Integrating Risk and Performance Management
Risks and opportunities are prevalent in today’s global economy. Organizations are constantly getting exposed to material risks (financial, strategic, operational, geopolitical, environmental, legal, compliance, etc.) yet the majority are not prepared for them.
Today’s uncertain business environment requires organizations to start taking a broader view of enterprise risks, focus on those risks with the greatest impact and occurrence and leverage performance management tools to manage and mitigate them
Factoring risk into the main areas of performance management positions the enterprise to better limit surprises and capitalize on upside opportunities. In order to reduce the potential impact from these risks, a formal program to manage risks and conduct risk-adjusted forecasting and planning should be in place
Identifying and defining the most important risks helps the organization evaluate current internal controls, management actions and evaluate whether the risks are at an acceptable level or there is need for additional actions.
The board of directors and its senior management team should explore and understand where the risks reside and if they are being properly managed. To achieve the desired results, it is important to understand that Enterprise Risk Management (ERM) requires collaboration across the enterprise.
Traditionally, organizations have focusedon financial risks. Today, the risk landscape has changed and continues to evolve. In order to effectively execute strategy and deliver performance, organizations must go beyond the obvious financial risks by identifying, assessing, evaluating and managing the non-financial risks that have the potential to significantly impact the organization’s value drivers.
Furthermore, there is need to understand how each risk might interact with others and the resulting compounding effect. This helps management make decisions with little or minimal implications on the overall performance of the business.
As mentioned earlier on, in order to manage risks, organizations must leverage performance management tools. This means use of historical comparisons of Key Risk and Key Performance Indicators (KRIs & KPIs), evaluation tools that set and specify risk thresholds, predictive analytics for measuring and monitoring risks, risk-adjusted forecasts which consider risk assessment an important part of decision-making, and process controls that are fully embedded in risk systems.
Integrating risk with performance management is critical. By doing so, organizations are more likely to identify potential risks faster, respond to them quicker and prepare for them better. To incorporate risk into performance management, organizations must:
- Prioritize risks based on greatest impact and likelihood of occurrence
- Create a line of sight working backward from the identified risks and their root causes.
- Correlate risks within and across silos.
- Adjust for the compounding effects of seemingly independent risk events.
- Plan for different scenarios. By identifying different scenarios, the organization will be able to develop various risk response plans that are applicable to many possible events, not just the specific scenario developed.
Furthermore, integrating risk with performance management means enhancing monitoring and reporting. Effective reporting helps organizations sense risk, respond faster and reduce its negative effects.
To successfully enhance their risk and performance reporting capabilities, organizations must:
- incorporate risk into KPIs to identify problems;
- develop, implement and incorporate new KPIs for risk into the performance and risk dashboard;
- perform KRI trend analyses to enable identification of process deficiencies or other trends before they reach critical levels;
- and monitor KRIs to help gauge the effectiveness of mitigation strategies to reduce the likelihood and/or impact of a given risk.
Increased volatility, uncertainty and globalization continues to hamper strategy development and execution. Organizations should be approaching risk management proactively, not allowing it to take a back seat to other priorities.
Developing a more holistic view of risks requires:
- management to identify and evaluate risks that most threaten value drivers of the business;
- determine if exposures are at acceptable levels;
- link contingency planning and risk management actions to the root causes of the organization’s risks;
- create a clear understanding of the organization’s risk profile and its position on major risks and
- develop the capability to determine and evaluate the impact of internal and external risks across business units, functions and geographies.
By developing a more holistic view of risks and integrating risk into performance management, organizations are better able to navigate the challenges of today’s uncertain and volatile environment and recover quickly from the surprises arising from this uncertainty and volatility.
Not a member-scholar yet? Join our financial community here!
Identify your path to CFO success by taking our CFO Readiness Assessmentᵀᴹ.
For the most up to date and relevant accounting, finance, treasury and leadership headlines all in one place subscribe to The Balanced Digest.