Integrating risk indicators into corporate performance management tool



Similar documents
Integrating Balanced Scorecard and Enterprise Risk Management

Cascading KPIs using the 9 Steps to Success

Balanced Scorecard and Compensation

Exhibit 1: Structure of a heat map

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

Balanced Scorecard: & Challenges. 23rd July Organized by: SMR

IPMS Insurance Performance Management System

The Balanced Scorecard. Background Discussion

Management White Paper What is a modern Balanced Scorecard?

Creating a Strategy-Focused Organization

Stakeholder Analysis: The Key to Balanced Performance Measures

Process Intelligence: An Exciting New Frontier for Business Intelligence

Developing and Implementing a Balanced Scorecard: A Practical Approach

Balanced Scorecard: linking strategic planning to measurement and communication Gulcin Cribb and Chris Hogan Bond University, Australia

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

An Integrated Balanced Scorecard Strategic Planning Model for Nonprofit Organizations

Risk appetite. The strategic balancing act

Managing Organizational Performance: Linking the Balanced Scorecard to a Process Improvement Technique Abstract: Introduction:

ITPMG. IT Performance Management. The Basics. January Helping Companies Improve Their Performance. Bethel, Connecticut

STRATEGIC PERFORMANCE MEASUREMENT GUIDELINES AND FRAMEWORK TO MERGE BALANCED SCORECARDS AND BUSINESS INTELLIGENCE TECHNIQUES

Strategic Planning. In Context. In This Section. Part of the BHO Roadmap to a Healthier Organization

How to measure your business resiliency

Getting the Focus on Enterprise Risk Management Right. by Al Decker & Donna Galer

Hand IN Hand: Balanced Scorecards

CRM Scorecard - CRM Performance Measurement

Since the 1990s, accountability in higher education has

Enterprise Risk Management

How to bridge the gap between business, IT and networks

STRATEGIC INTELLIGENCE WITH BI COMPETENCY CENTER. Student Rodica Maria BOGZA, Ph.D. The Bucharest Academy of Economic Studies

Final. North Carolina Procurement Transformation. Governance Model March 11, 2011

THE BALANCED SCORECARD IN A STRATEGY-FOCUSED ORGANIZATION

Safety Metrics, The Big Picture -Terry L. Mathis President, ProAct Safety

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE INTERNATIONAL JOURNAL OF BUSINESS & MANAGEMENT

Measuring Quality in Graduate Education: A Balanced Scorecard Approach

Shew-Fang Shieh, RN. MS. DBA. Cardinal Tien Hospital, Taiwan August

Balanced Scorecard; a Tool for Measuring and Modifying IT Governance in Healthcare Organizations

The Demise of Cost and Profit Centers

PERFORMANCE MANAGEMENT METHOD FOR CONSTRUCTION COMPANIES

PROFESSIONAL PRACTICE STATEMENT Performance Measurement & Metrics

Traditionally occupational safety and health

Goal-based Leadership Introducing an efficient management approach

Call Center Optimization. Utility retail competition is about customer satisfaction, and not just retail prices

Best Practices for Planning and Budgeting. A white paper prepared by PROPHIX Software October 2006

Performance Management. Date: November 2012

Enterprise Risk Management

PEOPLE INVOLVEMENT AND THEIR COMPETENCE IN QUALITY MANAGEMENT SYSTEMS * Jarmila ŠALGOVIČOVÁ, Matej BÍLÝ

Strategy and Performance Management in the Government

Seven Tips for Building a Great Dashboard

Hoshi Kanri and Balanced Scorecard

International Institute of Management

Proceedings of the 34th Hawaii International Conference on System Sciences

CHAPTER 5 COMPETITIVE ADVANTAGE AND STRATEGIC MANAGEMENT FOR PERFORMANCE EXCELLENCE

Strategically Linking Talent Management to the Business. Vice President of Talent Management, Learn.com

CASE STUDY. Barber Foods. Successful Trade Promotion Optimization Strategy Improves Retail Effectiveness. Challenge. Solution.

