research report building risk awareness into performance: integrating … · 2020. 8. 5. ·...

research report

Building Risk Awareness into Performance:Integrating ERM and Performance Management

Trusted Insights for Business Worldwide

http://www.conference-board.org

Building Risk Awareness into Performance:Integrating ERM and Performance ManagementRESEARCH REPORT R-1448-09-RR

by Ellen S. Hexter and Daniel Sandy Bayer

contents

3 Executive Summary

5 Planning at the Crossroads of ERM and Performance Management

15 First Steps toward Integration

16 Case Studies

16 IBM

19 An International Metals Company

20 A Global Food Products Manufacturer

21 A Not-for-Profit Healthcare System

22 A Global Pharmaceutical Company

23 About This Report

Oliver Wyman provided sponsorship for this report.

With more than 2,900 professionals in over 40 cities around the globe, Oliver Wymanis an international management consulting firm that combines deep industry knowledgewith specialized expertise in strategy, operations, risk management, organizationaltransformation, corporate finance, and leadership development. The firm helps clientsoptimize their businesses, improve their operations and risk profile, and accelerate theirorganizational performance to seize the most attractive opportunities. Oliver Wymanis part of the Marsh & McLennan Companies [NYSE: MMC].

To learn more, please visit www.oliverwyman.com

www.oliverwyman.com

Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board 3

E nterprise risk management (ERM) and performancemanagement are two complementary processesessential for the management of an organization. Both

disciplines are designed to support organizations’ efforts

in making decisions and meeting their goals—ERM

through the identification and management of those risks

that could affect business objectives, and performance

management through the identification and measurement

of the drivers needed to achieve results, including the link-

ing of individual behaviors to organizational performance.

Risk-adjusted performance metrics offer managers tools

that strike the appropriate balance between meeting

performance goals and achieving appropriate returns

for the risks being taken. The application of risk-based

performance management may also lead to incentives that

are more aligned with an organization’s long-term success.

The integration of risk assessment data into performance

management provides decision makers with a dynamic

analytical framework for evaluating operational strategies,

acquisitions and divestitures, and capital investments

across different business units, asset types, and risk profiles.

This combination is most valuable for strategic planning

and operating plans that have long-term consequences.

A risk-adjusted performance framework offers organiza-

tions the ability to explicitly link personal incentives with

performance objectives.

Executive Summary

Performance management

Actual and expected entity-level performance

Performance objectives for key business objectives

Tracks and manages corporate value

Measures and analyzes performance usingfinancial and nonfinancial measures

Enables shareholders to understand value drivers

Helps inform management decisions basedon firm’s performance, value drivers, andstrengths and weaknesses

Perspectives of the firm

Metrics

Value

Performance

Shareholder value

Management decisions

Optimized Corporate Performance

Illustrated Links between ERM and Performance Management

ERM

Risk-based portfolio view of company

Risk appetite

Risk tolerances

Identifies and assesses drivers of volatilityin corporate value

Uses financial and nonfinancial metricsand analytics

Allows shareholders to understandthe risks of their investment

Helps managers anticipate, prepare,and better handle unexpected events

Assists with capital allocation and optimalrisk-reward trade-offs across the organization

Copyright © 2008 Oliver Wyman

Defining Terms

Enterprise risk management (ERM) An enterprise-wideset of processes and analytical tools to identify, assess,and manage risks so that organizations can meet theirobjectives. The forward-looking nature of ERM can helporganizations anticipate internal and external risks andunderstand the risk and reward tradeoffs of their businessdecisions. Effective ERM builds risk awareness intodecision making throughout the organization.

Performance management A common set of processes,tools, and metrics used to monitor if a company, itsbusinesses, its processes, and its employees are on trackto meet their goals.

Despite these benefits, few companies have integrated

their ERM and performance management processes.

In a 2008 survey by The Conference Board of 97

senior executives, only 57 percent of the responding

organizations have both a formal ERM program and a

performance management program. Of this group, only

43 percent said that integration would be “extremely” or

“very” valuable.1 When asked if their companies would

increase their use of risk assessment data in planning

over the next 12 months, just slightly more than half of

the respondents from companies with both programs—

53 percent—said that was “extremely” or “very” likely.

Why are organizations hesitant to include risk assessment

data in their planning processes and use them when

making important management decisions? The survey

responses highlighted three important challenges.

1 The ERM program is not considered effectiveOnly 52 percent of the executives with both an ERM and aperformance management program considered their ERMprograms to be “extremely” or “very” effective at the corporatelevel, and just 30 percent rated their programs this highlyat the business unit level. But executives at companies witheffective ERM programs were much more likely to believe thatintegrating risk data into planning would be “extremely” or“very” helpful in achieving business objectives—56 percentcompared to 31 percent of executives at organizations thatdeemed their ERM programs less effective. In fact, executivesat organizations with effective ERM programs are more likelythan other executives to say that risk assessment data alreadyhave an extensive influence on management processes at their companies, specifically in strategic planning and capitalallocation. A poorly implemented ERM program provideslimited applicable information for business decision making.

2 A lack of commitment from the top Executives cited alack of management focus as one of the greatest challengesto the integration of ERM and performance management.Organizations that do integrate these practices must workacross the traditional boundaries separating functions andbusiness units to employ new metrics and revise existingprocesses. To make these changes, senior management mustmake a clear commitment to the importance of melding riskmetrics into business planning. Seventy-two percent ofexecutives at companies where ERM is a high priority for theboard of directors expected their companies to increase theuse of risk assessments in their planning processes over thenext year, compared to 36 percent of those at companieswhere ERM is a lower priority.

3 A need for more sophisticated performance metricsMany companies fail to recognize the fundamental linkbetween ERM and performance management because their applied performance metrics, such as return on assetsor return on equity, do not reflect the level of risk involved. Only 34 percent of the executives surveyed said that theircompanies use risk-adjusted return on capital at the corporatelevel, and even fewer—21 percent—do so at the businessunit level. When asked about challenges to the use of riskassessment data in planning, 73 percent of the executivesnoted that their risk measures were not compatible with theirplanning metrics. In many organizations, ERM programs arebased on relatively simple risk assessment processes—facilitated risk workshops or “risk mapping.” As a result,the ERM program provides information to help better managethe risk, but not the organization.

Current performance measures are often based on pro formaassumptions about internal performance and external events.As such, the measures do not factor the impact of risks onperformance. Current risk assessments are also typicallylimited since they may illustrate the risk impact in terms ofoverall dollar impact to the organization, but do not illuminatehow the risks will affect the critical success factors of specificstrategic goals (e.g., expansion into a new market or divestitureof a business unit).

