The document discusses how risk appetite should be embedded within an organization's strategy process. It describes how risk appetite impacts and should be considered at each stage of strategy formulation, setting, and execution. Specifically, it states that risk appetite should guide strategic option evaluation and play a key role in defining objectives and risks. Organizations should also define risk appetite across multiple time horizons and risk dimensions. Key business drivers can then be used to frame how the organization assesses and aligns risk exposure with its strategic objectives and defined risk appetite.
This presentation focuses on the principles and practicalities of establishing a working risk appetite statement supported by risk limits and tolerances.
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton
Grant Thornton's inaugural market study on risk appetite. The Risk Appetite study, the first of its kind, canvassed the views of 43 chief executive officers and managing directors from leading London insurers to define current maturity of practice, answering some of the common questions coming out of the market. Our intention is to conduct this study periodically; monitoring overall progress and trends across the market in relation to risk appetite.
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS - Firm-wide Risk Control & Methodology) voor het Zanders Risicomanagement Seminar 1 november 2012
A good risk appetite implementation process leverages existing practices, represents the aggregate view of risk across all lines of business and risk categories, and creates a dynamic structure that allows for internal and external changes in risk. Learn more about the 10 aspects of a robust and evolving risk appetite framework in this excerpt from the Credit Risk Management Audio Conference Series.
This presentation focuses on the principles and practicalities of establishing a working risk appetite statement supported by risk limits and tolerances.
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton
Grant Thornton's inaugural market study on risk appetite. The Risk Appetite study, the first of its kind, canvassed the views of 43 chief executive officers and managing directors from leading London insurers to define current maturity of practice, answering some of the common questions coming out of the market. Our intention is to conduct this study periodically; monitoring overall progress and trends across the market in relation to risk appetite.
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS - Firm-wide Risk Control & Methodology) voor het Zanders Risicomanagement Seminar 1 november 2012
A good risk appetite implementation process leverages existing practices, represents the aggregate view of risk across all lines of business and risk categories, and creates a dynamic structure that allows for internal and external changes in risk. Learn more about the 10 aspects of a robust and evolving risk appetite framework in this excerpt from the Credit Risk Management Audio Conference Series.
Research that pinpoints a correlation between the earnings stability of large multinational corporations and their ability to manage physical plant and other property-related risks
Revista PM Network - junho de 2012.
Artigo Talking Points, Risk by Denene Brox na qual nosso consultor Fábio Pitorri foi citado por ter desenvolvido um plano de gerenciamento de riscos voltado para executivos.
M_o_R is intended to help organisations put in place an effective framework for risk management. This will help them make informed decisions about the risks that affect their strategic, programme, project and operational objectives. The guide provides a route map for risk management, bringing together basic concepts, an approach, a process with a set of interrelated process steps, and pointers to more detailed sources of advice on risk management techniques and specialisms. It also provides advice on how the principles, approach and processes should be embedded, reviewed and applied differently depending on the nature of the objectives at risk.
This three day Management of Risk (M_o_R) course is designed to illustrate this best practice framework and give candidates an understanding of risk as it should be managed across an organisation. Within project and programme environments there will always be risk which needs to be identified, analysed and managed. Other areas of an organisation will also be exposed to risks as operational functions are carried out. M_o_R provides guidance on how best to deal with all these areas.
The Guide has been written by leading industry experts and is part of the ‘Swirl’ set of best practices managed by AXELOS, which includes ITIL, PRINCE2 & MSP methodologies. This training event is designed to prepare candidates to manage risks in a controlled and structured way by examining the M_o_R guide. Examinations are available during the event for candidates to achieve the Foundation level certification.
Syzygal is a globally Accredited Training Organisation and Accredited Courseware Provider for the M_o_R education & certification program. We are accredited by the following Examination Institutes: APMG, EXIN, Loyalist and PEOPLECERT.
Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies
Successfully Managing Emergency Operations in a Distributed EnvironmentMissionMode
Many organizations treat a crisis as a series of tactical issues affecting operational silos, rather than reviewing the needs of the crisis response at the organizational and strategic level.
Trying to fit a crisis response into existing organizational boundaries and operations can be like hammering a square peg into a round hole. Organizations need a strategic view of crisis management that encompasses the whole enterprise.
The authors of this white paper examine how to create that strategic view while reducing threats and deriving value from the distributed nature of the organization.
Topics include:
• Selling the program
• Organizing the structure
• Program Flexibility
• Making a Crisis Mundane
Optimizing Rewards for Business Results and Greater Employee EngagementTowers Perrin
This presentation provides insights into how the financial crisis has shifted the primary drivers of attraction, retention and engagement in the health care industry. It also explores a model for the employment relationship that takes into account not just big-ticket items like pay and benefits, but also relational rewards like career development and special assignments.
Research that pinpoints a correlation between the earnings stability of large multinational corporations and their ability to manage physical plant and other property-related risks
Revista PM Network - junho de 2012.
Artigo Talking Points, Risk by Denene Brox na qual nosso consultor Fábio Pitorri foi citado por ter desenvolvido um plano de gerenciamento de riscos voltado para executivos.
M_o_R is intended to help organisations put in place an effective framework for risk management. This will help them make informed decisions about the risks that affect their strategic, programme, project and operational objectives. The guide provides a route map for risk management, bringing together basic concepts, an approach, a process with a set of interrelated process steps, and pointers to more detailed sources of advice on risk management techniques and specialisms. It also provides advice on how the principles, approach and processes should be embedded, reviewed and applied differently depending on the nature of the objectives at risk.
