“5 Years since the crunch: Are Businesses Now Integrating Strategy and Risk to support a Risk Based Performance Management Culture?”
This latest research project seeks to ascertain how prepared businesses are to execute their strategies within their risk appetite boundaries. The findings will be used to develop further best practice methodologies to aid businesses in preparing for, and potentially avoiding, future corporate and global turmoil through the robust integration of risk into strategy formulation and execution.
Information regarding the Research Survey can be found below. Please click here to take our Research Survey
Six years ago Andrew Smart, CEO of Manigent, undertook some ground-breaking research exploring the linkages between two important management processes – strategic performance management and risk management – specifically focussing on strategic and operational risk in the UK Financial Services sector.
The conclusions were that firms were:
• Focused on managing by either performance indicators or risk indicators in silo;
• Not realising the benefits of integrating their strategic execution and risk frameworks;
• Not embedding risk appetite sufficiently within their risk management framework and process leading to a poor culture of risk management.
This failure to integrate enterprise performance management and risk management, and additionally to place risk appetite at the heart of the strategy execution process, were major contributing factors which led to the Global economic crisis.
However, the research demonstrated that those partaking could see the benefits of an integrated approach to help their businesses manage in ‘continuous turbulent times’. Subsequently Andrew developed a new Strategic Management Framework called Risk Based Performance Management, now published, that places risk appetite as a central management and control tool in strategy execution.
Since this original research, the world has moved on. Businesses are now operating in ‘continuous turbulent times’ – a globalised, continuously and rapidly changing networked environment, which brings with it greater opportunities but also different and greater risks. This means today it is even more essential that strategic and operational decision-making must balance risk and reward – businesses must take into consideration the risk dimension of decisions.
With Boards now starting to put growth and risk-taking back on the agenda following years of cost-cutting and risk-averse strategies, we believe the time is right to refresh the original research. This project will explore how businesses have changed their approach to the integration of enterprise performance management and enterprise risk management over the last 5 years; and we will look at how prepared businesses are to manage risks whilst executing their strategies in this new economic and operational landscape to prepare for, and potentially avoid, future global turmoil.
Additionally, we will ask supplementary questions in the fields of conduct and cyber risk that are emerging as the greatest risks facing organisations today.
The Hypothesis behind this research project is that all organisations, regardless of sector, country and size, require a structured strategy execution methodology that integrates performance and risk management with risk appetite a key strategic and operational management tool in order to safely deliver their operations to achieve strategic objectives.
The original research hypothesised that organisations would benefit from adopting an integrated approach but that they were not, due to:
1. The benefits being unclear;
2. Existing frameworks promoting silo management processes;
3. Complexities and confusion on how to integrate the processes and what the key integration points are.
Whilst we expect to see some improvements we further hypothesise that lessons have not been learned from the recent credit crunch and that businesses will enter this new phase of growth without adequately integrating risk management into the strategic execution process.
The overall aim of this research project is to understand if and how firms have changed their approach to, and the extent of integration between, strategy execution, enterprise performance management and risk management post-credit crunch.
Further we will seek to explore in greater detail a few key management challenges in the strategy execution space and understand if and how an integrated approach based on Risk-Based Performance Management can add business value.
The primary research objectives are:
1. To understand if and how firms have changed their approach to strategy execution, enterprise performance management and risk management, and specifically the integration of these management disciplines;
2. To ascertain the level to which companies integrate strategy execution and risk management processes and frameworks for decision-making;
3. To ascertain how they define and use risk appetite within that integrated process;
4. To understand the current state of ‘risk aware culture’ that exists in organisations;
5. Undertake cross-sector and inter-country trend analysis.
The secondary research objectives are:
1. To understand how financial services firms are responding to the FCA’s Conduct Risk Management agenda;
2. To understand how firms are responding to increasing threat posed to its information and cyber-enabled operations in an ever increasingly networked business environment.
This research will be a blend of primary and secondary research.
In terms of secondary research we will undertake a review of relevant recent literature and standards on performance and risk management, building on the literature review from the initial 2007 research. We will also review literature surrounding cyber-performance models and cyber security standards.
Primary research will be a mix of both quantitative and qualitative. Quantitative research will be conducted through a questionnaire survey. We will follow up with qualitative interviews stimulating more in-depth discussions and corporate case studies.
The linkages between strategic execution and risk is increasingly important due to the ever increasing pressure on organisations to deliver positive results to the stock market and other stakeholder groups within these continuously turbulent environment.
Legislation and Regulation can only take things so far. Many businesses are prepared to do the compliance minimum and not generate the sustainability, resilience and results they can achieve from a properly integrated strategy execution and risk framework.
As our dependency on information and digital operations grows it is fast becoming the key enabler of modern businesses. With this, the risks posed from cyber threats are also growing, with businesses and economies suffering massively as a result of growing cyber-crime and non-malicious incidents.
Without a value-adding model that integrates strategy execution and risk, through the central management and control tool of risk appetite, many businesses will enter their new post credit-crunch phase of growth in our digital age blindly and expose their company to severe threats, which can have far reaching consequences.
We see this research as exceptionally important to assess the state of play and highlight the need and benefits of integrating strategy and risk. It is in everyone’s interest – Governments, Regulators, businesses and insurers that organisations manage their risk effectively to help the impact of market and operational shocks to the organisation in turn reducing the likelihood of another economic crisis, and in the area of cyber to protect national assets.
Andrew Smart is a strategy and risk management professional with 15 years’ experience delivering Balanced Scorecard, Enterprise Risk and Operational Risk projects in the UK, Europe and the Middle East. Most recently, Andrew has been assisting financial services to effectively respond to pressure to improve risk management and regulatory reporting as a result of the credit crunch and subsequent increased regulatory oversight.
Andrew is the CEO and Founder of Manigent, a specialist Governance, Strategy, Risk & Compliance (GSR&C) consultancy and the creator of the Risk-Based Performance Management methodology. He holds an MBA from Henley Business School and is a Professional member of the Institute of Operational Risk.
Colin Lobley is a strategy and change professional with expertise in delivering tangible operational improvements in risk-driven environments, developed through his 12 years’ experience in the Defence and Security markets. For the past 5 years Colin’s career has seen him working with a range of public and private sector clients developing corporate strategy, products and services, and internal management capability to address the cyber threats and manage the risks they pose.
Colin is a Director in Manigent, delivering Integrated Strategy and Risk solutions and thought leadership in the field. He holds an MBA from Henley Business School, a Masters in Chemistry from the University from Exeter, and is a Prince 2 Practitioner and Certified ISO 9001 Internal Auditor.
If you have a general enquiry, please complete the contact form below and we will be in touch shortly.