risk environ- ment suggest. And that’s the quickest way to add the strategic, upside dimension to enterprise risk management’s charter – a dimension that may not be more important than ERM’s tradition- al focus on downside risk but is certainly much more uplifting and rewarding.
6 | Strategically Speaking October 2015 Copyright © 2015 Palladium Kevin Shelton Strategy Management Practitioner, Public Transport Sector, UK Linking strategy development, strategy execution and risk man- agement is essential when you’re in the business of delivering infrastructure railway projects safely, on time and to budget in an industry requiring by-the-minute punctuality. Infrastructure managers that are state funded or owned usually have their capital expenditure delivery outputs set in strategic plans that are monitored by industry/government regulators on behalf of the public. In the case of UK railways, the plans are developed through a process that is subject to statutory requirements, involving government and industry stakeholder consultation on a five-year planning cycle. Developing and delivering strategic plans at this level is vitally important, as national and regional connectivity stimulates economic growth. Once agreed, the strategic plans to improve the railway go on to become a portfolio of programmes and projects, which local, national and international stakeholders count on to develop their own activities. Capital expenditure on UK heavy railway infrastructure, which excludes the underground and other metro rail operations, is in the region of £5bn per year; this figure excludes the costs of rolling stock. In round numbers, £5bn per year is equivalent to completing one Olympic stadium every month; however, in real- ity there are a multiplicity of projects, varying in size, scale and complexity, spread across the network. To add to the challenge, the majority of these are delivered on a live operational network that is used daily and can only be ac- cessed for short intervals, usually at night or during weekends. Regardless of the size and scale of the individual projects, the basic questions asked are the same across the portfolio, e.g., Is it safe? How much will it cost? Will it be finished on time? What are the risks? Is it value for money? What is the level of certainty on costs and delivery dates? And, once certainty levels are introduced, that brings risk management to the forefront of discussion, with completion schedules, forecast cost data and contingencies being subject to reviews, which are informed by performance to date. Plans are reviewed and updated frequently to ensure that all risks are covered and opportunities identified to further im- prove performance. From time to time plans have to be updated through formal change control and agreed with the regulator. The intensity of the reviews increases as the projects progress from development into delivery; particularly where construction is taking place on, or adjacent to, the live railway. Significant effort goes into ensuring that plans can be delivered safely, given all the constraints associated with working on a live system. The accountability for the safe, on time delivery of projects is very real across all levels in the hierarchy. These and many other factors help to make Britain’s railways amongst the safest in Europe; this requires planning, managing risk, look- ing for opportunity and focusing on safe delivery from the very beginning.
Strategically Speaking October 2015 | 7 Copyright © 2015 Palladium Moataz Hussein Senior Consultant, Program & Strategy Management, OPM Consulting An organisation’s approach to integrating strategy and risk man- agement is driven by both the nature of the organisation itself and the environment it operates within. Here are six common factors affecting organisational ability to achieve integration. 1. Enterprise Risk Management is not a luxury… It’s a matter of survival. Improving Enterprise Risk Manage- ment (ERM) maturity, building the correct risk management culture and instilling key values across the organisation will lay the foundations for success. ERM should: • Be an independent, empowered function that is also embedded within all areas of the organization. • Ensure the corporate appetite for risk is clearly identified and matched by its own ability to manage those risks. • Ensure risk triggers and risk responses are identified to maximise exploitation of opportunities and mitigation of threats. • Be subject to ongoing review and improvement. 2. Question your assumptions. A rapidly changing environ- ment requires a responsive organisation. Businesses are often held back by what I term “strategitis,” where the man- agement resolutely refuses to accept that their practices are no longer relevant to the changing operational environment. Living in a state of denial increases contagion of the risk (risk exposure). “Strategitis” ensures the propagation of bad practises by masking the organisation’s “immune response” thereby thwarting implementation of a revised strategy rel- evant to the prevailing business landscape. 3. Anything that can go wrong will go wrong…are you ready? Planning for “what ifs” is mandatory. Having a plan B, exploitation or exit strategy prepared ensures knee-jerk decisions will not compromise long term strategic goals. If you are too busy to proactively manage risks today, you will be too busy managing crises tomorrow. The impact of the negatives that we don’t know could be much more signifi- cant than the positives that we do know. War-gaming and scenario planning can be valuable tools here. 4. Do it top-down but do it right. Simply reporting opera- tional risks from each organisational unit to the OSM can distract attention from the bigger, strategic risk picture. Risk must be viewed at the strategic level and operational risks must also be considered within the strategic context. Some risks will require detailed assessment at the operational level. The output of this review should then be reassessed at the strategic level. 