This three day Management of Risk (M_o_R) course is designed to illustrate this best practice framework and give candidates an understanding of risk as it should be managed across an organisation. Within project and programme environments there will always be risk which needs to be identified, analysed and managed. Other areas of an organisation will also be exposed to risks as operational functions are carried out. M_o_R provides guidance on how best to deal with all these areas.
The Guide has been written by leading industry experts and is part of the ‘Swirl’ set of best practices managed by AXELOS, which includes ITIL, PRINCE2 & MSP methodologies. This training event is designed to prepare candidates to manage risks in a controlled and structured way by examining the M_o_R guide. Examinations are available during the event for candidates to achieve the Foundation level certification.
Syzygal is a globally Accredited Training Organisation and Accredited Courseware Provider for the M_o_R education & certification program. We are accredited by the following Examination Institutes: APMG, EXIN, Loyalist and PEOPLECERT.
Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies
Successfully Managing Emergency Operations in a Distributed EnvironmentMissionMode
Many organizations treat a crisis as a series of tactical issues affecting operational silos, rather than reviewing the needs of the crisis response at the organizational and strategic level.
Trying to fit a crisis response into existing organizational boundaries and operations can be like hammering a square peg into a round hole. Organizations need a strategic view of crisis management that encompasses the whole enterprise.
The authors of this white paper examine how to create that strategic view while reducing threats and deriving value from the distributed nature of the organization.
Topics include:
• Selling the program
• Organizing the structure
• Program Flexibility
• Making a Crisis Mundane
Optimizing Rewards for Business Results and Greater Employee EngagementTowers Perrin
This presentation provides insights into how the financial crisis has shifted the primary drivers of attraction, retention and engagement in the health care industry. It also explores a model for the employment relationship that takes into account not just big-ticket items like pay and benefits, but also relational rewards like career development and special assignments.
Moving From Scorecards To Strategic ManagementWynyard Group
In their recent book “Strategy Maps”, Robert Kaplan and David Norton stated that “73 percent of companies achieving outstanding performance clearly communicate their strategy and strategic measures, whereas only 28 percent of the underperformers take such an action.”
What is becoming more evident is that there far more to performance management than just technology or implementing scorecards. This session will take you through the various steps you can take to transform your organisation and achieve outstanding performance. This session will show how you can implement a performance management system that is aligned to your organisation’s strategic direction
• Why implementing scorecards is not “strategic management”
• What are the steps involved in moving from a scorecard application to an enterprise strategic performance management system.
• Help take your performance management system to the next level
Financial and operational Performance Management John Berry
This is an overview of the Financial performance management solution from IBM. These slide goes through why IBM is different and what are some challenges that are faced by different clients. We also show a list of clients that are already using these solutions.
Simplifying the Complex Enterprise Performance Management MarketPack22
This presentation overviews the enterprise performance management (EPM) market and describes a new approach for realizing key strategies using better EPM software.
Integrating Risk into your Balanced Scorecard Andrew Smart
Pulling together into a single framework the two separate disciplines of strategy management and risk management, and how it is possible to integrate it with Balanced Scorecard. This presentation provides a practical guide for organizations to shape and execute sustainable strategies with full understanding of how much risk they are willing to accept in pursuit of strategic goals.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
How does Operational Risk Management fit into an organization's Strategic Planning? This presentation attempts to provide a functional and implementable response.
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
DISUSSION-1
RE: Chapter 15: Embedding ERM into Strategic Planning at the City of Edmonton
COLLAPSE
Top of Form
The two strategic processes
The two strategic processes which are tightly connected to ERM in the current scenario of Edmonton City ERM implementation are:
Results based budgeting and Performance measurement.
Results based budgeting (RBB):
ERM helps organizations to allocate the resources based on the requirement for completing the tasks and to produce the desired output. The RBB assists to determine the funding allocation requirements which are mandatory to fulfill the strategic objectives of organization. This budget formulation is performed based on predefined objectives such as priority, resource availability and expected results etc. here the expected results represents the desired outputs which organization expects to meet its strategic goals. In simple words the Results-based budgeting is about emphasizing performance and accountability.
Performance measurement:
The continuous performance measurement helps organizations to drive the progress in risk mitigation and it provides insights where additional attention is required. The Key performance indicators (KPIs) can be used to measure the effectiveness of risk management activities. The Performance measurement in ERM sends the list of desired outcomes to RBB and receives list of prioritized programs and costs to ensure ERM works at its full potential (Fraser, J., Simkins, B. J., & Narvaez, K., 2015).
Two criteria’s must be balanced in a successful ERM model
The two criteria are model power and user-friendliness. The powerful model can provide large amount of information and lets the organization to compare the results and risks, effectiveness’ of current program and impact of future initiatives. The user friendliness program helps to easily add information, add new features and easy to understand by the user with simple steps. The user friendliness also includes if needed some unnecessary steps could also be removed without losing model robustness (Fraser, J., Simkins, B. J., & Narvaez, K., 2015).
Thank you
References
Fraser, J., Simkins, B. J., & Narvaez, K. (2015). Implementing enterprise risk management: Case studies and best practices. Hoboken: Wiley.
Bottom of Form
DISCUSSION-2
1. What the other strategic processes are closely tied to ERM?
The strategic processes may have success strategy which is linked to the command of risk and organization understanding. The selection of strategy is an exercise of high-stakes. Approx. 80% of the underperformer may against the industry who have lost their wat over the prior 10 years because of blunder who are strategic and the business and strategy magazine. It may blame on failure on operations errors and the external event or compliance fault.