The union of ERM and performance management is

still in the early stages for many organizations. Given

the dramatic losses suffered by some major companies

in recent years, including those during the recent financial

crisis, boards of directors and senior management will

become increasingly interested in ensuring that planning

processes throughout their organizations incorporate an

explicit assessment of risk.

As highlighted in the case studies, some organizations

have made important strides in infusing risk information

into planning processes and business decision making.

By providing executives with a better understanding of

the risks inherent in their strategic plans and better tools

to identify performance drivers, companies will become

more flexible and nimble in responding to changes in the

external environment.

4 Bui ld ing R isk Awareness in to Per formance: In tegrat ing ERM and Per formance Management The Conference Board

1 Unless stated otherwise, the survey results provided in this report arebased on the responses of executives at companies that have both ERMand performance management programs.


E nterprise risk management is designed to provideorganizations with a comprehensive approach toidentifying and managing risks that affect business

objectives. In recent years, there has been an increasing

recognition of the importance of ERM, and a series of

losses at several major corporations has led to growing

stakeholder expectations for enterprise risk management

(e.g., the inclusion of risk management assessments into

corporate credit rating assessments by Standard & Poors).

Senior management, boards of directors, and investors

also have much less tolerance for unforeseen risks.

The fact that many companies that were early adopters

have reported significant benefits—improved credit

ratings, reduced losses, and faster identification of risks—

has also made ERM more attractive.

A survey by Ernst & Young of 130 institutional investors

in 16 countries found that:

• 82 percent of executives were willing to pay a premium forcompanies that manage risk well.

• 61 percent had avoided investing in companies where riskmanagement was considered inadequate.

• 48 percent had terminated investments for this reason.2Improving the understanding and consideration of risk in

planning processes is central to the stated goals of most

organizations’ ERM programs. In the survey conducted

by The Conference Board for this report, 91 percent of

executives from companies with ERM programs cited

ensuring that risk issues are explicitly considered in deci-

sion making as a main objective, while 88 percent chose

avoiding surprises and “predictable” failures (Chart 1).

Planning at the Crossroads ofERM and Performance Management

2 “The Future of Risk Management and Internal Control,” Ernst & Young, 2008,p. 6.

Ensure issuesare explicitlyconsideredin decision

making

Avoidsurprises andpredictable

failures

Align riskexposuresand risk

mitigation/insurance

Integrate riskmanagement

in planning andcompensation

Institute morerigorous risk

measurement

Use ERM as acompetitive tool

Eliminateduplication

in riskmanagement

Communicaterisk programto investors

Align risktaking with

managementscorecards

Align risktaking withexecutive

compensation

91%88

71

6154

30 27 24 23

8

Chart 1

Critical ERM objectives

Base = Executives at companies with ERM programs

In addition, 61 percent said that the integration of risk

management into other corporate practices (e.g., plan-

ning, compensation) was a major goal. (For an example

of how the biotechnology company Amgen employs risk

tools, see the box below.) This data points to a common

recognition of the value and importance of integrating

ERM and performance management.

The Uses of Performance ManagementThe objective of performance management is to provide

metrics that organizations can use to measure progress

toward achieving their corporate goals; not simply to assess

what has been achieved, but also to assist executives when

they plan corporate strategy and to help track execution.

Many of the companies surveyed for this report said they

use performance management data as part of important

planning processes, a time when a consideration of

risk—that is to say, understanding the factors that affect

performance—is especially valuable. When asked how

their organizations use the information generated by

their performance management systems, 84 percent of

the executives from companies with a performance

management program said their organizations use these

findings in strategic planning and budgeting, while 70

percent use them during forecasting (Chart 2).


Amgen: Using Financial Risk Assessmentsto Make Investment Decisions

Amgen uses financial risk management tools to under-stand risks in manufacturing and product supply and thenevaluate mitigation options, including investments in newmanufacturing technology and plants.

The company’s operations group has developed toolsto evaluate market impact, revenue at risk, and earningsat risk by stress testing scenario analyses based on inputfrom a cross-functional group of subject matter experts.Amgen evaluates financial risk on a rolling five-to seven-year forward-looking projection. The company uses datafrom these analyses to help support judgment-basedleadership decisions by comparing risks relative to marketcapitalization, revenues, and earnings.

One of the company’s objectives for 2009 is the applicationof the same kind of risk-based analytical rigor to all of itscommercial products to ensure an uninterrupted supply ofproduct to patients.

Communicatingperformanceto the board

Strategicplanning

and budgeting

Forecasting Compensation Capitalallocation

Investmentdecisions

Acquisition anddivestituredecisions

Enhancinghuman capital

Quality/Six Sigma®

process

86% 84

70 67

53 52

3833

25

Chart 2

Uses of information from performance management systems

Base = Executives at companies with performance management programs


What Are the Benefits of Integration?It seems natural that performance management should

explicitly consider the risks that could prevent an organi-

zation from achieving its business objectives or that could

be capitalized on to improve performance. The rationale

is especially compelling when it comes to plans with a

long-term horizon, such as large capital projects or other

material shifts in strategy. Any argument for integration,

however, has to demonstrate that risk management practices

actually add value or drive improved performance. (One

example of a company that has made this connection is

IBM, which has actively integrated risk management into

its planning processes and developed an ERM scorecard

that all senior vice presidents started using in 2009 to

assess and address risks in their planning processes.3)

Only 43 percent of the executives at organizations with

both ERM and performance management programs

thought it would be “extremely” or “very” helpful to

include risk assessment and measurement data into key

planning processes and management decisions (Chart 3).4

When they were asked if the influence of risk assessment

data on planning would increase over the next 12 months,

53 percent of these executives said it was “extremely” or

“very” likely (Chart 4). The gap between those who believe

that risk data would be helpful in planning (43 percent)

and those who are likely to experience a greater influence

of risk data (53 percent) may stem from skepticism about

the effectiveness of existing ERM programs. Boards of

directors, in particular, are asking for a more complete

risk profile, which may drive the increasing influence of

risk data.

Extremely/very helpful43

Chart 3

How helpful is the inclusion of risk assessment/measurement data into key planning to the

achievement of business objectives?

Base = Executives at companies with both ERMand performance management programs

Not/somewhat/moderately helpful

57%

Extremely/very likely53%

Chart 4

How likely is your organization to increase theinfluence of risk assessment data on key planning

processes over the next 12 months?


