Pulling together into a single framework the two separate disciplines of strategy management and risk management, and how it is possible to integrate it with Balanced Scorecard. This presentation provides a practical guide for organizations to shape and execute sustainable strategies with full understanding of how much risk they are willing to accept in pursuit of strategic goals. Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.

1. Integrating Risk Into Your Balanced
Scorecard
Prepared for:
StratexSystems Webinar Series
27 September 2012 4 October 2012

2. Page  2
Content
 Recapping on the Balanced Scorecard
 Recapping on Risk Management
 Integrating Risk into your Balanced Scorecard
 Use of Business Drivers to define levels of Appetite & Exposure
 Use of Risk taxonomy to identify Risks per Objective

3. Page  3
The Balanced Scorecard was introduced in 1992
“What you measure is what you get”
Raison d'être for Balanced Scorecard was to provide a
‘balanced’ set of performance measurements.

4. Page  4
The Balanced Scorecard was followed by the
Strategy Map in 2000
Strategy Map is a powerful tool for
visualising Strategy, showing the cause &
effect relationships and tensions within
the strategy.

5. Page  5
Over the last 20 years, the Balanced Scorecard
has continued to evolve…
Raison d'être for Balanced
Scorecard was to provide a
‘balanced’ set of performance
measurements.
“What you measure is what you
get”
- Kaplan & Norton, 1992
Performance Measurement
With adoption, the Balanced
Scorecard evolved to become more
focused on strategy.
Introduced the 5 principles
1. Translate the Strategy into operational
terms
2. Mobilise change through executive
leadership
3. Make Strategy a continual process
4. Make Strategy everyone’s everyday job
5. Align the organisation to the Strategy
Performance Management
The Balanced Scorecard is now
positioned as a framework for
enhancing strategic execution.
A closed loop system of strategic
execution
1. Develop the Strategy
2. Plan the Strategy
3. Align the organisation
4. Plan operations
5. Monitor and Learn
6. Test and Adapt the Strategy
Strategy Execution

6. Page  6
The credit crunch and subsequent fall-out is
rewriting the rules on strategy execution (and risk
management)

7. Page  7
Kaplan & Norton on Risk and the Balanced
Scorecard
HBR June 2012
 Three categories of
Risk
 Preventable Risks
 Strategy Risks
 External Risks
Managing Risk is very
different from managing
Strategy

8. Page  8
Kaplan & Norton on Risk and the Balanced
Scorecard
- What we think…
 The 3 categories are
just a relatively simple
risk taxonomy
 Managing Risk is not
different to, but a
fundamental part of,
managing strategy
From the father of BSC,
no direction on how to
integrate Risk in the BSC.

9. Page  9
So what do we mean when we say “Risk”?
The possibility that an event will occur
and adversely affect the achievement
of objectives. COSO Integrated Risk
Management Framework
the effect of uncertainty on objectives,
whether positive or negative.
ISO31000
The uncertainty of future events that
will impact on the achievement of
objectives, either positively
(opportunities) or negatively (threats).
Andrew Smart
The uncertainty of future events,
incorporating both lost opportunities
as well as threats materialising,
which will impact our ability to
achieve business objectives.
Client
No organisation can create value
without taking risk.
“ You have to speculate to
accumulate”

10. Page  10
What is Risk Management
As much about exploiting opportunities as
preventing potential problems.
Risk Management is an essential part of good management
“coordinated activities to direct and control and organization with regard to risk”
risk management framework; “set of components that provide the foundations and
organizational arrangements for designing, implementing, monitoring, reviewing and
continually improving risk management processes throughout the organization”
risk management process; “systematic application of management policies,
procedures and practices to the tasks of communication, consultation, establishing the
context, identifying, analysing, evaluating, treating, monitoring and reviewing risk”
ISO31000

11. Page  11
There are two major risk management standards
which have influenced our thinking…
COSO
1994 & 2004
ISO31000
2009

12. Page  12
Over the last 20 or so years Strategy & Risk
Management frameworks have evolved largely in
isolation
Balanced
Scorecard
1992
ISO31000
2009

13. Page  13
So to the question…. How to integrate Risk into
the Balanced Scorecard?
1. Use Business Drivers to define levels of risk appetite
and risk-taking
 Links risk management in the strategic process
 Shapes the conversation about risk
 Enables the monitoring of the alignment of risk-taking to
strategy
 Enables us to answer the question: Are we operating within
Appetite?
2. Use your Risk taxonomy to enable the Risk
Identification process per objective

14. Page  14
Risk Appetite has a central role to play in the integration of
strategy and risk management
 The COSO definition provides „What, Who, When and
Why‟ of risk appetite
 What: the amount and type of risk
 Who: an organisational entity
 When: over a defined time horizon
 Why: to achieve the objectives of the entity
Risk appetite is the amount and type of
risk that is acceptable to be taken by an
organisational entity over a defined time
period, to achieve the objectives of that
entity – COSO Enterprise Risk Management
Risk appetite sets the boundaries
within which strategy is executed
– StratexSystems

