Governance, Culture and Incentives Providing some practical tools to answer three key questions and

create alignment

Fundamentals of Operational Risk February 2013

Page 2 | © Manigent 2013

Introductions & expectations

Page 3 | © Manigent 2013

Introduction

15 years plus in Strategy & Risk Management

CEO & co-founder of Manigent (consultancy)

CEO & co-founder of StratexSystems (software)

2006/07: 12 month / 21 organisation research project into the

integration of performance & risk management in the Financial

Services industry

Created the Risk-Based Performance Management

methodology

"The true output of effective risk management is a

successful organisation that delivers on its strategic

objectives and satisfies the needs of key stakeholders

- consistently, year on year.” Manigent client

Page 4 | © Manigent 2013

Agenda

Where I am coming from

What do we mean?

Why is it important?

Role of Strategy & Risk

Appetite

Cascading Strategy & Risk

Appetite

Incentives

Governance

Incentives Culture

Where I am coming from

Page 6 | © Manigent 2013

Risk-Based Performance Management is designed to enable

sustainable strategy execution, with risk appetite central

Performance Management

Risk Management

Strategy Management

Appetite

What are we trying to achieve?

Are we on track?

What is our Risk Appetite?

Are we operating within appetite?

Governance & Communications

Culture

Page 7 | © Manigent 2013

The Risk-Based Performance Management methodology is based

on seven management disciplines

Business drivers Shareholder value Strategy

Align Risk-taking to Strategy

Manage Risk

Manage Performance

Appetite

Governance Communication

Culture

Appetite

Page 8 | © Manigent 2013

The Risk-Based Performance Management approach is enabled

via a process that goes from formulation to execution

Define Strategic

Goals

Define Strengths & Weaknesses

Define Business Drivers

Define the Strategy

Define Processes

Define Initiatives

Define Operational

Risks

Define Operational

Controls

Define Indicators

Assess Risks & Controls

Monitor Appetite

Alignment

Define Strategic

Risks

Define Strategic Controls

Define the Business Model

Define Risk Appetite

Align Risk Appetite &

Strategy

Define Strategic

Objectives

Board Executive

Formulation Execution

Definitions

Page 10 | © Manigent 2013

What is Corporate Governance?

Corporate governance is the system by which companies are directed and

controlled - Cadbury Report / UK Corporate Governance Code,

1992

The board is responsible for determining the nature and extent of the

significant risks it is willing to take in achieving its strategic objectives - UK

Corporate Governance Code, 2012

Governance

Incentives Culture

Corporate governance is therefore about what the board of a company does and how it sets the values of the company, and is to be distinguished from the day to day operational management of the company by full-time executives. The Code, 2012

Governance is the process and practices which define the strategic, operating and decision-making boundaries of an organisation (or organisational unit), and how decisions are made and implemented. Andrew Smart

Page 11 | © Manigent 2013

Other types of Governance

Project Governance – the management framework within which project

decisions are made.

IT Governance - the leadership and organisational structures and

processes that ensure that the organisation’s IT sustains and extends the

organisation’s strategies and objectives. – The IT Institute

Data Governance - is the exercise of decision-making and authority for

data-related matters. Or for a longer definition, Data Governance is a

system of decision rights and accountabilities for information-related

processes, executed according to agreed-upon models which describe who

can take what actions with what information, and when, under what

circumstances, using what methods. – The Data Governance Institute

Governance

Incentives Culture

Page 12 | © Manigent 2013

The 3 Lines of defence model is a popular governance

model within Financial Services and other industries

Enab

ling

the

righ

t cu

ltu

re

1st Line of Defence

2nd Line of Defence

3rd Line of Defence

Oversight

Operational functions

Risk Management &

Compliance

Internal Audit

Board & Executive

Accountable for the risk management process Identifies, manage, mitigates and reports on operational risks

Risk Management; design, interpret and develop overall risk management framework. Train, enable and monitor use of the risk management. Overview of key risks Compliance: Monitor and report on regulatory issues.