5. It’s all about risk appetite. Risk appetite shapes the organisational strategy, so it should always be considered first. Unfortunately most of the organisations that have a low level of ERM maturity also have no defined or widely com- municated risk appetite. Conflicting attitudes towards risk by senior and middle management will compromise overall strategic objectives. Risk appetite simply dictates the DOs and DON’Ts in the day-to-day business as well as over the long term. 6. Measure – do not count. Albert Einstein famously warned, “Not everything that counts can be counted, and not ev- erything that can be counted counts.” Gathering the right information (that counts) and using the right metrics is not easy, so available information tends to be gathered and easy metrics (that can be counted) are used instead. This leads to ineffective measurement of risk. Moreover, there’s a pervasive failure to understand that decision-making sup- port is the real objective of the risk function, not simply data gathering and reporting. A strategic aim that was appropriate in the past may not be appropriate now, so recognise that change is inevitable and be ready to adapt. Clearly communicated policies on risk sup- ported by relevant and timely data to facilitate decisions will also help ensure that the organisation’s strategic goals are met, even in a rapidly changing operational environment.
8 | Strategically Speaking October 2015 Copyright © 2015 Palladium James Creelman Director, Research and Intellectual Property, Palladium If Peter Drucker were speaking today, he’d likely say, “Culture eats strategy for breakfast and risk for lunch.” With strategy and risk being two sides of the same coin (an organisation can- not implement strategy without taking some measure of risk, and the more ambitious the strategy the higher the risk), they are subject to the same derailing forces, of which culture is the most prevailing. Culture is perhaps the ultimate strategy and risk management tool: get the culture right and objectives will more likely be achieved and risk managed. Get the culture wrong and failure will be just about inevitable. Simply put, culture is a substantial determinant of whether a firm is able successfully to execute its strategy within its defined risk appetite (the amount of risk an organisation is willing to take and must take in pursuit of its strategic objectives). In my co-authored book Risk-Based Performance Management: Integrating strategy and risk management, we use the term “strat- egy-focused, risk-aware culture” to describe a culture with the dexterity to remain focused on delivering objectives while scan- ning broadly to identify threats and opportunities that may help or hinder the achievement of those objectives. We identified six characteristics of a strategy-focused, risk-aware culture: 1. Driven by a compelling vision. Central to a strategy- focused, risk-aware culture is a compelling organisational vision that the board, executive and front-line staff under- stand, are engaged in and focused on achieving – a vision that unites the organisation, providing direction when set- ting objectives at an organisational and personal level. 2. Shaped by a clear set of values. Establishing a strong set of values binds the organisation together in their pursuit of their vision and objectives. It also influences the organisa- tional attitude to risk and creates an environment in which those individuals that don’t fit the culture leave. 3. Led with integrity. Leaders must demonstrate their com- mitment to the vision and values through their actions. They must also demonstrate commitment to balancing risk and reward and “operating within appetite.” 4. Risk-taking aligned to strategy. The alignment of risk- taking to strategy is a central part of “the way we do things around here.” This is a culture that actively sets and contin- uously reviews its strategy and key risks with the question: Is the amount of risk we are currently running enough, not enough or too much to achieve our strategy? 5. Established clear accountabilities. This is about having a clearly defined organisational and governance structure that assigns accountability for policies, procedures and the various governance and compliance obligations to the most appropriate committee and individuals and has named em- ployees held accountable for achieving specific objectives and managing specific risks. 6. Incentives are aligned to appetite. Typical incentive structures are defined rather narrowly on hitting specific performance-related targets without factoring in the amount of risk taken to achieve those targets. Incentive packages should be designed so that they align to the organisational risk appetite. They balance and clearly define the targets that are to be achieved and the level of risk to be taken. When a strategy-focused, risk-aware culture is in place, or- ganisations view risk as a powerful tool for exploiting strategic opportunities. They know the boundaries (the appetite) in which appropriate risk-taking takes place and know that strategic risk management is not only about stopping bad things happening, but about using risk levers to beat the competition.
Palladium believes in the impact economy, an ecosystem of commercial, government and social interests that fundamentally re-define sustainable value. With our world- class intellectual property, purposeful innovation and proven, time-tested know-how, clients in more than 90 countries have dramatically improved stakeholder engagement to create enduring positive outcomes, both financial and social. Our clients’ success in the impact economy is supported by one or more of the follow- ing four pillars: • International Development with an emphasis on increasing the performance and outcomes in health, economic development, education, governance and the envi- ronment; • Strategy Execution Consulting to enable order-of-magnitude improvements in both private and public sectors through a framework that translates strategy into action; • Research, Professional Development and Training to encourage boundary-break- ing thought leadership buttressed by a powerful knowledge transfer engine that equips clients and partners with necessary skills; and • Impact Investing to re-imagine innovative ways to finance impact economy initia- tives for optimum financial and social results. With our collective expertise and abiding commitment to exceeding clients’ objectives, Palladium transforms lives, businesses, governments and societies around the world. www.thepalladiumgroup.com