2. What are three kinds of risks are identified within the city of Edmonton?
There may be three risks which may involve avoidance or risk termination, tolerance or acceptance of ...
This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management (IRM).
Furthermore, the group looked for the perspectives and assessments of a large number of other expert bodies with interests in risk the executives, during a broad time of meeting.
Having trouble with your enterprise risk management strategy? Map it.Andrew Smart
In 2016, it was estimated that 67% of well-formulated strategies failed due to poor execution and 1 in 3 business leaders rate their firm as poor or very poor at the implementation of strategy.
Like business strategy, the risk management strategy presents execution challenges for the CRO and Risk Management teams.
Paraphrasing the original article that introduced the Strategy Map, in the presentation, Ascendore CEO outlines how the Strategy Map can be used as part of an overall strategy management system to improve the execution of the risk management strategy. This presentation is based on an Ascendore customers use of the Strategy Map for Operational Risk Management.
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
Embedding RCSA into Strategic Planning and Business Strategy
This presentation was prepared for the New Generation Operational Risk: Risk Culture and Business Conduct Behaviour conference in Helsinki, Finland.
In this presentation, Ascendore CEO, Andrew Smart outlines how to integrate Risk & Control Self Assessment into the Strategic Planning and Business Strategy.
Based on the Risk-Based Performance Management approach, during this presentation an integrated approach to strategy and risk management is outlined, with risk appetite playing a central role.
Enabling Cyber Risk Management- Many of the fines issued by the FCA over the past few years can be attributed to poor information management. The threats from external cyber-attack and malicious insiders are escalating, with your corporate and client information being the primary target of the cyber criminals. The legal requirement on UK businesses will evolve with the proposed EU data protection regulation likely to come into force next year. It is therefore critical to implement robust information risk management. This recorded webinar will discuss the risks and highlight some practical steps to develop and integrate information risks into your ERM.
Managing Information Risk in Financial Services Andrew Smart
Managing Information Risk in Financial Services Webinar Feb 26th 2014
presented by Colin Lobley
http://manigent.com/uk.linkedin.com/pub/colin-lobley/2/7/563
Many of the fines issued by the FCA over the past few years can be attributed to poor information management. The threats from external cyber-attack and malicious insiders are escalating, with your corporate and client information being the primary target of the cyber criminals. The legal requirement on UK businesses will evolve with the proposed EU data protection regulation likely to come into force next year. It is therefore critical to implement robust information risk management.
Watch the full presentation Video on Youtube: http://youtu.be/775wFMtG2oE
Feb 19th 2014 "Enabling Effective Conduct Risk"
Webinar 10:00-11:00 GMT
Focusing on the FCA and the Conduct Risk agenda, in this webinar, "Enabling Effective Conduct Risk", StratexSystems will demonstrate how firms can effectively manage conduct risk by taking an integrated approach to strategy and risk management, and how the StratexPoint solution can support firms as they seek to meet the challenges of conduct risk and engage effectively with the new regulator around this agenda.
During the webinar, StratexSystems will outline:
‘The Seven Key Challenges of Conduct Risk Management’;
Managing and embedding Governance into the business
Definition and embedding the Business Model
Definition and execution of the Business Strategy with customers at its heart
Enabling & embedding Conduct Risk specific processes
Process Management, and specifically New Product Development
Product level performance and risk management
Conduct incident reporting and analysis
StratexSystems will demonstrate during the webinar that Enabling Effective Conduct Risk Management is not about throwing everything that one currently does away and starting afresh but rather building on existing strategy execution and risk management processes and tools.
Additionally, during the webinar we will demonstrate that if firms approach Conduct Risk from the right perspective, they can generate significant value, beyond simply satisfying a regulatory compliance demand.
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.
• The balanced scorecard and risk management approaches have evolved as silo processes over approximately 20 years – an approach that integrates both is a natural evolution.
• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
Integrating Strategy and Risk ManagementAndrew Smart
"A Holistic Approach to Managing Risk amidst Global Uncertainty"
The RMA/Cass Business School
10–14 February 2013
Advanced Risk Management Programme
Organised by Andrew Smart & Nicholas Hawke
In today’s fast-moving, complex environment, risk executives must cultivate an understanding across all risks and businesses. Business problems are multifaceted, interrelated, and increasingly global. Executives must possess enhanced skills to identify and address a wide range of risks with an integrated approach and enterprise-wide perspective.
The RMA/Cass Advanced Risk Management Programme, led by the faculty at Cass, one of the UK’s top business schools, exposes participants to a rigorous, yet inspiring blend of theory, practice and cutting-edge research, instilling knowledge and skills applicable to the real world of global business. In addition to its focus on the known and quantifiable risks of credit, market, and operational, the programme concentrates on the unknowable and difficult to measure risks, including business, strategic, and reputation. Cass has excellent links to the City of London firms and institutions and is able to complement Cass faculty with guest faculty and senior level business practitioners, considered by their peers to be industry thought leaders
Areas of focus for The RMA/Cass Advanced Risk Management Programme include:
• Risk management as a strategic competitive strength
• An integrated approach to risk management
• Fostering a culture and climate that openly communicates risk
• A framework for rapidly responding to known risks and unraveling the complexities of the unknown
• A focus on risk informed by global perspectives.
Making Conduct Risk [Good] Business As UsualAndrew Smart
Andrew Smart sought to de-mistify some of the market perceptions about Conduct Risk Management and show how to make Conduct Risk Business As Usual. He showed that Conduct Risk Management should not be regarded as a new management framework or process, rather it should be embedded within the business strategy and operational processes.
