Risk-Based Performance Management (RPBM) is a strategy execution and risk management methodology which is designed to enable organisations to drive sustainable strategic execution while ‘operating within appetite’. Core to RPBM is the understanding of ‘risk appetite’: that is the amount of risk that the organization is willing to, or is required to take in the pursuit of its strategic goals.
The approach incorporates and integrates seven management disciplines;
1. Strategy Management is about developing a clear sense of direction as to where the organization is going, how much risk it is willing or required to accept to get there, and what are the key opportunities and threats (risks) along the way. The direction which an organization has chosen to take can be expressed via a set of strategic objectives. Alongside defining the objectives, the organisational risk appetite should be defined. Integrating the definition of risk appetite with objective definition is the key process that links strategy and risk management: how much and what type of risk is an organization willing or required to run to achieve its objectives.
2. Performance Management is where strategic objectives are delivered either through executing day-to-day processes to a continuously improving level of performance or by undertaking a set of initiatives. Strategy execution is essentially achieved either by improving the way the organization is run or by changing the way it is run. The performance of processes should be monitored via associated key performance indicators (KPIs).
3. Risk Management is all about understanding threats and opportunities – the risks the organization faces in pursue of its objectives – and the continuous monitoring and management of those risks. One of the key ways that risks are managed is via an effective controls environment. Controls are the processes, policies, practices or other devices or actions designed to affect control over the risk. Key controls should be defined for each risk identified and the effectiveness of those controls regularly assessed.
4. Appetite Alignment is the process of continuously aligning current risk exposure to the defined risk appetite. It is about understanding if risk-taking is aligned to the chosen business strategy: i.e. are we operating within appetite. RBPM introduces a new management tool, called the Appetite Alignment Matrix which is designed to help organizations understand where they are ‘operating within appetite’.
5. Governance within the RBPM approach is based on the RACI framework. RACI is an acronym for Responsible, Accountable, Consult and Information and is used to clarify individual’s roles in the achievement of objectives and management of risks.
6. Communications is a critical enabler of successful change when an organization is setting out to take an integrated approach to strategy and risk management. For effective RBPM, the following five C’s of communications should be deployed;
7. Culture is perhaps the ultimate strategy execution and risk management tool. We use the term a Strategy-focused, Risk-aware culture to describe the type of culture which has the dexterity to simultaneously remain focused on delivering a clear set of objectives while scanning broadly to identify the threats and opportunities which may help or hinder the achievement of those objectives. There are seven key characteristics of the Strategy-focused, Risk-aware culture;
- Driven by a compelling vision
- Live by a clear set of values
- Led with integrity
- Align risk-taking to strategy
- Established clear accountabilities
- Engage in high quality conversations
- Incentives are aligned to appetite