risikostyring integrated performance and risk...
Post on 03-Jul-2018
215 Views
Preview:
TRANSCRIPT
Risikostyring – Integrated Performance and Risk Management
Torbjørn Undeland, Senior Manager
Oslo, 3. juni 2009
- 1 -
Table of Contents
Why integrate the management of performance and risk?
Key principles of IPRM
How can we integrate the management of performance and risk?
The financial crisis has shaken the confidence of companies’ to identify and
manage fundamental risks to business performance…
During the credit boom companies
focused overwhelmingly on driving
performance with little thought for risk
Increasingly complex regulation has led
to an overwhelming focus on formal
compliance with too little attention on the
more fundamental risks to the business
The major challenge today is the
continued turbulence and volatility in
global financial markets
The challenge tomorrow will be to
manage through economic cycles,
volatility, and risks more effectively
- 3 -
Challenges of the current economy
Drop in customer
and consumer
demand
Loss of public trust in
business and increasing
pressure from stakeholders
Political uncertainty
and new regulations
Increase in the cost of
capital in tightening
credit markets
Missed opportunities
through (over-)
emphasising costs
Deteriorating payment
behaviour of clients /
conditions of suppliers
Exposure of security
weaknesses and fraud
Declining asset valuesCompany
Performance and risk are treated as two distinct disciplines in most industries,
without meaningful linkages or an integrated management approach
- 4 -
When companies fail to achieve their strategic goals it is usually not due to a lack of planning but,
rather, because of plans that don’t consider the possibility of unforeseen events occurring
Performance Management Risk Management
ApproachesFor example, Balanced Scorecard, Value Based
Management, Activity Based Costing, Beyond BudgetingCompliance, Governance, Enterprise Risk Management
AchievementsStrong focus on value creation, KPIs, planning and
reporting, efficient technology support
A systematic approach to the identification,
measurement and response to risk
ShortcomingsFailure to adequately consider risk as an aspect of
performance management
Risk management often has not gone beyond
regulatory box-ticking and has established itself in a
silo
Despite the fact that most companies continue to manage performance and risk separately,
risk and reward are the two sides of the same coin
The roll-out of risk management is ongoing, but does it reach the business?
Frameworks are built for risk management – at
least formally – but there is still substantial room
for improvement
The connection with the business and those who
execute upon performance targets need enforcing,
especially in a difficult economic climate
- 5 -
FERMA Sept. 2008 (Federation of European Risk Management Associations)
“The one thing
CFOs shouldn’t do
in their quest to
smarten up risk
management
procedures is let the
pendulum swing so
that it “take s a life
of it’s own”
John Howard, CEO of Independent Auditors
(CFO Europe , February 2009)
Risk identification is the first step towards risk mitigation and counter action
Good planning must include “Plan B” as well
Main challenges experienced in
operational, commercial and financial
risks - consciousness is growing around
sustainability
The question is, how this awareness of
risk is built into performance
management cycles and mitigations
- 6 -
Risk Identification
* FERMA, Sept. 2008 (Federation of European Risk Management Associations)
Operational risks: production,
quality, disruption of quality,
costs and deadlines
Today
Tomorrow
Commercial risks: competition,
client partnerships, market
strategy
Financial risks: interest rates
and foreign exchanges, debt,
cash flow, financial markets
Environment risks, sustainable
development
68%
50%
50%
46%
33%
30%
17%
30%
Most important categories of risk faced by the companies according to
Europe´s risk and insurance managers
In wich area(s) are risk assessment and mapping linked to decision-
making?
*
*
42%
39%
54%
42%
6%
18%
54% of organisations link risk analysis
with strategic planning and 42% to long-
term decision making like acquisitions
and investments
This is good news, but what to do when
– without warning – the economic
situation changes negatively during the
planned periods? Think about the worst
case scenario.
