Governance Culture & Incentives- Fundamentals of Operational Risk
- 1. Governance, Culture and Incentives
Providing some practical tools to answer three key questions and
create alignment
Fundamentals of Operational Risk
February 2013
- 3. Introduction
15 years plus in Strategy & Risk Management
CEO & co-founder of Manigent (consultancy)
CEO & co-founder of StratexSystems (software)
2006/07: 12 month / 21 organisation research project into the
integration of performance & risk management in the Financial
Services industry
Created the Risk-Based Performance Management
methodology
"The true output of effective risk management is a
successful organisation that delivers on its strategic
objectives and satisfies the needs of key stakeholders
- consistently, year on year.” Manigent client
Page 3 | © Manigent 2013
- 4. Agenda
Where I am coming from
What do we mean?
Why is it important?
Role of Strategy & Risk
Appetite
Cascading Strategy & Risk
Appetite
Incentives
Governance
Culture
Page 4 | © Manigent 2013
Incentives
- 6. Risk-Based Performance Management is designed to enable
sustainable strategy execution, with risk appetite central
What are we trying to
achieve?
What is our Risk Appetite?
Strategy
Management
Appetite
Are we on track?
Performance
Management
Risk
Management
Governance & Communications
Culture
Page 6 | © Manigent 2013
Are we operating
within appetite?
- 7. The Risk-Based Performance Management methodology is based
on seven management disciplines
Business drivers
Shareholder value
Strategy
Manage
Performance
Appetite
Manage
Risk
Align Risk-taking
to Strategy
Governance
Appetite
Culture
Page 7 | © Manigent 2013
Communication
- 8. The Risk-Based Performance Management approach is enabled
via a process that goes from formulation to execution
Execution
Formulation
Define
Strengths &
Weaknesses
Define
Strategic
Goals
Define
Business
Drivers
Define
Strategic
Risks
Define Risk
Appetite
Define
Strategic
Objectives
Define the
Strategy
Define the
Business
Model
Define
Strategic
Controls
Align Risk
Appetite &
Strategy
Define
Indicators
Define
Processes
Define
Initiatives
Define
Operational
Risks
Define
Operational
Controls
Executive
Board
Page 8 | © Manigent 2013
Assess Risks
& Controls
Monitor
Appetite
Alignment
- 10. Governance
What is Corporate Governance?
Culture
Incentives
Corporate governance is the system by which companies are directed and
controlled - Cadbury Report / UK Corporate Governance Code,
1992
The board is responsible for determining the nature and extent of the
significant risks it is willing to take in achieving its strategic objectives - UK
Corporate Governance Code, 2012
Corporate governance is therefore about what
the board of a company does and how it sets
the values of the company, and is to be
distinguished from the day to day operational
management of the company by full-time
executives. The Code, 2012
Governance is the process and practices which
define the strategic, operating and decisionmaking boundaries of an organisation (or
organisational unit), and how decisions are
made and implemented. Andrew Smart
Page 10 | © Manigent 2013
- 11. Governance
Other types of Governance
Culture
Incentives
Project Governance – the management framework within which project
decisions are made.
IT Governance - the leadership and organisational structures and
processes that ensure that the organisation’s IT sustains and extends the
organisation’s strategies and objectives. – The IT Institute
Data Governance - is the exercise of decision-making and authority for
data-related matters. Or for a longer definition, Data Governance is a
system of decision rights and accountabilities for information-related
processes, executed according to agreed-upon models which describe who
can take what actions with what information, and when, under what
circumstances, using what methods. – The Data Governance Institute
Page 11 | © Manigent 2013
- 12. Enabling the right culture
1st Line of
Defence
Operational
functions
Culture
Incentives
Accountable for the risk management process
Identifies, manage, mitigates and reports on
operational risks
Risk
Management &
Compliance
Risk Management;
design, interpret and develop overall risk management framework.
Train, enable and monitor use of the risk management.
Overview of key risks
Compliance: Monitor and report on regulatory issues.
