research report building risk awareness into performance: integrating … · 2020. 8. 5. ·...
TRANSCRIPT
-
research report
Building Risk Awareness into Performance:Integrating ERM and Performance Management
Trusted Insights for Business Worldwide
http://www.conference-board.org
-
Building Risk Awareness into Performance:Integrating ERM and Performance ManagementRESEARCH REPORT R-1448-09-RR
by Ellen S. Hexter and Daniel Sandy Bayer
contents
3 Executive Summary
5 Planning at the Crossroads of ERM and Performance Management
15 First Steps toward Integration
16 Case Studies
16 IBM
19 An International Metals Company
20 A Global Food Products Manufacturer
21 A Not-for-Profit Healthcare System
22 A Global Pharmaceutical Company
23 About This Report
Oliver Wyman provided sponsorship for this report.
With more than 2,900 professionals in over 40 cities around the globe, Oliver Wymanis an international management consulting firm that combines deep industry knowledgewith specialized expertise in strategy, operations, risk management, organizationaltransformation, corporate finance, and leadership development. The firm helps clientsoptimize their businesses, improve their operations and risk profile, and accelerate theirorganizational performance to seize the most attractive opportunities. Oliver Wymanis part of the Marsh & McLennan Companies [NYSE: MMC].
To learn more, please visit www.oliverwyman.com
www.oliverwyman.com
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 3
E nterprise risk management (ERM) and performancemanagement are two complementary processesessential for the management of an organization. Both
disciplines are designed to support organizations’ efforts
in making decisions and meeting their goals—ERM
through the identification and management of those risks
that could affect business objectives, and performance
management through the identification and measurement
of the drivers needed to achieve results, including the link-
ing of individual behaviors to organizational performance.
Risk-adjusted performance metrics offer managers tools
that strike the appropriate balance between meeting
performance goals and achieving appropriate returns
for the risks being taken. The application of risk-based
performance management may also lead to incentives that
are more aligned with an organization’s long-term success.
The integration of risk assessment data into performance
management provides decision makers with a dynamic
analytical framework for evaluating operational strategies,
acquisitions and divestitures, and capital investments
across different business units, asset types, and risk profiles.
This combination is most valuable for strategic planning
and operating plans that have long-term consequences.
A risk-adjusted performance framework offers organiza-
tions the ability to explicitly link personal incentives with
performance objectives.
Executive Summary
Performance management
Actual and expected entity-level performance
Performance objectives for key business objectives
Tracks and manages corporate value
Measures and analyzes performance usingfinancial and nonfinancial measures
Enables shareholders to understand value drivers
Helps inform management decisions basedon firm’s performance, value drivers, andstrengths and weaknesses
Perspectives of the firm
Metrics
Value
Performance
Shareholder value
Management decisions
Optimized Corporate Performance
Illustrated Links between ERM and Performance Management
ERM
Risk-based portfolio view of company
Risk appetite
Risk tolerances
Identifies and assesses drivers of volatilityin corporate value
Uses financial and nonfinancial metricsand analytics
Allows shareholders to understandthe risks of their investment
Helps managers anticipate, prepare,and better handle unexpected events
Assists with capital allocation and optimalrisk-reward trade-offs across the organization
Copyright © 2008 Oliver Wyman
Defining Terms
Enterprise risk management (ERM) An enterprise-wideset of processes and analytical tools to identify, assess,and manage risks so that organizations can meet theirobjectives. The forward-looking nature of ERM can helporganizations anticipate internal and external risks andunderstand the risk and reward tradeoffs of their businessdecisions. Effective ERM builds risk awareness intodecision making throughout the organization.
Performance management A common set of processes,tools, and metrics used to monitor if a company, itsbusinesses, its processes, and its employees are on trackto meet their goals.
-
Despite these benefits, few companies have integrated
their ERM and performance management processes.
In a 2008 survey by The Conference Board of 97
senior executives, only 57 percent of the responding
organizations have both a formal ERM program and a
performance management program. Of this group, only
43 percent said that integration would be “extremely” or
“very” valuable.1 When asked if their companies would
increase their use of risk assessment data in planning
over the next 12 months, just slightly more than half of
the respondents from companies with both programs—
53 percent—said that was “extremely” or “very” likely.
Why are organizations hesitant to include risk assessment
data in their planning processes and use them when
making important management decisions? The survey
responses highlighted three important challenges.
1 The ERM program is not considered effectiveOnly 52 percent of the executives with both an ERM and aperformance management program considered their ERMprograms to be “extremely” or “very” effective at the corporatelevel, and just 30 percent rated their programs this highlyat the business unit level. But executives at companies witheffective ERM programs were much more likely to believe thatintegrating risk data into planning would be “extremely” or“very” helpful in achieving business objectives—56 percentcompared to 31 percent of executives at organizations thatdeemed their ERM programs less effective. In fact, executivesat organizations with effective ERM programs are more likelythan other executives to say that risk assessment data alreadyhave an extensive influence on management processes at their companies, specifically in strategic planning and capitalallocation. A poorly implemented ERM program provideslimited applicable information for business decision making.
2 A lack of commitment from the top Executives cited alack of management focus as one of the greatest challengesto the integration of ERM and performance management.Organizations that do integrate these practices must workacross the traditional boundaries separating functions andbusiness units to employ new metrics and revise existingprocesses. To make these changes, senior management mustmake a clear commitment to the importance of melding riskmetrics into business planning. Seventy-two percent ofexecutives at companies where ERM is a high priority for theboard of directors expected their companies to increase theuse of risk assessments in their planning processes over thenext year, compared to 36 percent of those at companieswhere ERM is a lower priority.
3 A need for more sophisticated performance metricsMany companies fail to recognize the fundamental linkbetween ERM and performance management because their applied performance metrics, such as return on assetsor return on equity, do not reflect the level of risk involved. Only 34 percent of the executives surveyed said that theircompanies use risk-adjusted return on capital at the corporatelevel, and even fewer—21 percent—do so at the businessunit level. When asked about challenges to the use of riskassessment data in planning, 73 percent of the executivesnoted that their risk measures were not compatible with theirplanning metrics. In many organizations, ERM programs arebased on relatively simple risk assessment processes—facilitated risk workshops or “risk mapping.” As a result,the ERM program provides information to help better managethe risk, but not the organization.
Current performance measures are often based on pro formaassumptions about internal performance and external events.As such, the measures do not factor the impact of risks onperformance. Current risk assessments are also typicallylimited since they may illustrate the risk impact in terms ofoverall dollar impact to the organization, but do not illuminatehow the risks will affect the critical success factors of specificstrategic goals (e.g., expansion into a new market or divestitureof a business unit).
