Business-related risks are addressed in organizations in a variety of ways, both from an organizational and process standpoint. You may or may not have a separate risk management function; and if you do, it might exist as a center of excellence that helps address risk-related tasks across the organization.
Strategy is often handled in a similar fashion with an equivalent office of strategy. We typically see this mirrored in our software applications, with one application for risk and another for performance management. Rather than getting into the merits for separating out these functions and the need to integrating them so that risks can be reflected in strategic outcomes, I’d instead like to pose a question:
If you had to choose, which would you consider more important?
The reality is that while both types of applications provide value, particularly when the organizational- and process-related issues are addressed, the fact remains that they’re usually considered nice-to-haves and get pushed down the priority list. This is, of course, in the absence any colossal risk/strategy-related failure that necessitates a purpose-built application.
However, you can kill two birds with one stone by choosing a performance management application that allows you to define a strategic management framework and address risk within it. In doing so, you model risk in a way that mirrors how it occurs in real life. The risks that you face, after all, relate directly to the strategies you pursue and the way you go about them.
In a typical performance management application, you link objectives, performance indicators, and initiatives together:
- What are you trying to achieve?
- How do you measure success?
- What do you need to do to achieve your goal(s)?
In risk management applications, we have our risks, measures or indicators of the risk (impact and likelihood), and the controls that we establish to mitigate the risks. The hierarchies are essentially the same – a yin-and-yang relationship.
Arguably then, you can use a flexible and configurable performance management application to address both strategic-performance and risk-management functions in one place – and eliminate the need to buy two applications and spend a lot of time and expense integrating them.
What Would Integrated Strategic Performance and Risk Management Look Like?
Within the one application you could:
- Identify your objectives (and maybe sub-objectives)
- Determine associated risks and map them to your objectives
- Define performance indicators for your objectives and link them together
- Outline and associate risk indicators
- Specify initiatives necessary to achieve the objectives
- Specify the controls needed to mitigate the identified risks
Using a performance management application to address risk management requirements might seem strange at first, but there are plenty of examples where applications have been used in more uses cases beyond their original intended use (see Post Merger Integration: I’m Sorry, What Software Did you Say I Could Use?). So while it might be ideal to build an application infrastructure that includes separate applications or modules for risk- and performance management-related disciplines, if you’re facing a limited budget, you can get more mileage out of your performance management application by employing a little creativity.