3rd Line of
Defence
Internal Audit
Independent testing and verification of efficacy of
corporate standard and business line compliance
Provides assurance that the risk management process is
functioning as designed
Oversight
Board &
Executive
2nd
Line of
Defence
Establishes corporate strategy and risk appetite
Approves frameworks, methodologies, policies and
roles & responsibilities
Page 12 | © Manigent 2013
Risk Management framework
Monitor Strategy & Risk Alignment
The 3 Lines of defence model is a popular governance
model within Financial Services and other industries
Governance
- 13. The RACI model is also a powerful tool for cascading
and embedding governance and shaping culture
“The doers”
Those people working on
delivering the objective, managing
the risk or applying the control.
Governance
Culture
Incentives
“The buck stops here”
P
“Keep in the picture”
Those with Yes/No authority
related to the objective, risk or
control.
“Keep in the loop”
Position(s) that need to know
about decision or action related to
the objective, risk or control.
Those involved prior to
decisions or action related to
the objective, risk or control.
Page 13 | © Manigent 2013
- 14. Governance
What is Culture?
Culture
Incentives
The thing I have learned at IBM is that culture is
everything – Louis V. Gerstner, Jr. former CEO IBM
Culture comprises an organisation’s widely
shared values, symbols, behaviours and
assumptions – Rob Goffee & Gareth Jones
The way we get things done around here
Culture Eats Strategy For Breakfast - Peter Drucker
Page 14 | © Manigent 2013
- 15. The seven key characteristics of a
Strategy-Focused, Risk-Aware Culture
Governance
Culture
1. Driven by a compelling vision
2. Live by a clear set of values
3. Led with integrity
4. Align risk-taking to strategy
5. Established clear accountabilities
6. Engage in high quality conversations
7. Incentives are aligned to appetite
Page 15 | © Manigent 2013
Incentives
- 16. Governance
The right culture should ensure…
Culture
Incentives
The right people…
Are doing the right things…
“The way we get things
done around here”
At the right time…
With the right amount of challenge…
To seize opportunities and manage threats…
While operating within appetite
Page 16 | © Manigent 2013
- 17. Governance
What do we mean Incentives?
Culture
x%
Base Salary
x%
Cash Bonus
x%
Deferred Bonus
Page 17 | © Manigent 2013
Incentives
- 19. The credit crunch and subsequent fall-out has brought
a focus to governance and incentives
Page 19 | © Manigent 2013
- 20. The issue of incentives and particularly bankers bonus is a live one
today but we argue the issue is really down to Governance and
Culture
Page 20 | © Manigent 2013
- 21. This is not a new issue… the principal-agent problem
(Agency Dilemma)
“the difficulties that arise under when a principal hires an
agent, such as the problem that the two may not have the
same interests”
Emerged as an issue in the 19th century as the world moved
away from craft-based industries to industrialised
manufacturing, leading to an increasing separation of
ownership and control.
Page 21 | © Manigent 2013
- 22. A mis-alignment in time horizons between the Chairman
and the CEO is an increasing problem
“The chairman of my company has effectively been given a decade,” says
the CEO of a steelmaker in Asia, “and I have three years—tops—to make
my mark. If I come up with a strategy that looks beyond the current cycle,
I can never deliver the results expected from me.Yet I am supposed to
work with him to create long-term shareholder value.
Source: McKinsey Quarterly: Tapping the strategic potential of boards
Page 22 | © Manigent 2013
- 23. Solving the Agency Dilemma
Shareholder/
Owners
Board
Agency Dilemma must be
solved at these two points;
but it starts with strong
governance and a focus on
developing the right culture
CEO & Executive
Staff
Staff
Page 23 | © Manigent 2013
- 24. Governance is still an issue for many organisations
“the Board is responsible for determining the nature and extent
of the significant risks it is willing to take in achieving its strategic
goals.” UK Corporate Governance Code, 2010
21%
“only 21% align their risks with their
business strategy”
Where the Board need to spend
more time…
– Grant Thornton Corporate Governance Review 2011
70%
“results indicate a need to better educate
Boards on industry dynamics and how
their companies create value...”