The union of ERM and performance management is
still in the early stages for many organizations. Given
the dramatic losses suffered by some major companies
in recent years, including those during the recent financial
crisis, boards of directors and senior management will
become increasingly interested in ensuring that planning
processes throughout their organizations incorporate an
explicit assessment of risk.
As highlighted in the case studies, some organizations
have made important strides in infusing risk information
into planning processes and business decision making.
By providing executives with a better understanding of
the risks inherent in their strategic plans and better tools
to identify performance drivers, companies will become
more flexible and nimble in responding to changes in the
external environment.
4 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
1 Unless stated otherwise, the survey results provided in this report arebased on the responses of executives at companies that have both ERMand performance management programs.
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 5
E nterprise risk management is designed to provideorganizations with a comprehensive approach toidentifying and managing risks that affect business
objectives. In recent years, there has been an increasing
recognition of the importance of ERM, and a series of
losses at several major corporations has led to growing
stakeholder expectations for enterprise risk management
(e.g., the inclusion of risk management assessments into
corporate credit rating assessments by Standard & Poors).
Senior management, boards of directors, and investors
also have much less tolerance for unforeseen risks.
The fact that many companies that were early adopters
have reported significant benefits—improved credit
ratings, reduced losses, and faster identification of risks—
has also made ERM more attractive.
A survey by Ernst & Young of 130 institutional investors
in 16 countries found that:
• 82 percent of executives were willing to pay a premium forcompanies that manage risk well.
• 61 percent had avoided investing in companies where riskmanagement was considered inadequate.
• 48 percent had terminated investments for this reason.2Improving the understanding and consideration of risk in
planning processes is central to the stated goals of most
organizations’ ERM programs. In the survey conducted
by The Conference Board for this report, 91 percent of
executives from companies with ERM programs cited
ensuring that risk issues are explicitly considered in deci-
sion making as a main objective, while 88 percent chose
avoiding surprises and “predictable” failures (Chart 1).
Planning at the Crossroads ofERM and Performance Management
2 “The Future of Risk Management and Internal Control,” Ernst & Young, 2008,p. 6.
Ensure issuesare explicitlyconsideredin decision
making
Avoidsurprises andpredictable
failures
Align riskexposuresand risk
mitigation/insurance
Integrate riskmanagement
in planning andcompensation
Institute morerigorous risk
measurement
Use ERM as acompetitive tool
Eliminateduplication
in riskmanagement
Communicaterisk programto investors
Align risktaking with
managementscorecards
Align risktaking withexecutive
compensation
91%88
71
6154
30 27 24 23
8
Chart 1
Critical ERM objectives
Base = Executives at companies with ERM programs
-
In addition, 61 percent said that the integration of risk
management into other corporate practices (e.g., plan-
ning, compensation) was a major goal. (For an example
of how the biotechnology company Amgen employs risk
tools, see the box below.) This data points to a common
recognition of the value and importance of integrating
ERM and performance management.
The Uses of Performance ManagementThe objective of performance management is to provide
metrics that organizations can use to measure progress
toward achieving their corporate goals; not simply to assess
what has been achieved, but also to assist executives when
they plan corporate strategy and to help track execution.
Many of the companies surveyed for this report said they
use performance management data as part of important
planning processes, a time when a consideration of
risk—that is to say, understanding the factors that affect
performance—is especially valuable. When asked how
their organizations use the information generated by
their performance management systems, 84 percent of
the executives from companies with a performance
management program said their organizations use these
findings in strategic planning and budgeting, while 70
percent use them during forecasting (Chart 2).
6 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
Amgen: Using Financial Risk Assessmentsto Make Investment Decisions
Amgen uses financial risk management tools to under-stand risks in manufacturing and product supply and thenevaluate mitigation options, including investments in newmanufacturing technology and plants.
The company’s operations group has developed toolsto evaluate market impact, revenue at risk, and earningsat risk by stress testing scenario analyses based on inputfrom a cross-functional group of subject matter experts.Amgen evaluates financial risk on a rolling five-to seven-year forward-looking projection. The company uses datafrom these analyses to help support judgment-basedleadership decisions by comparing risks relative to marketcapitalization, revenues, and earnings.
One of the company’s objectives for 2009 is the applicationof the same kind of risk-based analytical rigor to all of itscommercial products to ensure an uninterrupted supply ofproduct to patients.
Communicatingperformanceto the board
Strategicplanning
and budgeting
Forecasting Compensation Capitalallocation
Investmentdecisions
Acquisition anddivestituredecisions
Enhancinghuman capital
Quality/Six Sigma®
process
86% 84
70 67
53 52
3833
25
Chart 2
Uses of information from performance management systems
Base = Executives at companies with performance management programs
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 7
What Are the Benefits of Integration?It seems natural that performance management should
explicitly consider the risks that could prevent an organi-
zation from achieving its business objectives or that could
be capitalized on to improve performance. The rationale
is especially compelling when it comes to plans with a
long-term horizon, such as large capital projects or other
material shifts in strategy. Any argument for integration,
however, has to demonstrate that risk management practices
actually add value or drive improved performance. (One
example of a company that has made this connection is
IBM, which has actively integrated risk management into
its planning processes and developed an ERM scorecard
that all senior vice presidents started using in 2009 to
assess and address risks in their planning processes.3)
Only 43 percent of the executives at organizations with
both ERM and performance management programs
thought it would be “extremely” or “very” helpful to
include risk assessment and measurement data into key
planning processes and management decisions (Chart 3).4
When they were asked if the influence of risk assessment
data on planning would increase over the next 12 months,
53 percent of these executives said it was “extremely” or
“very” likely (Chart 4). The gap between those who believe
that risk data would be helpful in planning (43 percent)
and those who are likely to experience a greater influence
of risk data (53 percent) may stem from skepticism about
the effectiveness of existing ERM programs. Boards of
directors, in particular, are asking for a more complete
risk profile, which may drive the increasing influence of
risk data.
Extremely/very helpful43
Chart 3
How helpful is the inclusion of risk assessment/measurement data into key planning to the
achievement of business objectives?
Base = Executives at companies with both ERMand performance management programs
Not/somewhat/moderately helpful
57%
Extremely/very likely53%
Chart 4
How likely is your organization to increase theinfluence of risk assessment data on key planning
processes over the next 12 months?
Base = Executives at companies with both ERMand performance management programs
Not/somewhat/moderately likely
47
3 For more information on IBM’s program, see “How an ERM Scorecard CanHelp Drive Performance” on page 16.
4 Unless stated otherwise, the survey results provided in the remainder of thereport are based on the responses of executives at organizations that haveboth ERM and performance management programs.