Recommended

Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Andrew Smart
 
FMM&A15-StratexSystems
FMM&A15-StratexSystemsFMM&A15-StratexSystems
FMM&A15-StratexSystemsAndrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureAndrew Smart
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategyhenrytk2
 

Recommended

Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Andrew Smart
 
FMM&A15-StratexSystems
FMM&A15-StratexSystemsFMM&A15-StratexSystems
FMM&A15-StratexSystemsAndrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureAndrew Smart
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategyhenrytk2
 
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Compliance Consultant
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Making Conduct Risk [Good] Business As Usual
Making Conduct Risk [Good] Business As UsualMaking Conduct Risk [Good] Business As Usual
Making Conduct Risk [Good] Business As UsualAndrew Smart
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingNathan Ives
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
Risk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic LandscapeRisk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic LandscapeNik Hasyudeen
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesGlobalStrategyTribe
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
StratexSystems_270115
StratexSystems_270115StratexSystems_270115
StratexSystems_270115Andrew Smart
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewDenise Robinson
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management GAURAV SHARMA
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Deloitte_Risk Sensing
Deloitte_Risk SensingDeloitte_Risk Sensing
Deloitte_Risk SensingFrederic Girardeau-Montaut
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 

More Related Content

What's hot

Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Compliance Consultant
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Making Conduct Risk [Good] Business As Usual
Making Conduct Risk [Good] Business As UsualMaking Conduct Risk [Good] Business As Usual
Making Conduct Risk [Good] Business As UsualAndrew Smart
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingNathan Ives
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
Risk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic LandscapeRisk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic LandscapeNik Hasyudeen
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesGlobalStrategyTribe
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
StratexSystems_270115
StratexSystems_270115StratexSystems_270115
StratexSystems_270115Andrew Smart
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewDenise Robinson
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management GAURAV SHARMA
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 

What's hot (20)

Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
 
Making Conduct Risk [Good] Business As Usual
Making Conduct Risk [Good] Business As UsualMaking Conduct Risk [Good] Business As Usual
Making Conduct Risk [Good] Business As Usual
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance Mapping
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
 
Risk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic LandscapeRisk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic Landscape
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
StratexSystems_270115
StratexSystems_270115StratexSystems_270115
StratexSystems_270115
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program Overview
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic Planning
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 

Similar to Strategically+Speaking+October+2015

Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerTanaMaeskm
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management ProgramAlicia Edwards
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White PaperShadowlit Ndou Sidija
 
Risk Appetite: new challenges to manage an insurance company
Risk Appetite: new challenges to manage an insurance companyRisk Appetite: new challenges to manage an insurance company
Risk Appetite: new challenges to manage an insurance companyPhilippe Foulquier
 
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiAn approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiRama Warrier
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperGreg Cybulski, CBCP, ARM
 
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxrusselldayna
 
CGMA Performance integrated risk report for BOD
CGMA Performance integrated risk report for BODCGMA Performance integrated risk report for BOD
CGMA Performance integrated risk report for BODTony Auditor
 
2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management studyLapman Lee ✔
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraNik Hasyudeen
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
FERMA European Risk Management Benchmarking Survey 2012 – Brochure
FERMA European Risk Management Benchmarking Survey 2012 – BrochureFERMA European Risk Management Benchmarking Survey 2012 – Brochure
FERMA European Risk Management Benchmarking Survey 2012 – BrochureFERMA
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakYashavanth Nayak
 
The risks of risk management
The risks of risk managementThe risks of risk management
The risks of risk managementcjburt
 

Similar to Strategically+Speaking+October+2015 (20)

Deloitte_Risk Sensing
Deloitte_Risk SensingDeloitte_Risk Sensing
Deloitte_Risk Sensing
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and PerEnterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and Per
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White Paper
 
Risk Appetite: new challenges to manage an insurance company
Risk Appetite: new challenges to manage an insurance companyRisk Appetite: new challenges to manage an insurance company
Risk Appetite: new challenges to manage an insurance company
 
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiAn approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paper
 
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
 
CGMA Performance integrated risk report for BOD
CGMA Performance integrated risk report for BODCGMA Performance integrated risk report for BOD
CGMA Performance integrated risk report for BOD
 
