• Votes for this article 4 people voted for this
  • Dashboard Insight Newsletter Sign Up

The Future of BI
Risk-Based Performance Management?

by Gary Cokins, Consultant, www.sas.comWednesday, May 23, 2007

Performance management is now more correctly being defined as a much broader umbrella concept of integrated methodologies - much broader than its previously misconceived, narrow definition as simply being better strategy, financial budgeting and control. What could possibly represent an even broader definition? My belief is performance management is only part - but a crucial, integral part - of how an organization realizes its strategy to maximize its value to stakeholders, both in commercial and public sector organizations. This means that performance management must be encompassed by a broader overarching concept - intelligent risk management.

Why Intelligent Risk Management?

Risk governance awareness from government legislation such as Sarbanes-Oxley and Basel II is clearly on the minds of all executives. Accountability and responsibility can no longer be evaded. If executives err, they can go to jail. However, risk management is not about minimizing an organization's risk exposure. Quite the contrary, it is all about exploiting risk for maximum competitive advantage. A risky business strategy and plan always carries the highest premium prices.

Most organizations cannot quantify their risk exposure and have no common basis to evaluate their risk appetite relative to their risk exposure. Risk appetite is the amount of risk an organization is willing to absorb to generate the returns it expects to gain. The objective is not to eliminate all risk but rather to match risk exposure to risk appetite.

There are four types of risk:

  • Market and price risk - The risk that the increasing supply of a product or service offering or an aggressive price reduction from competitors will force lower prices and consequently profits.
  • Credit risk - The risk that customers will fail to pay for their purchases.
  • Operational risk - The risk of loss resulting from inadequate or failed internal processes, people and technology or from external events.
  • Legal risk - The financial risk from insufficient net positive cash flow or from exhausted capital equity-raising or cash-borrowing capability; the risk from litigation or regulatory authority penalties.

Operational risk is the key lever of the four risk types where organizations can match their risk exposure to their risk appetite. This is where they can wager the big bets. These include the potential benefits from risks taken and from missed opportunities of risks not taken. Should we enter a market we are not now participating in? Should we offer an innovative product or service-line offering while unsure of the size of the market or competitor reactions? How much should we rely on technology to automate a process? Will our suppliers dependably deliver materials or services at the right time or right quality? But organizations need to first measure their operational risk exposure and appetite in order to manage it.

Figure 1 illustrates aggregated quantitative risk measurement that guides balancing.

Quantitative Risk
Figure 1

A Risk-Based Performance Management Framework

The premise is to link risk performance to business performance. As it is popularly described in the media, performance management, whether defined narrowly or ideally more broadly, does not currently embrace risk governance. It needs to. Figure 2 illustrates how risk management and performance management combine to achieve the ultimate mission of any organization: to maximize stakeholder value.

Shareholder Value
Figure 2

The four-step sequence includes direction setting from the executive leadership - "Where do we want to go?" - as well as the use of a compass and navigation to answer the questions: "How will we get there?" and "How well are we doing trying to get there?"

  1. Risk Management - Here the executives stand back and assess the market and environment, a process that includes the identification of their key risk indicators (KRIs). Formulating KRIs is essential to understand the root causes of risk. They include a predictive capability, so that by continuously monitoring variances between expected against re-forecasted KRIs, the organization can react before rather than after a future event occurs.
  2. Strategy and Value Management - A key component of the portfolio of performance management methodologies is formulated here: the organization's vision, mission and strategy map. This is how the executive team both communicates to and involves its managers and employee teams. Based on the strategy map, the organization collectively identifies the vital few and manageable projects and select core processes to excel at that will help it attain the multiple strategic objectives causally linked in the strategy map. This is also where research and development plus innovation projects are incubated.
  3. Investment Evaluation - Resources, whether financial or physical, must always be considered as being scarce, so they must be wisely chosen. The capital markets now ultimately judge commercial companies on their future net positive free cash flow. This means that every next incremental expense or investment must be viewed as contributing to a project requiring an acceptable return on investment (ROI), including recovering the cost of capital. Spending constraints exist everywhere. That is, customer value and shareholder value are neither equivalent nor positively correlated, but rather they have trade-offs with an optimum balance that companies strive to attain. This is why the annual budget and the inevitable rolling spending forecasts, typically disconnected from the executive team's strategy, must be linked to the strategy.
  4. Performance Optimization - In this last step, all of the execution components of the performance management portfolio of methodologies kick in to gear. These include but are not limited to customer relation management (CRM), enterprise resource planning (ERP), supply chain management, activity-based costing and Six Sigma/lean management initiatives. Since the mission-critical projects and select core processes an enterprise must do will have already been selected in step 3, the balanced scorecard, with its predefined key performance indicators (KPIs), at this stage becomes the mechanism to steer the organization. The balanced scorecard includes target-versus-actual KPI variance dashboard measures with drill-down analysis and color-coded alert signals. Scorecards provide operational performance feedback so that every employee, who is now equipped with a line of sight to how he or she helps to achieve the executives' strategy, daily can answer the fundamental question, How am I doing on what is important? The clockwise internal steps - improve, adjust, remonitor - are how employees collaborate to continuously re-align their work efforts, priorities and resources to attain the strategic objectives defined in step 2.
The four steps are a continuous cycle where risk is dynamically re-assessed and strategy subsequently adjusted.

Lack of Leadership?

You wonder why companies that were once very successful, such as Digital Equipment or Wang Laboratories, no longer exist or went bankrupt. One could make a case that their high success led to risk adversity - a reduced risk appetite. Are organizations today over-managed but under-led? Management and leadership is not the same thing. Management copes with complexity, relying on budgets, plans, targets and organizational charts. Managers tend to follow rules and are risk averse. In contrast, leaders cope with change - change that is accelerating. Leadership requires vision, direction setting, the inspiration of employees and intelligent risk management.

Is it a problem that managers who are promoted into positions where they should be leading revert to managing more intensely? Risk-based performance management will inevitably be the overarching integration of methodologies. Advances in information technologies, business intelligence and analytical software will enable this vision.

Gary Cokins is a strategist for SAS, a market leader in data management, business intelligence and analytical software. He is an internationally recognized expert, speaker and author on advanced cost management and performance improvement systems. He is the author of five books, An ABC Manager's Primer, Activity-Based Cost Management: Making It Work, Activity-Based Cost Management: An Executive's Guide (Wiley), Activity-Based Cost Management in Government and his latest work, Performance Management: Finding the Missing Pieces to Close the Intelligence Gap (Wiley). You can contact him at gary.cokins@sas.com.

Tweet article    Stumble article    Digg article    Buzz article    Delicious bookmark      Dashboard Insight RSS Feed
 
Other articles by this author

Discussion:

Matt Meyer said:

I think the sentence "However, risk management is not about minimizing an organization's risk exposure. Quite the contrary, it is all about exploiting risk for maximum competitive advantage." is a really good example of forward thinking.

Risk management is often viewed as a defensive stance. Explaining how to use risk management in an offensive tact is an excellent turn on the norm - and certainly very useful!

Gary Cokins said:

Matt,

Thanks for confirming this view that there are two sides to risk management. I think this in part explains the last two paragraphs above, "Lack of Leadership."

Gary Cokins
http://Blogs.sas.com/cokins

Site Map | Contribute | Privacy Policy | Contact Us | Dashboard Insight © 2017