-
A considerable number of executives who said their
companies were “extremely” or “very” likely to increase
the integration of ERM and performance management
also said that doing so would yield a number of important
benefits (Chart 5). The top ranked benefits include an
improved understanding and management of key risks to
corporate value (89 percent) and an increased ability to
meet strategic goals (73 percent). Response rates were
lower for executives at companies that did not expect to
increase integration. For these executives, the only quality
that garnered broad approval was the ability to understand
and manage key risks (70 percent). One attribute that both
sets of executives agreed on was the need to improve
communication to stakeholders, which 46 percent of both
groups said was “extremely” or “very” important.
8 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
Understandand managekey risks to
corporate value
Increasedability
to meet strategic
goals
Improvecorporate
performance
Increasedprofitability
Improvecapital
allocation
Align riskmanage-
ment with managementscorecards
Increasedmanagementaccountability
Improvecommuni-cation of
performanceto stakeholders
Improveperformancethrough more
rigorousmetrics
Align risktaking withexecutive
compensation
89%
70% 73
50
67 6558
41
50
14
Chart 5
Objectives for the integration of performance management and ERM
Results are for respondents who responded that the objective is “extremely” or “very” important.
Reducedearningsvolatility
More accuraterisk-adjusted
pricing
30
38 36
50
36
46 4639 38 37 36
3023
4
Base = Executives at companies with both ERM and performance management programs
Extremely/very likely to integrate Not/somewhat likely to integrate
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 9
The Three Main Obstacles to IntegrationGiven these potential benefits, why aren’t more organiza-
tions with both ERM and performance management
programs focusing on integrating these two functions?
Respondents pointed to a number of challenges (Chart 6),
including a lack of understanding about how to integrate
their ERM and performance management activities
(90 percent) and an inability to provide the effort required
(83 percent). The research also revealed three more
specific obstacles.
1 The ERM program is not considered effectiveOne of the key impediments to a broader use of risk
assessment data in planning is that many ERM programs
are not considered particularly effective or seen to add
value to the company. Only 52 percent of executives
considered their risk programs “extremely” or “very”
effective at the corporate level, and responses were even
lower at the business unit (30 percent) and process
(25 percent) levels (Chart 7).
Past studies by The Conference Board have also found
that ERM has gained more traction at the corporate level
than at the business unit or process level.5 Such results
may be an indication that most organizations still have
fairly immature ERM programs that are not integrated
into day-to-day business practices. Since much of business
planning and objective setting takes place within individ-
ual business units, this lack of progress in integrating risk
data into planning may reflect executives’ belief that their
ERM programs are not sophisticated enough to provide
significant value.
Lack ofunderstanding
of how tointegrate
Lack ofmanagement
focus onintegration
Effort required
Emphasis onfinancialover non-financial
measures
Risk measuresnot compat-
ible with metrics usedfor planning
IT systemsdo not supporttimely gener-ation of data
Lack ofskills to
integrate riskassessments/
measures into planning
processes
Little abilityto developqualitative
measures for hard-to-quantify
issues
90% 89
53
Chart 6
Challenges to the integration of risk management datainto key planning processes/management decisions
Management does not
valueintegration
Base = Executives at companies with both ERM and performance management programs
Major challlenge Moderate challenge
37
58
31
83
54
29
75
50
25
73
58
15
72
43
29
69
49
20
69
50
19
67
42
25
62
48
14
59
44
15
Weak linkbetweenstrategic
objectives andperformance
measures
Lack of skillsto developeffective
risk assess-ments/
measures
52%
Chart 7
Rating ERM effectivenessthroughout the business
Base = Executives at companies with both ERMand performance management programs
Results are for respondents who rated their ERMpractices “extremely” or “very” effective.
0
10
20
30
40
50
60
At theprocess
level
At thebusiness unit
level
At thecorporate
level
3025
5 See Ellen S. Hexter, Risky Business: Is Enterprise Risk Management LosingGround? The Conference Board, Research Report 1407, 2007.
-
Respondents who rated their ERM programs either
“extremely” or “very” effective were more likely to see
the value of increasing the integration of risk data than
organizations who gave their programs lower marks
(Chart 8).
Executives from companies with effective ERM pro-
grams were also more likely to indicate that it was
“extremely” or “very” likely that their organizations
would increase the influence of risk data in planning
in the next year (Chart 9).
10 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
Respondents who considertheir programs less effective
Extremely/very helpful56%
Chart 8
How helpful is the inclusion ofrisk assessment/measurementdata into key planning to the
achievement of business objectives?(more effective versus less effective)
Base = Executives at companies with both ERMand performance management programs
Not/somewhat/moderately helpful
44
Not/somewhat/moderately helpful
69%
Extremely/very helpful31
Respondents who considertheir programs more effective
Respondents who considertheir programs less effective
Extremely/very likely59%
Chart 9
How likely is your company to increasethe influence of risk assessmentdata on key planning processes
over the next 12 months?(more effective versus less effective)
Note: Due to rounding, percentages may not add up to 100.
Not/somewhat/moderately likely
40
Not/somewhat/moderately likely
54%
Extremely/very likely46
Respondents who considertheir programs more effective
Base = Executives at companies with both ERMand performance management programs
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 11
Many of the “effective ERM” organizations are already
using risk assessment data in their planning processes
(Chart 10). For example, 46 percent of executives from
these organizations reported that risk data have an extensive
influence on their strategic planning, compared to 27 percent
of executives from the “less effective” group. Similarly,
when it comes to capital allocation decisions, 41 percent of
executives from organizations with effective ERM programs
said risk data had an extensive influence, compared to
23 percent of those with less effective programs.6
It makes sense that organizations with effective ERM
programs would use risk assessment data more broadly—
the more rigorous assessment of risks provided by an
effective ERM program should provide managers with a
better understanding of the risks associated with each of
their business plans, including mitigation strategies. The
survey results also make clear that many companies, even
those with ERM programs they consider effective, have
still not taken advantage of their risk assessment
processes to improve planning and performance
management. Many organizations also fail to follow
through after their risk assessment process has been
completed. They may identify and prioritize risks, but
not improve their understanding of how each risk affects
their business objectives and the different options they
are considering to achieve them.
2 A lack of commitment from the topWhen companies integrate risk considerations into
planning, they must often change their normal operating
procedures to conduct business in a new way. This change
may involve working across traditional boundaries and
functions and the close collaboration of business unit
leaders and business planning executives with risk
management executives. The new direction may also
require changes to planning processes, including data
collection, analysis, and reporting. Such changes require
a clear commitment from the top of the organization
about the importance of effective risk management.