Business Risk
Business RiskBusiness Risk
Business Risk
 
CRO Insight
CRO InsightCRO Insight
CRO Insight
 
2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management study
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
FERMA European Risk Management Benchmarking Survey 2012 – Brochure
FERMA European Risk Management Benchmarking Survey 2012 – BrochureFERMA European Risk Management Benchmarking Survey 2012 – Brochure
FERMA European Risk Management Benchmarking Survey 2012 – Brochure
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G Nayak
 
The risks of risk management
The risks of risk managementThe risks of risk management
The risks of risk management
 

More from Andrew Smart

Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Andrew Smart
 
Cyber Risk Management
Cyber Risk Management Cyber Risk Management
Cyber Risk Management Andrew Smart
 
Enabling Effective Conduct Risk
Enabling Effective Conduct RiskEnabling Effective Conduct Risk
Enabling Effective Conduct RiskAndrew Smart
 
StratexPoint Risk Management Solution Intro Video
StratexPoint Risk Management Solution Intro VideoStratexPoint Risk Management Solution Intro Video
StratexPoint Risk Management Solution Intro VideoAndrew Smart
 
Enabling Effective Conduct Risk
Enabling Effective Conduct RiskEnabling Effective Conduct Risk
Enabling Effective Conduct RiskAndrew Smart
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
Middle east insurance market
Middle east insurance marketMiddle east insurance market
Middle east insurance marketAndrew Smart
 
Amnded stratexpoint screens1
Amnded stratexpoint screens1Amnded stratexpoint screens1
Amnded stratexpoint screens1Andrew Smart
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk TransformationAndrew Smart
 
Greater Manchester Fire and Rescue Service Whitepaper
Greater Manchester Fire and Rescue Service WhitepaperGreater Manchester Fire and Rescue Service Whitepaper
Greater Manchester Fire and Rescue Service WhitepaperAndrew Smart
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Manigent Embedding Risk Appetite Within The Strategy Process
Manigent Embedding Risk Appetite Within The Strategy ProcessManigent Embedding Risk Appetite Within The Strategy Process
Manigent Embedding Risk Appetite Within The Strategy ProcessAndrew Smart
 

More from Andrew Smart (12)

Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.
 
Cyber Risk Management
Cyber Risk Management Cyber Risk Management
Cyber Risk Management
 
Enabling Effective Conduct Risk
Enabling Effective Conduct RiskEnabling Effective Conduct Risk
Enabling Effective Conduct Risk
 
StratexPoint Risk Management Solution Intro Video
StratexPoint Risk Management Solution Intro VideoStratexPoint Risk Management Solution Intro Video
StratexPoint Risk Management Solution Intro Video
 
Enabling Effective Conduct Risk
Enabling Effective Conduct RiskEnabling Effective Conduct Risk
Enabling Effective Conduct Risk
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
 
Middle east insurance market
Middle east insurance marketMiddle east insurance market
Middle east insurance market
 
Amnded stratexpoint screens1
Amnded stratexpoint screens1Amnded stratexpoint screens1
Amnded stratexpoint screens1
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk Transformation
 
Greater Manchester Fire and Rescue Service Whitepaper
Greater Manchester Fire and Rescue Service WhitepaperGreater Manchester Fire and Rescue Service Whitepaper
Greater Manchester Fire and Rescue Service Whitepaper
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
Manigent Embedding Risk Appetite Within The Strategy Process
Manigent Embedding Risk Appetite Within The Strategy ProcessManigent Embedding Risk Appetite Within The Strategy Process
Manigent Embedding Risk Appetite Within The Strategy Process
 

