of 127
8/14/2019 2006 CS BPRM Extended Workshops 1.0
1/127
2007 EntenteDevelopment
Building your BusinessPerformance and RiskManagement (BPRM)
FrameworkFall 2006
8/14/2019 2006 CS BPRM Extended Workshops 1.0
2/127
2 Building your BPRM Framework
Agenda
Set the context
Share key definitions and benefits
of a BPRM framework Build the framework
Look back at our
accomplishments Look forward to next steps
8/14/2019 2006 CS BPRM Extended Workshops 1.0
3/127
3 Building your BPRM Framework
Context
Workshop objectives To help you understand business
performance and business riskmanagement concepts
To help you apply these concepts toshape a BPRM framework that willsupport you in leading and managingyour business line
8/14/2019 2006 CS BPRM Extended Workshops 1.0
4/127
4 Building your BPRM Framework
Context
Why we are here today? Over the past year we have engaged in both corporate
and departmental activities to look at what we need todo over the medium-term:- we reviewed our mandates, identified our core activities and
key initiatives through the corporate MTP process- through a CS-driven process we developed strategy maps to
help us maintain and strike relevant and reasonableworkloads with the appropriate balance not only betweencompeting priorities but between internally and externallyfocused activities
The result:
- an MTP or corporate three-year plan that summarizesfunctional, departmental and business line strategies acrossthe Bank
- departmental and business line strategy maps
8/14/2019 2006 CS BPRM Extended Workshops 1.0
5/127
5 Building your BPRM Framework
Context
To ensure alignment to our parentfunction, Corporate Administration,PCS shaped what the CA Strategy Map
would look like based on the publishedMTP
This clarifies how strategy cascadesfrom the function to department to thebusiness line
The end result: your strategy map = your MTP
8/14/2019 2006 CS BPRM Extended Workshops 1.0
6/127
8/14/2019 2006 CS BPRM Extended Workshops 1.0
7/127
7 Building your BPRM Framework
Context
CORPORATE
ADMINISTRATION
our desiredoutcome
Ourpeople
People, Learning &Growth Perspective
operationalexcellence
Business
ProcessPerspective
FinancialPerspective
enableus to
realize
client, partner & stakeholdersatisfaction
External Perspective
Desired Outcome
fulfill ourmandate
to
ensurewe
What resources do we need? How should we monitor the use of
resources? How can we ensure we are
providing the greatest value forthe Banks investment in CS?
What skills & development opportunitiesdo our people need to succeed?
What kind of work environment do weneed to foster?
Are we well-positioned for potential
retirements?
What do others need from us tohelp them succeed (e.g., services,new initiatives)?
How do we want others to view thedelivery of our services; our workingrelationship with them; and, our deliveryon corporate/Bank priority initiatives?
Which processes should we doreally well or should we furtheroptimize?
Do our processes encourage apartnership culture & do theysupport the Banks stewardshipresponsibilities? If not, how shouldthey change?
whichdrives
leadingus to
achieve
CS
Mandate
CS 2007CS 2007--2009 STRATEGY MAP2009 STRATEGY MAPHow It WorksHow It Works
8/14/2019 2006 CS BPRM Extended Workshops 1.0
8/127
8 Building your BPRM Framework
Context
Now for the hard part
the real challenge will be executing
our strategies this depends largely on three critical
success factors:- you! BLLTs focused on translating strategy
into operations
- having the right tools in place to support inmaking sound decisions around strategy-operations linkages
- integrating performance and riskmanagement
8/14/2019 2006 CS BPRM Extended Workshops 1.0
9/127
9 Building your BPRM Framework
Insights from KPMG
Typically leaders/managers dedicate thefollowing time to the following maincategories of activities:
Planning
0% - 5%
Managing
20% - 40%
Doing
40% - 80%
8/14/2019 2006 CS BPRM Extended Workshops 1.0
10/127
10 Building your BPRM Framework
Insights from KPMG
Ironically, when asked how they would rank theimportance of these categories with respect to theirimpact on influencing outcomes and results, mostagree thatplanning is the most important activity
followed by managing, then doing :Planning
A
Managing
B
Doing
C
8/14/2019 2006 CS BPRM Extended Workshops 1.0
11/127
11 Building your BPRM Framework
Insights from KPMG
This data confirms that good management iscritical to your success as a business line andour success as a department and function the one constant that never changes is the
importance ofmanaging. It links plans withoperational activities and directly influences doingresults
So it stands to reason that you, as a BLLT,need to have the time and the tools toeffectively manage
8/14/2019 2006 CS BPRM Extended Workshops 1.0
12/127
12 Building your BPRM Framework
Context
This is what is driving significant change to how weshape and use our ententes: we need to develop them as management tools rather
than as baseline documents for reporting to seniormanagement
This means better defining how we will be going aboutmanaging our performance, risks and resources
Over the next few months we will build your BusinessPerformance/Risk Management (BPRM) Framework we will first focus on building the performance piece then we will move to developing your key risk
information once developed, you will always be looking at
performance and risk information in tandem
8/14/2019 2006 CS BPRM Extended Workshops 1.0
13/127
13 Building your BPRM Framework
Context
So what are we getting into? we are developing something practical, direct and
simple- we dont need volumes of information to make
decisions; we need the right information at the righttime and at the right table (oftentimes, less is more)
we want to develop something that will be usefuland trademarks of successful frameworks include:
- strong horizontal cohesion at the leadership table-
engaging in a formal, consistent and systematic approach- measuring for decision-making vs measuring for reporting
- leveraging the framework to engage the workforce towards theachievement of outcomes
8/14/2019 2006 CS BPRM Extended Workshops 1.0
14/127
14 Building your BPRM Framework
Performance Mgmt
In terms of performance management, weare not starting from scratch BPM concepts are not new to CS:
- we have been engaged in Employee PerformanceManagement through manager-staff relationships
- as for business performance management we have done alot in the area of performance measurement through theententes
We will be building on this by: expanding business performance measurement to
the larger concept of business performancemanagement this means measuring to manage rather than
measuring to report
With time this will lead to improved linkages
across Employee and Business PerformanceManagement
8/14/2019 2006 CS BPRM Extended Workshops 1.0
15/127
15 Building your BPRM Framework
Key Definitions
So what is Business PerformanceManagement? a comprehensive and structured
approach
to deploying strategy
in a consistent and continuous manner
to ensure the right things are beingdone in the right way
with the right stakeholders around thetable
8/14/2019 2006 CS BPRM Extended Workshops 1.0
16/127
16 Building your BPRM Framework
Key Definitions
How does performance managementdifferfrom performance measurement?