15. Page  15
Risk Appetite should be
integrated into your
organisational strategic
framework
Business Goals
Business Model
Business Drivers
Internal Analysis External Analysis
Business Objectives
Strategy
Appetite
Appetite Alignment
Risk Management
Performance
Management
Appetite
Identify strengths
& weaknesses
Identify threats &
opportunities
Is our business
model fit for
purpose?
Is our business
model fit for
purpose?
Are we operating
within appetite?
Manage threats
& opportunities
Are we on-track
to deliver?
Manage
strengths &
weaknesses
Appetite
SettingExecutionFormulation
Setting
From high-level strategies to specific business objectives
Define specific business objectives and appetite for specific entity’s
Allocation of scarce resources by entity, risk category, product lines
Execution
Are we on-track to achieve our business objectives
Are we operating within appetite (are we taking too much, or not enough
risk?)
Do we have the right level of controls in place to meet internal and external
compliance drivers?
Are we aligning our change agenda to our strategic agenda?
Formulation
Development of high-level strategies and allocation of scarce resources,
including capital
Given our business context, what is our appetite for risk?
Given our appetite, have we got the right business model?
Are we comfortable with the assumptions we have made?

16. Page  16
Risk Appetite is the „glue‟ that brings together
Strategy & Risk
Performance
Management
Risk
Management
Strategy
Management
Appetite
What are we trying to
achieve?
Are we on track?
What is our Risk Appetite?
Are we operating
within appetite?
Governance & Communications
Culture

17. Page  17
We use „key‟ Drivers to define levels of risk appetite and
shape the conversation around risk (and strategy)
Business drivers
Capital
Income
Reputation
Shareholder value
Share price
Economic value
add
Profit
Strategy
Align Risk-taking
to Strategy
Manage
Risk
Manage
Performance
Appetite
Governance Communication
Culture

18. Page  18
Using drivers to frame appetite setting enables the Board to
set clear operating boundaries
Business Drivers Low Moderate High Extreme
Capacity
Limit
Income
X% Capital
@Risk
X% Capital
@Risk
X% Capital
@Risk
X% Capital
@Risk
Capital
Up to
X £M
X £M to
Y £M
X £M to
Y £M
X £M to
Y £M
Above
X £M
Reputation
Up to X vol.
Bad
coverage
Up to X vol.
Bad
coverage
Up to X vol.
Bad
coverage
Up to X vol.
Bad
coverage

19. Page  19
Appetite Alignment Matrix is a key tool for
monitoring the alignment of Risk-taking to Strategy
 Enabling monitoring of
risks which are outside
of Appetite
 Shows where we are
taking to much and
not enough risk
 Changes the risk
conversation
 Answers the question:
Are we operating with in
Appetite?

20. Page  20
So to the question…. How to integrate Risk into
the Balanced Scorecard?
1. Use Business Drivers to define levels of risk appetite
and risk-taking
 Links risk management in the strategic process
 Shapes the conversation about risk
 Enables the monitoring of the alignment of risk-taking to
strategy
 Enables us to answer the question: Are we operating within
Appetite?
2. Use your Risk taxonomy to enable the Risk
Identification process per objective

21. Page  21
Common categorisation of risk
Strategic Risk
uncertainty related to
strategic choices
Execution Risk
uncertainty related to
execution of the
chosen strategy
Operational Risk
uncertainty related
to processes,
people, technology,
change etc
Credit Risk
uncertainty related
to a counterparty's
ability to meet their
obligations
Market Credit
uncertainty related to
the market value of a
portfolio
Risk
uncertainty of future
events that will impact
on the achievement of
objectives

22. Page  22
The Strategy Map articulates how
an organisation creates value
FinancialCustomerInternalProcess
Learning&
Growth
Increase Investment
Returns by 25%
Sustainable Growth
Increase Retention
of competent staff by
10%
Increase Shareholder
value
Objective KPIs InitiativesTargets
Increase
Investment
Returns by 25%
YTD % Increase
in investment
returns
25%
 Implement
new
portfolio mgt
system
Objective
Statement of what
strategy must
achieve and what’s
critical to its
success
KPIs
How success in
achieving the
strategy will be
measured and
tracked
Targets
The level of
performance or
rate of
improvement
needed
Initiatives
Key action
programs
required to
achieve Priorities

23. Page  23
However, to create value, risk-
taking must be aligned to
strategy…
FinancialCustomerInternalProcess
Learning&
Growth
Increase Investment
Returns by 25%
Sustainable Growth
Increase Retention
of competent staff by
10%
Increase Shareholder
value
Objective Appetite AlignmentExposure
Increase
Investment
Returns by 25%
Objective
Statement of what
strategy must
achieve and what’s
critical to its
success
Appetite
How much risk
are we willing to
run to achieve the
objective?
Exposure
How much risk
are we currently
running?
Alignment
Is our current
risk-taking
aligned to
appetite?
Moderate High Over-exposed