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
Governance, Culture & Incentives. -Fundamentals of Operational Risk. This presentation provides some practical tools to answer three key questions and create alignment.
StratexPoint is an integrated strategy execution and risk management solution built on Microsoft SharePoint.
StratexPoint enables organisations to clarify their strategic objectives, align their risk appetite and manage their key risks to enable the sustainable execution of their strategy.
Shaping Your Culture via Risk Appetite Andrew Smart
Andrew Smart will briefly explain risk appetite and how it can be linked into the overall strategy and risk management process of an organisation. He will then go on to clarify how Risk Appetite statements work alongside Vision statements; creating the right ‘tone from the top’, and how that can be cascaded through the organisation in the form of Risk Tolerances and KRI's. The webinar will conclude with a demonstration of how to enable and embed change, leveraging your SharePoint investment.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
A practical approach to defining indicators within an integrated ERM Framework
Workshop Overview
Many organisations have made considerable progress in the area of enterprise and operational risk management since the financial crisis in 2007/2008. However events over the last few years have demonstrated, and continue to demonstrate the need to make improvements in organisational risk management capabilities and tools.
One area of weakness and, particular challenge for many organisations is around indictors, specifically developing and managing with Key Risk indicators (KRIs). KRIs have a vital role to play in monitoring and managing risk exposure within any organisation, and should be developed and deployed in the context of a wider indicator suite which includes Key Performance Indicators (KPIs) and Key Control Indicators (KCIs).
Workshop Objective
This interactive workshop provided attendees with a deep understanding of developing and managing with Key Risk Indicators. We started by providing an overarching management framework which integrated strategy execution and risk management. We then moved on to clarify the role of KRIs, alongside KPIs and KCIs.
Using a combination of presentations and practical examples, we were able to:
Learn how to define robust suite of indicators, including the different between Leading and Lagging, and Financial and Non-Financial indicators
Understand how to use a well-structured risk definition to guide the definition of KRIs
Understand the relationship between risk appetite and KRIs, and however Risk Appetite should influence the definition of KRIs
Understand the role KRIs play in scenario analysis
Understand the role of KRIs in the risk assessment process
Understand the role of KRIs within the risk, regulatory and management reporting
Who Attended:
CROs, Directors, General Managers, Senior Management and Managers of: Operations, Operational Risk Management, Enterprise Risk Management, Internal Audit, Compliance, Operational Risk, Strategy and Performance.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
The regulatory landscape for the UK Financial Services industry has undergone a fundamental change with the Financial Services Authority (FSA) splitting into two new regulatory bodies; the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA).
Focusing on the FCA and the Conduct Risk agenda, in this webinar, "Enabling Effective Conduct Risk", Andrew Smart demonstrates how firms can effectively manage conduct risk by taking an integrated approach to strategy and risk management, and how the StratexPoint solution can support firms as they seek to meet the challenges of conduct risk and engage effectively with the new regulator around this agenda.
During the webinar, Andrew outlines:
'The Seven Key Challenges of Conduct Risk Management';
1. Managing and embedding Governance into the business
2. Definition and embedding the Business Model
3. Definition and execution of the Business Strategy with customers at its heart
4. Enabling & embedding Conduct Risk specific processes
5. Process Management, and specifically New Product Development
6. Product level performance and risk management
7. Conduct incident reporting and analysis
Andrew demonstrates during the webinar that Enabling Effective Conduct Risk Management is not about throwing everything that one currently does away and starting afresh but rather building on existing strategy execution and risk management processes and tools.
This presentations tells the story of the Risk-led transformation that HML has undertaken over the last 18 months. It outlines some of the key challenges, how they were overcome and the benefits delivered.
2. SummAry 3
Table of
Introduction: Defining Risk Appetite 4
Contents
Risk Appetite and the Strategy Process 5
Strategy formulation 5
Role of Risk Appetite in Strategy Formulation 7
Strategy Setting 9
Role of Risk Appetite in Strategy Setting 10
Strategy Execution 12
Role of Risk Appetite in Strategy Exectuion 12
CONCLUSION 15
About the authors 15
Andrew Smart 15
James Creelman 15
2 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
3. Summary
Risk appetite is the amount and type of risk that an organization is willing to accept, and must
take, to achieve its strategic objectives and therefore create value for shareholders and other
stakeholders. Core to this definition is that risk is not just about managing potential threats but
about exploiting opportunities. Risk appetite impacts all stages of an organization’s strategy
process: formulation, setting and execution.
In formulation, organizations should go further leaders should deliver a clear articulation of the risk
than standard SWOT-type analyses and identify/ appetite and key risks associated with the chosen set
review business drivers (those vital few factors of objectives.
that disproportionally influence the success or
During strategy execution the organization
otherwise of the business or industry) and consider
implements performance and risk management
their business model (how they create, deliver and
processes to ensure that it successfully deliver
capture value).
on the set of agreed objectives while managing
At the formulation stage, risk appetite should play the risks within appetite. At this stage, risk
a key role in strategic options evaluation and the appetite provides the boundaries within which the
decision-making processes around which option(s) organization can execute strategy and provides a
the organization will pursue. The board and mechanism for the alignment of risk taking to the
the executive team should jointly craft a shared strategy.
understanding of the organization’s risk appetite.
