The EY approach to ERM is evolutionary, going far beyond strictly value protection and compliance to focus directly on value creation through the integration with business performance objectives and metrics. Having ERM anchored in strategy will not just encompass avoiding or managing threats, but it will also maximize value to enhance business performance and resource allocation for the opportunities that lie ahead.
This approach enables organizations to understand the relationship between performance drivers and the associated range of scenarios influenced by risk drivers. It is achieved through the development of a “Performance Framework” that aligns risks and opportunities with an organization’s strategic imperatives.
To implement this method, it is important to understand:
- What constitutes success as defined by the “Performance Drivers/dimensions”
- How that success is measured via “Performance measures/KPIs”
- The application of performance measures to strategic drivers
This method is an essential toolkit for avoiding scenarios that might result in detrimental impacts to an organization that would be outside the performance appetite, shifting the focus from “cost vs. benefit” to “risk vs. reward.” Overall, management teams will see a benefit by applying this approach to how they make their decisions and the impact of those decisions through a performance lens.
Leveraging risk measurement for risk-informed decision-making
Our vast experience across industries reveals that the relationship and dependencies between strategic goals, underlying value drivers, and related risk factors are not clearly understood. Thus, the selected risk response strategies typically ignore the organization’s risk appetite and tolerances. This misalignment means that the risks that have the greatest potential impact to strategic initiatives and/or the competitive viability of the business model could result in a potential loss of competitive advantage.
The reality is that organizations want — and frankly need — ERM to inform business decision-making using data and metrics. This need shift requires organizations to evolve from qualitative to quantitative ERM. To add “measurable” organizational value, ERM must be able to help the organization understand and analyze its risk drivers in relation to strategic objectives. In addition, ERM must help organizations identify the key financial metrics and focus targeted mitigation strategies that will reduce the volatility related to business outcomes and financial performance.
Starting with strategic business objectives, organizations can build a performance driver tree focused on each strategic objective that measurement though outcome measures, Key Performance Indicators (KPI’s), and Key Risk Indicators (KRI’s). This structured approach leverages metrics and risk quantification and allows organizations to identify the critical sources of volatility that can adversely impact its strategic objectives and performance outcomes.