Performance Measurement - is a management tool to assessspecific progress against pre-
determined goals- helps us learn about our
performance
Performance Management - makes use of that tool andincorporates performance
learnings into decision-making
- helps us manage performance,i.e. ensuring that the right work is
being done in the right wayto support desired outcomes
8/14/2019 2006 CS BPRM Extended Workshops 1.0
17/127
17 Building your BPRM Framework
Benefits of BPM
How can Business PerformanceManagement improve leadership &
management? good leadership/management depends onsound decision-making
sound decision-making depends on our abilityto monitor, assess, and learn as we lead,
manage and implement business performance management will
strengthen our abilities as we engage in allthese activities
8/14/2019 2006 CS BPRM Extended Workshops 1.0
18/127
18 Building your BPRM Framework
Benefits of BPM
Business Performance Management will enable us toderive even more value from performance measurementit pushes us to learn from our performance for more thanreporting purposes
Planning
Managing
Doing
ReportingDecision-
making
Planning
Managing
Doing
Reporting
Planning
Managing
Doing
ReportingDecision-
making
8/14/2019 2006 CS BPRM Extended Workshops 1.0
19/127
19 Building your BPRM Framework
Benefits of BPM
In more concrete terms, BusinessPerformance Management: will help you promote relevant entente-
workplan linkages enable you to incorporate actionable
learnings, improve decision-making andcontinuously strengthen performance
help you establish realistic, reasonable andrelevant expectations, accountabilities andmeasures in terms of both business andemployee performance
8/14/2019 2006 CS BPRM Extended Workshops 1.0
20/127
20 Building your BPRM Framework
Building the PerformancePiece
Four-Step Process:
Step 1: prioritising strategic objectives for 2007
Step 2: developing Key Performance Indicators(KPIs)
Step 3: setting 2007 targets
Step 4: confirming/prioritising activities to
achieve targets
8/14/2019 2006 CS BPRM Extended Workshops 1.0
21/127
21 Building your BPRM Framework
Workshop approach
1 2 3 4
8/14/2019 2006 CS BPRM Extended Workshops 1.0
22/127
22 Building your BPRM Framework
Workshop approach
We will go through step by stepusing the following model:
explore underlying concepts
share best practice tips
apply it to your context
8/14/2019 2006 CS BPRM Extended Workshops 1.0
23/127
23 Building your BPRM Framework
Ground rules
We have a limited amount of time todo a significant amount of work
Ground rules can enhance oureffectiveness by providing us withagreed upon parameters against which
we can collectively monitor ourmeeting behaviours
8/14/2019 2006 CS BPRM Extended Workshops 1.0
24/127
24 Building your BPRM Framework
Ground rules
Things to think about to ensure weachieve our desired outcome:
Process: how can we encouragebalanced participation, clear andrespectful communication?
Content:how should we handle ignored
discussions, tangents, closure onissues, etc.?
8/14/2019 2006 CS BPRM Extended Workshops 1.0
25/127
Step One: prioritising strategicobjectives for 2007
Fall 2006
Building your BusinessPerformance/Risk Management
(BPRM) Framework
8/14/2019 2006 CS BPRM Extended Workshops 1.0
26/127
26 Building your BPRM Framework
Step 1
1
8/14/2019 2006 CS BPRM Extended Workshops 1.0
27/127
27 Building your BPRM Framework
Step 1: Concepts
What do we mean by the termprioritising? it is the process of filtering
to determine an order of priority
for what needs doing
Why is it important? it enables us to ensure effort and
resources are focused on what is mostimportant to achieve our desiredoutcomes
8/14/2019 2006 CS BPRM Extended Workshops 1.0
28/127
28 Building your BPRM Framework
Step 1: Concepts
Why is prioritizing so important? we cant do it all at once
we want to do the right things
we want to make the best use of availableresources while striking and maintainingreasonable workloads (WECU)
we need to increase the effectiveness ofwork-planning and reduce risk of over-committing
8/14/2019 2006 CS BPRM Extended Workshops 1.0
29/127
29 Building your BPRM Framework
Step 1: Best Practice Tips
Trademarks of successfulprioritisation activities:
engagement in prioritisation as a groupactivity particularly when it concerns ashared responsibility for results oroutcomes
a systematic, objective and transparentapproach based on a clear approach/set ofcriteria
8/14/2019 2006 CS BPRM Extended Workshops 1.0
30/127
30 Building your BPRM Framework
Step 1: Best Practice Tips
How can we determine our 2007priority objectives? using a Grid/Decision Matrix as a
common CS approach
it is effective when there are a goodnumber of alternatives and severalfactors or criteria to take into account
8/14/2019 2006 CS BPRM Extended Workshops 1.0
31/127
31 Building your BPRM Framework
Step 1: Best Practice Tips
To ensure a common approach across CS,criteria has already been identified: what is the value of each objective relative to your desired
outcome?
what is the value of each objective relative to the CS desiredoutcome?
how and to what degree does each objective contribute to theachievement of other objectives (cause and effect)?
what is the degree of negative impact if a 2007 priorityobjective?
what is the level of risk to the Bank if not a 2007 priorityobjective?
