Managing Your Performance by Measuring Your Risks!

 

Studies of companies with large market capitalisation have found that nearly 60 percent of the time, failure to assess and respond to strategic or business risks is behind rapid declines in shareholder value. Nonetheless, many business leaders continue to view risk and compliance as two sides of the same coin.

 

Compliance with regulatory and reporting rules is a non-negotiable feature of doing business. These days, it’s not enough to view risk management strategies solely for prevention purposes, because by doing so, you will fail to account for the likelihood of change or the possibility of growth. A holistic risk management program encompasses the tools and processes used to identify, assess, and quantify business threats and the measures taken to prioritise, monitor, control and mitigate those threats.

 

According to a senior risk management executive at one multinational energy company, performance-focused risk management can enable both compliance and business strategy. “We found that if we manage and design according to risk, we usually exceed any government requirements that anybody can lay on us, just because risk is such a logical way to do it. We know the risk associated with a certain thickness of pipe on a platform leg. We know the risk associated with a certain type of valve or a certain type of pump in a refinery. And we are going to design to a level higher than most government expectations,” he said, adding that the primary drivers of his company’s risk management programs are safety and finance. “We are more interested in protecting an US$8 billion book-value refinery than any government is. We’ve got a lot invested in those assets, and we want nothing to go wrong.”

 

Without an integrated view of risk and performance across the whole business, companies are doomed to repeat the failures of the recent past - from high-profile supply chain disruptions to extreme financial breakdowns.

 

The market is recognising the natural linkages between risk and corporate performance, which motivates companies to integrate the management of the two in a more focused way.

 

The linkages between risk and performance management have historically been made most apparent among financial services companies. But over the years, this has certainly extended to other industries. In any industry, a comprehensive risk profile, aligned with key financial metrics, can allow senior management to compare the impact of risk management activities on the market valuation of the business.

 

A principles-based approach to risk management integrates risk with performance across the entire organisation. In doing so, it helps companies eliminate redundancies, reduce costs, clarify roles, and designate accountabilities. Such an approach leads to an understanding across the organisation not only of risk appetite (the amount of risk an organisation is willing to accept in pursuit of value) but also of risk tolerance (the level of variation an organisation is willing to accept relative to the achievement of a specific objective). While companies are awakening to the merits of assessing the risk-reward relationship through the principles-based approach, the gap between awareness and action remains to be closed.

 

There is no step-by-step handbook for designing a risk-based performance management programme. But the underlying principles and the questions business leaders must ask of their organisations before setting out are universal. They should consider the following:

•           What are the greatest sources of value creation and destruction across my business?

•           Where or when has my company most clearly failed to realise or deliver value to key stakeholders? Where have we been most successful?

•           Where does accountability for risk and performance management currently reside within my organisation? Does that accountability structure facilitate the integration of business information around potentially risky opportunities?

•           How does my organisation currently measure the potential impacts of risk and quantify the associated reward? Do we do that in a systematic way, continuously?

•           Where is this risk and performance information currently housed in my company? Does it reside at the business unit or functional level? Is it readily accessible for consideration at the corporate level?

•           Is my company’s information structure facilitating the natural connections between risk, operational improvement and business performance, or prohibiting those connections from being made?

•           What events has the market rewarded in the past? What events has it punished? Is the market’s perception of my company’s risk profile consistent with my own view of it?

•           Are the incentives for taking a principles-based, integrated approach to managing risk and performance aligned at every level of my organisation? Does leadership promote a culture of risk-based performance management?

 

Finally, you should ask yourself: “How well do I manage risk and performance at the same time, without conflicting the two?”.