Page 132 - Performance Leadership
P. 132

Chapter 8 Balancing Performance and Risk • 121


            risk management is to combine key performance indicators (KPIs) with
            the results of a risk management exercise, spanning all areas of perform-
            ance. In this way every performance indicator has a counterpart, or a
            key risk indicator (KRI).



                                   RISK MANAGEMENT

            Risk management consists of multiple categories: operational risk, financial risk,
            reputation risk, market risk, and strategic risk.

            The Basel Committee on Banking Supervision breaks down operational risk into
                                2
            a number of categories. Although the Basel Committee focuses on the finan-
            cial services sector, these categories are useful for most businesses. Fraud, such
            as circumventing regulations, theft, or inappropriate use of resources, can be
            committed both internally (by employees) and externally (by suppliers, cus-
            tomers, shareholders, and other external stakeholders). Workplace safety (or the
            lack thereof) is also distinguished as an operational risk. Damage to physical
            assets and system failures can potentially lead to business disruption. Losses
            arising from failure to meet obligations to clients are part of operational risk.
            There can also be losses from failed processes, both inside and outside the com-
            pany, as in processes with partners and suppliers.
                                                      3
            Financial risk consists of credit risk and market risk. Market risk includes equity
            risk (what happens with stock prices), interest rate risk, currency risk, and com-
            modity risk (the price of raw materials). Credit risk is the risk of loss due to a coun-
            terparty defaulting on a contract, or, more generally, the risk of loss due to some
            “credit event.”Traditionally this is applied to bonds where debt holders were
            concerned that the counterparty to whom they’ve made a loan might default
            on a payment.
            Reputation risk is more than the potential external result of operational risk or
            financial risk. It is also broader than customer reputation; it includes all stake-
            holders: suppliers, partners, regulators, shareholders, and society at large. Rep-
                                                4
            utation risk is determined by three factors. The first is the reputation/reality
            gap. Reputation is about perception and distinct from the actual character of
            the organization (as I also stress in the definition of alignment). The bigger the
            gap, the higher the risk. The second is changing beliefs and expectations. Once-
            acceptable practices may become frowned upon, leading to a bad reputation
            because of past action. The third is weak internal coordination, when one
            department makes public promises that other departments cannot fulfill.
            Strategic risk is that the chosen strategy and decisions made do not lead to
            achieving the strategic objectives. This may have many reasons, such as
            uncoordinated management processes, political decision making, a lack of
   127   128   129   130   131   132   133   134   135   136   137