Independent testing and verification of efficacy of corporate standard and business line compliance Provides assurance that the risk management process is functioning as designed

Establishes corporate strategy and risk appetite Approves frameworks, methodologies, policies and roles & responsibilities

Mo

nit

or

Stra

tegy

& R

isk

Alig

nm

ent

Risk M

anagem

en

t framew

ork

Governance

Incentives Culture

Page 13 | © Manigent 2013

The RACI model is also a powerful tool for cascading

and embedding governance and shaping culture

“The buck stops here”

Those with Yes/No authority related to the objective, risk or

control.

“Keep in the loop”

Those involved prior to decisions or action related to the objective, risk or control.

“The doers”

Those people working on delivering the objective, managing the risk or applying the control.

“Keep in the picture”

Position(s) that need to know about decision or action related to the objective, risk or control.

P

Governance

Incentives Culture

Page 14 | © Manigent 2013

What is Culture?

The thing I have learned at IBM is that culture is everything – Louis V. Gerstner, Jr. former CEO IBM

Culture Eats Strategy For Breakfast - Peter Drucker

Culture comprises an organisation’s widely shared values, symbols, behaviours and

assumptions – Rob Goffee & Gareth Jones

The way we get things done around here

Governance

Incentives Culture

Page 15 | © Manigent 2013

The seven key characteristics of a

Strategy-Focused, Risk-Aware Culture

1. Driven by a compelling vision

2. Live by a clear set of values

3. Led with integrity

4. Align risk-taking to strategy

7. Incentives are aligned to appetite

6. Engage in high quality conversations

5. Established clear accountabilities

Governance

Incentives Culture

Page 16 | © Manigent 2013

The right culture should ensure…

The right people…

Are doing the right things…

At the right time…

With the right amount of challenge…

To seize opportunities and manage threats…

While operating within appetite

Governance

Incentives Culture

“The way we get things done around here”

Page 17 | © Manigent 2013

What do we mean Incentives?

Governance

Incentives Culture

x%

x%

x%

Base Salary

Cash Bonus

Deferred Bonus

Why is this so important, today

Page 19 | © Manigent 2013

The credit crunch and subsequent fall-out has brought

a focus to governance and incentives

Page 20 | © Manigent 2013

The issue of incentives and particularly bankers bonus is a live one

today but we argue the issue is really down to Governance and

Culture

Page 21 | © Manigent 2013

This is not a new issue… the principal-agent problem

(Agency Dilemma)

“the difficulties that arise under when a principal hires an

agent, such as the problem that the two may not have the

same interests”

Emerged as an issue in the 19th century as the world moved

away from craft-based industries to industrialised

manufacturing, leading to an increasing separation of

ownership and control.

Page 22 | © Manigent 2013

A mis-alignment in time horizons between the Chairman

and the CEO is an increasing problem

“The chairman of my company has effectively been given a decade,” says

the CEO of a steelmaker in Asia, “and I have three years—tops—to make

my mark. If I come up with a strategy that looks beyond the current cycle,

I can never deliver the results expected from me. Yet I am supposed to

work with him to create long-term shareholder value.

Source: McKinsey Quarterly: Tapping the strategic potential of boards

Page 23 | © Manigent 2013

Solving the Agency Dilemma

Shareholder/ Owners

CEO & Executive

Board

Staff Staff

Agency Dilemma must be solved at these two points;

but it starts with strong governance and a focus on developing the right culture

Page 24 | © Manigent 2013

Governance is still an issue for many organisations

“the Board is responsible for determining the nature and extent

of the significant risks it is willing to take in achieving its strategic

goals.” UK Corporate Governance Code, 2010

21%

“only 21% align their risks with their business strategy”

– Grant Thornton Corporate Governance Review 2011

Where the Board need to spend more time…

70% Strategy

42% Execution

47%

Performance Management

67% Risk Management 21%

“Only 21% of directors surveyed claim a complete understanding of their companies’ current strategy”

– Mckinsey Global Survey – Corporate Governance, 2011

“results indicate a need to better educate Boards on industry dynamics and how their companies create value...”