Determiningrisk mitiga-
tion strategies
Strategicplanning
Capitalallocation
New productor service
development
Operationalplanning orforecasting
Investmentdecisions
Quality/Six Sigmaprocess
Improvingcommuni-cation to
board andstakeholders
Productpricing
M&A orpost-mergerintegration
000000000
71%
58%
27
41 40 39
23
39
8
Chart 10
Rating the extent of the influence of risk assessment data
Results are for those who responded that the influence of risk assessment data is “extensive.”
Annualbudgetprocess
Individualperformanceevaluations
23
3336
3027 25 23
12
21 20
32
94
Base = Executives at companies with both ERM and performance management programs
Extremely/very effective ERM Not/somewhat/moderately effective ERM
46
0
20
05
8
Customerservice
manage-ment
Managementscorecards
6 See the profiles of a not-for-profit healthcare system (page 21) and a globalpharmaceutical company (page 22) in the case study section for examples of how the incorporation of risk data can influence capital allocation.
-
Survey participants were asked how much emphasis
the leadership of their organizations gave ERM, and
approximately half said it was a “high” priority for
their board of directors (48 percent) and their senior
management (54 percent) (Chart 11).
Those executives whose top leaders and boards indicated
that risk management was a high priority were also more
likely to say that their companies would increase the use of
risk assessment data in planning during the next 12 months.
(See Chart 12 for a comparison of the results based on
board priorities.)
12 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
Highpriority48
Chart 11
How much of a priority is ERMfor your senior management
and board of directors?
Not a/moderatepriority
52%
Not a/moderatepriority
46
Highpriority54%
Board of directors
Senior management
Base = Executives at companies with both ERMand performance management programs
Extremely/very likely
72%
Chart 12
How likely is your company toincrease the influence of risk
assessment data on key planningprocesses over the next 12 months?
Not/somewhat/moderately likely
28
Not/somewhat/moderately likely
64%
Extremely/very likely36
Companies where ERMis a high priority for the board
Base = Executives at companies with both ERMand performance management programs
Companies where ERMis a low priority for the board
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 13
Other results from the survey indicate that senior man-
agement commitment to ERM and effective risk practices
are highly correlated. As seen in Chart 13, executives
from organizations in which ERM is a high priority for
senior management and their boards were much more
likely to say their programs are “extremely” or “very”
effective at the corporate level. While the relative levels
were somewhat lower, this same pattern was true at the
business unit level.
3 The need for more sophisticated performance metricsFew organizations use risk-adjusted metrics when
assessing performance. Commonly used measures such
as quarterly earnings, earnings per share, and return on
investment (ROI) don’t incorporate the underlying level
of risk or volatility involved. A 2007 report by KPMG
estimated that 80 percent of the Fortune 500 nonbanking
organizations relied on performance indicators—return on
assets (ROA) or return on equity (ROE)—that do not take
risk into account.7 There is a significant potential, however,
for companies to use their key risk indicators (KRI) to
improve their key performance indicators (KPI).
Among the organizations surveyed for this report, only
34 percent employ risk-adjusted return on capital at the
corporate level, and 28 percent use risk-adjusted capital
allocations. At the business unit level, even fewer employed
these metrics—only 21 percent used risk-adjusted return on
capital and 19 percent used risk-adjusted capital allocations.
Risk-adjusted performance metrics explicitly link risk and
performance management. Performance cannot be fully
understood and managed without factoring in the level of
risk. Risk-adjusted performance metrics can provide
insight into how much risk managers are taking to achieve
certain objectives. Roughly three-quarters of the executives
said that one of the challenges they faced in integration
was that their risk measures are not compatible with the
metrics used in planning, while over two-thirds said they
lacked the skills to integrate risk assessments into their
planning processes (Chart 6 on page 9). Managers have
often used a “gut-feel” approach to assess risks to an
investment or a new project and have simply assigned
higher capital hurdle rates to riskier projects.
0
10
20
30
40
50
60
70
80
Companies withsenior managementwho do not considerERM a high priority
Companies withsenior management
who consider ERM a high priority
Companies withboards who donot consider
ERM a high priority
Companies withboards who consider ERM a high priority
65%
42
20
39%
18
29
79%
43
22 21%
13
25
At the corporate level At the process levelAt the business unit level
Results are for respondents who said that ERM is “extremely” or “very” effective.
Base = Executives at companies with both ERM and performance management programs
Chart 13
Rating ERM effectiveness throughout the business(high priority versus low priority)
7 “Protecting Capital through Risk-Adjusted Performance Measures,” KPMG,December 2007.
-
Of course, organizations do not have to wait until they
have a sophisticated model to bring performance and risk
metrics together. It is possible that an instinctive feel
about risk levels may trigger appropriate conversations
about how to connect risk and performance management
and the resources needed for mitigation. Those additional
needs should be considered when calculating the risk-
adjusted return of specific investments. More sophisti-
cated metrics can be developed once managers have a
better feel for the benefits that integration can provide.
Another factor may be that organizations have always
used financial metrics to measure their performance.
Since financial metrics tend to be backward looking,
more companies are now employing programs such as
balanced scorecards that incorporate nonfinancial
measures of such areas as employee skills, the quality and
efficiency of business processes, and customer satisfaction.
Nonetheless, organizations continue to rely too heavily
on financial performance measures. When asked about
top challenges to applying risk management data,
75 percent of the executives said that financial measures
are privileged over nonfinancial measures. Roughly two-
thirds of executives felt that difficulties in developing
qualitative measures to assess hard-to-quantify risks
are an obstacle to the wider application of risk data.
(For both results, see Chart 6 on page 9.)
Almost three-quarters of respondents (72 percent) said
that the inability of their IT systems to provide relevant
data in a timely fashion is a major challenge to integration
(Chart 6). However, some fundamental steps must be taken
to build ERM within an organization before developing
sophisticated metrics. A risk inventory and the right risk
infrastructure provide the foundation for an effective
ERM program. Risk-adjusted performance metrics do
eventually require a robust risk and performance manage-
ment IT infrastructure, which would include a central
data repository and a reporting and analysis system.
14 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
Performance management is often seen as a way to alignindividual objectives with business objectives, and it iscommonly used as an element in the evaluations of individualmanagers and as a guide for setting compensation. However,since few performance management programs use risk-adjustedmetrics, there is the danger that executives will be encouragedto take excessive risks in order to boost the results of theperformance metrics used to evaluate them as individuals. As the current financial crisis has made clear, many financialexecutives pursued strategies using derivatives and structuredproducts without sufficient regard to the risks involved. Theywere often amply rewarded based on short-term returns thatmasked excessive longer-term risks.