21%
“Only 21% of directors surveyed
claim a complete understanding of
their companies’ current strategy”
– Mckinsey Global Survey – Corporate Governance,
2011
Strategy
42%
Execution
47%
Performance
Management
67%
Risk Management
Approx. 1500 participants
Page 24 | © Manigent 2013
- 25. Governance is still an issue for many organisations
“44%of directors said their boards simply reviewed and approved
management’s proposed strategies”
“only 10% of the directors we surveyed felt that they fully understood
the industry dynamics in which their companies operated”
Source: McKinsey Quarterly: Tapping the strategic potential of boards
Page 25 | © Manigent 2013
- 26. Getting the culture right is also critical
We place considerable emphasis on the
CEO setting the right culture, risk
appetite and control framework….
Hector Sants, FSA
Page 26 | © Manigent 2013
- 27. How can we address these
Governance and Culture
challenges?
- 28. We would argue that Tone from the top is best via an integrated
approach to strategy and risk management, particularly risk appetite
Vision
Mission
Values
Shareholder value
Strategy
Risks
Controls
Shared values
Processes
Key
Controls
Incentives
Behaviours
Tone from the Top
Risk
Appetite
indicators
Leadership
Page 28 | © Manigent 2013
What we do on a
day-to-day basis
Symbols
What we think on a
day-to-day basis
- 29. We believe this process enables boards (and the executive) to
address governance issues identified
“only 10% of the directors we surveyed felt that
they fully understood the industry dynamics in
which their companies operated”
Formulation
Define
Strengths &
Weaknesses
Define
Strategic
Goals
Define
Business
Drivers
Define Risk
Appetite
Define
Strategic
Objectives
Define the
Strategy
Define the
Business
Model
Align Risk
Appetite &
Strategy
Board
Page 29 | © Manigent 2013
- 30. We believe there are three key questions that the board and
executive must be able to answer, and be aligned on
1
2
3
What are we trying
to achieve?
How much risk are
we willing to take?
What are our key
risks?
Strategy Map
Appetite Alignment Matrix
Risk Map
Page 30 | © Manigent 2013
- 31. The Strategy Map is a leading tool to enhance the
communication, execution and monitoring of strategy
1
What are we trying
to achieve?
Strategy Map
Distil the Strategy into a clear, welldefined set of Objectives
Use a Strategy Map to map the cause
‘n’ effect relationships between
Objectives
Strategy Map enables easy
communications and monitoring of
strategy
Use the Strategy Map to ‘bubble
up’ performance, risk and controls
information
Page 31 | © Manigent 2013
- 32. The Strategy Map is a leading tool to enhance the
communication, execution and monitoring of strategy
Page 32 | © Manigent 2013
- 33. The Strategy Map is a leading tool to enhance the
communication, execution and monitoring of strategy
Improve Shareholder Value
To succeed
financially, how
should we appear
to our
shareholders?
Improve Cost
Structure
Increase Asset
Utilisation
Asset Turnover
Enhance Customer
Value
Customer Profitability
Customer Acquisition
Revenue Growth Strategy
Customer Retention
Create Value from New
Products & Services
New Revenue Sources
Customer Satisfaction
Product Leader
To achieve our
vision, how should
we appear to our
customers?
Customer Solutions
Customer Value Proposition
Product/Service Attributes
Price
To achieve our
vision, how will we
sustain our ability
to change and
improve?
Cost per Unit
•Market and Account Share
To satisfy our
shareholders and
customers, what
business processes
must we excel at?