Not/somewhat/moderately likely

47

3 For more information on IBM’s program, see “How an ERM Scorecard CanHelp Drive Performance” on page 16.

4 Unless stated otherwise, the survey results provided in the remainder of thereport are based on the responses of executives at organizations that haveboth ERM and performance management programs.

A considerable number of executives who said their

companies were “extremely” or “very” likely to increase

the integration of ERM and performance management

also said that doing so would yield a number of important

benefits (Chart 5). The top ranked benefits include an

improved understanding and management of key risks to

corporate value (89 percent) and an increased ability to

meet strategic goals (73 percent). Response rates were

lower for executives at companies that did not expect to

increase integration. For these executives, the only quality

that garnered broad approval was the ability to understand

and manage key risks (70 percent). One attribute that both

sets of executives agreed on was the need to improve

communication to stakeholders, which 46 percent of both

groups said was “extremely” or “very” important.


Understandand managekey risks to

corporate value

Increasedability

to meet strategic

goals

Improvecorporate

performance

Increasedprofitability

Improvecapital

allocation

Align riskmanage-

ment with managementscorecards

Increasedmanagementaccountability

Improvecommuni-cation of

performanceto stakeholders

Improveperformancethrough more

rigorousmetrics

Align risktaking withexecutive

compensation

89%

70% 73

50

67 6558

41

50

14

Chart 5

Objectives for the integration of performance management and ERM

Results are for respondents who responded that the objective is “extremely” or “very” important.

Reducedearningsvolatility

More accuraterisk-adjusted

pricing

30

38 36

50

36

46 4639 38 37 36

3023

4

Base = Executives at companies with both ERM and performance management programs

Extremely/very likely to integrate Not/somewhat likely to integrate


The Three Main Obstacles to IntegrationGiven these potential benefits, why aren’t more organiza-

tions with both ERM and performance management

programs focusing on integrating these two functions?

Respondents pointed to a number of challenges (Chart 6),

including a lack of understanding about how to integrate

their ERM and performance management activities

(90 percent) and an inability to provide the effort required

(83 percent). The research also revealed three more

specific obstacles.

1 The ERM program is not considered effectiveOne of the key impediments to a broader use of risk

assessment data in planning is that many ERM programs

are not considered particularly effective or seen to add

value to the company. Only 52 percent of executives

considered their risk programs “extremely” or “very”

effective at the corporate level, and responses were even

lower at the business unit (30 percent) and process

(25 percent) levels (Chart 7).

Past studies by The Conference Board have also found

that ERM has gained more traction at the corporate level

than at the business unit or process level.5 Such results

may be an indication that most organizations still have

fairly immature ERM programs that are not integrated

into day-to-day business practices. Since much of business

planning and objective setting takes place within individ-

ual business units, this lack of progress in integrating risk

data into planning may reflect executives’ belief that their

ERM programs are not sophisticated enough to provide

significant value.

Lack ofunderstanding

of how tointegrate

Lack ofmanagement

focus onintegration

Effort required

Emphasis onfinancialover non-financial

measures

Risk measuresnot compat-

ible with metrics usedfor planning

IT systemsdo not supporttimely gener-ation of data

Lack ofskills to

integrate riskassessments/

measures into planning

processes

Little abilityto developqualitative

measures for hard-to-quantify

issues

90% 89

53

Chart 6

Challenges to the integration of risk management datainto key planning processes/management decisions

Management does not

valueintegration


Major challlenge Moderate challenge

37

58

31

83

54

29

75

50

25

73

58

15

72

43

29

69

49

20

69

50

19

67

42

25

62

48

14

59

44

15

Weak linkbetweenstrategic

objectives andperformance

measures

Lack of skillsto developeffective

risk assess-ments/

measures

52%

Chart 7

Rating ERM effectivenessthroughout the business


Results are for respondents who rated their ERMpractices “extremely” or “very” effective.

0

10

20

30

40

50

60

At theprocess

level

At thebusiness unit

level

At thecorporate

level

3025

5 See Ellen S. Hexter, Risky Business: Is Enterprise Risk Management LosingGround? The Conference Board, Research Report 1407, 2007.

Respondents who rated their ERM programs either

“extremely” or “very” effective were more likely to see

the value of increasing the integration of risk data than

organizations who gave their programs lower marks

(Chart 8).

Executives from companies with effective ERM pro-

grams were also more likely to indicate that it was

“extremely” or “very” likely that their organizations

would increase the influence of risk data in planning

in the next year (Chart 9).


Respondents who considertheir programs less effective

Extremely/very helpful56%

Chart 8

How helpful is the inclusion ofrisk assessment/measurementdata into key planning to the

achievement of business objectives?(more effective versus less effective)



44


69%

Extremely/very helpful31

Respondents who considertheir programs more effective

Respondents who considertheir programs less effective

Extremely/very likely59%

Chart 9

How likely is your company to increasethe influence of risk assessmentdata on key planning processes

over the next 12 months?(more effective versus less effective)

Note: Due to rounding, percentages may not add up to 100.


40


54%

Extremely/very likely46

Respondents who considertheir programs more effective



Many of the “effective ERM” organizations are already

using risk assessment data in their planning processes

(Chart 10). For example, 46 percent of executives from

these organizations reported that risk data have an extensive

influence on their strategic planning, compared to 27 percent

of executives from the “less effective” group. Similarly,

when it comes to capital allocation decisions, 41 percent of

executives from organizations with effective ERM programs

said risk data had an extensive influence, compared to

23 percent of those with less effective programs.6

It makes sense that organizations with effective ERM

programs would use risk assessment data more broadly—

the more rigorous assessment of risks provided by an

effective ERM program should provide managers with a

better understanding of the risks associated with each of

their business plans, including mitigation strategies. The

survey results also make clear that many companies, even

those with ERM programs they consider effective, have

still not taken advantage of their risk assessment

processes to improve planning and performance

management. Many organizations also fail to follow

through after their risk assessment process has been

completed. They may identify and prioritize risks, but

not improve their understanding of how each risk affects

their business objectives and the different options they

are considering to achieve them.

2 A lack of commitment from the topWhen companies integrate risk considerations into

planning, they must often change their normal operating

procedures to conduct business in a new way. This change

may involve working across traditional boundaries and

functions and the close collaboration of business unit

leaders and business planning executives with risk

management executives. The new direction may also

require changes to planning processes, including data

collection, analysis, and reporting. Such changes require

a clear commitment from the top of the organization

about the importance of effective risk management.