Only 8 percent of the executives at organizations with ERMprograms said that one of the objectives was to align risktaking with executive compensation (Chart 1 on page 5).Organizations with effective ERM programs, however, appearto be taking some advantage of their risk assessments toimprove the performance evaluation process—68 percent ofthese executives said risk assessments had a “partial” or“extensive” influence on individual management evaluations,compared to only 46 percent of executives at organizationswith less effective ERM programs (Chart 14).
Making the Link to CompensationChart 14
Does risk assessment influenceindividual management evaluations?
Companies with extremely/very effective ERM
Base = Executives at companies with both ERMand performance management programs
Companies with not/somewhat/moderately effective ERM
Extensiveinfluence4
No influence32
Partialinfluence64%
Extensiveinfluence8
No influence54%
Partialinfluence38
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 15
A s might be expected from the survey results, companiesthat want to meld their ERM and performancemanagement practices must often do so without a detailed
example to follow. Still, while practices may not be
codified, organizations looking to improve the value
of their ERM program and the effectiveness of their
performance management can take the following steps.
1 Evaluate current risk management and performancemanagement practices Have they stopped providingvalue? Are they primarily focused on compliance or
reporting? If so, consider restructuring these programs
to provide better information to manage the business.
2 Educate management on the need to integrate ERMand performance management ERM can provideinsight into risks that may prevent companies from
meeting objectives and help businesses avoid investments
or projects that don’t provide adequate risk-adjusted
returns. At the same time, ERM tools can also be used
to identify business opportunities and understand their
risk and reward tradeoffs.
3 Reconsider the goals and purpose of the ERM programFor many organizations, the ERM program has become a
de facto risk assessment program with limited effective
outputs to guide decision making. Organizations should
consider the information they provide, how that informa-
tion is used, who receives the information, and what
processes it informs. If it merely creates an annual heat
map presented to management and the board and the
10K elements, it is probably of very limited value.
4 Keep risk thinking front and center Risks should be partof the discussion for both strategic and operating plans.
Consider both enterprise and business unit risks when
planning to help focus attention on how unforeseen events
could affect those plans. Understanding where the risks
are and openly sharing them can help managers identify
and attract the resources needed to mitigate risks.
5 Select a recurring and ongoing business processBuild risk assessment and risk management into the
chosen process (such as capital allocation or new product
launch). Consider the risk assessment process and the
data captured. As a starting point, define and map the risk
assessment process, redesign the forms and templates to
capture information supporting the process and business
initiative, and ensure that the effort to assess and rank risks
is the same as the performance measures for the initiative.
6 Link key risk indicators (KRIs) to key performanceindicators (KPIs) Organizations in which seniormanagement focuses on KPIs to understand how the
business is performing can use specific KRIs to
understand the source and scale of deviations from
expected performance.
7 Integrate ERM into human resources practicesCorporate performance ultimately depends on individual
performance. A focus on human capital risks can help
managers understand links to key process risks. If an
organization doesn’t have people with the right skills to
perform key processes, this human capital risk directly
affects these key processes. In addition, building good
risk management practices into individual scorecards and
incentive compensation can go a long way to legitimize
the integration of performance management and ERM.
First Steps toward Integration
-
I n recent years, as people, processes, and systems havebecome more interconnected and interdependent, thenature of enterprise risk has been transformed. Risk that
was once easily fenced inside a business unit has become
part of larger systems and more difficult to address using
traditional siloed approaches to ERM. This issue has
been demonstrated by crises in virtually every industry—
from counterparty risk in financial services to a lack of
transparency and accountability in the supply chains that
produce food and consumer products. Such crises can
undermine or derail enterprise performance.
All of these forces have made the creation of more
integrated approaches to ERM more imperative. These
new approaches should provide the tools needed to
standardize risk management across an organization,
enable an enterprise view of risk across businesses, and
inform a strategy that not only seeks to limit enterprise
risk, but also to better understand how to take advantage
of enterprise opportunity.
The key to advancing “smarter” ERM is to create an
approach that integrates insight and data, applies analytics,
monitors the effectiveness of risk management actions,
and provides governance with insights into risks and how
to manage them effectively. Maintaining a line of sight
from analysis to actions to metrics and back again also
builds business acumen.
OverviewIBM sets clear performance expectations, starting with the
development of the company’s long-term strategies under
the oversight of the board of directors. These strategies are
translated into specific goals and performance objectives
by senior management for each of the company’s businesses
and globally integrated functions. These are communicated
throughout the organization and in employee personal
business commitments (PBCs) for the year.
Once objectives are set and communicated, processes
are put in place to measure performance and execution
and identify strengths and weaknesses. These assessments
drive PBC performance, pay, and eligibility for advance-
ment. Each business unit and geographic leader understands
how his or her operation contributes to overall corporate
performance. Senior executives track performance metrics
rigorously to ensure that the company is meeting its
strategic and operating objectives. Accountability for
performance is a critical contributor to IBM’s success,
and executive compensation is closely tied to the
achievement of objectives.
IBM’s business units have long been held accountable
for managing business risk as part of their end-to-end
accountability and performance management. To further
enhance the ability to meet its objectives, IBM began
ERM in late 2006 by expanding the risk-assessment view
across organizations and value chains.
ERM is something many companies only implement
formally after a failure in their processes becomes public.
For IBM, ERM was a natural evolution of its management
system, which values a more systematic, transparent
approach to risk as a way to improve business performance.
The company is launching an ERM scorecard in 2009
that should enable ERM to more fully integrate risk
management activities and oversight into the company’s
regular management systems. This scorecard will allow
business unit leaders, senior management, and ERM
leaders to use a common approach to apply ERM within
and across the businesses. These ERM tools and processes
will help management better identify and mitigate
unacceptable risks, but they will also better clarify risk
tolerances and appetites for further investment.
16 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
IBMHow an ERM Scorecard Can Help Drive Performance
Case Study
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 17
The ERM ScorecardInitially, this self-assessment tool will allow each senior
vice president to score his or her business area and will
allow the ERM team to validate the scores with the
business unit risk managers at a more detailed level. This
tool has been crafted to eventually be used more broadly
throughout the organization and to be validated by an
internal audit review. Because this self-assessment
scorecard introduces a standardized way of approaching
and reporting risk oversight practices, all the risk
management activities can be aggregated to provide an
enterprise-wide view.