24. Page  24
Effective risk management
supports value creation and
protection...
FinancialCustomerInternalProcess
Learning&
Growth
Increase Investment
Returns by 25%
Sustainable Growth
Increase Retention
of competent staff by
10%
Increase Shareholder
value
Objective Risks MitigationThresholds
Increase
Investment
Returns by 25%
 Unexpected
changes in
interest rates
 Unexpected
Equity
movements
 Appetite
 Tolerances
 Controls
 Initiatives
 Policy &
procedures
 Processes
Objective
Statement of what
strategy must
achieve and what’s
critical to its
success
Risks
The threats and
opportunities (risks)
exist which may
impact achievement
of objectives
Thresholds
The appetite and
tolerance
thresholds used
to monitor risk
Mitigation
The activities
undertaken to
manage risk

25. Page  25
Many different types of risks
make up the organisational risk
universe
FinancialCustomerInternalProcess
Learning&
Growth
Increase Investment
Returns by 25%
Sustainable Growth
Increase Retention
of competent staff by
10%
Increase Shareholder
value
Increase Investment
Returns by 25%
Strategic Risk
Operational Risk
Insurance Risk
Finance Risk
Hazard Risk

26. Page  26
Many different types of risks
make up the organisational risk
universe
FinancialCustomerInternalProcess
Learning&
Growth
Increase Investment
Returns by 25%
Sustainable Growth
Increase Retention
of competent staff by
10%
Increase Shareholder
value
Increase Investment
Returns by 25%
Strategic Risk
Operational Risk
Insurance Risk
Finance Risk
Hazard Risk
Unexpected
changes in interest
rates
Unexpected Equity
movements

27. Page  27
Risk categorises can be used to support risk
identification and integration of risk in the Balanced
Scorecard
Increase Investment
Returns by 25%
Insurance Risk
Underwriting Risk
Operational Risk
Strategic Risk
Hazard Risk
Financial Risk
Business Risk
Reputation Risk
Process Risk
Market Risk
Credit Risk
Liquidity Risk
People Risk
System Risk
External Events
Legal Risk
Claims Mgt Risk
Reinsurance RiskProduct Risk
Premium Risk
Civil disruption
Health & Safety
Accidents
Natural

28. Page  28
How do we define a risk?
The risk of (what, where, when)….. caused by
(how) ……resulting in..…(impact/consequences)
Examples
 The risk of financial deficit at end of year caused by
decreased in-patient activity and revenue, resulting in
rationalisation of service offerings.
 The risk of exceeding A&E waiting times, caused by
increased demand and staff vacancies, resulting in not
meeting community expectations and adverse patient
outcomes

29. Page  29
Where do we define Risks?
Objectives
Key Risks
Key Controls

30. Page  30
The Objectives, Risks and Controls structure is
central to Stratex solutions
30
Objectives
KPIs Actions Key Risks
KRIs Actions Assessment Key Controls
KCIs Actions Assessment
Events
Certification
Risk
Appetite Processes Initiatives Systems
People &
Roles
Assets
Operational enablers are aligned to strategy
Governance Commentary Workflows
Audit
Trails
Build a strategy focused, risk aware culture

31. Page  31
So to the question…. How to integrate Risk into
the Balanced Scorecard?
1. Use Business Drivers to define levels of risk appetite
and risk-taking
 Links risk management in the strategic process
 Shapes the conversation about risk
 Enables the monitoring of the alignment of risk-taking to
strategy
 Enables us to answer the question: Are we operating within
Appetite?
2. Use your Risk taxonomy to enable the Risk
Identification process per objective

32. Page  32
Q&A

33. Page  33
About StratexSystems
“StratexPoint enabled us to reduce
the value of our operational losses
by 94%, the volume by 63% and our
economic capital provision by 23%”
- Head of Operational Risk, HML -
Skipton group
Our mission
To provide an integrated strategy and risk
management solutions which enhances
strategy execution, enhance capital
efficiency by 15% and reduce operational
losses 25% while providing 100%
confidence that your business is operating
within appetite.

34. Page  34
Post credit crunch, Financial Services clients face
challenges beyond traditional „Risk Management‟
Lack of an integrated,
enterprise-wide solution
Too many spreadsheets
Systems reinforce silo processes
Compliance focused risk tools
Intensive and intrusive
FSA oversight
Board and Senior Management
pressure
Political pressure to reform and
do things differently
Basel 3, Solvency 2, S166
Confidence in our approach
Proven partners
Low Risk
Keep us out of the newspaper
Cost effective
Deliver strategy
Reduce capital provision
Reduce operational losses
Reduce / eliminate fines
Enable the right culture
“Operate within Appetite”

35. Page  35
Examples of where our solution has added real
and tangible business value
60%
23%
182
Op losses
HML seen a 60% reduction in
operational losses within 18
months
Regulatory capital
HML also seen a 23% reduction
in regulatory capital
Initiatives
Consolidated global portfolio of
major initiatives to enable
single view of status & risk

36. Page  36
Demonstration

37. Page  37
Free trial of StratexLive
Stratex Bootcamp
 30 day free use of StratexLive
 Regular ‘coaching’ session online
 Load your own data
 Add your own users
 START NOW