Determiningrisk mitiga-

tion strategies

Strategicplanning

Capitalallocation

New productor service

development

Operationalplanning orforecasting

Investmentdecisions

Quality/Six Sigmaprocess

Improvingcommuni-cation to

board andstakeholders

Productpricing

M&A orpost-mergerintegration

000000000

71%

58%

27

41 40 39

23

39

8

Chart 10

Rating the extent of the influence of risk assessment data

Results are for those who responded that the influence of risk assessment data is “extensive.”

Annualbudgetprocess

Individualperformanceevaluations

23

3336

3027 25 23

12

21 20

32

94


Extremely/very effective ERM Not/somewhat/moderately effective ERM

46

0

20

05

8

Customerservice

manage-ment

Managementscorecards

6 See the profiles of a not-for-profit healthcare system (page 21) and a globalpharmaceutical company (page 22) in the case study section for examples of how the incorporation of risk data can influence capital allocation.

Survey participants were asked how much emphasis

the leadership of their organizations gave ERM, and

approximately half said it was a “high” priority for

their board of directors (48 percent) and their senior

management (54 percent) (Chart 11).

Those executives whose top leaders and boards indicated

that risk management was a high priority were also more

likely to say that their companies would increase the use of

risk assessment data in planning during the next 12 months.

(See Chart 12 for a comparison of the results based on

board priorities.)


Highpriority48

Chart 11

How much of a priority is ERMfor your senior management

and board of directors?

Not a/moderatepriority

52%

Not a/moderatepriority

46

Highpriority54%

Board of directors

Senior management


Extremely/very likely

72%

Chart 12

How likely is your company toincrease the influence of risk

assessment data on key planningprocesses over the next 12 months?


28


64%

Extremely/very likely36

Companies where ERMis a high priority for the board


Companies where ERMis a low priority for the board


Other results from the survey indicate that senior man-

agement commitment to ERM and effective risk practices

are highly correlated. As seen in Chart 13, executives

from organizations in which ERM is a high priority for

senior management and their boards were much more

likely to say their programs are “extremely” or “very”

effective at the corporate level. While the relative levels

were somewhat lower, this same pattern was true at the

business unit level.

3 The need for more sophisticated performance metricsFew organizations use risk-adjusted metrics when

assessing performance. Commonly used measures such

as quarterly earnings, earnings per share, and return on

investment (ROI) don’t incorporate the underlying level

of risk or volatility involved. A 2007 report by KPMG

estimated that 80 percent of the Fortune 500 nonbanking

organizations relied on performance indicators—return on

assets (ROA) or return on equity (ROE)—that do not take

risk into account.7 There is a significant potential, however,

for companies to use their key risk indicators (KRI) to

improve their key performance indicators (KPI).

Among the organizations surveyed for this report, only

34 percent employ risk-adjusted return on capital at the

corporate level, and 28 percent use risk-adjusted capital

allocations. At the business unit level, even fewer employed

these metrics—only 21 percent used risk-adjusted return on

capital and 19 percent used risk-adjusted capital allocations.

Risk-adjusted performance metrics explicitly link risk and

performance management. Performance cannot be fully

understood and managed without factoring in the level of

risk. Risk-adjusted performance metrics can provide

insight into how much risk managers are taking to achieve

certain objectives. Roughly three-quarters of the executives

said that one of the challenges they faced in integration

was that their risk measures are not compatible with the

metrics used in planning, while over two-thirds said they

lacked the skills to integrate risk assessments into their

planning processes (Chart 6 on page 9). Managers have

often used a “gut-feel” approach to assess risks to an

investment or a new project and have simply assigned

higher capital hurdle rates to riskier projects.

0

10

20

30

40

50

60

70

80

Companies withsenior managementwho do not considerERM a high priority

Companies withsenior management

who consider ERM a high priority

Companies withboards who donot consider

ERM a high priority

Companies withboards who consider ERM a high priority

65%

42

20

39%

18

29

79%

43

22 21%

13

25

At the corporate level At the process levelAt the business unit level

Results are for respondents who said that ERM is “extremely” or “very” effective.


Chart 13

Rating ERM effectiveness throughout the business(high priority versus low priority)

7 “Protecting Capital through Risk-Adjusted Performance Measures,” KPMG,December 2007.

Of course, organizations do not have to wait until they

have a sophisticated model to bring performance and risk

metrics together. It is possible that an instinctive feel

about risk levels may trigger appropriate conversations

about how to connect risk and performance management

and the resources needed for mitigation. Those additional

needs should be considered when calculating the risk-

adjusted return of specific investments. More sophisti-

cated metrics can be developed once managers have a

better feel for the benefits that integration can provide.

Another factor may be that organizations have always

used financial metrics to measure their performance.

Since financial metrics tend to be backward looking,

more companies are now employing programs such as

balanced scorecards that incorporate nonfinancial

measures of such areas as employee skills, the quality and

efficiency of business processes, and customer satisfaction.

Nonetheless, organizations continue to rely too heavily

on financial performance measures. When asked about

top challenges to applying risk management data,

75 percent of the executives said that financial measures

are privileged over nonfinancial measures. Roughly two-

thirds of executives felt that difficulties in developing

qualitative measures to assess hard-to-quantify risks

are an obstacle to the wider application of risk data.

(For both results, see Chart 6 on page 9.)

Almost three-quarters of respondents (72 percent) said

that the inability of their IT systems to provide relevant

data in a timely fashion is a major challenge to integration

(Chart 6). However, some fundamental steps must be taken

to build ERM within an organization before developing

sophisticated metrics. A risk inventory and the right risk

infrastructure provide the foundation for an effective

ERM program. Risk-adjusted performance metrics do

eventually require a robust risk and performance manage-

ment IT infrastructure, which would include a central

data repository and a reporting and analysis system.


Performance management is often seen as a way to alignindividual objectives with business objectives, and it iscommonly used as an element in the evaluations of individualmanagers and as a guide for setting compensation. However,since few performance management programs use risk-adjustedmetrics, there is the danger that executives will be encouragedto take excessive risks in order to boost the results of theperformance metrics used to evaluate them as individuals. As the current financial crisis has made clear, many financialexecutives pursued strategies using derivatives and structuredproducts without sufficient regard to the risks involved. Theywere often amply rewarded based on short-term returns thatmasked excessive longer-term risks.