For the time being, they will be weightedequally
8/14/2019 2006 CS BPRM Extended Workshops 1.0
32/127
32 Building your BPRM Framework
Step 1: Best Practice Tips
Using an excel-based worksheet, we willscore each objective on a scale of one to fivefor each criteria. one being the lowest value/degree/level
five being the highest value/degree/level
Then we will add up the scores, review andrank the results: A: top 3
C: bottom 3 B: remainder
8/14/2019 2006 CS BPRM Extended Workshops 1.0
33/127
33 Building your BPRM Framework
Step 1: Application
Now to apply it:
on the handout is the grid where you willindividually score each criteria for each objective
we will then- enter in the results
- identify A, B, C priorities
- review the results, discuss and refine those thatcannot be lived with
- finalize A, B, C priorities
8/14/2019 2006 CS BPRM Extended Workshops 1.0
34/127
34 Building your BPRM Framework
To loosen up.
Attach the dots using four straight lines, but never cross adot more than once and dont lift your pen/pencil up fromthe paper
Psst
Dont forget
to think outof
the box
8/14/2019 2006 CS BPRM Extended Workshops 1.0
35/127
Step Two: developing KeyPerformance Indicators (KPIs)
Fall 2006
Building your BusinessPerformance/Risk Management
(BPM) Framework
8/14/2019 2006 CS BPRM Extended Workshops 1.0
36/127
36 Building your BPRM Framework
Step 2
2
8/14/2019 2006 CS BPRM Extended Workshops 1.0
37/127
37 Building your BPRM Framework
Step 2: Concepts
What is a Key Performance Indicator(KPI)? it is an essential component of performance
measurement it is that which you determine the most
important with respect to learning aboutyour ability to achieve your strategic
objective it helps you monitor how well your business
is achieving its stated objectives
it will enable performance learning that will
guide you in making more strategic
8/14/2019 2006 CS BPRM Extended Workshops 1.0
38/127
38 Building your BPRM Framework
Step 2: Concepts
The difference between a CriticalSuccess Factor (CSF), a Key PerformanceIndicator (KPI) and a Key Risk Indicator
(KRI)? CSF: what is essential for us to get where
we want to go KPI: what we need to monitor to know how
successful we are and judge how wecan be more successful
KRI: what we need to watch out for lest itcome in the way of success
8/14/2019 2006 CS BPRM Extended Workshops 1.0
39/127
39 Building your BPRM Framework
Step 2: Concepts
We have been working to develop arudimentary analogy:
Objective To get to Montreal in 2 hours, 5 minutes.
For the sake of this analogy: the road is smooth, weather is good andthere is no traffic or construction; you are a stickler when it comes tofollowing the speed limit, you love coffee and always take a thermoswith you on the road; its dinnertime and you had no time to pack some
food; and who knows what the status of your gas tank is.
CSF need 4 working wheels KPI speed/time ratio (target: 50km/30
minutes) KRI number of stops you make
8/14/2019 2006 CS BPRM Extended Workshops 1.0
40/127
40 Building your BPRM Framework
Step 2: Concepts
Distinguishing between two types ofindicators:Strategic result indicators
outcome-focused on the broader benefits ofa group of activities (doing the right things)
Activity result indicators
output-focused on the direct benefits of anactivity or group of activities in response toa specific client need (doing them in theright way)
8/14/2019 2006 CS BPRM Extended Workshops 1.0
41/127
41 Building your BPRM Framework
Step 2: Concepts
Here our focus is primarily on Strategicresults indicators
We are focusing on the benefits, thevalue of multiple cross-business lineactivities to achieving your desiredobjectives
Hence the importance of workingcollectively as a leadership team
8/14/2019 2006 CS BPRM Extended Workshops 1.0
42/127
42 Building your BPRM Framework
Step 2: Concepts
The value of having strategic KPIs in yourEntente? it will clarify what you as a BLLT consider to be what you
are accountable for
it will support the collective role you play in managingyour BLs performance
it will focus your leadership on the bigger picture andstrengthen your decision-making as you re-assess/re-prioritize activities to best support your desired outcome
it will provide a foundation to translate strategy intooperations and in so doing help you in yourcommunications to staff
resulting in less disconnects between detailedworkplans and your BL entente
8/14/2019 2006 CS BPRM Extended Workshops 1.0
43/127
43 Building your BPRM Framework
Step 2: Best Practice Tips
KPIs need to be developed for your desiredoutcome and strategic objectives
To determine a KPI that will be useful to you,
it will be helpful to ask yourselves: if you were on EMC what would you consider to be
evidence of success?
if you were a client what would you care about?
what would industry professionals consider to beevidence of success?
why is the outcome or objective important?
what's a critical success factor to getting there?