E-Business-Controlling using the Balanced Scorecard

Matthew E. Breecher Breecher & Company PC November 12, 2008

Cyber Security and the Board of Directors

Kittipat Laisasikorn Thammasat Business School. Nopadol Rompho Thammasat Business School

Organizational Leadership and the Balanced Scorecard: Lessons to be learned from Marketing Activities in a Nonprofit Setting

White Paper from Global Process Innovation. Fourteen Metrics for a BPM Program

Creating An Excel-Based Balanced Scorecard To Measure the Performance of Colleges of Agriculture

Global Technology Audit Guide. Auditing IT Governance

TRAINING AND EDUCATION IN THE SERVICE OF MILITARY TRANSFORMATION

THE LSS PRIMER SOLUTIONS TEXT

Strategic Risk Management for School Board Trustees

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Corporate Performance Management in IT Organizations White Paper

Exceptional Customer Experience AND Credit Risk Management: How to Achieve Both

Enterprise Performance Management

Bank of America. Effectively Managing Performance Measurement Systems

Maximizing the ROI Of Visual Rules

Integrated Marketing Performance Using Analytic Controls and Simulation (IMPACS SM )

IT Governance Regulatory. P.K.Patel AGM, MoF

From Issue to Action Evaluating the experience in the foundation of a CX program for a global player within the webhosting industry

Best practices for planning and budgeting. A white paper prepared by Prophix

Strategies and Methods for Supplier Selections - Strategic Sourcing of Software at Ericsson Mobile Platforms

Journal of Renewable Natural Resources Bhutan ISSN:

Organization transformation in times of change

Department of Management

Level 1 Articulated Plan: The plan has established the mission, vision, goals, actions, and key

PERFORMANCE MEASUREMENT OF INSURANCE COMPANIES BY USING BALANCED SCORECARD AND ANP

Keynote: How to Implement Corporate Performance Management (CPM), Pervasive BI & ROI: Hard & Soft

ASAE s Job Task Analysis Strategic Level Competencies

BALANCED SCORECARD AND CHANGE MANAGEMENT. The Key to Successfully Executing Your Strategic Plan

Examiner s report P5 Advanced Performance Management June 2013

The Balanced Scorecard

The Business School Strategy: Continuous Improvement by Implementing the Balanced Scorecard

KPIs: Measuring Indirect Material Suppliers and Service Providers

Baldrige Core Values and Concepts Customer-Driven Excellence Visionary Leadership

CIM Level 4 Certificate in Professional Marketing

Hospital Performance Management: From Strategy to Operations

About PROXC Consulting. PROXC Services Domains

Transcription:

Integrating risk indicators into corporate performance management tool Jelena Raid Swedbank Estonia Liivalaia 8, Tallinn, Estonia Abstract Tallinn Technical University Raja 15, Tallinn, Estonia In operational risk, we are interested in indicators that identify and monitor potential operational risk exposure. We must be able to aggregate operational risk indicators and present their causal relationships. Moreover, we need to link them to organization s strategy, objectives and performance indicators by integrating enterprise risk management and enterprise performance management concept. We oppose the statement that operational risk radically differs from other types of risks from profit generation point of view, and argue that managing operational risks means not only minimizing operational risk losses, but maximizing profit given risk appetite. In this paper we investigate and implement Norton and Kaplan s Balanced Scorecard (BSC) methodology for operational risk management. Operational risks and their indicators are incorporated into the BSC structure by linking them to enterprise performance goals and measures. We also briefly discuss how causeand-effect relationships can be modeled by means of Bayesian networks. Remove the artificial separation between enterprise performance management and enterprise risk management Every entity, either profit or non-profit, exists to realize value for its stakeholders. Value is created, preserved, or eroded by management decisions in all activities, from setting strategy for operating the enterprise day-to-day. Decision-making always includes risk-taking. Two management concepts - corporate performance management (CPM) and enterprise risk management (ERM) have been developing quite independently. CPM concept was introduced by Gartner Research in 2001 as "all of the processes, methodologies, metrics and systems needed to measure and manage the performance of an organization."

ERM was defined by the Casualty Actuarial Society in 2003 as the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders. The COSO "Enterprise Risk Management-Integrated Framework" published in 2004 defines as a " process applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." Separating ERM from CPM leads to building separate performance management and risk management processes and implementing separate measurement systems within an enterprise, which in turns means shifting responsibility for risk management from business side to an independent risk management or internal control function. This results in divergence in risk awareness and risk culture throughout the organization because of risk competence concentration; long time-to-market due to lengthy and complicated approval process; lower business flexibility; and bigger losses. To fully integrate the two concepts, one must overcome the barrier of seeing operational risk differently than other types of risks from profit generation point of view, admitting that managing operational risks means not only minimizing operational risk losses, but maximizing profit given risk appetite. Consider the credit agreement process in banking. Skipping the lawyers review step may lead to bigger operational risk losses in case of future legal disputes, but it also results in shorter sales process and therefore higher customer satisfaction, sales volume and income. Taking operational risks, for example, by outsourcing a service to an external partner, the enterprise gets rewarded wither with cost reduction, higher service quality, increased customer base, or other kind of gain. One more barrier to overcome is opposing performance management - a set of activities focused on ensuring that good things occur as planned, to risk management focused on ensuring that bad things do not occur. Enterprise performance in CPM is measured by (key) performance indicators (KPI); in ERM, risks impacting enterprise performance are measured by (key) risk indicators (KRI). KPIs and KRIs are often perceived as opposite measures: one defines success, the other - risk for an objective; one measures how well something is done, while the other - potential adverse event, one focuses on measuring historical activity, the other on emerging risks. However, from enterprise goals point of view, KRI is either just a twist to KPI or one component of it. Employee turnover, often proposed as an operational risk indicator is a performance measure against the goal increase employee retention. Being retail business performance indicator, the number of customers on-line transactions per hour is at the same time a risk measure from IT system capacity point of view. We insist that every business goal must include the probability component of its realization, in other words, a risk component.