Only 8 percent of the executives at organizations with ERMprograms said that one of the objectives was to align risktaking with executive compensation (Chart 1 on page 5).Organizations with effective ERM programs, however, appearto be taking some advantage of their risk assessments toimprove the performance evaluation process—68 percent ofthese executives said risk assessments had a “partial” or“extensive” influence on individual management evaluations,compared to only 46 percent of executives at organizationswith less effective ERM programs (Chart 14).

Making the Link to CompensationChart 14

Does risk assessment influenceindividual management evaluations?

Companies with extremely/very effective ERM


Companies with not/somewhat/moderately effective ERM

Extensiveinfluence4

No influence32

Partialinfluence64%

Extensiveinfluence8

No influence54%

Partialinfluence38


A s might be expected from the survey results, companiesthat want to meld their ERM and performancemanagement practices must often do so without a detailed

example to follow. Still, while practices may not be

codified, organizations looking to improve the value

of their ERM program and the effectiveness of their

performance management can take the following steps.

1 Evaluate current risk management and performancemanagement practices Have they stopped providingvalue? Are they primarily focused on compliance or

reporting? If so, consider restructuring these programs

to provide better information to manage the business.

2 Educate management on the need to integrate ERMand performance management ERM can provideinsight into risks that may prevent companies from

meeting objectives and help businesses avoid investments

or projects that don’t provide adequate risk-adjusted

returns. At the same time, ERM tools can also be used

to identify business opportunities and understand their

risk and reward tradeoffs.

3 Reconsider the goals and purpose of the ERM programFor many organizations, the ERM program has become a

de facto risk assessment program with limited effective

outputs to guide decision making. Organizations should

consider the information they provide, how that informa-

tion is used, who receives the information, and what

processes it informs. If it merely creates an annual heat

map presented to management and the board and the

10K elements, it is probably of very limited value.

4 Keep risk thinking front and center Risks should be partof the discussion for both strategic and operating plans.

Consider both enterprise and business unit risks when

planning to help focus attention on how unforeseen events

could affect those plans. Understanding where the risks

are and openly sharing them can help managers identify

and attract the resources needed to mitigate risks.

5 Select a recurring and ongoing business processBuild risk assessment and risk management into the

chosen process (such as capital allocation or new product

launch). Consider the risk assessment process and the

data captured. As a starting point, define and map the risk

assessment process, redesign the forms and templates to

capture information supporting the process and business

initiative, and ensure that the effort to assess and rank risks

is the same as the performance measures for the initiative.

6 Link key risk indicators (KRIs) to key performanceindicators (KPIs) Organizations in which seniormanagement focuses on KPIs to understand how the

business is performing can use specific KRIs to

understand the source and scale of deviations from

expected performance.

7 Integrate ERM into human resources practicesCorporate performance ultimately depends on individual

performance. A focus on human capital risks can help

managers understand links to key process risks. If an

organization doesn’t have people with the right skills to

perform key processes, this human capital risk directly

affects these key processes. In addition, building good

risk management practices into individual scorecards and

incentive compensation can go a long way to legitimize

the integration of performance management and ERM.

First Steps toward Integration

I n recent years, as people, processes, and systems havebecome more interconnected and interdependent, thenature of enterprise risk has been transformed. Risk that

was once easily fenced inside a business unit has become

part of larger systems and more difficult to address using

traditional siloed approaches to ERM. This issue has

been demonstrated by crises in virtually every industry—

from counterparty risk in financial services to a lack of

transparency and accountability in the supply chains that

produce food and consumer products. Such crises can

undermine or derail enterprise performance.

All of these forces have made the creation of more

integrated approaches to ERM more imperative. These

new approaches should provide the tools needed to

standardize risk management across an organization,

enable an enterprise view of risk across businesses, and

inform a strategy that not only seeks to limit enterprise

risk, but also to better understand how to take advantage

of enterprise opportunity.

The key to advancing “smarter” ERM is to create an

approach that integrates insight and data, applies analytics,

monitors the effectiveness of risk management actions,

and provides governance with insights into risks and how

to manage them effectively. Maintaining a line of sight

from analysis to actions to metrics and back again also

builds business acumen.

OverviewIBM sets clear performance expectations, starting with the

development of the company’s long-term strategies under

the oversight of the board of directors. These strategies are

translated into specific goals and performance objectives

by senior management for each of the company’s businesses

and globally integrated functions. These are communicated

throughout the organization and in employee personal

business commitments (PBCs) for the year.

Once objectives are set and communicated, processes

are put in place to measure performance and execution

and identify strengths and weaknesses. These assessments

drive PBC performance, pay, and eligibility for advance-

ment. Each business unit and geographic leader understands

how his or her operation contributes to overall corporate

performance. Senior executives track performance metrics

rigorously to ensure that the company is meeting its

strategic and operating objectives. Accountability for

performance is a critical contributor to IBM’s success,

and executive compensation is closely tied to the

achievement of objectives.

IBM’s business units have long been held accountable

for managing business risk as part of their end-to-end

accountability and performance management. To further

enhance the ability to meet its objectives, IBM began

ERM in late 2006 by expanding the risk-assessment view

across organizations and value chains.

ERM is something many companies only implement

formally after a failure in their processes becomes public.

For IBM, ERM was a natural evolution of its management

system, which values a more systematic, transparent

approach to risk as a way to improve business performance.

The company is launching an ERM scorecard in 2009

that should enable ERM to more fully integrate risk

management activities and oversight into the company’s

regular management systems. This scorecard will allow

business unit leaders, senior management, and ERM

leaders to use a common approach to apply ERM within

and across the businesses. These ERM tools and processes

will help management better identify and mitigate

unacceptable risks, but they will also better clarify risk

tolerances and appetites for further investment.


IBMHow an ERM Scorecard Can Help Drive Performance

Case Study


The ERM ScorecardInitially, this self-assessment tool will allow each senior

vice president to score his or her business area and will

allow the ERM team to validate the scores with the

business unit risk managers at a more detailed level. This

tool has been crafted to eventually be used more broadly

throughout the organization and to be validated by an

internal audit review. Because this self-assessment

scorecard introduces a standardized way of approaching

and reporting risk oversight practices, all the risk

management activities can be aggregated to provide an

enterprise-wide view.