8/14/2019 2006 CS BPRM Extended Workshops 1.0
44/127
44 Building your BPRM Framework
Step 2: Best Practice Tips
Some criteria to bear in mind:Supports Decision-makingIs it relevant to real decisions you will be faced with as a leadership team?
Repeatable and ReliableWill it be possible to have a constant and consistent snapshot and at anappropriate frequency to draw reasonable conclusions from the information?
Usefulness for Target SettingWill it be possible to establish meaningful targets for improvements?
Easily understoodIs the indicator clear and easy to understand?
Useful for Strategic CommunicationsDoes it adequately focus on the strategic issue, will it help in communicating tostaff when trying to drive the relevant and appropriate behaviour?
Feasible/cost-effective to measureIs it a practical indicator?
8/14/2019 2006 CS BPRM Extended Workshops 1.0
45/127
45 Building your BPRM Framework
Step 2: Application
As we go forward, remember:
the goal is not to measure whatseasy to measure, but to measurewhat matters most
you may not have to reinvent the
wheel, there may be somethingalready in place that you canimprove upon
8/14/2019 2006 CS BPRM Extended Workshops 1.0
46/127
46 Building your BPRM Framework
Step 2: Application
First we will take an initial stab at developingcritical success factors and key risk indicators
Then we will consider what we would need tosuccessfully engage in measurement, such as: the unit of measurement appropriate frequency of measurement the calculation or formula that would be applied where the data will come from, who, what tools or
processes will be involved what the current availability of data is potential proxy measures where data is currently
unavailable
8/14/2019 2006 CS BPRM Extended Workshops 1.0
47/127
Step Three: setting 2007 targets
Fall 2006
Building your BusinessPerformance/Risk Management(BPRM) Framework
8/14/2019 2006 CS BPRM Extended Workshops 1.0
48/127
48 Building your BPRM Framework
Step 3
3
8/14/2019 2006 CS BPRM Extended Workshops 1.0
49/127
49 Building your BPRM Framework
Step 3: Concepts
What is an indicator target? the indicator target refers to the specific
level of performance that a business unit
considers to be achievable and relevantwithin a specific period of time
it is the desired value or range of valuesfor the indicator
8/14/2019 2006 CS BPRM Extended Workshops 1.0
50/127
50 Building your BPRM Framework
Step 3: Concepts
Why are indicator targets useful? they remind us of where we are trying to
go
they allow us to develop and useperformance information to ensure we getthere- assessment of current against desired state
enables us to learn about our performance andprovide us the flexibility to identify if, when andhow we need to alter our course
8/14/2019 2006 CS BPRM Extended Workshops 1.0
51/127
51 Building your BPRM Framework
Step 3: Best Practice Tips
Things to think about when setting indicatortargets they can be based on:
- past performance
- performance of comparable organizations- service or industry norms/standards- market research
they are often influenced by:- resource constraints
- service demand- policy priorities- strategic plan- environmental variables
8/14/2019 2006 CS BPRM Extended Workshops 1.0
52/127
52 Building your BPRM Framework
Step 3: Best Practice Tips
Though hard to develop, the SMARTerthe target, the more useful it will be:
Specific: it is clear what you need to do Measurable: you can prove that you have
reached them Achievable: you can reach it within the
respective time frame Realistic: it is supported by actions
you will be able to engage in Time-bound: can be clarified through
milestones and deadlines
8/14/2019 2006 CS BPRM Extended Workshops 1.0
53/127
53 Building your BPRM Framework
Step 3: Application
Back to our Excel worksheet Bear in mind workloads
Remember that your operational and
project managers need to incorporate timefor planning, managing and doing
Be careful not to over-commit!
8/14/2019 2006 CS BPRM Extended Workshops 1.0
54/127
Step Four: confirming/prioritisingactivities to reach
targets
Fall 2006
Building your BusinessPerformance/Risk Management
(BPRM) Framework
8/14/2019 2006 CS BPRM Extended Workshops 1.0
55/127
55 Building your BPRM Framework
Step 4
4
8/14/2019 2006 CS BPRM Extended Workshops 1.0
56/127
56 Building your BPRM Framework
Step 4a: Concepts
Identifying and prioritising businessactivities in support of the KRIs and2007 targets is the first step to
translating strategy to operations it is time when you determine what
activities will be undertaken and which ofthese will be priorities
often difficult decisions have to be made- when a current activity is found not to support a
KRI or target, a decision needs to be made as toits continuity the degree of resources allocatedtowards it
8/14/2019 2006 CS BPRM Extended Workshops 1.0
57/127
57Building your BPRM Framework
Step 4a: Best Practice Tips
When identifying and reviewingactivities for each KPI/target, it isimportant to ask:
will the activities contribute to the achievement ofthe the performance target? are there some missing? are there some that no longer appear to align?
if so, what justifies undertaking them?
are the activities currently listed of strategicimportance or do they belong in service line workplans?
have they been appropriately identified in terms ofR/G/T?