Approx. 1500 participants

Page 25 | © Manigent 2013

Governance is still an issue for many organisations

“44%of directors said their boards simply reviewed and approved

management’s proposed strategies”

“only 10% of the directors we surveyed felt that they fully understood

the industry dynamics in which their companies operated”

Source: McKinsey Quarterly: Tapping the strategic potential of boards

Page 26 | © Manigent 2013

Getting the culture right is also critical

We place considerable emphasis on the CEO setting the right culture, risk

appetite and control framework…. Hector Sants, FSA

How can we address these

Governance and Culture

challenges?

Page 28 | © Manigent 2013

We would argue that Tone from the top is best via an integrated

approach to strategy and risk management, particularly risk appetite

Vision

Mission

Values

Shareholder value

Risk Appetite

Processes

Key Controls

Tone from the Top

What we do on a day-to-day basis

What we think on a day-to-day basis

Strategy

Controls Risks indicators

Shared values Behaviours

Incentives Leadership

Symbols

Page 29 | © Manigent 2013

We believe this process enables boards (and the executive) to

address governance issues identified

Define Strategic

Goals

Define Strengths & Weaknesses

Define Business Drivers

Define the Strategy

Define the Business Model

Define Risk Appetite

Align Risk Appetite &

Strategy

Define Strategic

Objectives

Board

Formulation

“only 10% of the directors we surveyed felt that they fully understood the industry dynamics in which their companies operated”

Page 30 | © Manigent 2013

We believe there are three key questions that the board and

executive must be able to answer, and be aligned on

What are we trying to achieve?

1

How much risk are we willing to take?

2

What are our key risks?

3

Strategy Map Appetite Alignment Matrix Risk Map

Page 31 | © Manigent 2013

The Strategy Map is a leading tool to enhance the

communication, execution and monitoring of strategy

Distil the Strategy into a clear, well-

defined set of Objectives

Use a Strategy Map to map the cause

‘n’ effect relationships between

Objectives

Strategy Map enables easy

communications and monitoring of

strategy

Use the Strategy Map to ‘bubble

up’ performance, risk and controls

information

What are we trying to achieve?

1

Strategy Map

Page 32 | © Manigent 2013

The Strategy Map is a leading tool to enhance the

communication, execution and monitoring of strategy

Page 33 | © Manigent 2013

The Strategy Map is a leading tool to enhance the

communication, execution and monitoring of strategy

Improve Shareholder Value

Productivity Strategy Revenue Growth Strategy

Improve Cost Structure

Increase Asset Utilisation

Enhance Customer Value

Create Value from New Products & Services

Human, Information, and Organisational Capital

Shareholder Value ROCE

Cost per Unit Asset Turnover Customer Profitability New Revenue Sources

Price

Product/Service Attributes

Strategic Competencies

Strategic Technologies

Climate for Action

Operations Theme

Customer Value Proposition

Quality

Low Total Cost

Customer Solutions

Product Leader

Customer Satisfaction Customer Acquisition Customer Retention

Time Function Service Relations Brand

Relationship Image

• Market and Account Share

Customer

Management Theme

Innovation Theme

Regulatory and Society Theme

To satisfy our shareholders and customers, what

business processes must we excel at?

To achieve our vision, how should we appear to our

customers?

To achieve our vision, how will we sustain our ability

to change and improve?

To succeed financially, how

should we appear to our

shareholders?