There are three primary gauges of ERM progress:

1 Progress on the journey2 Integration into strategy development and plans3 Integration into the management system

The scorecard contains four main areas for evaluation:

1 The definition and execution of ERM roles andresponsibilities

2 Active engagement in managing applicable enterprise-level risks

3 Informing strategies for growth4 Operationalizing risk management in execution plans

and the management system

The scorecard provides the ERM steering committee with

a measure of progress across the enterprise, as well as

pockets of good practices and areas that need encourage-

ment or assistance. By tying risk management to strategic

and operational planning processes, IBM executives will

increase transparency and awareness at both the business

unit and the overall enterprise levels. While risk aware-

ness is “nice to have,” putting that insight into use by

taking action to handle risks effectively is the critical

payoff from ERM. Handling risks effectively includes the

ability to capitalize on the opportunities these risks might

present to the organization. The scorecard helps to

determine whether content is being developed that can

illuminate areas with the potential to further leverage the

scale and scope of IBM’s ability to improve performance.

Linking business unit risks and enterprise risksThe scorecard is designed to force the association of the

business units’ role in managing enterprise-level risks

with the execution of IBM’s overall strategy. This means

appropriate focus must be given to enterprise-level risks

that are particularly important to or affected by the

business, and to business-unit-specific risks that are

material at the enterprise level. Part of the expected

benefit of the ERM scorecard is that each business unit

leader better appreciates the connection between risks

at the enterprise level and the business unit level. The

self-assessment is a checklist for each senior vice

president to use to determine what is needed to improve

risk management in his or her business unit and for the

enterprise as a whole.

Getting the Right People in PlaceInitially, the scorecard will be used to establish a baseline

from which progress will be measured once a year. The

goal in 2009 is to have each business unit start the journey

by defining its ERM roles and responsibilities, then

document work underway to manage enterprise-level

risks, provide explicit analysis of risk in strategies and

execution plans, and integrate ERM into their

management systems.

When asked about whether or not they might meet

resistance, Ellen Dulberger, vice president, enterprise

risk management, noted that IBM has a culture of high

achievement, and ERM’s goal to build business acumen is

consistent with that emphasis. Risk management needs to

be sustainable, so having people inside the business with

clear responsibility and accountability for managing risk

will allow it to grow. In addition, as the connections to

performance become evident, business leaders are more

likely to invest in further strengthening of risk manage-

ment capabilities and develop a higher degree of risk

awareness within the businesses.

Each business unit has named an individual to the position

of “ERM focal point.” The focal point drives risk

management work within the business unit and engages

with the corporate ERM department. The focal point also

helps guide the risk management activities within the

business unit, including communicating with and

coaching designated risk owners, ensuring that risks are

documented appropriately in strategies and execution

plans, and overseeing the inclusion of risk management

effectiveness in the management system. The right person

for this role has a deep operational understanding of the

business and the confidence of executives, so that he or

she can influence the right behaviors and, if necessary,

engage the senior vice president immediately.

Integration into strategies and execution plansAt IBM, there are two forums for explicit consideration

of risk in strategy formulation:

1 An annual spring strategy cycle that includes the formalsubmission of a spring strategy document (with required

elements) by each business unit and a discussion between the

senior vice president and the CEO about the submission.

2 Timely discussions on the agendas of the strategy team betweenbusiness leaders when they develop new strategies with

enterprise-level importance or enterprise-wide implications.

Members of the strategy team include the CEO and a group

of senior executives.

Preparations for managing execution risks associated with

the strategies laid out in the spring are formally part of the

operational planning and budget cycle, which takes place

in the fall.

The scorecard documents risk in the spring strategy

submissions, the discussions of the strategy team, and

plans to take operational risk management actions. Each

business is expected to have plans to manage risk as part

of its operating plan and a way to clarify risk management

actions that are collaborative with other parts of this

complex organization.

Long-Term Risk Management CapabilityBuilding long-term risk management capability requires

integration into the regular operations of business unit

management systems. The second major section scores

key attributes of capability maturity:

• identifying and ranking risks, of which the most important areformally discussed as part of the regular management system;

• monitoring risk management effectiveness and feedback toactions and insights; and

• discussing risks associated with the business context: executionof IBM’s strategy, changes in the external environment, andpursuit of new initiatives and activities.

Uwe Kuehne, director of enterprise risk management,

notes, “These measures will allow the ERM team to

understand where business units are strengthening their

business management capabilities through more explicit

consideration and focus on risk, and to share insights into

the practice of risk management and the specific insights

produced by that practice.”

The scorecard may change over timeWhile the scorecard allows the business unit leaders to

see their progress to date, items that explicitly gauge

attributes of greater sophistication and maturity may be

added. Ultimately, the scorecard will include evidence

of whether risks have been managed in a way to reduce

either likelihood or impact, which will then be turned

into an upside opportunity for the business.

How the ERM ScorecardLinks to PerformanceIBM executives have been clear from the start that ERM

was established to help drive performance. While most

companies focus on limiting the downside that risks

present, IBM wants to use ERM as a way to help leverage

risk acceptance to enable growth while addressing

hazards. Recognizing that there are risks inherent in

new activities, considering those risks and preparing

to manage them is fundamental. “Businesses miss out

on the upside value that ERM can provide if they are

only looking at half of the equation,” Dulberger says.

“For example, there are risks associated with business

opportunities in new geographic markets and developing

and delivering new products and services. Considering

those risks and preparing to manage them help make us

more likely to achieve growth and economic return.”

By building ERM into the management system rather than

adding an additional layer of bureaucracy, the company

can focus the intent and actions of risk activities and

capabilities on improving business decision making. The

scorecard, in essence, creates a common language around

risk and risk management at IBM and is a tool to enhance

risk awareness and communications.

Like most companies, Dulberger says, one of the

challenges is to develop both the “art and science of risk

understanding.” It is clear that ERM requires a clear line

of sight encompassing risk identification and analysis,

risk management effectiveness metrics, and feedback as

part of a continuous learning process to get smarter about

managing risk. For IBM, better business outcomes

through effective risk management are the goal.



A n international metals company wanted to determinethe economic feasibility of increasing its equityposition in a firm that held the exploration and develop-

ment rights to a large mining project. But, given the large

scale and scope of the initiative, the executive team became

concerned about the project’s potential environmental

impact. The executive team, therefore, needed a risk

assessment methodology that could quantify how

environmental risks could affect the project’s financial

projections. The company had already conducted an

internal assessment of critical environmental risks, but

this evaluation had not linked those risks to assumptions

about the project’s economics and what return on

investment the project would offer.

The methodology the company eventually developed

included a combination of objective and subjective analytic

techniques that the executive team used to quantify a defined

set of key environmental risks and risks of failures in

design components. The benefits of this methodology

included an improved ability to determine the factors that

would drive environmental risk, quantify the impacts of

an environmental risk event, and estimate the likelihood

and impact of these drivers and events. In some instances,

the company could draw on historical data to estimate

potential losses and their probabilities; in other scenarios,

it had to rely on the knowledge and experience of internal

experts to estimate losses.