Integrate risk view into enterprise performance balanced scorecard In CPM there are a lot of different approaches to measure corporate performance, which can be divided into three groups according to their main focus: goal-based, process-based, and holistic approaches. Goal-based methodologies, such as management by objectives, value based management, result based leadership, focus on results of the activity, not providing the technique of setting goals. The enterprise is modeled as a black box, and employees do not see how their goals connected to the others ones. Process-based methodologies, such as Deming Cycle, activity-based management, view organizations as a white box, breaking down barriers between staff areas and organizational units. In contrast with goalbased methodologies, process-based approaches try to answer both how and what questions. These approaches differ greatly in their appreciation of importance of intangible assets for strategic corporate performance, insisting that advances in competitive position will have their roots in knowledge, emphasizing continuous improvement and education. Another distinction is that process-based approaches attach great importance to organization s top management. They insist on clear definition of top management's permanent commitment to improving quality and productivity, and their obligation to implement CPM principles. However, focusing on internal processes and their management, these approaches are aimed at improving quality and productivity and more of operative nature than strategic one. The approach, which integrates both goal and process side is a balanced scorecard (BSC) framework, introduced by Robert S. Kaplan and David Norton in 1992. BSC takes into account strategic context of the company, communicates corporate goals top down from top management to operational level; sees the enterprise as a white box with its transformation mechanisms that turn inputs into outputs; provides the technique to establish goals by defining the cause-and-effect relationships and assign a balanced set of measures to the goals. The classical balanced scorecard suggests that we view the organization from four perspectives and measure organizational performance in four key areas: stakeholders financial perspective, customers, processes and finally learning and growth (see Robert S. Kaplan, David P. Norton, The Balanced Scorecard: Translating Strategy into Action, Harvard College, 1996 for more information). Applying a system theoretic view of an organization to BSC, we propose to treat learning and growth key area as resources area. Resources include personnel, IT and technology, funding, raw materials, and other kinds of input. This structure enables to incorporate different risk components, such as credit, operational, market, strategic, reputational risk - into enterprise performance metrics linked to business goals. Proposed structure fully corresponds to specific operational risk types (personnel, technology & systems, process, external), assuming that external factors are taken into account and measured in every key area. The implementation process of the BSC is top-down and consists of the following tasks: Develop or confirm mission, vision and strategy;

Identify risk-adjusted goals within 4 perspectives starting from the main goals at the stakeholders financial view and ending at the bottom line resources view; develop cause-and-effect relationships; Develop risk-adjusted performance measures, assign ownership, establish targets for the measures and determine data requirements; Plan initiatives to achieve the goals. With the help of a retail bank s example we shall show how to use BSC approach to analyze goals, measures and their cause-and-effect relations for daily banking operations, setting aside credit and saving for simplification purpose (Figure 1). STAKEHOLDERS Increase long-term profitability Maintain revenue base Increase efficiency cost/income ratio(s), operational losses CUSTOMERS Stimulate customer selfservicing No of customers actively using internet banking, NPS, customer complaints and claims ratio PROCESSES Streamline new service implementation % of services avaiable in internet banking, customer education, price, competitors benchmarks Maintain high quality and security of services service downtimes; no of errors; fraud detection ratio RESOURCES Increase development team productivity no of changes per period, TTM, bugs resolving speed Assure system performance and security systems capacity, fraud monitoring efficiency Figure 1 We shall look in more detail at the goals, namely efficiency, which contributes to the overall goal of increasing bank s long-term profitability. The financial indicator chosen to measure efficiency is cost/income ratio(s), calculated by service, product customer segment or business line, as well as at the

