governance culture & incentives- fundamentals of operational risk
DESCRIPTION
Governance, Culture & Incentives. -Fundamentals of Operational Risk. This presentation provides some practical tools to answer three key questions and create alignment.TRANSCRIPT
Governance, Culture and Incentives Providing some practical tools to answer three key questions and
create alignment
Fundamentals of Operational Risk February 2013
Page 2 | © Manigent 2013
Introductions & expectations
Page 3 | © Manigent 2013
Introduction
15 years plus in Strategy & Risk Management
CEO & co-founder of Manigent (consultancy)
CEO & co-founder of StratexSystems (software)
2006/07: 12 month / 21 organisation research project into the
integration of performance & risk management in the Financial
Services industry
Created the Risk-Based Performance Management
methodology
"The true output of effective risk management is a
successful organisation that delivers on its strategic
objectives and satisfies the needs of key stakeholders
- consistently, year on year.” Manigent client
Page 4 | © Manigent 2013
Agenda
Where I am coming from
What do we mean?
Why is it important?
Role of Strategy & Risk
Appetite
Cascading Strategy & Risk
Appetite
Incentives
Governance
Incentives Culture
Where I am coming from
Page 6 | © Manigent 2013
Risk-Based Performance Management is designed to enable
sustainable strategy execution, with risk appetite central
Performance Management
Risk Management
Strategy Management
Appetite
What are we trying to achieve?
Are we on track?
What is our Risk Appetite?
Are we operating within appetite?
Governance & Communications
Culture
Page 7 | © Manigent 2013
The Risk-Based Performance Management methodology is based
on seven management disciplines
Business drivers Shareholder value Strategy
Align Risk-taking to Strategy
Manage Risk
Manage Performance
Appetite
Governance Communication
Culture
Appetite
Page 8 | © Manigent 2013
The Risk-Based Performance Management approach is enabled
via a process that goes from formulation to execution
Define Strategic
Goals
Define Strengths & Weaknesses
Define Business Drivers
Define the Strategy
Define Processes
Define Initiatives
Define Operational
Risks
Define Operational
Controls
Define Indicators
Assess Risks & Controls
Monitor Appetite
Alignment
Define Strategic
Risks
Define Strategic Controls
Define the Business Model
Define Risk Appetite
Align Risk Appetite &
Strategy
Define Strategic
Objectives
Board Executive
Formulation Execution
Definitions
Page 10 | © Manigent 2013
What is Corporate Governance?
Corporate governance is the system by which companies are directed and
controlled - Cadbury Report / UK Corporate Governance Code,
1992
The board is responsible for determining the nature and extent of the
significant risks it is willing to take in achieving its strategic objectives - UK
Corporate Governance Code, 2012
Governance
Incentives Culture
Corporate governance is therefore about what the board of a company does and how it sets the values of the company, and is to be distinguished from the day to day operational management of the company by full-time executives. The Code, 2012
Governance is the process and practices which define the strategic, operating and decision-making boundaries of an organisation (or organisational unit), and how decisions are made and implemented. Andrew Smart
Page 11 | © Manigent 2013
Other types of Governance
Project Governance – the management framework within which project
decisions are made.
IT Governance - the leadership and organisational structures and
processes that ensure that the organisation’s IT sustains and extends the
organisation’s strategies and objectives. – The IT Institute
Data Governance - is the exercise of decision-making and authority for
data-related matters. Or for a longer definition, Data Governance is a
system of decision rights and accountabilities for information-related
processes, executed according to agreed-upon models which describe who
can take what actions with what information, and when, under what
circumstances, using what methods. – The Data Governance Institute
Governance
Incentives Culture
Page 12 | © Manigent 2013
The 3 Lines of defence model is a popular governance
model within Financial Services and other industries
Enab
ling
the
righ
t cu
ltu
re
1st Line of Defence
2nd Line of Defence
3rd Line of Defence
Oversight
Operational functions
Risk Management &
Compliance
Internal Audit
Board & Executive
Accountable for the risk management process Identifies, manage, mitigates and reports on operational risks
Risk Management; design, interpret and develop overall risk management framework. Train, enable and monitor use of the risk management. Overview of key risks Compliance: Monitor and report on regulatory issues.
Independent testing and verification of efficacy of corporate standard and business line compliance Provides assurance that the risk management process is functioning as designed
Establishes corporate strategy and risk appetite Approves frameworks, methodologies, policies and roles & responsibilities
Mo
nit
or
Stra
tegy
& R
isk
Alig
nm
ent
Risk M
anagem
en
t framew
ork
Governance
Incentives Culture
Page 13 | © Manigent 2013
The RACI model is also a powerful tool for cascading
and embedding governance and shaping culture
“The buck stops here”
Those with Yes/No authority related to the objective, risk or
control.
