Risk-Based Performance Management puts risk and specifically risk appetite, at the heart of strategy execution
Like, I am sure, many reading or reviewing this book, I’ve been in risk management for a number of years. I am continuously disappointed that many board level conversations I have on risk are the same now as they were years ago. Risk is still viewed as a sunk cost, a distraction to making money, and what I call the “it won’t happen to me” syndrome, called the “psychology of denial” in the book, is ever prevalent. Getting Boards to take risk seriously and more importantly getting investment for risk management has always been a tough sell. Conversely, I’ve also worked as a strategy advisor, in risk driven markets. Conversations with Boards about Strategy are the polar opposite to risk conversations – Board’s like it, see the value in it, and therefore invest in it. Risk rarely enters into the conversation, at least willingly.
Risk-Based Performance Management: Integrating Strategy and Risk Management introduces a new model for, as the title suggests, placing “risk, and specifically risk appetite, at the heart of strategy execution.” This integration of risk into strategic management through the common media of risk appetite, demonstrates that risk management a core element of successful performance.
As such, I can see, finally, that here is model that can provide risk practitioners with the ammunition they need to show the value of risk management and make a decent return on investment case for the Board; and strategy managers with the framework they need to ensure they are more cognizant of the risks they have, how much risk is required or acceptable to have in place, and importantly more adaptable to shifts in the strategic landscape so as they can prosecute their strategy successfully.
The Risk-Based Performance Management framework, which, as the authors are keen to point out, is a “strategic management methodology, not a risk framework”, has the potential to bring risk management out of the depths of despair and put it front and centre on the Board agenda. Through RBPM, risk can finally be viewed as a positive business discipline …. That by setting a robust strategy and risk appetite and by investing more than the tiniest amount possible, which in my experience is the norm to comply with regulations and satisfy the bare minimum of stakeholder expectations, you can achieve a good risk management posture, align your risk portfolio to your risk appetite, so that you can actually improve a business’s strategic and operational performance.
Chapter 1 beautifully illustrates the point that, as the book states, “ a paradigm shift” is required by many companies to “integrate performance and risk management through the lens of risk appetite” in order to “drive sustainable strategic and operational execution”. It takes a canter through the changing business landscape in light of external drivers making quite stark points that we are in a networked age of uncertainty where those who understand and manage their risks will succeed in the accomplishment of their strategic goals. How right this is. The book then introduces and discusses the 7 disciplines of the RBPM framework and how its implementation can achieve this paradigm shift and the associated benefits. The change roadmap in the concluding chapter takes the RBPM framework out of the theoretical into the practical space, showing that not only is this a model grounded in sound business theory and logic, but that it can be, and has already, been implemented by businesses so that they can successfully implement their strategic in uncertain times.
I’ve always like the logic that risk is synonymous with opportunity: we cannot pursue, and take advantage of, opportunities without taking on an element of risk. We need to take opportunities to stay competitive, and develop further competitive advantage. Ergo we need to accept that there is risk, understand what it is, and manage it effectively along the road we take to leverage the opportunities. RBPM is a framework that will ensure we walk the road, safely avoiding obstacles, to reach our goals, whilst knowing when we need to change route to stay ahead of the other traffic.
Colin Lobley
Information Risk Management Consultant, United Kingdom