aggregated level. The ratio is an operational risk adjusted efficiency indicator, as its cost component includes operational losses. The bank intends to achieve the efficiency goal through customers active self-servicing in internet banking and their customer trust in quality and security of the bank s services and products. The number of customers actively using internet banking is both a performance and a risk indicator: its growth can cause increase in customer complaints and claims about e-channel specific problems like service downtime, process errors or fraudulent transactions due to stolen credentials. Net Promoter Score (NPS) can also be treated as performance and risk indicator, depending on the direction and speed of its change. Customer complaints and claims are clearly related to operational risk and directly affect the level of operational losses. To stimulate customer self-servicing, the bank should provide a wide range of services and products via internet banking at a relatively low price compared to the channels with manned services and competitors. On the other hand, the service quality and security must be maintained at a high level, minimizing service downtimes, errors and external fraud risk. The bank must educate its customers concerning the use of internet banking services. Problems can occur when a customer, after successful authorization and completion of a transaction, discovers her mistake and requires transaction cancellation, which can result in operational loss for the bank. On the personnel and systems level the goals described above require high productivity of development team, efficient fraud monitoring and a certain level of systems capacity. Takehiko Nagumo and Barnaby Donlon in their Integrating BSC and COSO ERM Frameworks stress the need for integrated view of risk and enterprise management. They however argue that the shortcoming of integrating KRIs into BSC is that risk management is then limited to the high-level objectives and measures selected on the scorecard. This shortcoming can be overcome by cascading high level enterprise wide scorecard into individual units ones. For example, the goal Assure system performance and security in IT and security unit s BSC will be treated as a goal in the (internal) customer area, which will be linked to the corresponding goals within IT and security unit s processes and, further, resources area. It is of utmost importance to take into account external environment components within processes and resources key areas. For example, some services may be outsourced by IT unit to an external partner under Service Level Agreements (SLA), where the goals and measures based on business requirements must be agreed with the outsourcing partner.

Integrate risk view into enterprise performance balanced scorecard Being a presentation tool for key indicators with their causal relationships, BSC does not provide methods of quantitative modeling and testing of causal dependencies. To enhance BSC usability we propose to use Bayesian Network approach, also known as belief networks. These graphical structures are used to represent knowledge about an uncertain domain. Bayesian maps are used in supplying the missing information and details as well as bringing the priorities and importance of the effective factors. It also supports simulation, scenario analysis and stress-testing (see e.g. Ben-Gal I., Bayesian Networks, in Ruggeri F., Faltin F. & Kenett R., Encyclopedia of Statistics in Quality & Reliability, Wiley & Sons, 2007 for more detailed description of the concept). In Figure 2 we depict the Bayesian map for some certain goals and measures contributing to operational loss component of the cost/income ratio. Cause-and-effect relationships and prior probabilities are established based on risk and control self assessment (RCSA) results and limited history data. According to the methodology, after new data is obtained, the structure is updated by calculating the posterior probabilities (see e.g. Wai Lam and Fahiem Bacchus, Using New Data to Refine a Bayesian Network for more information). For example, the prior probability of the increase in outsourcing partner s incidents due to the increase in internet banking service downtimes is estimated to be 0.5 (the probability that the increase is not due to service downtimes is 0.5, correspondingly) and the probability that the increase in downtimes is caused by exceeding system capacity is 0.3 (probability of not causing is 0.7, correspondingly). Conditional probability of the increase in service downtimes in case of both increasing system load and partner s problems is 0.9; in case of exceeding system capacity given that the outsources service is up and running is 0.2; in case of partner s problems given that there is no system overload is 0.8; in case of no problems with partner s service neither with system load is 0.01. The same logic is applied further to the whole map to calculate conditional probabilities for all measures. After the new data is obtained about any measure, for example, increasing number of fraudulent transactions, all probabilities are re-calculated and impact on overall goal can be estimated.

Internet banking operational losses Customer claims Customer mistakes Fraudulent transactions Service errors Downtimes System capacity Outsourcing partner s incidents Figure 2 Bayesian networks approach has a number of weaknesses like high complexity, difficulties with keeping the model up-to-date, difficulties with communicating the model and results to different organization levels. However, its valuable strengths like convenient representation of causal and probabilistic semantics, combination of prior knowledge and observed data, back-testing and stress-testing possibilities, compliance with BSC methodology, provide motivation for further studies and application of the methods in enterprise performance and risk management. Acknowledgments We would like to thank E. Õunapuu for provided literature. References 1. Ben-Gal I., Bayesian Networks, in Ruggeri F., Faltin F. & Kenett R., Encyclopedia of Statistics in Quality & Reliability, Wiley & Sons, 2007. 2. Robert S. Kaplan, David P. Norton, The Balanced Scorecard: Translating Strategy into Action, Harvard College, 1996. 3. Takehiko Nagumo, Barnaby Donlon, Integrating BSC and COSO ERM Frameworks, Ascendant Strategy Management Group, 2009. 4. Wai Lam and Fahiem Bacchus, Using New Data to Refine a Bayesian Network, University of Waterloo.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information