This analysis led to the development of a stochastic model

to quantify the joint probability and impact of the risks

identified. The analysis also delineated the overall impact

that each key environmental risk could potentially have on

the project’s net present value, which enabled the company

to score and rank each risk and then focus on those risks

with the greatest potential to significantly hurt the project’s

economics and the company’s financial performance.

Ultimately, this approach helped the organization better

understand the environmental risks associated with the

mining project and their potential impact on the perfor-

mance of the investment. The approach also improved

the communication of these risks to the executive team

and the board of directors.

An International Metals CompanyAssessing Risks in Acquisitions

Case Study

T o achieve its ambitious growth objectives, a globalfood products manufacturer concluded that itsbusiness units needed to assume greater risks and pursue a

wider range of opportunities. The executive management

team decided to broaden its risk management focus

beyond financial and hazard-related risks to include

operational and strategic goals such as the expansion into

emerging markets, new product categories, and public

concerns over health and obesity. The company needed to

expand the rigor and sophistication of its strategic and

operational planning methods so the organization could

better understand the likelihood and potential impacts of

risks on corporate performance.

The initial step was the development of a consistent

strategic risk assessment methodology to facilitate risk

reporting around each business unit’s achievement of its

operating plan. This framework includes a management

self-assessment tool using common risk impact and

likelihood assessment scales, which are presented in a

clear reporting template. This methodology leveraged

existing planning processes and resources rather than

adding additional layers of bureaucracy and management

reporting. The risk assessment was designed to be “baked

in” to the existing annual planning process to develop

widespread support and, most important, ensure that the

risk information was directly related to each unit’s

business plan.

Based on pilot tests in three of the company’s largest,

most global business units, business unit management

teams felt the risk assessment process could give them

the ability to evaluate the risks and mitigation efforts

surrounding the execution of their operating plans with

minimal intrusion on their day-to-day responsibilities.

By leveraging the existing strategic planning and quarterly

reporting processes, the risk assessment methodology

allows senior managers to forecast unit performance more

accurately, achieve alignment of key objectives and their

related risks, and gain a holistic view of emerging strategic

risks across all business units. As a result of the risk

assessments, management modified certain performance

objectives and strategies based on a better understanding

of the risks and opportunities within their markets.

The strategic risk assessment is now a core element of

the company’s annual planning process. The information

gained from these assessments is reported to global

executive management along with each business unit’s

annual plan and performance forecast, which enables

management to have a clear and explicit discussion of

risks and their potential impact on the company’s

performance goals.


A Global Food Products ManufacturerIntegrating Risk Management into Strategic Planningand Operational Forecasting

Case Study


A not-for-profit healthcare system serving over 1.5million consumers wanted to develop a decision-making model to better manage its changing risk profile,

which is driven by such factors as rapid growth, increasing

indigent care responsibilities, medical staff shortages, and

the advent of consumer-directed healthcare.

The organization developed an ERM process that

included clear methods for risk identification, assessment,

risk response planning, and ongoing follow-up, monitoring,

and reporting. The organization also put in place a clear

governance structure with a team dedicated to the integra-

tion of ERM into selected decision-making processes.

The primary objective was to identify and understand all

the risks that could affect the outcome and performance

of strategic initiatives. For example, the organization

believed it had an effective capital allocation process, but

this process primarily relied on an analysis of financial

data and pro forma projections. It did not integrate such

events and risks as competitive factors, construction

delays, human resource issues, and the challenges of

integrating information technology.

The ERM process was first integrated into the construction/

capital allocation process. After the organization mapped

and defined its capital allocation/construction process, it

identified where the ERM process could best be integrated.

(The mapping process also highlighted a number of

inconsistencies and opportunities for improvement.)

During a full-day facilitated workshop, the organization

drew on a cross-functional group of managers to identify

risks to current construction projects, underlying risk

drivers, and the organization’s capabilities to manage

those risks. This qualitative management self-assessment

process led the organization to identify more than $350

million in projects that were not well coordinated. Human

resources, IT, equipment procurement, clinical risk

management, and other functions were not working

together to ensure their responsibilities would be

completed prior to commissioning the projects.

Rather than employ a complex quantification model, the

company successfully drew on the following features:

• A clearly-defined and consistent methodology to identify, assess, and prioritize risks.

• A detailed mapping of decision-making processes to identifywhere and how to embed ERM.

• A cross-functional team of internal subject matter expertsthat provided a 360-degree perspective on the risks affectinginvestment.

• A focus on linking identified risks to the underlying assumptionsregarding the performance of the investment (e.g., when eachbuilding would come on line, assumptions regarding servicevolumes, and staffing levels).

• Responsiveness of senior executives to the issues identified.

Based on this assessment of the construction process, the

organization was able to put in place revised procedures

to help manage the risks identified and recalibrate projec-

tions for construction projects and associated new services.

A Not-for-Profit Healthcare SystemLinking Risk Analysis to Capital Planning

Case Study

A global pharmaceutical company wanted to improveits capital allocation process by integrating a risk-based analysis of its business units. In addition, the

organization regularly considered acquisition opportunities.

An effective risk-return evaluation process was required

to support strategic planning and large capital decisions.

Their selected approach was based on the view that

organizations consist of a portfolio of business units,

regions, product lines, projects, and investment options,

each of which has its own risk and return profile. Long-

term value creation is driven by successfully allocating

capital between these portfolio entities to optimize the

overall portfolio’s risk-return position.

As a starting point, the organization established a means

to determine the volatility of return on capital for each

business unit. This was based on such factors as an

analysis of key risks, quantitative measures for each risk

drawn from historical data, peer benchmarks, subject

matter expertise, quantification of the volatility of key

financial metrics within each unit, and the determination

of correlations between risks.

This information was then built into a dynamic portfolio

model. The model inputs include the organization’s

current capital mix and constraints, expected returns and

growth over three to five years, the volatility of return on

capital, and risk correlations determined through the risk

assessment. The model outputs include a risk-return efficient

frontier for the current asset portfolio and a dynamic

model of the portfolio from a risk-return perspective.

The portfolio approach provides the company with the

following benefits:

• The ability to understand the risk and reward trade-offs acrossthe portfolio.

• Increased transparency of decision making through a moreconsistent evaluation of all business units and options.

• A systematic way of including different types of risk into thedecision-making process.