An Appetite Alignment Matrix is a simple, visual
In strategy setting, an organization translates way of understanding alignment between the
strategies into a specific set of strategic objectives current level of risk taking based on enterprise-wide
which the organization will seek to achieve over risk assessments and the strategy as expressed by
a specified time horizon. As well as creating a taking an aggregated view of the risk appetite levels
Strategy Map and supporting set of performance assigned to each strategic objective.
indicators, targets and initiatives, organizational
3 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
4. Introduction: Defining Risk Appetite
Since the 2008 credit crunch and in the face of a new set of regulatory demands, from Basel
3, Solvency 2, Dodds-Frank, and potentially catastrophic economic conditions in the US and
Eurozone, risk management has been a much talked about topic.
Within these conversations much emphasis has turn influences the entity’s culture and operating
been placed on risk appetite (that is, how much style. Secondly, COSO establishes the link between
risk an organization is willing to take in pursuit of appetite and strategy, stating explicitly: risk appetite
its business goals). However, what is less broadly is directly related to an entity’s strategy.
discussed or understood is how to properly and
The Risk Management Code of Practice from the
systematically embed risk appetite into strategic
British Standards institution, BS31100:2008 defines
and operational processes. How, for example, can
risk appetite as the amount and type of risk that an
the efficacious management of risk appetite lead
organization is prepared to seek, accept or tolerate.
to better strategic decision-making and subsequent
This standard also relates appetite to strategy and
value creation for shareholders (many of whom
governance stating: considering and setting a risk
are, thanks to the credit crunch, somewhat “risk
appetite enables an organization to increase its
averse,”) and other stakeholders. The integration of
rewards by optimizing risk taking and accepting
risk appetite into strategic and operational processes
calculated risks within an appropriate level of
is critical to successful strategy execution and is
authority.
explained in this paper.
Manigent provides a slightly broader definition of
First though, let’s define risk appetite. The
risk appetite as: the amount and type of risk that
Committee of Sponsoring Organizations of the
an organization is willing to accept, and must take,
Treadway Commission’s (COSO) Enterprise Risk
to achieve their strategic objectives and therefore
Management – an Integrated Framework, 2004
create value for shareholders and other stakeholders.
defines risk appetite as the amount of risk, on a
Core to this definition is that risk is not just about
broad level; an entity is willing to accept in pursuit
managing potential threats, but about exploiting
of value. COSO makes two key points related to
opportunities. Risk has upsides as well as downsides,
appetite. Firstly, it states that [risk appetite] reflects
as we explain later.
the entity’s risk management philosophy, and in
4 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
5. Risk Appetite and the Strategy Process
Risk appetite impacts all stages of an organization’s strategy process and is therefore a core
determinant of whether or not an organization succeeds in delivering its strategic vision and
goals. Figure 1 shows a typical strategy process, broken into three distinct stages (each of which
we consider in detail below alongside the role of risk appetite at that phase): 1) formulation, 2)
setting and 3) execution.
Strategy Formulation
The strategy
process Identify strengths & Business Goals Identify threats &
weaknesses opportunities
Internal Analysis External Analysis
FORMULATION
Is our business Is our business
model fit for Business Drivers model fit for
the purpose? the purpose?
Appetite
Business Model
Business Objectives
SETTINGS
Appetite
Are we on-track Strategy
Management Are we operating within
to deliver? appetite?
Performance Appetite
Risk Management
EXECUTION
Management Alignment
Compliance
manage strengths & manage threats &
weaknesses opportunities
Initiative
Management
5 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
6. During the strategy formulation stage an their business model accordingly. This action also
organization develops or reviews a set of broad, implies they had an appetite for the implied level
often long term, business goals, and a series of of risk taking associated with funding via wholesale
strategic options for their achievement. markets. Post credit crunch, with significantly lower
risk appetites across the industry but capital still
Any good strategy textbook will tell you that
a key driver, many banks are turning away from
during this process the organization should scan
wholesale markets and focusing on building their
the external environment for market opportunities
branch networks to generate funding. As part of the
and threats as well as analysing their internal
strategy formulation process organization should
environment to understand where its real strengths
assess whether the business drivers themselves are
and weaknesses lie. Traditionally, this exercise is
changing because of either external or internal
conducted via a SWOT (Strengths, Weaknesses,
factors, and if so take appropriate action. They
Opportunities, and Threats) analysis or something
should also be mindful of changes in business
similar.
models been deployed by competitors (this could
Manigent goes beyond the standard textbooks/ include non-industry participants). Business model
definitions and add that organizations should innovation is becoming an increasingly important
also identify/review the business drivers of their source of competitive advantage. Business model
industry generally, and their organization specifically, innovation maybe driven from within the industry,
and consider their business model. whereby an existing player takes a different
approach to creating, delivering and capture value
Business drivers are those vital few factors that than its industry peers or it may come from outside
disproportionally influence the success or otherwise the industry where a new entrant comes into the
of the business or industry. Whereas the business market via a different business model. An example
model describes how an organisation creates, is the Apple’s IPod/ITunes model. In a world where
delivers and captures value. music was typically purchased on CDs and where
the consumer had to pay for the entire CD to get
For example, access to capital at a competitive
the one or two songs they actually wanted, Apple
price might be a key determent of success of a
introduced the ability to download music via an
bank, therefore capital maybe defined as one of the
integration hardware and software platform and
bank’s business drivers. Prior to the credit crunch
enable individual songs to be purchased. This was
a number of UK retail banking organizations were
a radically different business model and it changed
reducing their reliance on their branch network as
the economic dynamics of the music industry.
a channel to raise capital in the form of deposits to
risk appetites across the industry but capital still
provide loans, mortgages, etc. Instead, many chose
a key driver, many banks are turning away from
the wholesale money markets to raise capital. They wholesale markets and focusing on building their
had chosen this funding route because at that time branch networks to generate funding. As part of the
there was an extremely competitive retail market strategy formulation process organization should
and all participants were chasing growth while assess whether the business drivers themselves are
simultaneously seeking to carefully control costs. changing because of either external or internal
While they may not have expressed it clearly, the factors, and if so take appropriate action. They
organizations that access the wholesale markets should also be mindful of changes in business
were doing so because they were recognising models been deployed by
capital as one of their key drivers and adjusted
6 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
7. Role of Risk Appetite in Strategy Formulation
At the formulation stage, risk appetite should play a key role in strategic options evaluation and
the decision-making processes around which option(s) the organization will pursue.