Strategically+Speaking+October+2015

  • 1. How do you integrate strategy and risk management? In this series, Palladium asks expert strategy practitioners to share their experiences and opinions. We asked: In today’s globally connected eocnomies, organisations face growing strategic risk. Risk might come from many places: disrup- tive technologies, competition from suprising sources, local and global economic condi- tions and political change, amongst others. As the execution of any strategy requires some level of risk-taking, it could be argued that strategy and risk are flip sides of the same coin. How can organisations integrate strat- egy management and risk management to strengthen the likelihood of successful strat- egy execution? And how can organisations exploit positive opportunities from risk as well as mitigate the potential downside? Strategically Speaking October 2015 Copyright © 2015 Palladium
  • 2. 2 | Strategically Speaking October 2015 Copyright © 2015 Palladium Andrew Smart CEO, Manigent The mismanagement of strategic risk is the number one cause of shareholder value destruction, according to a 2012 study by Booz & Co. (now Strategy&). In the wake of the 2008/09 credit crisis, that finding is perhaps not surprising. What might be surprising is that Booz & Co. completed a similar study in 2004 in the wake of the scandals at Enron, Tyco and Worldcom that reached the same conclusion. Both of these studies focused on the companies that were the biggest losers of shareholder value over the previous ten years and sought to understand why. Out of the 1053 companies in the 2012 study, 103 had annualised returns relative to their respective industry benchmarks that were worse than negative 10%. The results of the study were unambiguous. When analysing the root cause of the destruction in shareholder value, strategic failures were identified a remarkable 81% of the time. In ap- proximately half the instances studied, the loss of value hap- pened gradually, over months and years; however in the other half, the loss of value happened very quickly, sometimes days and weeks. While there was a storm of new regulation post the scandals at Enron, etc., there has been an absolute tsunami of new regu- lation and regulatory change post the credit crisis. This has resulted in a significant increase in focus and attention paid to risk management. So why is it that with such a focus on risk management, the number one cause of shareholder value de- struction remains poor strategic risk management? One of the main reasons is that the risk agenda is shaped and driven primarily by governments and regulatory bodies, not by the board and the executive. Therefore, an organisation’s investment in risk is driven by regulatory demands and meeting the regulators’ expectations of the level of risk management re- quired by the firm rather than by the board and executive teams demanding improvements in risk management to enhance the ability of the firm to deliver its business plan and achieve its operational and strategic objectives. The argument that the risk management agenda is been driven by the regulatory agenda is supported by a recent whitepaper from CEB, a leading member-based advisory company whose membership includes 90% of the Fortune 500, 75% of the Dow Jones Asian Titans and 85% of the FTSE 100. CEB compared the likelihood of risk failures occurring by risk type to the time spent by executives and assurance/audit staff focused on each risk type. They found that while strategic risks were the most likely to lead to a significant decline in share- holder value (supporting the Booz & Co. findings), executives and the assurance/audit staff were spending most of their time on operational and financial reporting risk. CEB found that of the most significant risk failures that resulted in a drop in shareholder value, 86% were strategic risk failures, yet the firms spend only 6% of their time on these risks compared to 42% on operational risk and 39% on financial reporting risks. It is clear that the risk agenda in financial services and other sectors is been driven by meeting the demands of the regula- tor rather than meeting the demands of the business and its shareholders. Until this changes and there is a proper focus on strategic risk management and embedding risk into the strate- gic and operational decision-making processes, firms will con- tinue to experience surprises that cause massive destruction in shareholder value, loss of jobs and destruction of livelihoods, such as what is happening with Volkswagen right now.
  • 3. Strategically Speaking October 2015 | 3 Copyright © 2015 Palladium Robert Kaplan Marvin Bower Professor of Leadership Development, Emeritus, Harvard Business School Going back about eight years, when I first began to look closely at strategic risk, I thought that risk management would become a strategic theme that would appear on the Strategy Map, alongside other themes such as customer service management and operational excellence. I now advocate that risk should not be on a Strategy Map at all, be that as a theme, perspective or objective. The Balanced Scorecard, after all, is about managing and delivering performance, not mitigating risk. Risks (both threats and opportunities) impact each and ev- ery objective on a Strategy Map – financial and non-financial. Identified risks should be managed through a separate risk dashboard. For example, Infosys has a strategy focused on large contracts with large corporations. The concentration of revenues was identified as a significant strategic risk (a large account failure would show up on the income statement). The company identified a strategic risk indicator, credit default swap (CDS) rates, for its risk dashboard. If the CDS rate, the price for insuring against a client’s default, went outside a specified range, then mitigation steps could be taken to cope with the client’s increased risk. Strategic risk management was not explicitly considered when Dave Norton and I developed the XPP. It is now evident that it should be integrated into each of the six stages. During Stage 1, when the company develops and clarifies its strategy, it should also have the first risk discussion, including with the board. How risky are the strategies it is considering, and how much risk can or should the company take on? The Strategy Maps the company builds in Stage 