In the study measuring effects of enterprise risk management (ERM) maturity—as defined by the RIMS Risk Maturity Model (RMM) assessment—no attribute had a more meaningful impact on bottom line corporate value than Performance Management. The correlation is not an accident. While many organizations say they have an effective handle on risk, their ability to execute the policies and procedures they’ve put into place are severely lacking.
The sixth RMM attribute of ERM Maturity, Performance Management, measures the ability for an organization to execute vision and strategy through the effective use of a balanced scorecard.
The root of the balanced scorecard concept lies in the desire to turn complex but passive strategic plans into marching orders and commitment that can be executed on a daily basis. The methods of accomplishing this result are familiar to risk managers: developing standardized criteria, prioritizing activities, and monitoring results.
To execute the Balanced Scorecard concept, corporations typically have a whole host of measures for monitoring control activity effectiveness, but what is consistently lacking is a means to measure the effectiveness of how the control activity is addressing performance goals. Risk bridges this gap.
The Role of Risk
Every business faces the challenge of cutting costs and making changes. After all, all activities are critically important to someone. So how do you assure that the greater good of the organization gets prioritized?
Linking risk to performance for a risk adjusted decision addresses this challenge.
Examples of performance management in the absence of a risk-based Balanced Scorecard are widespread. BP knew back in 2002 that a lack of pipeline maintenance could result in “catastrophe,” but management instead prioritized the short term operational budget in the interests of cutting maintenance costs. More recently, the U.S. government has dealt with criminal investigations into the Veterans Health Administration’s inability to deliver care to U.S. veterans, due to “significant and chronic system failures.” In the case of the VA scandal, monitoring metrics were improperly controlled and focused on the wrong measures of success. The result was falsified reports created in the interest of demonstrating compliance with policy, rather than execution of strategy.
A Seat at the Table
Involving risk in strategic decision making is the essence of performance management. In every failure we’ve documented, the risks were known, but rarely given a seat at the table. Organizations with mature enterprise risk management (ERM) programs have empowered their risk managers to take action and use ERM tools to support and provide transparency to the organization’s strategic plan.
To learn how Enterprise Risk Management adds transparency and discipline to an organizations strategic planning and performance management process, watch our webinar, “What is Strategic ERM.”