The board and the executive team should jointly Depending on the business strategies and model
form a shared understanding of the organizational selected, the organization may have to re-evaluate
risk appetite. They should then precisely and its thinking around its business drivers. Moreover,
unambiguously define what they mean by risk it should keep in mind that different strategies and
appetite (critical for both the strategy making different business models have different inherent
process and for the later communicating of risk to risks and demand different levels of capital and
the employee-base and to shareholders as well as capital provisions. This is particularly important
other stakeholders). As part of this, the business when considering an organization’s approach to
drivers and levels of risk appetite should be agreed regulatory frameworks such as Solvency 2 (a capital
and documented. With risk appetite acting as a adequacy regime for the European insurance sector)
boundary for the organisation to operate within, and Basel 3 (the Capital Requirements Directive
strategic objectives and key risks (see below) are (CRD) is an updated capital adequacy regime for
defined. investment firms), both of which have important
implications on the level of capital held against the
The senior team risk profile of the specific business units.
sets out what the When considering and applying risk appetite, an
important consideration is its multidimensional
organization is aiming
nature (see Figure 2) For example, the amount
of capital an organization is willing to put at risk
overnight is generally very different from the
to achieve (objectives) amount to be put at risk for 90 days, one year, etc.
Thinking about risk appetite as a multidimensional
and the threats and construct enables a more realistic, robust and stable
approach to risk appetite. It increases the visibility
opportunities (risks) and transparency around risk taking and of which
risks are acceptable and which are not. Finally it
associated with those improves the quality of the conversation between
the board and the executive team, setting the “tone
ambitions. from the top,” and enabling appetite to be cascaded
down the organization.
7 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
8. Manigent suggest that a sub-set of the identified
k business drivers, called key drivers are used to
is
Risk Appetite Annual
90 days o
f
r
provide a framework for articulating risk appetite
l
Time Horizons overnight
le
ve
and to frame how it thinks about risk assessments
extreme
(Figure 3). Therefore key drivers serve as a lens
through which an organization views, discusses,
level of risk
High
thinks about and assesses risk.
Moderate
Once the key drivers have been selected and the
time horizon agreed, the various levels of risk taking
low
are defined by using common expressions of levels
Type of risk of risk – Low, Moderate, High etc., and providing
concrete definitions of what each level means to the
Credit
organization. In effect this becomes the basis of the
Market
liquidity
strategic
operational
organizational risk appetite statement.
It also becomes the basis for the risk assessment
process, because the same key drivers which are
used to define appetite are used to define how risk
will be assessed in the organization. For example,
if as suggested above Capital is a key driver for a
bank, when the risks faced by the bank are assessed,
they will be assessed on the basis of their impact on
Capital providing a Capital@Risk value.
Using a common set of key drivers for appetite and
the assessment process enables organizations to
align their risk exposure to appetite, thus creating
an environment where risk taking as measured by
risk exposure is managed in alignment with the
organizational strategy as expressed by strategic
objectives and the risk appetite for each objective.
8 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
9. Defining Levels Risk dimension
Time no
LoW modeRATe HiGH eXTReme CAPACiTY
APPeTiTe
of Risk using HoRiZon LimiT
Key Drivers CAPITAL Overnight No Capital X % Capital X % Capital X % Capital X % Capital Above
@ Risk @ Risk @ Risk @ Risk @ Risk X£m
Up to X £ m to X £ m to X £ m to Above
CAPITAL Annual X£m y£m y£m y£m X£m
Up to X Up to X Up to X Up to X
No Bad
REPUTATION Annual Vol. Bad Vol. Bad Vol. Bad Vol. Bad
Coverage
Coverage Coverage Coverage Coverage
Strategy Setting
Stage two in the strategy process is strategy setting. This phase is about translating those
business goals and strategies into a specific set of strategic objectives which the organization will
seek to achieve over the time horizon of the strategy.
Following a traditional performance-only approach, strategy. Some organizations also choose to include
a key output of the strategy setting stage is strategic themes on their Strategy Map. These run
typically a Strategy Map and a supporting set of vertically across one or more perspectives within
performance indicators, targets and initiatives: the map and are used to communicate the 2-3 key
typically a scorecard approach would be used to priorities of the organization (an example being
organise indicators, targets etc. customer management) and they group objectives
related directly to those priorities.