There are three primary gauges of ERM progress:
1 Progress on the journey2 Integration into strategy development and plans3 Integration into the management system
The scorecard contains four main areas for evaluation:
1 The definition and execution of ERM roles andresponsibilities
2 Active engagement in managing applicable enterprise-level risks
3 Informing strategies for growth4 Operationalizing risk management in execution plans
and the management system
The scorecard provides the ERM steering committee with
a measure of progress across the enterprise, as well as
pockets of good practices and areas that need encourage-
ment or assistance. By tying risk management to strategic
and operational planning processes, IBM executives will
increase transparency and awareness at both the business
unit and the overall enterprise levels. While risk aware-
ness is “nice to have,” putting that insight into use by
taking action to handle risks effectively is the critical
payoff from ERM. Handling risks effectively includes the
ability to capitalize on the opportunities these risks might
present to the organization. The scorecard helps to
determine whether content is being developed that can
illuminate areas with the potential to further leverage the
scale and scope of IBM’s ability to improve performance.
Linking business unit risks and enterprise risksThe scorecard is designed to force the association of the
business units’ role in managing enterprise-level risks
with the execution of IBM’s overall strategy. This means
appropriate focus must be given to enterprise-level risks
that are particularly important to or affected by the
business, and to business-unit-specific risks that are
material at the enterprise level. Part of the expected
benefit of the ERM scorecard is that each business unit
leader better appreciates the connection between risks
at the enterprise level and the business unit level. The
self-assessment is a checklist for each senior vice
president to use to determine what is needed to improve
risk management in his or her business unit and for the
enterprise as a whole.
Getting the Right People in PlaceInitially, the scorecard will be used to establish a baseline
from which progress will be measured once a year. The
goal in 2009 is to have each business unit start the journey
by defining its ERM roles and responsibilities, then
document work underway to manage enterprise-level
risks, provide explicit analysis of risk in strategies and
execution plans, and integrate ERM into their
management systems.
When asked about whether or not they might meet
resistance, Ellen Dulberger, vice president, enterprise
risk management, noted that IBM has a culture of high
achievement, and ERM’s goal to build business acumen is
consistent with that emphasis. Risk management needs to
be sustainable, so having people inside the business with
clear responsibility and accountability for managing risk
will allow it to grow. In addition, as the connections to
performance become evident, business leaders are more
likely to invest in further strengthening of risk manage-
ment capabilities and develop a higher degree of risk
awareness within the businesses.
Each business unit has named an individual to the position
of “ERM focal point.” The focal point drives risk
management work within the business unit and engages
with the corporate ERM department. The focal point also
helps guide the risk management activities within the
business unit, including communicating with and
coaching designated risk owners, ensuring that risks are
documented appropriately in strategies and execution
plans, and overseeing the inclusion of risk management
effectiveness in the management system. The right person
for this role has a deep operational understanding of the
business and the confidence of executives, so that he or
she can influence the right behaviors and, if necessary,
engage the senior vice president immediately.
-
Integration into strategies and execution plansAt IBM, there are two forums for explicit consideration
of risk in strategy formulation:
1 An annual spring strategy cycle that includes the formalsubmission of a spring strategy document (with required
elements) by each business unit and a discussion between the
senior vice president and the CEO about the submission.
2 Timely discussions on the agendas of the strategy team betweenbusiness leaders when they develop new strategies with
enterprise-level importance or enterprise-wide implications.
Members of the strategy team include the CEO and a group
of senior executives.
Preparations for managing execution risks associated with
the strategies laid out in the spring are formally part of the
operational planning and budget cycle, which takes place
in the fall.
The scorecard documents risk in the spring strategy
submissions, the discussions of the strategy team, and
plans to take operational risk management actions. Each
business is expected to have plans to manage risk as part
of its operating plan and a way to clarify risk management
actions that are collaborative with other parts of this
complex organization.
Long-Term Risk Management CapabilityBuilding long-term risk management capability requires
integration into the regular operations of business unit
management systems. The second major section scores
key attributes of capability maturity:
• identifying and ranking risks, of which the most important areformally discussed as part of the regular management system;
• monitoring risk management effectiveness and feedback toactions and insights; and
• discussing risks associated with the business context: executionof IBM’s strategy, changes in the external environment, andpursuit of new initiatives and activities.
Uwe Kuehne, director of enterprise risk management,
notes, “These measures will allow the ERM team to
understand where business units are strengthening their
business management capabilities through more explicit
consideration and focus on risk, and to share insights into
the practice of risk management and the specific insights
produced by that practice.”
The scorecard may change over timeWhile the scorecard allows the business unit leaders to
see their progress to date, items that explicitly gauge
attributes of greater sophistication and maturity may be
added. Ultimately, the scorecard will include evidence
of whether risks have been managed in a way to reduce
either likelihood or impact, which will then be turned
into an upside opportunity for the business.
How the ERM ScorecardLinks to PerformanceIBM executives have been clear from the start that ERM
was established to help drive performance. While most
companies focus on limiting the downside that risks
present, IBM wants to use ERM as a way to help leverage
risk acceptance to enable growth while addressing
hazards. Recognizing that there are risks inherent in
new activities, considering those risks and preparing
to manage them is fundamental. “Businesses miss out
on the upside value that ERM can provide if they are
only looking at half of the equation,” Dulberger says.
“For example, there are risks associated with business
opportunities in new geographic markets and developing
and delivering new products and services. Considering
those risks and preparing to manage them help make us
more likely to achieve growth and economic return.”
By building ERM into the management system rather than
adding an additional layer of bureaucracy, the company
can focus the intent and actions of risk activities and
capabilities on improving business decision making. The
scorecard, in essence, creates a common language around
risk and risk management at IBM and is a tool to enhance
risk awareness and communications.
Like most companies, Dulberger says, one of the
challenges is to develop both the “art and science of risk
understanding.” It is clear that ERM requires a clear line
of sight encompassing risk identification and analysis,
risk management effectiveness metrics, and feedback as
part of a continuous learning process to get smarter about
managing risk. For IBM, better business outcomes
through effective risk management are the goal.
18 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 19
A n international metals company wanted to determinethe economic feasibility of increasing its equityposition in a firm that held the exploration and develop-
ment rights to a large mining project. But, given the large
scale and scope of the initiative, the executive team became
concerned about the project’s potential environmental
impact. The executive team, therefore, needed a risk
assessment methodology that could quantify how
environmental risks could affect the project’s financial
projections. The company had already conducted an
internal assessment of critical environmental risks, but
this evaluation had not linked those risks to assumptions
about the project’s economics and what return on
investment the project would offer.