“Keep in the loop”
Those involved prior to decisions or action related to the objective, risk or control.
“The doers”
Those people working on delivering the objective, managing the risk or applying the control.
“Keep in the picture”
Position(s) that need to know about decision or action related to the objective, risk or control.
P
Governance
Incentives Culture
Page 14 | © Manigent 2013
What is Culture?
The thing I have learned at IBM is that culture is everything – Louis V. Gerstner, Jr. former CEO IBM
Culture Eats Strategy For Breakfast - Peter Drucker
Culture comprises an organisation’s widely shared values, symbols, behaviours and
assumptions – Rob Goffee & Gareth Jones
The way we get things done around here
Governance
Incentives Culture
Page 15 | © Manigent 2013
The seven key characteristics of a
Strategy-Focused, Risk-Aware Culture
1. Driven by a compelling vision
2. Live by a clear set of values
3. Led with integrity
4. Align risk-taking to strategy
7. Incentives are aligned to appetite
6. Engage in high quality conversations
5. Established clear accountabilities
Governance
Incentives Culture
Page 16 | © Manigent 2013
The right culture should ensure…
The right people…
Are doing the right things…
At the right time…
With the right amount of challenge…
To seize opportunities and manage threats…
While operating within appetite
Governance
Incentives Culture
“The way we get things done around here”
Page 17 | © Manigent 2013
What do we mean Incentives?
Governance
Incentives Culture
x%
x%
x%
Base Salary
Cash Bonus
Deferred Bonus
Why is this so important, today
Page 19 | © Manigent 2013
The credit crunch and subsequent fall-out has brought
a focus to governance and incentives
Page 20 | © Manigent 2013
The issue of incentives and particularly bankers bonus is a live one
today but we argue the issue is really down to Governance and
Culture
Page 21 | © Manigent 2013
This is not a new issue… the principal-agent problem
(Agency Dilemma)
“the difficulties that arise under when a principal hires an
agent, such as the problem that the two may not have the
same interests”
Emerged as an issue in the 19th century as the world moved
away from craft-based industries to industrialised
manufacturing, leading to an increasing separation of
ownership and control.
Page 22 | © Manigent 2013
A mis-alignment in time horizons between the Chairman
and the CEO is an increasing problem
“The chairman of my company has effectively been given a decade,” says
the CEO of a steelmaker in Asia, “and I have three years—tops—to make
my mark. If I come up with a strategy that looks beyond the current cycle,
I can never deliver the results expected from me. Yet I am supposed to
work with him to create long-term shareholder value.
Source: McKinsey Quarterly: Tapping the strategic potential of boards
Page 23 | © Manigent 2013
Solving the Agency Dilemma
Shareholder/ Owners
CEO & Executive
Board
Staff Staff
Agency Dilemma must be solved at these two points;
but it starts with strong governance and a focus on developing the right culture
Page 24 | © Manigent 2013
Governance is still an issue for many organisations
“the Board is responsible for determining the nature and extent
of the significant risks it is willing to take in achieving its strategic
goals.” UK Corporate Governance Code, 2010
21%
“only 21% align their risks with their business strategy”
– Grant Thornton Corporate Governance Review 2011
Where the Board need to spend more time…
70% Strategy
42% Execution
47%
Performance Management
67% Risk Management 21%
“Only 21% of directors surveyed claim a complete understanding of their companies’ current strategy”
– Mckinsey Global Survey – Corporate Governance, 2011
“results indicate a need to better educate Boards on industry dynamics and how their companies create value...”
Approx. 1500 participants
Page 25 | © Manigent 2013
Governance is still an issue for many organisations
“44%of directors said their boards simply reviewed and approved
management’s proposed strategies”
“only 10% of the directors we surveyed felt that they fully understood
the industry dynamics in which their companies operated”
Source: McKinsey Quarterly: Tapping the strategic potential of boards
Page 26 | © Manigent 2013
Getting the culture right is also critical
We place considerable emphasis on the CEO setting the right culture, risk
appetite and control framework…. Hector Sants, FSA
How can we address these
Governance and Culture
challenges?
Page 28 | © Manigent 2013
We would argue that Tone from the top is best via an integrated
approach to strategy and risk management, particularly risk appetite
Vision
Mission
Values
Shareholder value
Risk Appetite
Processes
Key Controls
Tone from the Top
What we do on a day-to-day basis
What we think on a day-to-day basis
Strategy
Controls Risks indicators
Shared values Behaviours
Incentives Leadership
Symbols
Page 29 | © Manigent 2013
We believe this process enables boards (and the executive) to
address governance issues identified
Define Strategic
Goals
Define Strengths & Weaknesses
Define Business Drivers
Define the Strategy
Define the Business Model
Define Risk Appetite
Align Risk Appetite &
Strategy
Define Strategic
Objectives
Board
Formulation
“only 10% of the directors we surveyed felt that they fully understood the industry dynamics in which their companies operated”
Page 30 | © Manigent 2013
We believe there are three key questions that the board and
executive must be able to answer, and be aligned on
What are we trying to achieve?