8/14/2019 2006 CS BPRM Extended Workshops 1.0
58/127
58Building your BPRM Framework
Step 4a: Application
2007 activities were linked to yourstrategic objectives in MTP and budgetpreparation documents
Lets start with those and then work onwhat might be missing
Once you are comfortable with the
activities identified we will engage inanother prioritisation exercise
8/14/2019 2006 CS BPRM Extended Workshops 1.0
59/127
59 Building your BPRM Framework
Step 4b: Best Practice Tips
Now that you are comfortable with the activities it istime to prioritise them to ensure you are well-placedfor any trade-off discussions through the year
As a first step, we will map your activities to thestrategic objectives
this will bring to light activities that support multipleobjectives; these become clear priorities providing abigger bang for the buck
Again we are looking for a balance across the A, B, Ccategorizations to ensure we do not run the risk ofover-committing and under-delivering
If the first prioritisation activity does not clarify thepriorities sufficiently, we will plot the activities stillunder discussion on an Action Priority Matrix this will bring to light the effort/feasibility versus
impact
8/14/2019 2006 CS BPRM Extended Workshops 1.0
60/127
60 Building your BPRM Framework
Step 4b: Application
For the first of these approaches, lets turn back toexcel
On this new worksheet, there is a grid with your
strategic objectives on the left and all your activitieslaid out horizontally across the top
We are looking to determine which objectives eachactivity contributes to
The more objectives an activity hits, the higher thepriority
8/14/2019 2006 CS BPRM Extended Workshops 1.0
61/127
61 Building your BPRM Framework
Step 4b: Application
Now for the second of our approaches
Action PriorityMatrix
8/14/2019 2006 CS BPRM Extended Workshops 1.0
62/127
62 Building your BPRM Framework
Step 4b: Application
There are two key steps to using theAction Priority Matrix:
plotting each activity on the matrixalong the impact and effort scale
assessing which activities will give youthe greatest return on your efforts
8/14/2019 2006 CS BPRM Extended Workshops 1.0
63/127
63 Building your BPRM Framework
Step 4b: Application
Quick Wins:
most attractiveprojects, with agood return forrelatively littleeffort
Fill Ins:
shouldnt worryabout doing these if you have sparetime great, butdrop them ifsomething bettercomes along
Major Projects
good investmentreturns but take a longtime to complete make sure you engagein these as effectivelyand as efficiently aspossibleHard Slogs:
to be avoided.Low returns and
they crowd outtime which couldbe used elsewhere
Quick
Wins
Major
Projects
Hard
Slogs
Fill
Ins
Action PriorityMatrix
8/14/2019 2006 CS BPRM Extended Workshops 1.0
64/127
64 Building your BPRM Framework
Step 4b: Application
Impact
Low
High
EffortLow High
Action Priority Matrix
8/14/2019 2006 CS BPRM Extended Workshops 1.0
65/127
2007 EntenteDevelopment
Developing your BusinessPerformance/RiskManagement (BPRM)
FrameworkFall 2006
8/14/2019 2006 CS BPRM Extended Workshops 1.0
66/127
66 Building your BPRM Framework
The Context for RISK
Now for the Risk component of ourframework: our success does not hinge on our
ability to make progress within aperfectly controlled environment
It hinges on our ability to make theright level of progress in the right
areas while mitigating the right riskswhen faced with challenges outside ofour control
8/14/2019 2006 CS BPRM Extended Workshops 1.0
67/127
67 Building your BPRM Framework
Context
Again, we are looking to develop somethinguseful, practical, direct & simple
We will be integrating risk and performance
management by developing business riskinfo as we did our business performance info:by strategic objective
Equally important, we will be embarking onan approach that can roll up into corporate
risk management & cascade down intooperational & project risk managementeffectively & efficiently
8/14/2019 2006 CS BPRM Extended Workshops 1.0
68/127
68 Building your BPRM Framework
Context
Clear vision to which staff give their all
Frank discussions are had
Cross-boundary collaboration People give & receive feedback/
challenge each other regardless ofhierarchy
Risk aware - there is no need tocover up, threats are reframed as
challenges Good information flow even when
news is bad
People admit & learn from mistakes
Clear roles, responsibilities
Unclear vision
Focus on control/structure
Turf issues Emphasis on status and
hierarchy
Risk averse
Poor information flow
Lack of accountability
Unclear roles &responsibilities
HIGH PERFORMANCE
CULTURE
LOW PERFORMANCECULTURE
8/14/2019 2006 CS BPRM Extended Workshops 1.0
69/127
69 Building your BPRM Framework
Context
Risk mgmt failures are mostcommonly due to:
risk avoidance or risks not beingrecognized
risks not being properly prioritized
risks being managed in isolation of
each other
8/14/2019 2006 CS BPRM Extended Workshops 1.0
70/127
70 Building your BPRM Framework
Context
Again we are not starting from scratch
Risk Mgmt concepts are not new to CS or the Bank:- in late 1990s, Bank senior mgmt identified risk mgmt as an essential
component of good mgmt practice & developed a risk mgmtframework in 1997 in consultation with the Board of Directors
- CS has been engaged in the annual self-assessment process,whereby the senior managers across the Bank identify & assess keyrisks that could impede the Banks responsibilities & theachievement of its objectives, & outlines risk mitigation strategies
We want to build on our knowledge & practice to date:- as in the case of performance info, risk info has been primarily
developed/used to contribute to the corporate risk process ratherthan for business line mgmt purposes
- our goal today is to work towards a framework that will enable youas a leadership team to develop & use risk info to make moreinformed decisions on an ongoing basis
8/14/2019 2006 CS BPRM Extended Workshops 1.0
71/127
71 Building your BPRM Framework
Key Definitions
So what is Risk?
refers to uncertainty that surrounds future events& outcomes
possibility that an event, activity or action willreduce your ability execute your strategy & meetyour objectives
a combination of the probability of an event & its
consequence or impact in terms of your objectives
it is typically perceived as negative, but positiveopportunities can arise from responsible risk-taking
8/14/2019 2006 CS BPRM Extended Workshops 1.0
72/127
72 Building your BPRM Framework
Key Definitions
Distinguishing between strategic & operational risks:
Strategic risks - relate to the strategic objectives- clear link to the departments outcome- likely to remain evident for duration of the MTP- managed by departmental and business line
leadership teams- Strategy: doing the right things
Operational risks - relate to delivery of service, program or project- rarely have a clear link to the departments
outcome- can be short-lived- are managed by operational/project managers- Operations: doing things the right way
8/14/2019 2006 CS BPRM Extended Workshops 1.0
73/127
73 Building your BPRM Framework
Key Definitions
So what is Risk Management?