The methodology the company eventually developed
included a combination of objective and subjective analytic
techniques that the executive team used to quantify a defined
set of key environmental risks and risks of failures in
design components. The benefits of this methodology
included an improved ability to determine the factors that
would drive environmental risk, quantify the impacts of
an environmental risk event, and estimate the likelihood
and impact of these drivers and events. In some instances,
the company could draw on historical data to estimate
potential losses and their probabilities; in other scenarios,
it had to rely on the knowledge and experience of internal
experts to estimate losses.
This analysis led to the development of a stochastic model
to quantify the joint probability and impact of the risks
identified. The analysis also delineated the overall impact
that each key environmental risk could potentially have on
the project’s net present value, which enabled the company
to score and rank each risk and then focus on those risks
with the greatest potential to significantly hurt the project’s
economics and the company’s financial performance.
Ultimately, this approach helped the organization better
understand the environmental risks associated with the
mining project and their potential impact on the perfor-
mance of the investment. The approach also improved
the communication of these risks to the executive team
and the board of directors.
An International Metals CompanyAssessing Risks in Acquisitions
Case Study
-
T o achieve its ambitious growth objectives, a globalfood products manufacturer concluded that itsbusiness units needed to assume greater risks and pursue a
wider range of opportunities. The executive management
team decided to broaden its risk management focus
beyond financial and hazard-related risks to include
operational and strategic goals such as the expansion into
emerging markets, new product categories, and public
concerns over health and obesity. The company needed to
expand the rigor and sophistication of its strategic and
operational planning methods so the organization could
better understand the likelihood and potential impacts of
risks on corporate performance.
The initial step was the development of a consistent
strategic risk assessment methodology to facilitate risk
reporting around each business unit’s achievement of its
operating plan. This framework includes a management
self-assessment tool using common risk impact and
likelihood assessment scales, which are presented in a
clear reporting template. This methodology leveraged
existing planning processes and resources rather than
adding additional layers of bureaucracy and management
reporting. The risk assessment was designed to be “baked
in” to the existing annual planning process to develop
widespread support and, most important, ensure that the
risk information was directly related to each unit’s
business plan.
Based on pilot tests in three of the company’s largest,
most global business units, business unit management
teams felt the risk assessment process could give them
the ability to evaluate the risks and mitigation efforts
surrounding the execution of their operating plans with
minimal intrusion on their day-to-day responsibilities.
By leveraging the existing strategic planning and quarterly
reporting processes, the risk assessment methodology
allows senior managers to forecast unit performance more
accurately, achieve alignment of key objectives and their
related risks, and gain a holistic view of emerging strategic
risks across all business units. As a result of the risk
assessments, management modified certain performance
objectives and strategies based on a better understanding
of the risks and opportunities within their markets.
The strategic risk assessment is now a core element of
the company’s annual planning process. The information
gained from these assessments is reported to global
executive management along with each business unit’s
annual plan and performance forecast, which enables
management to have a clear and explicit discussion of
risks and their potential impact on the company’s
performance goals.
20 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
A Global Food Products ManufacturerIntegrating Risk Management into Strategic Planningand Operational Forecasting
Case Study
-
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 21
A not-for-profit healthcare system serving over 1.5million consumers wanted to develop a decision-making model to better manage its changing risk profile,
which is driven by such factors as rapid growth, increasing
indigent care responsibilities, medical staff shortages, and
the advent of consumer-directed healthcare.
The organization developed an ERM process that
included clear methods for risk identification, assessment,
risk response planning, and ongoing follow-up, monitoring,
and reporting. The organization also put in place a clear
governance structure with a team dedicated to the integra-
tion of ERM into selected decision-making processes.
The primary objective was to identify and understand all
the risks that could affect the outcome and performance
of strategic initiatives. For example, the organization
believed it had an effective capital allocation process, but
this process primarily relied on an analysis of financial
data and pro forma projections. It did not integrate such
events and risks as competitive factors, construction
delays, human resource issues, and the challenges of
integrating information technology.
The ERM process was first integrated into the construction/
capital allocation process. After the organization mapped
and defined its capital allocation/construction process, it
identified where the ERM process could best be integrated.
(The mapping process also highlighted a number of
inconsistencies and opportunities for improvement.)
During a full-day facilitated workshop, the organization
drew on a cross-functional group of managers to identify
risks to current construction projects, underlying risk
drivers, and the organization’s capabilities to manage
those risks. This qualitative management self-assessment
process led the organization to identify more than $350
million in projects that were not well coordinated. Human
resources, IT, equipment procurement, clinical risk
management, and other functions were not working
together to ensure their responsibilities would be
completed prior to commissioning the projects.
Rather than employ a complex quantification model, the
company successfully drew on the following features:
• A clearly-defined and consistent methodology to identify, assess, and prioritize risks.
• A detailed mapping of decision-making processes to identifywhere and how to embed ERM.
• A cross-functional team of internal subject matter expertsthat provided a 360-degree perspective on the risks affectinginvestment.
• A focus on linking identified risks to the underlying assumptionsregarding the performance of the investment (e.g., when eachbuilding would come on line, assumptions regarding servicevolumes, and staffing levels).
• Responsiveness of senior executives to the issues identified.
Based on this assessment of the construction process, the
organization was able to put in place revised procedures
to help manage the risks identified and recalibrate projec-
tions for construction projects and associated new services.
A Not-for-Profit Healthcare SystemLinking Risk Analysis to Capital Planning
Case Study
-
A global pharmaceutical company wanted to improveits capital allocation process by integrating a risk-based analysis of its business units. In addition, the
organization regularly considered acquisition opportunities.
An effective risk-return evaluation process was required
to support strategic planning and large capital decisions.
Their selected approach was based on the view that
organizations consist of a portfolio of business units,
regions, product lines, projects, and investment options,
each of which has its own risk and return profile. Long-
term value creation is driven by successfully allocating
capital between these portfolio entities to optimize the
overall portfolio’s risk-return position.
As a starting point, the organization established a means
to determine the volatility of return on capital for each
business unit. This was based on such factors as an
analysis of key risks, quantitative measures for each risk
drawn from historical data, peer benchmarks, subject
matter expertise, quantification of the volatility of key
financial metrics within each unit, and the determination
of correlations between risks.
This information was then built into a dynamic portfolio
model. The model inputs include the organization’s
current capital mix and constraints, expected returns and
growth over three to five years, the volatility of return on
capital, and risk correlations determined through the risk
assessment. The model outputs include a risk-return efficient
frontier for the current asset portfolio and a dynamic
model of the portfolio from a risk-return perspective.
The portfolio approach provides the company with the
following benefits:
• The ability to understand the risk and reward trade-offs acrossthe portfolio.