“Plan B”
Many organisations do not adequately consider the risk associated with performance management
- 8 -
Four principles of Integrated Performance and Risk Management
Focus should be on improving an
organization’s ability to manage
performance, achieve desired
results, illuminate and balance the
tradeoffs between performance
and risk
Performance-driven
IPRM demands the formulation of
a risk intelligent strategy that is
executed through an approach that
balances pursuit of performance
objectives with the management of
risk within a defined tolerance level
Risk Intelligent
The assessment of value and risk
drivers across the value chain is a
necessary to institutionalize IPRM
into management an execution of
core business activities
Value Chain Focus
The IPRM model is comprised of
an integrated cycle of closed-loop
processes, shared definitions, and
a common foundation that aligns
an organisation around a balanced
approach to performance and risk
Common Foundation
The four key principles of IPRM are key to realising value from a risk intelligent business strategy
- 9 -
Performance-driven, Risk Intelligent
Unrewarded Risk:
Nothing is gained from
taking the risk
Relates to risk areas such
as regulatory compliance
Rewarded Risk:
Provides a premium if
managed well
Relates to strategy and
business decisions, where
value is created
Integrating risk into performance management is about rewarded risk
Risk
Develop insights into what is a
rewarded risk and what is not
Make sure the leadership team
understands the company’s risk
/ reward profile
Focus the organisation’s
activities on its key risks and
rewards and how to best
manage themNeglect compliance and you are
out of business!
Avoid all risks and you will forego
the reward!
Focus of IPRM
Product & Services
ChannelsCustomers
Regions
SuppliersSales and
deliveryMarketingProduction
Product
mgmt. & development
Supply
Support functions
Financial and Operational Risks to Value
Value Creation and ProtectionRewards
Inherent
Risks
Ris
k In
tellig
en
t
Bu
sin
es
sS
tra
teg
y
Ris
k In
tellig
en
t
Ex
ec
uti
on
Rewards
Residual
Risks
Strategy Business Model Operational Execution
Value Chain Focused strategy, assessment, and execution
- 10 -
2. Execution of a risk intelligent strategy entails
identifying and linking value drivers and risks to
the building blocks of an organisation’s extended
value chain, including underlying assets and
human capital
1. A risk intelligent business strategy not only defines
strategic direction and return levels for the business, but
also the risk appetite associated with it (risk-reward profile)
3. Day-to-day execution of targets and risk mitigation action
throughout the value chain
- 11 -
Risk Management integrated into the Performance Management cycle…
Risk management is integrated into the activities of the performance management cycle
Run the business
and monitor
performance
understanding
changes in the risk
profile
Active intervention
to realign and
improve the
business
PLANand Target
MEASUREand Evaluate
INTERVENEand Realign
Align the business
to deliver on
strategy and
understand
exposure
StrategyStrategy
Planning
Budgeting
Operational ReportingManagement
Reporting
External Reporting
Analysis
Intervention
Forecasting
ValueCreation andPreservation
Ongoing risk
assessment and
management
To deliver most value this cycle must be effective (deliver high performance), manage exposure to
uncertainty (integrate risk management) with a maximum efficiency (with minimum resource).
Integrated Performance and Risk Management demands a Common Foundation
- 12 -
Common Foundation
Information OrganisationGovernance,
Policy & ProcessesSystems & Technology People
Shared understanding ofvalue creation across the organisation
Shared understanding of key risks to value creation and preservation
Appropriate set of KPIs and KRIs, reflecting key value and risk drivers
Clear governance, accountability and co-ownership
Appropriate transparency for governing bodies
KPI and KRI targets cascaded throughout the organisation
Initiatives and project portfolio linked to value and risk drivers
Finance, risk and business line managers work together in a partnership
Planning, measuring and intervention processes interlinked
The board and management are aligned with the risk intelligent strategy
Comprehensive information strategy and supporting technology
Promote commitment to targets and associated risk (tone at the top)
Establish performance and risk-related management incentives
Deploy and develop talent
Focus Alignment Integration Behaviour
"Only doing what matters“ "Pulling in the same
direction“"Talking the same language“ "With everybody on board“
Opportunities and risks to strategy execution are evaluated across the value chain