The Strategy Map (figure 4) is one of the most
powerful management tools to emerge in the last 20 The Strategy Map provides a tool for explaining
years. It was developed by Harvard Business School and demonstrating how intangible assets, such as
Professor Dr Robert Kaplan (also the co-creator of people, information systems, culture, processes etc.,
Activity-Based Costing) and management consultant create customer outcomes and ultimately deliver
Dr. David Norton. The Strategy Map is a key part tangible financial benefits for shareholders. A well-
of any strategically focused Balanced Scorecard constructed Strategy Map should be the summary
implementation (somewhat confusingly, perhaps, a of the organization’s “strategic story,” - a narrative
Balanced Scorecard comprises a Strategy Map and a which clearly explains what the organization
scorecard). is seeking to achieve and how it will go about
achieving its strategy. Reaching the level of clarify
Typically a Strategy Map is structured around four
required to enable the development of a clear
perspectives which run horizontal across the map
Strategy Map will ensure that those directly involved
and which communicate the causal relationship
with the development have a deep understanding
within the strategy: Financial and Customer
of, and buy-in to, the strategy. It also means that
perspectives focus on desired outcomes whereas
communicating and engaging those not directly
Processes and Learning & Growth are enablers of
involved will be a more straightforward task.
9 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
10. Example Strategy GROwTh CUSTOMER MANAGEMENT MANAGE COSTS & RISk
Map assembled FINANCIAL
Increase
shareholder value
P
R
according to
Grow income in key P Achieve the lowest P
segments Increase average P cost of funds & cost
R share of wallet to serve in the industry R
growth, customer R
management and
CUSTOMER
“ Provide me with
P “ Be my valued, P “Provide me with low P
good value and
manage costs & innovative financial
solutions” R
trusted Financial
Provider” R
cost, convenient
services” R
risk themes
Drive P P
Target exsisting
execution of
PROCESSES
R customers with R
INTERNAL
the sales P
C new offering C Manage the
process
balance of R
P Develop a P Reduce cost by P
Build market funding C
360 view of exploiting online
awareness by R R R
customers channel & reducing
segment C C branch network C
LEARNING &
GROwTh
Manage our P P P
Re-skill our staff to Develop a
information as a R sell & support total R R
strategic asset performance focused
C financial solutions C culture C
Role of Risk Appetite in Strategy Setting
While distilling the strategy into a handful of risk–taking the organization is also providing an
strategic objectives with supporting indicators, answer to the strategy questions of “What are the
etc., is very important, to borrow from Harvard key threats and opportunities (Risks) related to our
Business School Professor Dr Michael Porter (a strategy,” and “What are the strategic boundaries
noted thought leader in strategy formulation and within which management teams can execute
execution), it is necessary but not sufficient in strategy.”
today’s post credit crunch environment. In addition,
The role of risk appetite at this stage is to ensure
the strategy setting stage should deliver a clear
that the agreed-on strategic objectives and targets
articulation of risk appetite and key risks associated
are defined at a level which is aligned to the
with the chosen set of objectives. This enables
acceptable level of risk, as defined by the board.
the executive team to set out the strategy to the
The executive team might also consider slicing the
organization in a way that goes beyond answering
strategy into themes and consider risk by theme:
the traditional strategy questions of “What are we
this has a powerful effect in ensuring that objectives
going to achieve?” and “What are our performance
and performance targets are set at levels that do
targets?” By setting out the risks to the successful
not promote unacceptable levels of risk taking, and
execution of the strategy and boundaries for
unacceptable behaviours.
10 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
11. Defining and 1. Risk appetite can be formally embedded into the strategy management and monitoring process.
setting the 2. The board/executive can be confident that the objective is achievable within the boundaries of the
risk appetite acceptable risk taking. Risk appetite can be “rolled-up,” to provide a view of risk taking by theme, by
by objective is perspective or by business unit.
important for 3. Any objectives and their associated initiatives, which are outside of appetite, can be immediately
a number of stopped, creating a more focused strategy and enabling costs to be cut in capital and operational
reasons: budgets.
During this stage in the process executive teams and/or opportunities and should be defined
have to work hard to align their ambitions, as based on the organizations objectives. One of the
expressed by a set of strategic objectives, to the weaknesses with many enterprise risk management
acceptable level of risk taking as defined by the frameworks today is the lack of a clear articulation
board via risk appetite. This alignment process of the organizational objectives. Therefore key
is typically an iterative process and one that risks are not defined within the context of strategy;
creates a strong, shared understanding of the rather they are defined based on other more
strategy, acceptable level of risk taking, agreed on subjective factors, such as gut feel, memory of the
performance targets and key risks. last major event to hit, etc.
Key risks are those risks which are most significant
to the organization – the biggest potential threats
11 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
12. Strategy Execution
The final stage in the strategy process is execution. In marking the tenth anniversary of Strategy +
Here, the organization implements performance Business (in November 2005) Booze, Allen and
and risk management processes to ensure that Hamilton identified the concept of “execution,” as
it successfully delivers on the set of agreed the most important conceptual breakthrough in the
objectives while managing the risks around those previous 10 years. The concept of “execution,” was
objectives. Managing the portfolio of initiatives is the topic of the widely read, and highly acclaimed
part of the strategy execution stage (and is core to book “Execution,” by Larry Bossidy (Chairman and
succeeding with a Balanced Scorecard). Moreover, previously CEO of Honeywell International) and
the board and executive must be confident that the academic Dr Ram Charam. The authors describe
organization is “operating within appetite.” while execution as “the missing link, - the gap between
executing the strategy. This means operating within what a company’s leaders want to achieve and the
the board defined appetite and also for regulated ability of their organizations to deliver it.” They
industries such as financial services, it means state that “no worthwhile strategy can be planned
operating within the regulatory and compliance without taking into account the organization’s ability
appetites of regulators. Managing and monitoring to execute it.” Understanding the risk appetite of
the alignment of these processes to the overall the organisation is a critical part in understanding its
strategy, and the delivery of the business goals, is a ability to execute the strategy.
critical part of the strategy execution stage.