Page 34 | © Manigent 2013

The Strategy Map articulates how

an organisation creates value Fi

nan

cial

C

ust

om

er

Inte

rnal

Pro

cess

Le

arn

ing

&

Gro

wth

Increase Investment Returns by 25%

Sustainable Growth

Increase Retention of competent staff by

10%

Increase Shareholder value

Objective KPIs Initiatives Targets

Increase Investment

Returns by 25%

YTD % Increase in investment

returns 25%

Implement new portfolio mgt system

Objective Statement of what

strategy must achieve and what’s

critical to its success

KPIs How success in achieving the

strategy will be measured and

tracked

Targets The level of

performance or rate of

improvement needed

Initiatives Key action programs

required to achieve Priorities

Page 35 | © Manigent 2013

However, to create value, risk-taking

must be aligned to strategy… Fi

nan

cial

C

ust

om

er

Inte

rnal

Pro

cess

Le

arn

ing

&

Gro

wth

Increase Investment Returns by 25%

Sustainable Growth

Increase Retention of competent staff by

10%

Increase Shareholder value

Objective Appetite Alignment Exposure

Increase Investment

Returns by 25%

Objective Statement of what

strategy must achieve and what’s

critical to its success

Appetite How much risk

are we willing to run to achieve the

objective?

Exposure How much risk

are we currently running?

Alignment Is our current

risk-taking aligned to appetite?

Moderate High Over-exposed

Page 36 | © Manigent 2013

Effective risk management also supports

value creation and protection... Fi

nan

cial

C

ust

om

er

Inte

rnal

Pro

cess

Le

arn

ing

&

Gro

wth

Increase Investment Returns by 25%

Sustainable Growth

Increase Retention of competent staff by

10%

Increase Shareholder value

Objective Risks Mitigation Thresholds

Increase Investment

Returns by 25%

Unexpected changes in interest rates

Unexpected Equity movements

Appetite Tolerances

Controls Initiatives Policy &

procedures Processes

Objective Statement of what

strategy must achieve and what’s

critical to its success

Risks The threats and

opportunities (risks) exist which may

impact achievement of objectives

Thresholds The appetite and

tolerance thresholds used to monitor risk

Mitigation The activities undertaken to manage risk

Page 37 | © Manigent 2013

Many different types of risks make

up the organisational risk universe Fi

nan

cial

C

ust

om

er

Inte

rnal

Pro

cess

Le

arn

ing

&

Gro

wth

Increase Investment Returns by 25%

Sustainable Growth

Increase Retention of competent staff by

10%

Increase Shareholder value

Increase Investment Returns by 25%

Strategic Risk

Operational Risk

Insurance Risk

Finance Risk

Hazard Risk

Page 38 | © Manigent 2013

Many different types of risks make

up the organisational risk universe Fi

nan

cial

C

ust

om

er

Inte

rnal

Pro

cess

Le

arn

ing

&

Gro

wth

Increase Investment Returns by 25%

Sustainable Growth

Increase Retention of competent staff by

10%

Increase Shareholder value

Increase Investment Returns by 25%

Strategic Risk

Operational Risk

Insurance Risk

Finance Risk

Hazard Risk

Unexpected changes in interest

rates

Unexpected Equity movements

Page 39 | © Manigent 2013

Once Strategy is clearly defined, the Board and Executive should

develop a clear understanding of organisational risk appetite

Risk Appetite is set by the board and

defines the boundaries within which

the Executive execute strategy

Use the key business drivers to define

the risk appetite statement

Use the Appetite Alignment

Matrix to continuously monitor

alignment between strategy and

risks

How much risk are we willing to take?

2

Appetite Alignment Matrix

Page 40 | © Manigent 2013

Using drivers to frame appetite setting enables the Board to

set clear operating boundaries

Business Drivers Low Moderate High Extreme

Capacity Limit

Income X% Capital

@Risk X% Capital

@Risk X% Capital

@Risk X% Capital

@Risk

Capital Up to X £M

X £M to Y £M

X £M to Y £M

X £M to Y £M

Above X £M

Reputation Up to X vol.