Shareholder Value
ROCE
Productivity Strategy
Quality
Time
Operations Theme
Low Total Cost
Relationship
Function
Service
Customer
Management Theme
Image
Relations
Brand
Innovation Theme
Regulatory and
Society Theme
Human, Information, and Organisational Capital
Strategic
Competencies
Strategic
Technologies
Page 33 | © Manigent 2013
Climate for
Action
- 34. Internal Process
Learning &
Growth
The Strategy Map articulates how
an organisation creates value
Objective
Statement of what
strategy must
achieve and what’s
critical to its
success
KPIs
How success in
achieving the
strategy will be
measured and
tracked
Targets
The level of
performance or
rate of
improvement
needed
Initiatives
Key action
programs
required to
achieve Priorities
Sustainable Growth
Objective
KPIs
Targets
Initiatives
Increase Investment
Returns by 25%
Increase
Investment
Returns by 25%
YTD % Increase
in investment
returns
25%
Implement
new
portfolio mgt
system
Customer
Financial
Increase Shareholder
value
Increase Retention
of competent staff by
10%
Page 34 | © Manigent 2013
- 35. Internal Process
Learning &
Growth
However, to create value, risk-taking
must be aligned to strategy…
Objective
Statement of what
strategy must
achieve and what’s
critical to its
success
Appetite
How much risk
are we willing to
run to achieve the
objective?
Exposure
How much risk
are we currently
running?
Alignment
Is our current
risk-taking
aligned to
appetite?
Sustainable Growth
Objective
Appetite
Exposure
Alignment
Increase Investment
Returns by 25%
Increase
Investment
Returns by 25%
Moderate
High
Over-exposed
Customer
Financial
Increase Shareholder
value
Increase Retention
of competent staff by
10%
Page 35 | © Manigent 2013
- 36. Internal Process
Learning &
Growth
Effective risk management also supports
value creation and protection...
Objective
Statement of what
strategy must
achieve and what’s
critical to its
success
Customer
Financial
Increase Shareholder
value
Sustainable Growth
Increase Investment
Returns by 25%
The threats and
opportunities (risks)
exist which may
impact achievement
of objectives
Objective
Risks
Increase
Investment
Returns by 25%
Unexpected
changes in
interest rates
Unexpected
Equity
movements
Risks
Increase Retention
of competent staff by
10%
Page 36 | © Manigent 2013
Thresholds
The appetite and
tolerance
thresholds used
to monitor risk
Mitigation
The activities
undertaken to
manage risk
Thresholds
Mitigation
Appetite
Tolerances
Controls
Initiatives
Policy &
procedures
Processes
- 37. Financial
Learning &
Growth
Internal Process
Customer
Increase Shareholder
value
Many different types of risks make
up the organisational risk universe
Strategic Risk
Sustainable Growth
Increase Investment
Returns by 25%
Finance Risk
Increase Investment
Returns by 25%
Operational Risk
Insurance Risk
Hazard Risk
Increase Retention
of competent staff by
10%
Page 37 | © Manigent 2013
- 38. Internal Process
Learning &
Growth
Many different types of risks make
up the organisational risk universe
Unexpected
changes in interest
rates
Customer
Financial
Increase Shareholder
value
Strategic Risk
Sustainable Growth
Increase Investment
Returns by 25%
Unexpected Equity
movements
Finance Risk
Increase Investment
Returns by 25%
Operational Risk
Insurance Risk
Hazard Risk
Increase Retention
of competent staff by
10%
Page 38 | © Manigent 2013
- 39. Once Strategy is clearly defined, the Board and Executive should
develop a clear understanding of organisational risk appetite
2
How much risk are
we willing to take?
Appetite Alignment Matrix
Risk Appetite is set by the board and
defines the boundaries within which
the Executive execute strategy
Use the key business drivers to define
the risk appetite statement
Use the Appetite Alignment
Matrix to continuously monitor
alignment between strategy and
risks
Page 39 | © Manigent 2013
- 40. Using drivers to frame appetite setting enables the Board to
set clear operating boundaries
Business Drivers
Low
Moderate
High
Extreme
Income
X% Capital
@Risk
X% Capital
@Risk
X% Capital
@Risk
X% Capital
@Risk
Capital
Up to
X £M
X £M to
Y £M
X £M to
Y £M
X £M to
Y £M
Capacity
Limit
Reputation
Up to X vol. Up to X vol. Up to X vol. Up to X vol.