Role of Risk Risk appetite plays two important roles at this stage:
Appetite in
1. Providing the boundaries within which the organization can execute the strategy
Strategy
2. Providing the mechanism for the alignment of risk taking to the business strategy including identifying
where more risk must be taken to build competitive advantage.
The traditional approach that many organizations controlling the business and thus incurring costs
take to risk management (and indeed the traditional which are far higher than they need to be.
perception of risk management) is typically
As a powerful example, recently the CEO of one
surrounded in negative conations. Often risk
of Manigent’s clients challenged the risk function to
management is focused only onto the threats to the
identify where they could make changes to their risk
organization: but to create competitive advantage
appetite to drive profitability in the business. This to
risk management, as an enterprise wide process
a realization that they could increase their appetite,
and as an organizational function, should also help
and exploit their advanced risk management
the organization exploit its risk related capabilities
capabilities to target new market sectors where
to take on higher risk opportunities (achieving
they could take on more complex and ‘higher’ risk
the appropriately higher rewards). In Manigent’s
transactions at a slightly lower price but significantly
experience when clients complete an alignment
higher margin than their competition. This is a good
exercise they often identify areas where they are
example of risk management providing the basis of
under-exposed, i.e. areas where they are either
competitive advantage and it is an example where
not taking the amount and type of risk required
an organisation active chose to take more risk, while
to deliver the strategy or where they are over-
12 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
13. Appetite 1 1 Total number Within
extreme of risks Appetite
Alignment matrix 13 3
1 1 1
High
Appetite
Above Below
Appetite Appetite
1 1 2 2
Medium
6 4
low 1 1
Un-assessed
risks
0
low Medium High extreme
exposure
remaining within their appetite, to win new business around strategy and risk management.
thus creating a new revenue stream.
The matrix is particularly powerful when viewed in
It also enabled the business to reduce the number combination with a traditional Strategy Map (Figure
of controls in place, including intensive manual 4) and Risk Map (Figure 6). The Strategy Map is
controls, because of the improved risk capabilities designed to enable the organizational strategy and
across the business: this lead to a significant the linkages between objectives to be articulated on
reduction in headcount and a culture where risk one page. It sets out what the organization is trying
management is increasingly seen as an enabler of to achieve. A Risk Map, on the other hand, provides
good margin business, rather than an impediment to a view of current risk taking and insights into any
getting the deal done. clustering of risks.
A powerful tool for monitoring the alignment While both Strategy Maps and Risk Maps are
between risk taking and the strategy is the Appetite extremely powerful tools in their own right, the
Alignment Matrix (Figure 5). This matrix was Appetite Alignment Matrix provides further
designed by Manigent to provide a simple, visual insights, providing the “so what,” by been able to
way of understanding alignment between the plot risk on the matrix at any level (be it individual
current level of risk taking based on enterprise-wide risk level, groups of risk, individual trading desk, or
risk assessments and the strategy as expressed by business units) an organization is able to understand
taking an aggregated view of the risk appetite levels if it is operating within appetite and taking the
assigned to each strategic objective. Manigent’s right amount of risk to deliver the strategy going
experience has shown that this tool enables the forward. Whereas the Strategy Map provides a
executive team to see where they are taking too view of the current (and to some extent future
much or not enough risk to achieve their objectives. strategy execution via leading objectives and
It is a decision-making tool that has enabled users indicators) performance in delivering the strategy
to generate tangible benefits, such as new revenue from a performance point of view, and the risk
streams, and intangible benefits related to setting management show the current level of
the right tone from the top of the organisation and risk exposure.
encouraging the right conversations to take place
13 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
14. Impact
Risk Map serious Significant medium minor minor medium Significant serious
Likelihood
Almost
Certain
Likely
Possible
Unlikely
Unlikely
Possible
Likely
Almost
Certain
14 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS
15. Conclusion
Of all the lessons that emerged (and that continue to emerge) from the credit crunch, perhaps
none is more profound and impactful than the realization of the destructive consequence of
formulating and implementing strategies without clarity around the inherent risks of those
strategies, and the underlying business model.
And this lesson is not the preserve of those that work in the banking sector, but all that compete in the
highly networked, fast-moving, global markets of the 21st century.
But simply plotting risks (both the upside and downside) is not in itself sufficient for success. Organizations
must fully understand, communicate and operationalize the level of risk appetite that they are willing to
accept in the pursuit of their strategic goals. Debating risk appetite must become central to all strategic
conversations. Any failure to systematically and routinely align risk appetite with strategic goals will make a
repeat of the recent global economic catastrophe that much more likely.
About the Authors
Andrew is a strategy and risk management professional with 15 years’ experience delivering Balanced
Andrew Smart Scorecard, Enterprise Risk and Operational Risk projects in the UK, Europe and the Middle East. Most
recently, Andrew has been assisting financial services to effectively respond to pressure to improve risk
management and regulatory reporting as a result of the credit crunch and subsequent increased regulatory
oversight.
Andrew is the CEO and Founder of Manigent, a specialist Governance, Strategy, Risk & Compliance
(GSR&C) consultancy and the creator of the Risk-Based Performance Management methodology. He
holds an MBA from Henley Business School and is a Professional member of the Institute of Operational
Risk.
James is a management author and advisor, specializing in the Balanced Scorecard and related disciplines.
James Creelman
He is the author of Creating a Balanced Scorecard for a Financial Services Organization (John Wiley, 2011)
as well as 21 other books and major research reports. He is presently working within the office of strategy
management at the Ministry of Works, Bahrain.
15 EMBEDDING RISK APPETITE WITHIN THE STRATEGY PROCESS