Merging ERM and EPM
During one of our recent conversations, I suggested to Nadim Razvi that potential connections between ERM and EPM could be useful areas of exploration while developing the Business KPIs.
Purely by chance, I received an email from Frank Buytendijk whom I know via Hyperion and now Oracle on a related matter. It prompted me to visit his blog and bang! There he is discussing the very same topic (albeit some days after Nadim and I touched base.)
Trust me when I say this is pure coincidence and please don’t flay me for mentioning a competitor. Frank is a formidable thinker in the BI space and his blog is well worth bookmarking. He says (and I apologize for swiping the entire text):
Enterprise Performance Management (EPM) and Enterprise Risk Management (ERM) have always been very separate disciplines, run by different specialists, speaking a different language, wearing different suits, having different wallpaper in their offices on entirely different floors. Largely this can be explained by the pressures of compliance. Regulators, I am sure, will not be happy to see if “Company X” tells them they have adopted the risk management COSO-framework, however “their version of it,” to adapt it to their performance management framework, such as the balanced scorecard. Better to stick to the standard.
Yet, EPM and ERM are two sides of the same coin. In fact, you could claim that ERM is proactive EPM. Why wait until the EPM key performance indicators show a certain business result being below expectations, when a risk management exercise could’ve uncovered that way before it happening. At the same time, you can say that EPM is proactive ERM. One of the best ways to avoid risks is to have an strong strategic focus, and an aligned organization that is all geared up to reaching a certain strategic goal.
I hinted to Nadim that I felt there were genuine synergies between Business KPIs (which would often be used in a BI setting) and wider compliance issues, something to which I alluded in an earlier post. Frank thinks the same way. It seems to me this represents a good way to engage multiple stakeholders in what amounts to a common cause. That is – the creation of broadly accepted definitions that have resonance for both internal and external purposes. In SAP terms, this could mean broadening the conversations to include those vested in GRC.
Beyond the synergies, this has benefits in assisting to dismantle the ‘walled gardens’ with which many practitioners will be familiar. As I know from personal experience, when walled gardens are torn down in the name of common need, the sum of the parts is almost always greater than the contributions of the individuals concerned.
Having got excited about the prospect, Frank concludes with a question:
I am not aware of any methodologies that actively combine EPM and ERM. I think such a methodology could be the “next generation” of EPM and ERM together. Anyone?
Again, I’d agree but I’m not sure one needs to be so prospcriptive.
While McKinsey has noted that informal networks are the way things actually get done, they also point up the potential for waste. I’m not convinced the case is proven and in any event I sense we are very early in what I would term ‘the discovery phase’ of how such relationships might work for relatively small groups. Nevertheless, I’m loathe to argue against McKinsey’s findings.
It seems therefore that as a community we have ample opportunity to build value but somewhere along the line, others far more skilled than I will need to think how this basic idea can be made whole, deliver genuine value and perhaps be incorporated into a ‘best practice’ that satisfies the rigor of those in corporate environments.
Over to you for thoughts and suggestions.