Bad
Bad
Bad
Bad
coverage
coverage
coverage
coverage
Page 40 | © Manigent 2013
Above
X £M
- 41. Using drivers to frame appetite setting enables the Board to
set clear operating boundaries
Business Drivers
Low
Moderate
High
Extreme
Income
X% Capital
@Risk
X% Capital
@Risk
X% Capital
@Risk
X% Capital
@Risk
Capital
Up to
X £M
X £M to
Y £M
X £M to
Y £M
X £M to
Y £M
Capacity
Limit
Reputation
Up to X vol. Up to X vol. Up to X vol. Up to X vol.
Bad
Bad
Bad
Bad
coverage
coverage
coverage
coverage
Page 41 | © Manigent 2013
Above
X £M
- 42. Appetite Alignment Matrix is a key tool for monitoring the
alignment of Risk-taking to Strategy
Enabling monitoring of
the alignment of risktaking to strategy
Enables the
monitoring of risks
that are outside of
appetite
Are we operating with in Appetite?
Also shows where we
are taking to much
and not enough risk
Changes the risk
conversation
Page 42 | © Manigent 2013
- 43. Critical to the successful and sustainable execution of strategy is
the identification and management of key risks.
3
What are our key
risks?
Strategy Map
An event which may occur that will
impact on the achievement of
objectives, either positively
(opportunities) or negatively (threats).
What are the key threats and
opportunities in our industry?
Go beyond the ‘usual suspects’ by
using strategy as your starting
point
Page 43 | © Manigent 2013
- 44. The Risk Map provides a snapshot of the current level of
Risk Exposure (‘Heat’)
The 4 perspectives
are aligned to the
Strategy Map
Often the risks are
defined as ‘impacts’
not ‘events’ i.e the
impact maybe on the
customer the be event
was operational
Page 44 | © Manigent 2013
- 45. The results from the risk assessment process is presented
using the same ‘risk buckets’ as risk appetite
Appetite sets the boundaries for the business
within which they execute strategy and create
value.
Therefore the Appetite Alignment Matrix provides
a method of visually monitoring and managing our
risk taking according to the strategy, identifying
where too much or not enough risk is being taken.
Reputation
@Risk
Capital
@Risk
Impact x Likelihood
(over a time horizon)
Page 45 | © Manigent 2013
- 46. These powerful tools, and the underlying methodology provide the
Board with the capability to meet their governance obligations and
shape culture
Risk Appetite
Strategy Map
What are we
trying to
achieve?
Risk Map
How much risk
are we willing to
take?
Appetite Alignment Matrix
So What?
Page 46 | © Manigent 2013
How much risk
are we running?
- 47. We believe that the Appetite Alignment Matrix can be used
as one of the tools underpinning incentive schemes?
Use a ‘basket of indicators’
KPIs to drive the desired
performance.
Indicators to reinforce
‘Operating within Appetite’
Are we operating with in Appetite?
Page 47 | © Manigent 2013
KRIs (which express Risk
Tolerance) to influence risktaking
- 48. Appetite
Tolerance
Incentives
Risk appetite (and Strategy) is cascaded through the business via
Risk Tolerance indicators and potentially to incentives schemes
Risk Appetite enables the board to set the Risktaking boundaries within which the executive
execute strategy.
Board
This should be cascaded via Risk Tolerance
thresholds and reflected in incentive schemes.
Corporate
Therefore creating a ‘Line-of-Sight’ from
Appetite to Incentives.
Business Units
Teams/ Individuals
Page 48 | © Manigent 2013
- 49. Appetite
Tolerance
Incentives
An integrated ‘suite’ of strategic and operational management
information should be generated to increase transparency
around risk-taking and incentive schemes
Board
Corporate
Business Units
Teams/ Individuals
Page 49 | © Manigent 2013
- 50. When thinking about Governance and Incentives, we need to
consider culture and how to create alignment using an integrated
approach
Governance
Culture
Page 50 | © Manigent 2013
Incentives
- 52. Contact details
Andrew Smart
Chief Executive Officer
Manigent
Email: andrew.smart@manigent.com
Blog: www.riskbasedperformance.com
Web: www.manigent.com
LinkedIn: http://uk.linkedin.com/in/ajsmart
Page 52 | © Manigent 2013