Acknowledging that problems will occur& preparing in advance to help avoid or
minimize their impact Taking action to ensure that all
significant risks are identified, prioritized,assessed, handled & monitored effectively
Recognizing and acting uponopportunities where you can take risks &innovate
8/14/2019 2006 CS BPRM Extended Workshops 1.0
74/127
74 Building your BPRM Framework
Benefits of Business Risk Mgmt
Risk smart managersThey understand which risks to take, which to avoid & how much time &effort to devote to managing risk; they are more alert to relevant changesin the environment & better able to adapt appropriately in a timely &effective manner
Stronger decisionmaking & governanceStronger performance and greater capacity to achieve objectives. Wewill also be in a position to make stronger contributions to the Bankscorporate risk assessment
Improved stakeholder confidenceThey will notice that we can raise flags more efficiently & escalate
risk concerns before there is a crisis on our hands
Fewer crisis mgmt situtationsWe can reduce high costs of crisis managementt & ensure that our risk
mitigation dollars are going to the right things
8/14/2019 2006 CS BPRM Extended Workshops 1.0
75/127
75 Building your BPRM Framework
Benefits of Business Risk Mgmt
In more concrete terms, Business RiskManagement will help you:manage risks versus just reporting risks
identify which risks require attention
reduce the fear of unknowns &uncertainties for both staff & stakeholders
establish realistic, reasonable & relevantexpectations, accountabilities around risksacross your BL
8/14/2019 2006 CS BPRM Extended Workshops 1.0
76/127
76 Building your BPRM Framework
Workshop approach
Again we have a five-step process:Step 1: confirming 2007 priorities/activities forattention re risk
Step 2: developing Key Risk Indicators (KRIs), assessingimpact/consequence and determining your risktolerance
Step 3: defining current mitigation, assessing likelihoodgiven status quo to develop initial risk profile (Jan. 1st2007)
Step 4: developing your target risk profile (Dec. 31st, 2007)and defining mitigation activities to
maintain/achieve targets
8/14/2019 2006 CS BPRM Extended Workshops 1.0
77/127
77 Building your BPRM Framework
Workshop approach
1 2 3 4
8/14/2019 2006 CS BPRM Extended Workshops 1.0
78/127
Step One: confirming 2007 prioritiesfor attention re risk
Fall 2006
Building your BusinessPerformance/RiskManagement (BPRM)Framework
8/14/2019 2006 CS BPRM Extended Workshops 1.0
79/127
79 Building your BPRM Framework
Step 1
1
8/14/2019 2006 CS BPRM Extended Workshops 1.0
80/127
80 Building your BPRM Framework
Step 1: Concepts
Reminding ourselves what we mean byprioritizing? it is the process of filtering
to determine an order of priorityfor what needs doing
Why is it important? it enables us to ensure effort & resources
are focused on what is most important toachieve our desired outcomes
8/14/2019 2006 CS BPRM Extended Workshops 1.0
81/127
81 Building your BPRM Framework
Step 1: Best Practice Tips
Trademarks of successfulprioritization exercises:
It is done as a group activity, particularlywhen it concerns shared responsibility foroutcomes
It is done using a systematic, objective &transparent approach, based on a clear setof criteria
8/14/2019 2006 CS BPRM Extended Workshops 1.0
82/127
82 Building your BPRM Framework
Step 1: Application
How should we determine our 2007priority objectives re risk? by adopting the prioritization results identified
through your business performance management
discussions
Why? we are integrating business performance and risk
management
the strength of your decision-making will dependon the extent to which you have both performance& risk-related information
8/14/2019 2006 CS BPRM Extended Workshops 1.0
83/127
Step Two: developing KRIs, assessingimpact/consequence and
determining risk tolerance
Fall 2006
Building your BusinessPerformance/Risk Management(BPRM) Framework
8/14/2019 2006 CS BPRM Extended Workshops 1.0
84/127
84 Building your BPRM Framework
Step 2
2
8/14/2019 2006 CS BPRM Extended Workshops 1.0
85/127
85 Building your BPRM Framework
Step 2a: Concepts
What is a Key Risk Indicator (KRI)?