1
How much risk are we willing to take?
2
What are our key risks?
3
Strategy Map Appetite Alignment Matrix Risk Map
Page 31 | © Manigent 2013
The Strategy Map is a leading tool to enhance the
communication, execution and monitoring of strategy
Distil the Strategy into a clear, well-
defined set of Objectives
Use a Strategy Map to map the cause
‘n’ effect relationships between
Objectives
Strategy Map enables easy
communications and monitoring of
strategy
Use the Strategy Map to ‘bubble
up’ performance, risk and controls
information
What are we trying to achieve?
1
Strategy Map
Page 32 | © Manigent 2013
The Strategy Map is a leading tool to enhance the
communication, execution and monitoring of strategy
Page 33 | © Manigent 2013
The Strategy Map is a leading tool to enhance the
communication, execution and monitoring of strategy
Improve Shareholder Value
Productivity Strategy Revenue Growth Strategy
Improve Cost Structure
Increase Asset Utilisation
Enhance Customer Value
Create Value from New Products & Services
Human, Information, and Organisational Capital
Shareholder Value ROCE
Cost per Unit Asset Turnover Customer Profitability New Revenue Sources
Price
Product/Service Attributes
Strategic Competencies
Strategic Technologies
Climate for Action
Operations Theme
Customer Value Proposition
Quality
Low Total Cost
Customer Solutions
Product Leader
Customer Satisfaction Customer Acquisition Customer Retention
Time Function Service Relations Brand
Relationship Image
• Market and Account Share
Customer
Management Theme
Innovation Theme
Regulatory and Society Theme
To satisfy our shareholders and customers, what
business processes must we excel at?
To achieve our vision, how should we appear to our
customers?
To achieve our vision, how will we sustain our ability
to change and improve?
To succeed financially, how
should we appear to our
shareholders?
Page 34 | © Manigent 2013
The Strategy Map articulates how
an organisation creates value Fi
nan
cial
C
ust
om
er
Inte
rnal
Pro
cess
Le
arn
ing
&
Gro
wth
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Objective KPIs Initiatives Targets
Increase Investment
Returns by 25%
YTD % Increase in investment
returns 25%
Implement new portfolio mgt system
Objective Statement of what
strategy must achieve and what’s
critical to its success
KPIs How success in achieving the
strategy will be measured and
tracked
Targets The level of
performance or rate of
improvement needed
Initiatives Key action programs
required to achieve Priorities
Page 35 | © Manigent 2013
However, to create value, risk-taking
must be aligned to strategy… Fi
nan
cial
C
ust
om
er
Inte
rnal
Pro
cess
Le
arn
ing
&
Gro
wth
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Objective Appetite Alignment Exposure
Increase Investment
Returns by 25%
Objective Statement of what
strategy must achieve and what’s
critical to its success
Appetite How much risk
are we willing to run to achieve the
objective?
Exposure How much risk
are we currently running?
Alignment Is our current
risk-taking aligned to appetite?
Moderate High Over-exposed
Page 36 | © Manigent 2013
Effective risk management also supports
value creation and protection... Fi
nan
cial
C
ust
om
er
Inte
rnal
Pro
cess
Le
arn
ing
&
Gro
wth
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Objective Risks Mitigation Thresholds
Increase Investment
Returns by 25%
Unexpected changes in interest rates
Unexpected Equity movements
Appetite Tolerances
Controls Initiatives Policy &
procedures Processes
Objective Statement of what
strategy must achieve and what’s
critical to its success
Risks The threats and
opportunities (risks) exist which may
impact achievement of objectives
Thresholds The appetite and
tolerance thresholds used to monitor risk
Mitigation The activities undertaken to manage risk
Page 37 | © Manigent 2013
Many different types of risks make
up the organisational risk universe Fi
nan
cial
C
ust
om
er
Inte
rnal
Pro
cess
Le
arn
ing
&
Gro
wth
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Increase Investment Returns by 25%
Strategic Risk
Operational Risk
Insurance Risk
Finance Risk
Hazard Risk
Page 38 | © Manigent 2013
Many different types of risks make
up the organisational risk universe Fi
nan
cial
C
ust
om
er
Inte
rnal
Pro
cess
Le
arn
ing
&
Gro
wth
Increase Investment Returns by 25%
Sustainable Growth
Increase Retention of competent staff by
10%
Increase Shareholder value
Increase Investment Returns by 25%
Strategic Risk
Operational Risk
Insurance Risk
Finance Risk
Hazard Risk
Unexpected changes in interest
rates
Unexpected Equity movements
Page 39 | © Manigent 2013
Once Strategy is clearly defined, the Board and Executive should
develop a clear understanding of organisational risk appetite
Risk Appetite is set by the board and
defines the boundaries within which
the Executive execute strategy
Use the key business drivers to define
the risk appetite statement
Use the Appetite Alignment
Matrix to continuously monitor
alignment between strategy and
risks
How much risk are we willing to take?