Bad coverage

Up to X vol. Bad

coverage

Up to X vol. Bad

coverage

Up to X vol. Bad

coverage

Page 41 | © Manigent 2013

Using drivers to frame appetite setting enables the Board to

set clear operating boundaries

Business Drivers Low Moderate High Extreme

Capacity Limit

Income X% Capital

@Risk X% Capital

@Risk X% Capital

@Risk X% Capital

@Risk

Capital Up to X £M

X £M to Y £M

X £M to Y £M

X £M to Y £M

Above X £M

Reputation Up to X vol.

Bad coverage

Up to X vol. Bad

coverage

Up to X vol. Bad

coverage

Up to X vol. Bad

coverage

Page 42 | © Manigent 2013

Appetite Alignment Matrix is a key tool for monitoring the

alignment of Risk-taking to Strategy

Enabling monitoring of the alignment of risk-taking to strategy

Enables the monitoring of risks that are outside of appetite

Also shows where we are taking to much and not enough risk

Changes the risk conversation

Are we operating with in Appetite?

Page 43 | © Manigent 2013

Critical to the successful and sustainable execution of strategy is

the identification and management of key risks.

An event which may occur that will

impact on the achievement of

objectives, either positively

(opportunities) or negatively (threats).

What are the key threats and

opportunities in our industry?

Go beyond the ‘usual suspects’ by

using strategy as your starting

point

What are our key risks?

3

Strategy Map

Page 44 | © Manigent 2013

The Risk Map provides a snapshot of the current level of

Risk Exposure (‘Heat’)

The 4 perspectives

are aligned to the

Strategy Map

Often the risks are

defined as ‘impacts’

not ‘events’ i.e the

impact maybe on the

customer the be event

was operational

Page 45 | © Manigent 2013

The results from the risk assessment process is presented

using the same ‘risk buckets’ as risk appetite

Capital @Risk

Reputation @Risk

Impact x Likelihood (over a time horizon)

Appetite sets the boundaries for the business within which they execute strategy and create value. Therefore the Appetite Alignment Matrix provides a method of visually monitoring and managing our risk taking according to the strategy, identifying where too much or not enough risk is being taken.

Page 46 | © Manigent 2013

These powerful tools, and the underlying methodology provide the

Board with the capability to meet their governance obligations and

shape culture

Strategy Map Risk Map

Appetite Alignment Matrix

What are we trying to achieve?

How much risk are we running?

Risk Appetite

How much risk are we willing to

take?

So What?

Page 47 | © Manigent 2013

We believe that the Appetite Alignment Matrix can be used

as one of the tools underpinning incentive schemes?

Use a ‘basket of indicators’

KPIs to drive the desired performance.

Indicators to reinforce ‘Operating within Appetite’

KRIs (which express Risk Tolerance) to influence risk-taking

Are we operating with in Appetite?

Page 48 | © Manigent 2013

Teams/ Individuals

Business Units

Corporate

Risk appetite (and Strategy) is cascaded through the business via

Risk Tolerance indicators and potentially to incentives schemes

Board

Ap

pet

ite

Tole

ran

ce

Ince

nti

ves

Risk Appetite enables the board to set the Risk-taking boundaries within which the executive execute strategy. This should be cascaded via Risk Tolerance thresholds and reflected in incentive schemes. Therefore creating a ‘Line-of-Sight’ from Appetite to Incentives.

Page 49 | © Manigent 2013

Teams/ Individuals

Business Units

Corporate

An integrated ‘suite’ of strategic and operational management

information should be generated to increase transparency

around risk-taking and incentive schemes

Board

Ap

pet

ite

Tole

ran

ce

Ince

nti

ves

Page 50 | © Manigent 2013

When thinking about Governance and Incentives, we need to

consider culture and how to create alignment using an integrated

approach

Governance

Incentives Culture

Page 51 | © Manigent 2013

Questions / Comments

Page 52 | © Manigent 2013

Contact details

Andrew Smart

Chief Executive Officer

Manigent

Email: andrew.smart@manigent.com

Blog: www.riskbasedperformance.com

Web: www.manigent.com

LinkedIn: http://uk.linkedin.com/in/ajsmart