Page 17 - Internal Auditor M.E. - June 2019
P. 17
risk Management
Risk-Based Performance Management Set strategy
My 2013 co-authored book, “Risk-Based Performance In the context of RBPM, the Strategy Management discipline
Management: Integrating strategy and risk management” is about developing a clear sense of direction as to where the
introduced the Risk-Based Performance Management (RBPM) organization is going, how much risk it is willing or required to
framework and methodology. RBPM provides organizations with accept to get there, and what the key opportunities and threats are
an integrated strategy and risk management approach that places along the way.
risk, and specifically risk appetite, at the core of strategy execution.
Figure 1. Let’s consider each framework component. At the formulation stage, risk appetite plays a central role in that it
broadly defines the risk boundaries for the subsequent execution
phase. Risk appetite should play a key role in strategic options
evaluation and the decision-making processes around which
option(s) the organization will pursue.
Managing Performance
For this discipline, RBPM draws mainly from the Balanced
Scorecard strategy execution framework that comprises a Strategy
Map and a scorecard. The Strategy Map (figure 2) describes how
Appetite
The most important element of the RBPM approach is that of
appetite. This is about defining the organization’s appetite for risk
within the context of strategy and then executing accordingly.
Bringing strategy and risk closer together is right and proper and
fundamentally important, but it is working within the parameters
of appetite – “the amount and type of risk that an organization
is willing to accept, and must take, to achieve their strategic value is created through cause-and-effect relationships between
objectives and therefore create value for shareholders and other objectives. Supporting the Strategy Map is a scorecard of Key
stakeholders” – that will enable organizations to both establish Performance Indicators (KPIs), targets and strategic initiatives
the controls and inculcate the agility that are required in today’s (figure 3).
markets.
Appetite is not just about the financials. For instance, back in
the 1990s the once monolithic Arthur Anderson was destroyed
overnight when its reputation was destroyed through the Enron
scandal. If the organization instituted a zero-appetite policy
with regard reputational damage, it would not have made such
unethical decisions in pursuit of aggressive revenue growth.
Reputation provided the firm with its competitive advantage.
By defining a clear statement of risk appetite, the board and
executive leadership team can establish clear boundaries within
which the organization can execute the strategy and manage risk.
It also provides the foundation for cascading the strategy and risk
management disciplines through the organization, thus shaping
the organization culture.
JUNE 2019 INTERNAL AUDITOR - MIDDLE EAST 17
