Enterprise Risk Management and EPM – Separate or Joined at the Hip?

October 27, 2016
317 Views
risk_management-771051-edited.jpg

Enter

risk_management-771051-edited.jpg

Enterprise risk management (ERM) and enterprise performance management (EPM) are often discussed as separate topics.  But when you think about ERM in the broader, operational context, the linkages between the two become more evident. 

I recently attended the Argyle CFO Leadership Forum in Dallas as a speaker and attendee.  Among the many great topics on the agenda was a session titled “Managing and Minimizing Enterprise Risk.”  The session was moderated by Bona Allen, Sr. VP and CFO of Kajima Building and Design, Inc.  The panelists included Hari Avula, CFO of Frito-Lay North America; Erik Charles, VP of Product Marketing at Xactly; Amath Fall, CFO of Fleetpride; and Scott Frisch, COO at AARP.  Here are the highlights of the panel discussion.

What are some of the key risks to your business?

Given the diversity of companies represented on the panel, the range of risks they face is varied.  For one panelist, this includes weighing the risk vs. return of new business opportunities, as well as ensuring safety in their distribution and logistics system.  For another, their biggest risk is ensuring safety on the job sites, but they also face fluctuating demand in the construction industry and the risk this puts on their P&L.  Another panelist highlighted their investment in inventory, as well as managing growth in the business.

How do you balance the core responsibilities of Finance with risk management?

All of the panelists agreed that having your core financial processes in order is critical to having the time and credibility to advise the CEO and other executives on strategic initiatives and risk management strategies.  One panelist highlighted how transforming Finance and driving efficiency in transaction processing and reporting allows the CFO and Finance to focus more time on strategy and ensuring LOB executives are aligned to corporate goals and objectives.

Another mentioned that having the core financial processes running efficiently allows the CFO to be a strategic advisor, analyzing and evaluating the risks vs. benefits of M&A opportunities.  Others agreed that core financial processes must be solid, but also cited the need for accurate data as being key to the CFO advising the CEO and other executives on strategic initiatives.  The takeaway?  Making timely, relevant, and accurate data available across the business is critical to effective decision-making and risk management. 

How does incentive compensation play into risk management?

A few of the panelists commented on this.  Erik Charles from Xactly highlighted that incentives drive behavior in management.  He cited the recent example at Wells Fargo with associates opening up new accounts for clients and collecting millions in fees for the bank due to its incentive compensation plan.  Another example he cited was D&B (one of my former employers) and the over-selling of credit services back in the 1980s. 

He also commented that analytics and KPI (key performance indicator)monitoring are critical to managing performance and identifying key risk factors.  One of the other panelists also commented on this, highlighting that one of his areas of focus is ensuring that incentive compensation drives the sales team to balance its focus between servicing existing customers and acquiring new customers. 

How can Finance minimize and mitigate risk in the business?

enterprise_risk_management.jpg

Here, the panelists agreed that minimizing risk is not a valid objective.  Instead, the focus should be on identifying the risks associated with various business operations and initiatives, then managing the risks vs. returns and ensuring effective communications when risks start to heat up.  One recommendation was to establish baselines for the business based on prior experience, or to use external benchmarking information to evaluate performance and risk.  One example used here was a new product launch, which is risky for any business and must be planned and monitored carefully, so comparing a new launch to prior launches can be an effective technique. 

Culture and tone at the top is also critical to managing risk – with one of the panelists citing the problems that occurred at Enron and eventually caused the implosion of the company.   The mission and vision of the company should set the tone for how the business will operate. 

Linking risk management and performance management

As I listened to this panel discussion, I was reminded of the strong linkage between enterprise performance management and risk management.  Managing corporate risk starts with having a clear mission and vision for the company, then setting goals and objectives that are cascaded down from senior management, to line management, and to the overall employee population. 

CRAMP_cycle.png

Core to this process is aligning financial and operating plans to the goals and objectives of the business, and identifying the right KPIs to monitor and manage in order to track performance.  This is also the time to call out and identify key risk indicators (KRIs) that should be tracked to raise red flags as risk situations heat up.  (Think about customer satisfaction as an early indicator of potential churn, or employee satisfaction as an early warning sign of possible staff turnover.)

I think the panel was spot on in their comments – that having solid core financial processes is essential for the CFO and Finance to have both the time and credibility to be a strategic advisor to the CEO and other executives.  If you can’t close the books efficiently and accurately and deliver the basic financial reports each month or quarter, how can a CFO be taken seriously when it comes to evaluating and executing on an acquisition or major new business initiative?  If you can’t effectively establish an annual budget, report actual performance vs. budget, and support the business with regular forecasts, how can you advise LOB executives on the impacts of introducing new products or services or the impacts of entering new markets?

Learn More

Risk management is a broad topic that can include many specialized activities – e.g., corporate insurance, environmental and occupational safety, governance and compliance, currency hedging, commodity trading, and others.  But risk management is also a key component of effective enterprise performance management.  And as such, it should be considered as part of corporate goal setting, strategic planning, and financial and operational planning and reporting.