Together Strategy Map & Balanced Scorecard form a strategic execution and enterprise performance management system that is used extensively in business to align business activities to the vision and strategy of the organization, improve internal and external communications, and monitor organization performance against strategic goals.
Monitoring and Reporting of Key Performance Indicators (KPIs) is central to many businesses management reporting approach. However, for many businesses; the processes related to monitoring and reporting of KPIs are not fit for purpose, are too costly, too slow and are not responsive because of the level of manual effort involved and extensive use of ad hoc spreadsheet ‘systems’.
In an increasingly uncertain, fast changing and low growth business environment, businesses need to integrate their enterprise performance and risk management frameworks. A key part of integrating these management disciplines, is risk appetite and in particular, the alignment of risk appetite and strategy.
Risk-Based Performance Management (RBPM) is a strategic execution methodology, developed to enable organisations to execute strategy in an increasingly uncertain, fast changing and low growth business environment by integrating business strategy, enterprise performance and risk management. Central to the Risk-Based Performance Management (RPBM) is risk appetite, specifically aligning risk appetite and strategy, and how to use risk appetite to improve management decision-making and set boundaries within which the business operates.
All businesses face a range of uncertainties, and the challenge for executives is to determine how much uncertainty to accept as they seek to grow shareholder value. Within uncertainty, there is both risk and opportunity, with the potential to damage or enhance value.
Enterprise Risk Management, supported by the right enabling software and business processes, provide the tools, processes and discipline to effectively deal with uncertainty and associated risk and opportunity, build the capacity to build value.
While often seen as the same thing as Enterprise Risk Management (ERM), Strategic Risk Management should in fact be seen as a discipline which is part of the ERM. Strategic Risk Management as a discipline focused on the uncertainty related to businesses environment and business model. It should be an integrated part of a business’s strategic formulation process. Strategic Risk Management requires a greater emphasis on the upside of risk and risk appetite should be clearly defined to create boundaries for the business, and better strategic decision-making.
Execution Risk Management is a discipline which is closely related to Strategic Risk Management (and often included in the definition of Strategic Risk Management) and can be the next step on from Strategic Risk Management. Execution Risk Management is the discipline focused on managing the uncertainty related to the execution of strategy. Like Strategic Risk Management, Execution Risk Management requires an emphasis on the upside of risk and the alignment of risk appetite can be embedded into the monitoring and management process.
Operational Risk Management is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Typically, Operational Risk Management includes legal risk, but excludes strategic and reputational risk. Operational Risk Management should be one of the central pillars of any Enterprise Risk Management approach.
Having a clear understanding of the roles and differences between Strategic, Execution and Operational Risk Management, leads to robust, business-focused approach to Risk Management and enhances strategic and operational decision-making.
Post the credit crunch, the Financial Stability Board (FSB) has lead the global conversation around conduct risk management. While there is no master definition of conduct risk, the UK FCA has referred to Conduct Risk as the risk that a firms behavior will result in poor outcomes for customers, where good outcomes may be defined as customers receiving the financial services and products that meet their needs. Conduct Risk is likely to crystallize as a result of inappropriate judgement in the execution of business strategy and activities, or as a result of inappropriate culture.
Risk Appetite should be a fundamental part of any risk management framework and at the strategy level, Risk Appetite should be owned by the Board, alongside the overall company strategy. Risk Appetite can be defined as the amount and type of risk that an organization is willing to accept, and must take, to achieve their strategic objectives and therefore create value for shareholders and other stakeholders’. This definition recognizes that risk must be taken to create value, the key is understanding the level of risk been taken and ensuring this is aligned to the business strategy.
Economic capital is the capital required by a firm to limit the probability of insolvency to a given confidence level over a given horizon. Whereas regulatory capital is based largely on external rules that are intended to ensure a level playing ﬁeld, economic capital is an attempt to measure risk in terms of economic realities. Economic capital models are widely used within ICAAP and Pillar II submissions.
Technology is synonymous with any modern Financial Services firm and any modern Financial Services Regulator. Along with the increased reliance on technology, has come a need to manage the uncertainty related to technology, whether in the implementation phase of a technology project or when that technology is in a production mode. For many firms, half of their operational risk events are related to technology, and are in fact, crystalized technology risks.
The Financial Services industry includes many 3rd Party vendors working within complex supply chains supporting firms as they undertake their day-to-day activities. Increasingly, these supply chains are in fact complex, interconnected webs rather than linear supply chains. Understanding the universal of 3rd party vendors your firm is working with, how they operate and who they are working with has never been so important as various stakeholders demand greater transparency and better corporate behavior.
The increase use and scope of use of the internet and other Information technology systems across Financial Services, along with many high profile cyber risk events, has driven the raise in cyber risk management. Cyber Risk is defined by Institute of Risk Management, as any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems.
The dominant approach to regulation taken by regulators within Financial Services (and within other industries) is shifting from Rules-Based Supervision to Risk-Based Supervision. With a Risk-Based Supervisory approach, Regulators assess the risk of individual firms pose to the regulator achieving its objectives, such as Financial Stability.
The scope of regulation and the amount of regulatory changes continues to increase. As does the challenge of navigating the regulatory landscape, ensuring compliance and avoid fines and negative publicity.
With a changing regulatory landscape and challenging business environment, having a robust and streamlined approach to policy management is critical in reducing regulatory risk, reducing execution risk, improving regulatory compliance and reducing the cost of compliance.
The Audit team have a critical role to play in providing assurance to the Boards and senior management as to the integrity of your firm’s risk management framework and the effectiveness of internal controls. Using a Risk-Based Audit approach will drive Audit Team efficiencies and effectiveness.
Quality management is the act of overseeing all activities and tasks needed to maintain a desired level of excellence. This includes the determination of a quality policy, creating and implementing quality planning and assurance, and quality control and quality improvement.
We have 'out-of-box' quality management frameworks available for leading quality standards such as ISO27001, ISO9000 etc.