2 are an ideal platform for identifying major risk events and ensuring funds to lower the likelihood of these risks materialising or to mitigate their impact if they should. Aligning the organisation at Stage 3 provides the ideal op- portunity to run risk workshops to gain insights from front-line employees as to the day-to-day risks they see the organisation facing. Engaging employees in risk identification and subse- quent mitigation is also a powerful mechanism for creating a risk-aware culture and for getting the message across that management cares about risk as well as returns. At Stage 4 (plan the operations), we create the risk dashboards that provide early warning signs about trends in risk likelihoods, and at Stage 5 we monitor and review these dashboards and the progress of the investments made to mitigate risk. During Stage 6 (monitor and learn), managers can run war games and conduct scenario analysis to identify external risks to the strategy and decide on the required mitigation plans. I also advocate for a risk office that is separate from the strat- egy office. Risk management requires different skill sets and tools than strategy management. The two have an inherent and unresolvable tension between them: one concentrates effort to maximise positive impact, one diversifies to minimise negative impact. With good data and insights from both strategy and risk officers, the executive team can then make informed decision about how much risk they are willing to take in their strategy implementation efforts and how much to spend on strategy execution and risk management. With a deep knowledge of the performance/risk dynamic, managers might even take on more risk than their competitors – knowing that their risks are visible, that they are tracked through the strategic management system and that the limit of the risk taking is understood. In this way risk management becomes another tool for competitive advantage: as much about saying yes as saying no.
  • 4. 4 | Strategically Speaking October 2015 Copyright © 2015 Palladium Frédéric Desitter Director of Enterprise Risk Management, Sidra Medical Center, Qatar Enterprise Risk Management (ERM) is often defined as the process initiated to strengthen the likelihood of achieving the strategic objectives of the organisation by putting in place the proper approach and tools to anticipate and treat poten- tial threats. From this simple definition it is clear that to jointly deliver value to the organisation, risk management and strategy should be closely related and intertwined amongst the corpo- rate governance processes. So how can organisational leaders benefit from the synergies that clearly exist between ERM and strategy? ERM will naturally contribute to the successful implementation of the strategy by helping to anticipate the pitfalls that could prevent things from happening as planned, especially if ERM, as it should do, helps management to think outside the box and puts the stress on emerging risks. Furthermore, ERM can and should influence the strategy of the organisation by providing some keys to reading the future and therefore contributing to the definition of the strategic objectives of the organisation. Risks and opportunities are often two sides of the same coin, and knowing the risks will put the organisation in a position to turn some of these risks into real strategic opportunities. Risk is often mistakenly understood as “only” managing the downside. An example often given is Kodak, which missed the chance of properly turning the risk of the digital photography revolution into a strategic opportunity by not engaging early in these new technologies. Given Kodak’s role in establishing digital technol- ogy, this oversight is particularly poor management of the op- portunities provided by risk. A smarter approach is to design some strategic objectives around the strategic or emerging risks, to mitigate them where they should and to turn them into opportunities where they can. By taking this approach, risk, which is often seen as a con- straint, transforms into a powerful source of leverage to instigate change and better control the future. Strategy is a proactive approach to anticipating and potentially influencing the future. By helping to better know and understand the unknown, ERM helps make the right choices. Of course, there is still a remaining level of uncertainty attached to the success of the strategy of an organisation, even while implementing ERM appropriately. No strategy is assured of success. However, my experience shows that the organisation has a significantly improved chance of going where it wants to go (the strategy) with the guiding light of ERM – dim though that light may be – than it does in the dark.
  • 5. Strategically Speaking October 2015 | 5 Copyright © 2015 Palladium Steve Suleski SVP, Chief Governance and Compliance Officer, CUNA Mutual Group The realisation of extreme risk is generally associated in the business world with catastrophe – the destruction of great value, the failure of a once-robust business, the disintegration of a well-known brand or company. Understandably, the focus of an enterprise’s risk management programme has tradition- ally been on these downside risks. Now, however, the use of a broad-based risk management programme can be turned to the plus-side of business endeavours: to manage and balance the risks associated with a new or existing corporate strategy. By applying the discipline and methodology of a mature enter- prise risk management system to strategic objectives, a com- pany not only is able to understand threats to the realisation of its strategy, but it can also allocate or re-allocate its capital and risk budgets to take advantage of additional strategic opportuni- ties. Using and monitoring key risk indicators (KRIs) allows for a real-time view of how and how fast risks are developing, mov- ing, dissipating, etc. across the entire spectrum of a company’s strategic horizon. Clear and actionable strategic risk informa- tion allows senior management and business line leaders to make better judgments about adjustments to approach, levels of investment and risk-sharing opportunities impacting various components of a company’s strategy. A key part of any strategic risk management programme is join- ing periodic discussions about strategic progress with updated analysis of the existing risk environment impacting that progress. Only then can company leaders make adjustments and take advantage of the opportunities that changes to the risk environ- ment suggest. And that’s the quickest way to add the strategic, upside dimension to enterprise risk management’s charter – a dimension that may not be more important than ERM’s tradition- al focus on downside risk but is certainly much more uplifting and rewarding.