• Analysis of the correlation and diversification effects of theorganization’s different businesses and investment options.

• A process to identify and prioritize the portfolio entitieswhose growth will improve the overall risk-return positionof the company.

• Better understanding of “risk-adjusted value creation”and trade-offs among investment options.

• A risk-adjusted view that complements the traditional strategic planning processes.


A Global Pharmaceutical CompanyDeveloping a Risk-Based Portfolio View

Case Study

About the SurveyThe Conference Board surveyed 97 senior corporate executivesduring the summer and fall of 2008. Of this survey population,87 percent are from companies with a formal ERM program, 70 percent are from companies with a performance managementprogram, and 57 percent are from companies with both systems.When the respondents are divided by location of company head-quarters, 72 percent are from companies headquartered in theUnited States, 24 percent are from Western European companies,and 3 percent are from companies headquartered in otherlocations. In terms of revenue, 36 percent are from companieswith $10 billion or more, 46 percent are from companies with$1 billion to less than $10 billion, and 18 percent are fromcompanies with less than $1 billion in annual revenues.

AcknowledgmentsThe authors wish to acknowledge the following people: Alex Wittenberg and Lucy Nottingham of Oliver Wymanfor their direction and support of the research. The authors also wish to thank Prodyot Samanta for his contribution to theresearch, and Henry Silvert, Judit Torok, Wennie Lee, TimothyDennison, and Steve Petrie for their work to put all of the piecestogether. The authors also wish to thank Ellen Dulberger, UweKuehne, and Chris Sam for their input. We thank Oliver Wymanfor its financial and intellectual capital contribution to this report.

About the AuthorsEllen Hexter has led The Conference Board’s work in enterpriserisk management, developing research and executive programson enterprise risk management. She currently manages sevencouncils at The Conference Board, including the European andU.S. Strategic Risk Councils, the Corporate Governance andRisk Management Council — India, and the Council of FinancialExecutives. She has managed The Conference Board’s researchon ERM and is the co-author of Managing Reputation Risk andReward report and Assessing the Climate in Enterprise RiskManagement in India. Hexter is the author of Risky Business:Is ERM Losing Ground? as well as co-author of From RiskManagement to Risk Strategy, and From Risk Management toRisk Strategy: Mid Market Companies. She has workedextensively with The Conference Board’s Global CorporateGovernance Research Center since its inception and is theco-author of its report, The Role of U.S. Boards of Directors inEnterprise Risk Management and Strategic Oversight. Hexter is afaculty member of The Conference Board’s Directors’ Institute.

Hexter received an A.B. from the University of Michigan and aM.B.A. from Cleveland State University. After receiving herM.B.A., Hexter worked as an equity securities analyst for Cowen& Co. and Deutsche Bank in New York. Her career on Wall Streetincluded positions as a corporate credit analyst and a mergersand acquisitions specialist. She is a Chartered Financial Analystand serves as an arbitrator for the Financial Industry RegulatoryAuthority. Hexter chairs the Board of Ethics of New Castle, NewYork and is a member of the board of the Chappaqua SummerScholarship Program.

Daniel Sandy Bayer is president of Bayer Consulting and has 20years’ experience conducting research projects for corporationsand non-profit organizations. He has conducted research forclients on a variety of industry issues in financial services,manufacturing, technology, media, consumer products, and realestate, as well as on cross-industry topics such as corporatereputation, taxation, litigation, mid-market enterprises, andemerging market investment. Before founding Bayer Consultingin 1996, his previous positions included vice president of theNew York City Partnership and Chamber of Commerce, and chiefof staff to the Deputy Mayor for Finance and EconomicDevelopment in New York City.


About This Report

To Order Publications, register for a meeting, or to become a member:

benefits for members

free reports Download publications free of charge. Find this research report at www.conference-board.org/buildingriskawareness

go paperless Update your member preferences to receive reports electronically. Just login to your account and click Review Your Preferences.

personalize your preferences and get the information you want. Specify your areas of interest and receive only those publications relevant to you. Change your preferences at any time and get the valuable insights you need delivered right to your desktop.

Onlinewww.conference-board.org

[email protected]

Phonecustomer service at 212 339 0345

Related Publications from The Conference Board

Managing Reputation Risk and RewardResearch Report 1442, 2009

Risky Business: Is Enterprise Risk Management Losing Ground?Research Report 1407, 2007

Emerging Governance Practices in Enterprise Risk ManagementResearch Report 1398, 2007

© 2009 by The Conference Board, Inc. All rights reserved. Printed in the U.S.A. ISBN No. 0-8237-0958-2The Conference Board® and the torch logo are registered trademarks of The Conference Board, Inc.

http://www.conference-board.org

The Conference Board, Inc.845 Third AvenueNew York, NY 10022-6600United StatesTel +1 212 759 0900Fax +1 212 980 7014www.conference-board.org

The Conference Board ChinaBeijing Representative Office7-2-72 Qijiayuan, 9 Jianwai StreetBeijing 100600 P.R. ChinaTel +86 10 8532 4688Fax +86 10 8532 5332www.conference-board.cn (Chinese)www.conference-board.org (English)

The Conference Board EuropeChaussée de La Hulpe 130, box 11B-1000 Brussels BelgiumTel + 32 2 675 5405Fax + 32 2 675 0395www.conference-board.org /europe.htm

The Conference Board Asia-Pacific22/F, Shun Ho Tower24-30 Ice House Street, CentralHong Kong SARTel + 852 2804 1000Fax + 852 2869 1403www.conference-board.org /ap.htm

The Conference Board of Canada255 Smyth RoadOttawa, Ontario K1H 8M7CanadaTel +1 613 526 3280Fax +1 613 526 4857www.conferenceboard.ca

www.conference-board.org

The Conference Board MissionThe Conference Board creates and disseminates knowledge aboutmanagement and the marketplace to help businesses strengthen theirperformance and better serve society. Working as a global, independentmembership organization in the public interest, we conduct research,convene conferences, make forecasts, assess trends, publishinformation and analysis, and bring executives together to learn fromone another. The Conference Board is a not-for-profit organization and holds 501 (c) (3) tax-exempt status in the United States.

For more information, visit:
http://www.conference-board.orgwww.conference-board.cnhttp://www.conference-board.orghttp://www.conference-board.org/worldwide/europe.cfmhttp://www.conference-board.org/ap.htmwww.conferenceboard.cahttp://www.conference-board.org

research report building risk awareness into performance: integrating … · 2020. 8. 5. ·...

Documents