2
Appetite Alignment Matrix
Page 40 | © Manigent 2013
Using drivers to frame appetite setting enables the Board to
set clear operating boundaries
Business Drivers Low Moderate High Extreme
Capacity Limit
Income X% Capital
@Risk X% Capital
@Risk X% Capital
@Risk X% Capital
@Risk
Capital Up to X £M
X £M to Y £M
X £M to Y £M
X £M to Y £M
Above X £M
Reputation Up to X vol.
Bad coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Page 41 | © Manigent 2013
Using drivers to frame appetite setting enables the Board to
set clear operating boundaries
Business Drivers Low Moderate High Extreme
Capacity Limit
Income X% Capital
@Risk X% Capital
@Risk X% Capital
@Risk X% Capital
@Risk
Capital Up to X £M
X £M to Y £M
X £M to Y £M
X £M to Y £M
Above X £M
Reputation Up to X vol.
Bad coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Page 42 | © Manigent 2013
Appetite Alignment Matrix is a key tool for monitoring the
alignment of Risk-taking to Strategy
Enabling monitoring of the alignment of risk-taking to strategy
Enables the monitoring of risks that are outside of appetite
Also shows where we are taking to much and not enough risk
Changes the risk conversation
Are we operating with in Appetite?
Page 43 | © Manigent 2013
Critical to the successful and sustainable execution of strategy is
the identification and management of key risks.
An event which may occur that will
impact on the achievement of
objectives, either positively
(opportunities) or negatively (threats).
What are the key threats and
opportunities in our industry?
Go beyond the ‘usual suspects’ by
using strategy as your starting
point
What are our key risks?
3
Strategy Map
Page 44 | © Manigent 2013
The Risk Map provides a snapshot of the current level of
Risk Exposure (‘Heat’)
The 4 perspectives
are aligned to the
Strategy Map
Often the risks are
defined as ‘impacts’
not ‘events’ i.e the
impact maybe on the
customer the be event
was operational
Page 45 | © Manigent 2013
The results from the risk assessment process is presented
using the same ‘risk buckets’ as risk appetite
Capital @Risk
Reputation @Risk
Impact x Likelihood (over a time horizon)
Appetite sets the boundaries for the business within which they execute strategy and create value. Therefore the Appetite Alignment Matrix provides a method of visually monitoring and managing our risk taking according to the strategy, identifying where too much or not enough risk is being taken.
Page 46 | © Manigent 2013
These powerful tools, and the underlying methodology provide the
Board with the capability to meet their governance obligations and
shape culture
Strategy Map Risk Map
Appetite Alignment Matrix
What are we trying to achieve?
How much risk are we running?
Risk Appetite
How much risk are we willing to
take?
So What?
Page 47 | © Manigent 2013
We believe that the Appetite Alignment Matrix can be used
as one of the tools underpinning incentive schemes?
Use a ‘basket of indicators’
KPIs to drive the desired performance.
Indicators to reinforce ‘Operating within Appetite’
KRIs (which express Risk Tolerance) to influence risk-taking
Are we operating with in Appetite?
Page 48 | © Manigent 2013
Teams/ Individuals
Business Units
Corporate
Risk appetite (and Strategy) is cascaded through the business via
Risk Tolerance indicators and potentially to incentives schemes
Board
Ap
pet
ite
Tole
ran
ce
Ince
nti
ves
Risk Appetite enables the board to set the Risk-taking boundaries within which the executive execute strategy. This should be cascaded via Risk Tolerance thresholds and reflected in incentive schemes. Therefore creating a ‘Line-of-Sight’ from Appetite to Incentives.
Page 49 | © Manigent 2013
Teams/ Individuals
Business Units
Corporate
An integrated ‘suite’ of strategic and operational management
information should be generated to increase transparency
around risk-taking and incentive schemes
Board
Ap
pet
ite
Tole
ran
ce
Ince
nti
ves
Page 50 | © Manigent 2013
When thinking about Governance and Incentives, we need to
consider culture and how to create alignment using an integrated
approach
Governance
Incentives Culture
Page 51 | © Manigent 2013
Questions / Comments
Page 52 | © Manigent 2013
Contact details
Andrew Smart
Chief Executive Officer
Manigent
Email: [email protected]
Blog: www.riskbasedperformance.com
Web: www.manigent.com
LinkedIn: http://uk.linkedin.com/in/ajsmart