  • 6. 6 | Strategically Speaking October 2015 Copyright © 2015 Palladium Kevin Shelton Strategy Management Practitioner, Public Transport Sector, UK Linking strategy development, strategy execution and risk man- agement is essential when you’re in the business of delivering infrastructure railway projects safely, on time and to budget in an industry requiring by-the-minute punctuality. Infrastructure managers that are state funded or owned usually have their capital expenditure delivery outputs set in strategic plans that are monitored by industry/government regulators on behalf of the public. In the case of UK railways, the plans are developed through a process that is subject to statutory requirements, involving government and industry stakeholder consultation on a five-year planning cycle. Developing and delivering strategic plans at this level is vitally important, as national and regional connectivity stimulates economic growth. Once agreed, the strategic plans to improve the railway go on to become a portfolio of programmes and projects, which local, national and international stakeholders count on to develop their own activities. Capital expenditure on UK heavy railway infrastructure, which excludes the underground and other metro rail operations, is in the region of £5bn per year; this figure excludes the costs of rolling stock. In round numbers, £5bn per year is equivalent to completing one Olympic stadium every month; however, in real- ity there are a multiplicity of projects, varying in size, scale and complexity, spread across the network. To add to the challenge, the majority of these are delivered on a live operational network that is used daily and can only be ac- cessed for short intervals, usually at night or during weekends. Regardless of the size and scale of the individual projects, the basic questions asked are the same across the portfolio, e.g., Is it safe? How much will it cost? Will it be finished on time? What are the risks? Is it value for money? What is the level of certainty on costs and delivery dates? And, once certainty levels are introduced, that brings risk management to the forefront of discussion, with completion schedules, forecast cost data and contingencies being subject to reviews, which are informed by performance to date. Plans are reviewed and updated frequently to ensure that all risks are covered and opportunities identified to further im- prove performance. From time to time plans have to be updated through formal change control and agreed with the regulator. The intensity of the reviews increases as the projects progress from development into delivery; particularly where construction is taking place on, or adjacent to, the live railway. Significant effort goes into ensuring that plans can be delivered safely, given all the constraints associated with working on a live system. The accountability for the safe, on time delivery of projects is very real across all levels in the hierarchy. These and many other factors help to make Britain’s railways amongst the safest in Europe; this requires planning, managing risk, look- ing for opportunity and focusing on safe delivery from the very beginning.
  • 7. Strategically Speaking October 2015 | 7 Copyright © 2015 Palladium Moataz Hussein Senior Consultant, Program & Strategy Management, OPM Consulting An organisation’s approach to integrating strategy and risk man- agement is driven by both the nature of the organisation itself and the environment it operates within. Here are six common factors affecting organisational ability to achieve integration. 1. Enterprise Risk Management is not a luxury… It’s a matter of survival. Improving Enterprise Risk Manage- ment (ERM) maturity, building the correct risk management culture and instilling key values across the organisation will lay the foundations for success. ERM should: • Be an independent, empowered function that is also embedded within all areas of the organization. • Ensure the corporate appetite for risk is clearly identified and matched by its own ability to manage those risks. • Ensure risk triggers and risk responses are identified to maximise exploitation of opportunities and mitigation of threats. • Be subject to ongoing review and improvement. 2. Question your assumptions. A rapidly changing environ- ment requires a responsive organisation. Businesses are often held back by what I term “strategitis,” where the man- agement resolutely refuses to accept that their practices are no longer relevant to the changing operational environment. Living in a state of denial increases contagion of the risk (risk exposure). “Strategitis” ensures the propagation of bad practises by masking the organisation’s “immune response” thereby thwarting implementation of a revised strategy rel- evant to the prevailing business landscape. 3. Anything that can go wrong will go wrong…are you ready? Planning for “what ifs” is mandatory. Having a plan B, exploitation or exit strategy prepared ensures knee-jerk decisions will not compromise long term strategic goals. If you are too busy to proactively manage risks today, you will be too busy managing crises tomorrow. The impact of the negatives that we don’t know could be much more signifi- cant than the positives that we do know. War-gaming and scenario planning can be valuable tools here. 4. Do it top-down but do it right. Simply reporting opera- tional risks from each organisational unit to the OSM can distract attention from the bigger, strategic risk picture. Risk must be viewed at the strategic level and operational risks must also be considered within the strategic context. Some risks will require detailed assessment at the operational level. The output of this review should then be reassessed at the strategic level. 