predictive toolcan provide insight into risk position & signal how
well or not we are managing our business
early warning systema smoke detector if you will which can alert you to
the need to make a decision about adjusting ourcourse in the face of upcoming risk events
It is what we need to watch out for lest it comes in theway of
success; a high-risk hotspot that can help anticipate adownfall
8/14/2019 2006 CS BPRM Extended Workshops 1.0
86/127
86 Building your BPRM Framework
Step 2a: Concepts
Lets remind ourselves of the differencesbetween a Critical Success Factor (CSF),a Key Performance Indicator (KPI) & aKey Risk Indicator (KRI)
CSF: what is essential for us to get wherewe want to go
KPI: what we need to monitor to know howsuccessful we are & where we need to
improve in order to be successfulKRI: what we need to watch out for lest itcome in the way of success
8/14/2019 2006 CS BPRM Extended Workshops 1.0
87/127
87 Building your BPRM Framework
Step 2a: Concepts
Types of KRIs
Strategic risk indicators
what could come in the way of doing the right things,achieving your strategic objectives
Operational risk indicators
what could come in the way of doing things the right
way, achieving a specific activity, initiative or project
8/14/2019 2006 CS BPRM Extended Workshops 1.0
88/127
88 Building your BPRM Framework
Step 2a: Concepts
Much like KPIs, we have KRIs that areeither
LAG indicators
May help with post-mortems but are not forward-looking or particularly predictive; can revealunderlying deficiencies that need to be redressed
LEAD indicators
More predictive of potential for risk event in the near
future & consequences being realized should no actionbe taken; relates to potential failures or lapses in riskcontrols
8/14/2019 2006 CS BPRM Extended Workshops 1.0
89/127
89 Building your BPRM Framework
Step 2a: Best Practice Tips
Good KRIs should:must not be at too high a level
otherwise their relevance will beunclear & they will not be useful toyou
predictive and, timely in flagginganomalies
inform decision making
8/14/2019 2006 CS BPRM Extended Workshops 1.0
90/127
90 Building your BPRM Framework
Step 2a: Best Practice Tips
That being saidthe predictive capability of a risk
indicator is as good as the accuracyin the identifying potentialhotspots
dont fret if it is difficult it should
be. Solid KRIs are rarely developedovernight. It is often a question oftrial & error
8/14/2019 2006 CS BPRM Extended Workshops 1.0
91/127
91 Building your BPRM Framework
Step 2a: Application
So lets take a stab at it. Our objective is todevelop KRIs for your desired outcome &priority A objectives
Try to establish KRIs by asking yourselves: what are the critical success factors? what could come in the way of success? where might there be uncertainty? what we are trying to prevent? if current mitigation is already in place, what might
measure potential control failures?
If you get stuck, think of areas and drivers ofrisk
8/14/2019 2006 CS BPRM Extended Workshops 1.0
92/127
92 Building your BPRM Framework
Step 2a: Application
Areas and
Drivers of Risk
8/14/2019 2006 CS BPRM Extended Workshops 1.0
93/127
93 Building your BPRM Framework
Step 2b: Concepts
Now that we now what you consider to bethreats to success we can focus on theconsequences of such threats should theycome into play.Now to determine yourtolerance to the risks you have identified
Risk are measured by assessing thelikelihood and consequences of potential riskevents, which is why risk is often defined asthe expression of the likelihood and impact ofan event with the potential to influence the
achievement of an organization's objectives For the time being lets just focus on
assessing consequence
8/14/2019 2006 CS BPRM Extended Workshops 1.0
94/127
94 Building your BPRM Framework
Step 2b: Concepts
So what do we mean by consequence? it refers to the impact or outcome of risk
events
Consequence ca n be measured in qualitativeor quantitative terms.
Qualitative analysis is the most cost effectiveand is generally used as the first line of
evaluation to obtain a general indication ofrisk levels and to clarify major risk
8/14/2019 2006 CS BPRM Extended Workshops 1.0
95/127
95 Building your BPRM Framework
Step 2b: Best Practice Tips
To ensure alignment with the corporate riskmanagement framework it stands to reason that weadopt tools already developed and in applicationacross the Bank
As we mentioned earlier, there is an annual self-assessment process, whereby senior managers assesskey risks that could impede the Banks responsibilities& achievement of objectives
So using the corporate risk assessment guidelines we
will assess potential impact across three parameters: financial operational reputational
8/14/2019 2006 CS BPRM Extended Workshops 1.0
96/127
96 Building your BPRM Framework
Step 2b: Application
For each objective consider the KRIsand rate the impact should a risk eventoccur
So if the risk is related to managerbuy-in, if the manager buy-in is notwhat it needs to be what is theconsequence on your ability to achieve
your objective
The rating scales are as follows:
Consequence Minor, Moderate,
Serious
8/14/2019 2006 CS BPRM Extended Workshops 1.0
97/127
97 Building your BPRM Framework
Step 2c: Concepts
Now for risk tolerancewhat does it mean? sometimes referred to as level of risk acceptance, it sets a
boundary of how much risk you (or the Bank) are preparedto accept, tolerate or be exposed to at any point in time
it is the tendency of the Bank, CS or BLs to work within acertain level of risk
Why should you care? operating within risk tolerances can provide both you &
your stakeholders greater assurance that you will achieveyour objectives
it will help you identify your risk mgmt priorities in
conjunction with the initial profile (which we will bedeveloping a little later)
it will help want achieve a healthy attitude to well-managed risk taking; we can overcome risk aversion bybeing clear about where we have high & low risk appetite.