• Increased transparency of decision making through a moreconsistent evaluation of all business units and options.
• A systematic way of including different types of risk into thedecision-making process.
• Analysis of the correlation and diversification effects of theorganization’s different businesses and investment options.
• A process to identify and prioritize the portfolio entitieswhose growth will improve the overall risk-return positionof the company.
• Better understanding of “risk-adjusted value creation”and trade-offs among investment options.
• A risk-adjusted view that complements the traditional strategic planning processes.
22 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board
A Global Pharmaceutical CompanyDeveloping a Risk-Based Portfolio View
Case Study
-
About the SurveyThe Conference Board surveyed 97 senior corporate executivesduring the summer and fall of 2008. Of this survey population,87 percent are from companies with a formal ERM program, 70 percent are from companies with a performance managementprogram, and 57 percent are from companies with both systems.When the respondents are divided by location of company head-quarters, 72 percent are from companies headquartered in theUnited States, 24 percent are from Western European companies,and 3 percent are from companies headquartered in otherlocations. In terms of revenue, 36 percent are from companieswith $10 billion or more, 46 percent are from companies with$1 billion to less than $10 billion, and 18 percent are fromcompanies with less than $1 billion in annual revenues.
AcknowledgmentsThe authors wish to acknowledge the following people: Alex Wittenberg and Lucy Nottingham of Oliver Wymanfor their direction and support of the research. The authors also wish to thank Prodyot Samanta for his contribution to theresearch, and Henry Silvert, Judit Torok, Wennie Lee, TimothyDennison, and Steve Petrie for their work to put all of the piecestogether. The authors also wish to thank Ellen Dulberger, UweKuehne, and Chris Sam for their input. We thank Oliver Wymanfor its financial and intellectual capital contribution to this report.
About the AuthorsEllen Hexter has led The Conference Board’s work in enterpriserisk management, developing research and executive programson enterprise risk management. She currently manages sevencouncils at The Conference Board, including the European andU.S. Strategic Risk Councils, the Corporate Governance andRisk Management Council — India, and the Council of FinancialExecutives. She has managed The Conference Board’s researchon ERM and is the co-author of Managing Reputation Risk andReward report and Assessing the Climate in Enterprise RiskManagement in India. Hexter is the author of Risky Business:Is ERM Losing Ground? as well as co-author of From RiskManagement to Risk Strategy, and From Risk Management toRisk Strategy: Mid Market Companies. She has workedextensively with The Conference Board’s Global CorporateGovernance Research Center since its inception and is theco-author of its report, The Role of U.S. Boards of Directors inEnterprise Risk Management and Strategic Oversight. Hexter is afaculty member of The Conference Board’s Directors’ Institute.
Hexter received an A.B. from the University of Michigan and aM.B.A. from Cleveland State University. After receiving herM.B.A., Hexter worked as an equity securities analyst for Cowen& Co. and Deutsche Bank in New York. Her career on Wall Streetincluded positions as a corporate credit analyst and a mergersand acquisitions specialist. She is a Chartered Financial Analystand serves as an arbitrator for the Financial Industry RegulatoryAuthority. Hexter chairs the Board of Ethics of New Castle, NewYork and is a member of the board of the Chappaqua SummerScholarship Program.
Daniel Sandy Bayer is president of Bayer Consulting and has 20years’ experience conducting research projects for corporationsand non-profit organizations. He has conducted research forclients on a variety of industry issues in financial services,manufacturing, technology, media, consumer products, and realestate, as well as on cross-industry topics such as corporatereputation, taxation, litigation, mid-market enterprises, andemerging market investment. Before founding Bayer Consultingin 1996, his previous positions included vice president of theNew York City Partnership and Chamber of Commerce, and chiefof staff to the Deputy Mayor for Finance and EconomicDevelopment in New York City.
Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 23
About This Report
-
To Order Publications, register for a meeting, or to become a member:
benefits for members
free reports Download publications free of charge. Find this research report at www.conference-board.org/buildingriskawareness
go paperless Update your member preferences to receive reports electronically. Just login to your account and click Review Your Preferences.
personalize your preferences and get the information you want. Specify your areas of interest and receive only those publications relevant to you. Change your preferences at any time and get the valuable insights you need delivered right to your desktop.
Onlinewww.conference-board.org
Phonecustomer service at 212 339 0345
Related Publications from The Conference Board
Managing Reputation Risk and RewardResearch Report 1442, 2009
Risky Business: Is Enterprise Risk Management Losing Ground?Research Report 1407, 2007
Emerging Governance Practices in Enterprise Risk ManagementResearch Report 1398, 2007
© 2009 by The Conference Board, Inc. All rights reserved. Printed in the U.S.A. ISBN No. 0-8237-0958-2The Conference Board® and the torch logo are registered trademarks of The Conference Board, Inc.
http://www.conference-board.org
-
The Conference Board, Inc.845 Third AvenueNew York, NY 10022-6600United StatesTel +1 212 759 0900Fax +1 212 980 7014www.conference-board.org
The Conference Board ChinaBeijing Representative Office7-2-72 Qijiayuan, 9 Jianwai StreetBeijing 100600 P.R. ChinaTel +86 10 8532 4688Fax +86 10 8532 5332www.conference-board.cn (Chinese)www.conference-board.org (English)
The Conference Board EuropeChaussée de La Hulpe 130, box 11B-1000 Brussels BelgiumTel + 32 2 675 5405Fax + 32 2 675 0395www.conference-board.org /europe.htm
The Conference Board Asia-Pacific22/F, Shun Ho Tower24-30 Ice House Street, CentralHong Kong SARTel + 852 2804 1000Fax + 852 2869 1403www.conference-board.org /ap.htm
The Conference Board of Canada255 Smyth RoadOttawa, Ontario K1H 8M7CanadaTel +1 613 526 3280Fax +1 613 526 4857www.conferenceboard.ca
www.conference-board.org
The Conference Board MissionThe Conference Board creates and disseminates knowledge aboutmanagement and the marketplace to help businesses strengthen theirperformance and better serve society. Working as a global, independentmembership organization in the public interest, we conduct research,convene conferences, make forecasts, assess trends, publishinformation and analysis, and bring executives together to learn fromone another. The Conference Board is a not-for-profit organization and holds 501 (c) (3) tax-exempt status in the United States.
For more information, visit:
http://www.conference-board.orgwww.conference-board.cnhttp://www.conference-board.orghttp://www.conference-board.org/worldwide/europe.cfmhttp://www.conference-board.org/ap.htmwww.conferenceboard.cahttp://www.conference-board.org