5. It’s all about risk appetite. Risk appetite shapes the organisational strategy, so it should always be considered first. Unfortunately most of the organisations that have a low level of ERM maturity also have no defined or widely com- municated risk appetite. Conflicting attitudes towards risk by senior and middle management will compromise overall strategic objectives. Risk appetite simply dictates the DOs and DON’Ts in the day-to-day business as well as over the long term. 6. Measure – do not count. Albert Einstein famously warned, “Not everything that counts can be counted, and not ev- erything that can be counted counts.” Gathering the right information (that counts) and using the right metrics is not easy, so available information tends to be gathered and easy metrics (that can be counted) are used instead. This leads to ineffective measurement of risk. Moreover, there’s a pervasive failure to understand that decision-making sup- port is the real objective of the risk function, not simply data gathering and reporting. A strategic aim that was appropriate in the past may not be appropriate now, so recognise that change is inevitable and be ready to adapt. Clearly communicated policies on risk sup- ported by relevant and timely data to facilitate decisions will also help ensure that the organisation’s strategic goals are met, even in a rapidly changing operational environment.
  • 8. 8 | Strategically Speaking October 2015 Copyright © 2015 Palladium James Creelman Director, Research and Intellectual Property, Palladium If Peter Drucker were speaking today, he’d likely say, “Culture eats strategy for breakfast and risk for lunch.” With strategy and risk being two sides of the same coin (an organisation can- not implement strategy without taking some measure of risk, and the more ambitious the strategy the higher the risk), they are subject to the same derailing forces, of which culture is the most prevailing. Culture is perhaps the ultimate strategy and risk management tool: get the culture right and objectives will more likely be achieved and risk managed. Get the culture wrong and failure will be just about inevitable. Simply put, culture is a substantial determinant of whether a firm is able successfully to execute its strategy within its defined risk appetite (the amount of risk an organisation is willing to take and must take in pursuit of its strategic objectives). In my co-authored book Risk-Based Performance Management: Integrating strategy and risk management, we use the term “strat- egy-focused, risk-aware culture” to describe a culture with the dexterity to remain focused on delivering objectives while scan- ning broadly to identify threats and opportunities that may help or hinder the achievement of those objectives. We identified six characteristics of a strategy-focused, risk-aware culture: 1. Driven by a compelling vision. Central to a strategy- focused, risk-aware culture is a compelling organisational vision that the board, executive and front-line staff under- stand, are engaged in and focused on achieving – a vision that unites the organisation, providing direction when set- ting objectives at an organisational and personal level. 2. Shaped by a clear set of values. Establishing a strong set of values binds the organisation together in their pursuit of their vision and objectives. It also influences the organisa- tional attitude to risk and creates an environment in which those individuals that don’t fit the culture leave. 3. Led with integrity. Leaders must demonstrate their com- mitment to the vision and values through their actions. They must also demonstrate commitment to balancing risk and reward and “operating within appetite.” 4. Risk-taking aligned to strategy. The alignment of risk- taking to strategy is a central part of “the way we do things around here.” This is a culture that actively sets and contin- uously reviews its strategy and key risks with the question: Is the amount of risk we are currently running enough, not enough or too much to achieve our strategy? 5. Established clear accountabilities. This is about having a clearly defined organisational and governance structure that assigns accountability for policies, procedures and the various governance and compliance obligations to the most appropriate committee and individuals and has named em- ployees held accountable for achieving specific objectives and managing specific risks. 6. Incentives are aligned to appetite. Typical incentive structures are defined rather narrowly on hitting specific performance-related targets without factoring in the amount of risk taken to achieve those targets. Incentive packages should be designed so that they align to the organisational risk appetite. They balance and clearly define the targets that are to be achieved and the level of risk to be taken. When a strategy-focused, risk-aware culture is in place, or- ganisations view risk as a powerful tool for exploiting strategic opportunities. They know the boundaries (the appetite) in which appropriate risk-taking takes place and know that strategic risk management is not only about stopping bad things happening, but about using risk levers to beat the competition.
  • 9. Palladium believes in the impact economy, an ecosystem of commercial, government and social interests that fundamentally re-define sustainable value. With our world- class intellectual property, purposeful innovation and proven, time-tested know-how, clients in more than 90 countries have dramatically improved stakeholder engagement to create enduring positive outcomes, both financial and social. Our clients’ success in the impact economy is supported by one or more of the follow- ing four pillars: • International Development with an emphasis on increasing the performance and outcomes in health, economic development, education, governance and the envi- ronment; • Strategy Execution Consulting to enable order-of-magnitude improvements in both private and public sectors through a framework that translates strategy into action; • Research, Professional Development and Training to encourage boundary-break- ing thought leadership buttressed by a powerful knowledge transfer engine that equips clients and partners with necessary skills; and • Impact Investing to re-imagine innovative ways to finance impact economy initia- tives for optimum financial and social results. With our collective expertise and abiding commitment to exceeding clients’ objectives, Palladium transforms lives, businesses, governments and societies around the world. www.thepalladiumgroup.com