and should be reflected in KPIs and KRIs
- 14 -
Strategy Increase market share by improving customer satisfaction
Key value driver
Risk driver
KRI
Value driver
KPI
Fast delivery
Loss of a key logistics
partnerEfficient distribution
Average
shipping cost
per unit
Percentage on-
time deliveries
Logistics
partner credit
rating
Mix of orders
to logistic
partners
Product & Services
ChannelsCustomers
Regions
SuppliersSales and
deliveryMarketingProduction
Product
mgmt. & development
Supply
Support functions
Revenue Growth
Customer Satisfaction
Shareholder Value
KPI
KPI
Design and build the IPRM Model
- 15 -
StrategyStrategy
Planning
Budgeting
Operational
ReportingManagement
Reporting
External
Reporting
Analysis
Intervention
Forecasting
Strategic risk
assessment, risk reward
profile
Risk sensitivity
analysis, simulation
Risk & opportunity report, KRIs
Risk & information
measurements
Risk update analysis
Response to risk,
counter action
Forecasts on risk drivers,
intervention projects, scenario
development and simulation
Earnings guidance,
projections
Key Risk Indicators (KRIs),
Scenario Development
A dashboard reflecting relevant rewards and risks will focus operational
management's attention on decision making and counter action
- 16 -
Strategy
“Increase market share by improving customer satisfaction”
Key Performance Indicators Status Target
Revenue Growth > 5%
Customer satisfaction > 95%
Percentage of on-time deliveries > 89%
Average shipping cost per unit < €40
Key Risk Indicators Status Target
Logistics partner credit rating > 90
Mix of orders to logistic partners < 1/4
Lagging indicator
Lagging indicator
Leading indicator
Leading indicator
Leading indicator
Leading indicator
Lagging indicators are
backward looking reflecting
a historic result, while
leading indicators are
forward looking reflecting a
future state
Risk
Loss of a key logistics partner
Management attention and accountability has to be focused on performance and
the associated risks based on the delivery of strategically relevant information
- 17 -
Business plan (year)
3% 9%7%
The targeted revenue growth of the upcoming
year's budget is 7%
The identified risks and opportunities result in a
range of revenue growth between 3% and 9%
Commentary on key risks and opportunities focuses
management attention on the right things to monitor
& decide
Revenue growth
Loss of key logistic partner
Launch of the new products in Asia
Successful new product launch from main competitor
Key risks
Updated forecast (year) in Q2
3% 7%5%
During Q2 a key logistic partners falls bankrupt
Major problems in the distribution and unsatisfied customers
occur as per prior risk assessment
The updated forecast shows a smaller spread in estimated
revenue because the 9% target now cannot be achieved
anymore, growth forecast for the year is reduced
Launch of the new products in Asia well underway
New product launch from main competitor still
successful
Key risks
Better knowledge of the inherent uncertainties in plans enables better decision making and communication to the
market and stakeholders
Copyright © 2009 Deloitte AS. All rights reserved.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss
Verein, its member firms and their respective subsidiaries and
affiliates. Deloitte Touche Tohmatsu is an organization of member
firms around the world devoted to excellence in providing
professional services and advice, focused on client service through
a global strategy executed locally in nearly 140 countries. With
access to the deep intellectual capital of approximately 165,000
people worldwide, Deloitte delivers services in four professional
areas, audit, tax, consulting and financial advisory services, and
serves more than 80 percent of the world’s largest companies, as
well as large national enterprises, public institutions, locally
important clients, and successful, fast-growing global growth
companies. Services are not provided by the Deloitte Touche
Tohmatsu Verein and, for regulatory and other reasons, certain
member firms do not provide services in all four professional areas.
As a Swiss Verein (association), neither Deloitte Touche Tohmatsu
nor any of its member firms has any liability for each other’s acts or
omissions. Each of the member firms is a separate and independent
legal entity operating under the names “Deloitte”, “Deloitte &
Touche”, “Deloitte Touche Tohmatsu” or other related names.
Deloitte & Touche DA is the Norwegian member firm of Deloitte
Touche Tohmatsu. In Norway, services are provided by the
subsidiaries and affiliates of Deloitte & Touche DA (Deloitte AS,
Deloitte Advokatfirma DA and its subsidiaries), and not by Deloitte &
Touche DA.
top related