Home > Risk > Integrating strategy, risk, and performance

Integrating strategy, risk, and performance

While many (including me) talk about the need to integrate the setting and execution of strategy, the management of risk, decision-making, and performance monitoring, reporting, and management, there isn’t a great deal of useful guidance on how to do it well.

A recent article in CGMA Magazine, 8 best practices for aligning strategy, planning, and risk, describes a methodology used by Mass Mutual they call the “Pinwheel”.

There are a number of points in the article that I like:

  • “Success in business is influenced by many factors: effective strategy and execution; deep understanding of the business environment, including its risks; the ability to innovate and adapt; and the ability to align strategy throughout the organisation.”
  • “….the CEO gathers senior corporate and business unit leaders off-site three times a year. As well as fostering transparency, teamwork, and alignment, this ensures that the resulting information reaches the board of directors in time for its meetings…..The result: The leadership team is more engaged in what the company’s businesses are doing, not just divisional priorities. This makes them more collaborative and informed leaders. This helps foster a more unified brand and culture across the organisation.”
  • “A sound understanding of global business conditions and trends is fundamental to effective governance and planning.”
    • Comment: understanding the external context is critical if optimal objectives and strategies are to be set, with an adequate understanding of the risks inherent in each strategy and the relative merits of every option.
  • “Strategy and planning is a dynamic process, and disruptive innovation is essential for cultural change and strategic agility. Management and the board must continually consider new initiatives that may contribute to achieving the organisation’s long-term vision and aspirations.”
  • Key risk indicators are established for strategies, plans, projects, and so on.
  • “Evaluation and monitoring to manage risks and the overall impact on the organisation is an ongoing process…..monitoring is a continuous, multi-layered process. In addition to quarterly monitoring of progress against the three-year operating plan and one-year budget, the company has initiated bottom-up “huddle boards” that provide critical information across all levels of the organisation.
  • “Effective governance requires a tailored information strategy for the executive leadership team and the board of directors…. This should include:
  • Essential information needed to monitor and evaluate strategic execution of the organisation.
  • Risks to the achievement of long-term objectives.
  • Risks related to conforming to compliance and reporting requirements.”
  • “….integrating the ERM, FP&A, and budget functions can help to manage risks effectively and to allocate limited capital more quickly and efficiently.”

I am not familiar with the company and its methodology, but based on the limited information in the article, I think there are some areas for improvement:

  1. Rather than selecting strategies and objectives and only then considering risk, the consideration of risk should be a critical element in the strategy-selection process.
  2. The article talks about providing performance and risk information separately to the corporate development and risk functions. Surely, this should be integrated and used primarily by operating management to adjust course as needed.
  3. I am always nervous when the CFO and his team set the budget and there is no mention of how operating management participates in the process. However, it is interesting that the risk function at Mass Mutual is involved.

What do you think? I welcome your comments.

  1. July 4, 2015 at 5:59 AM

    Norman, I value your posts highly and read them with interest, mostly finding myself in agreement with what you write. This time I don’t agree, but value the observations and comments of your post no less!

    I’m not familiar with this company either, although my impression from the brief overview provided in the CGMA article is that here is a company whose management has gone all out to achieve excellence in as many areas as it can, even to the extent of creating its own internal control framework. The process seems logical and certainly integrated, but above all appears to be driven with a desire to make it work.

    When it comes to areas for improvement of the framework, my guess is that the organization itself is more in favor of implementing them than anyone. In such a context, weak spots in processes have a good chance of being overcome in the course of the interactions and that will ultimately lead to corrections in the procedures.

    Specifically regarding your point about considering risk only after selecting strategies and objectives, I don’t think the writer of the article is inferring that these are set decisively before risk is even considered. And to be fair, it’s difficult to consider risk before one has chosen an initial preferred path of action.

    I think a similar answer applies also to your second point about supplying the corporate development and risk functions separately with risk information. This, the writer says, is done before the off-site gatherings, the purpose of which is to further integration, and doesn’t say anywhere that the SCD and ERM functions don’t communicate with each other!

    Could it be that you are judging MassMutual’s Pinwheel framework just a little harshly?

    • Norman Marks
      July 4, 2015 at 6:26 AM

      You may be right.

      With respect to assessing risk before selecting a strategy, I think it is not only possible but essential – if not in great detail then at least enough to identify the major uncertainties relating to the strategy being successful. Only then can alternative strategies be compared.

      • R Prasad
        September 11, 2015 at 8:15 PM

        Agree. Assessing key risks in the organisation and then developing a register to address it and reviewing every 6 months or so is an essential component more so now then b4.

        • Norman Marks
          September 12, 2015 at 6:35 AM

          Sorry, but risks and their level change all the time. The consideration of risk should be part of daily decision-making and not a semi-annual activity.

  2. July 4, 2015 at 5:32 PM

    Reblogged this on Quality and Risk Matters.

  3. July 8, 2015 at 7:13 AM

    Very interesting find. I do think I’m agreeing with your points on the article – though it would be a different story if we were both more familiar with the company and the situation. Perhaps there’s a reason they’re doing this in the way they are! Thanks for sharing your insight here.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: