Thoughts & Musings
High-quality conversations informed by data, information and analytics.
It is about high-quality conversations informed by data, information and analytics.
It is easy to think Enterprise Performance & Risk Management is about numbers, but it is really about high-quality conversations informed by data, information and analytics.
Probability of Execution (POE)
The Probability of Execution is an aggregated, easy to understand percentage value showing the probability that a single objective, or group of objectives will be executed by its due date based on the various data points which have a causal relationship to the objective. This includes linkages between objectives and aligned processes and initiatives, and of course, risks and controls at various levels within the RBPM framework.
Risk Management, particularly Enterprise Risk Management, is often defined in terms of risk related to the achievement of objectives.
Risk management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve objectives. - ISO31000. https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en
The culture, capabilities and practices, integrated with strategy-setting and performance that organizations rely on to manage risk in creating, preserving and realizing value – COSO Enterprise Risk Management, 2017. https://www.coso.org/Pages/erm.aspx
These definitions show the importance of linking risk to strategic objectives. However, the standards provide little guidance into how this linkage should be implemented.
Risk-Based Performance Management is unique in that it provides a structured methodology that sets out how businesses can integrate enterprise performance management and enterprise risk management.
One of the critical points of integration between these two management disciplines is the concept of a Probability of Execution (PoE).
The idea behind the Probability of Execution is to provide a risk-based view of the probability that an individual objective or a group of objectives will be achieved within their due date. Easy to say, but maybe more difficult to understand.
Let's go into that now.
When executives sit down to review performance against objectives, current good practice suggests that each objective has a small number of related Key Performance Indicators (KPIs) which indicate if the objective is on-track to be achieved or not.
Typically, KPIs are colour-coded using a traffic light or RAG RAG (Red, Amber & Green) approach.Within the RBPM methodology the preferred scoring approach is RAGAR (Red, Amber, Green, Amber, Red).
For many executive teams who use traditional performance management systems; whether that system is the Balanced Scorecard (BSC), Objectives & Key Results (OKRs) or simply a collection of objectives on a dashboard, getting all objectives to green and keeping them there is the desired outcome.
KPIs provide a performance perspective on the achievement of objectives, however they do not take into account the level of risks related to the accomplishment of an objective or objectives. This can create a false sense of security and lead to a surprise when objectives are missed due to a risk or risks crystallising.
Within the Risk-Based Performance Management (RBPM) methodology, the traditional KPI driven RAG status are complemented with the concept of a Probability of Execution.
The Probability of Execution is an aggregated, easy to understand percentage value showing the probability that a single objective, or group of objectives will be executed by their due date based on the various data points which have a causal relationship to the objective(s). This includes linkages between objectives and aligned processes and initiatives, and of course, risks, risk events and controls at various levels within the RBPM framework.
The Probability of Execution has proven to be a powerful, yet simple to understand and easy to action way of integrating risk into the strategy execution conversation.
A balanced suite of KPIs provides a performance perspective on the status of the objective. In contrast, the Probability of Execution provides a risk-based view which is, by its nature forward-looking. The Probability of Execution also work well with Appetite Alignment, another central concept within Risk-Based Performance Management.
Events, dear boy, events...
Events, dear boy, events…this is a quote often attributed to former British Prime Minister, Harold Macmillan and one that will be ringing in the ears of many business and risk professionals as they watched turbulence unfold in the markets yesterday. Many will now be waking up, asking themselves what does the coronavirus and this market turmoil mean for them.
Events, dear boy, events…this is a quote often attributed to former British Prime Minister, Harold Macmillan and one that will be ringing in the ears of many business and risk professionals as they watched turbulence unfold in the markets yesterday. Many will now be waking up, asking themselves what does the coronavirus and this market turmoil mean for them.
Up until yesterday; the coronavirus crisis had grown relatively quickly but steadily. After a history of SARS, Swine Flu and the like, many firms would have, at least a semblance of, a response plan which could be used as a basis for a coronavirus response plan.
However, I wonder how many of these plans consider the implications on the firm’s business model, ability to deliver operationally and strategically, on their balance sheet, P&L etc. I wonder further how many firms have thought the scenario where; in the face of a potential global pandemic, the world experiences an oil price shock leading to a dramatic drop in the value of listed companies worldwide and creating significant, additional uncertainty going forward.
Events, dear boy, events…this reflects the times we live in and underlines why firms need to build risk-based management systems, embed risk-based decision-making within their culture and put in place the technology and data architecture to enable firms to execute operationally and strategically in these times of significant uncertainty.
Strategy as a Hypothesis. Risk as a Hypothesis.
Strategy is a hypothesis of how the firm will create value. Risk is a hypothesis about the uncertainties of delivering the strategy. Risk Management provides the frameworks and tools to understand the uncertainties, challenge and stressing the strategic hypothesis while managing the uncertainties within the risk hypothesis.
What is Risk-Based Performance Management
Risk-Based Performance Management (RBPM) is a strategic management methodology designed to enable firms to execute strategy while operating within risk appetite boundaries.
By integrating best practices approaches to strategy setting, risk appetite, enterprise performance management and enterprise risk management, RBPM enables the board and senior management to understand, manage and control the risks facing their firms while building the capability to identify and exploit emerging opportunities to gain and maintain a competitive advantage.
Risk-Based Performance Management (RBPM) is a strategic management methodology designed to enable firms to execute strategy while operating within risk appetite boundaries.
By integrating best practices approaches to strategy setting, risk appetite, enterprise performance management and enterprise risk management, RBPM enables the board and senior management to understand, manage and control the risks facing their firms while building the capability to identify and exploit emerging opportunities to gain and maintain a competitive advantage.
Risk-Based Performance Management reflects how we need to regulate and how we want our regulated firms to manage their businesses” Director of Supervision, De Nederlandsche Bank
The RBPM methodology is made up of seven disciplines;
1. Set Strategy
2. Manage Performance
3. Manage Risk
4. Alignment Risk-taking to Strategy
5. Governance
6. Communications
7. Culture