8/14/2019 2006 CS BPRM Extended Workshops 1.0
98/127
98 Building your BPRM Framework
Step 2c: Best Practice Tips
Level of acceptable risk is amgmt decision, in this case aleadership team decision
No right answer, but mustconsider CS & the Banks overall
risk appetite
8/14/2019 2006 CS BPRM Extended Workshops 1.0
99/127
99 Building your BPRM Framework
Step 2c: Application
So, lets run through your priority Aobjectives and categorize yourtolerance to the risks (KRIs) previously
identified
The ratings are as follows:
MediumCan live with it
HighNo problem
LowCant live withit
8/14/2019 2006 CS BPRM Extended Workshops 1.0
100/127
Step Three: defining currentmitigation, assessing likelihoodto develop initial risk profile
Fall 2006
Building your BusinessPerformance/Risk Management(BPRM) Framework
8/14/2019 2006 CS BPRM Extended Workshops 1.0
101/127
101 Building your BPRM Framework
Step 3
3
8/14/2019 2006 CS BPRM Extended Workshops 1.0
102/127
102 Building your BPRM Framework
Step 3a: Concepts
Our next step is to identify mitigationactivities already in place
We want to have a better
understanding of the status quo todevelop your 2007 profile
Risk mitigation activities can be
defined as: actions taken to enhance the likelihood that
established objectives can be achieved inthe face of a particular risk
actions to reduce the severity/impact of a
8/14/2019 2006 CS BPRM Extended Workshops 1.0
103/127
103 Building your BPRM Framework
Step 3a: Best Practice Tips
Focus only on the here and now
If you are dealing with a net newset of initiatives, then the work islikely done chances are no
mitigation is yet in place
8/14/2019 2006 CS BPRM Extended Workshops 1.0
104/127
104 Building your BPRM Framework
Step 3a: Application
So, lets objective by objective anddiscuss what risk mitigation activitieshave been undertaken
We are looking to discern what iscurrently in place in the context of KRIsyou have identified
8/14/2019 2006 CS BPRM Extended Workshops 1.0
105/127
105 Building your BPRM Framework
Step 3b: Concepts
It is now time to complete ourintial risk assessment
We have already assessed theconsequences, now we need toassess the likelihood
8/14/2019 2006 CS BPRM Extended Workshops 1.0
106/127
106 Building your BPRM Framework
Step 3b: Concepts
What do we mean by Likelihood? likelihood refers to the probability
or frequency of a risk event
occurring
8/14/2019 2006 CS BPRM Extended Workshops 1.0
107/127
107 Building your BPRM Framework
Step 3b: Best Practice Tips
It is important to assess likelihood in terms ofthe status quo
This means that if there are current
mitigation activities in place they are part ofthat status quo
In other words, you are looking to assess thelikelihood should no further mitigation
activities be taken
8/14/2019 2006 CS BPRM Extended Workshops 1.0
108/127
108 Building your BPRM Framework
Step 3a: Application
Again we will use the corporateguidelines
The rating scale are as follows:
High the event is likely to
occur
Medium the event may occur
Low the event is unlikely tooccur
8/14/2019 2006 CS BPRM Extended Workshops 1.0
109/127
109 Building your BPRM Framework
Step 3c: Application
Now that you have assessedlikelihoods and consequences wecan develop your initial riskprofile by plotting yourdeterminations on a risk grid
8/14/2019 2006 CS BPRM Extended Workshops 1.0
110/127
110 Building your BPRM Framework
Step 3c: Application
Consequence
Likelihood
Low
Medium
High
Minor Moderate Serious
8/14/2019 2006 CS BPRM Extended Workshops 1.0
111/127
Step Four: developing your 2007 targetprofile and defining
mitigation activities to achieve targets
Fall 2006
Building your BusinessPerformance/Risk Management(BPRM) Framework
8/14/2019 2006 CS BPRM Extended Workshops 1.0
112/127
8/14/2019 2006 CS BPRM Extended Workshops 1.0
113/127
113 Building your BPRM Framework
Step 4a: Concepts
Now that you have developed your riskprofile it is time to determine which risksrequire attention
In so doing we will develop a target profilethat delineates where you are going focusyour efforts in 2007 with respect to riskmanagement there are limited resources, it doesnt make sense
to mitigate every risk you and your stakeholders, however, need to have
the confidence that you are taking only calculatedrisks
8/14/2019 2006 CS BPRM Extended Workshops 1.0
114/127
114 Building your BPRM Framework
Step 4a: Application
So bearing in mind limited resources andworkload constraints, look to identifythose areas that truly need attention in2007
A simple how-to to determine if youneed to sustain or strengthen risk profile: focus on those risks, where you identified a gap
between the initial profile and tolerance ratings
consider whether you need to sustain currentrisk-related resource allocations if you need further clarification use the
following best practice criteria
li i
8/14/2019 2006 CS BPRM Extended Workshops 1.0
115/127
115 Building your BPRM Framework
Step 4a: Application
Likelihood
Consequence
Minor
Moderate
Considerablemanagementrequired
Low Medium High
Must manageand monitorrisks
Extensivemanagementessential
Risks may beworthaccepting withmonitoring
Managementeffortworthwhile
Managementeffort required
Accept risks
Accept, butmonitor risks
Manage andmonitor risks
Serious
S li i
8/14/2019 2006 CS BPRM Extended Workshops 1.0
116/127
116 Building your BPRM Framework
Step 4a: Application
Specifymanagementresponsibility
Detailed mgmtplanning &attentionrequired
To be managedby seniormanagementwith a detailedplan
Manage byspecificprocedures
Specifymanagementresponsibility
Detailed mgmtplanning &attentionrequired
Manage byroutineprocedures
Manage byspecificprocedures
Specifymanagementresponsibility
Consequence
Minor
Moderate
Serious
Likelihood
Low Medium High
S 4 A li i
8/14/2019 2006 CS BPRM Extended Workshops 1.0
117/127
117 Building your BPRM Framework
Step 4a: Application
Consequence
1
97 8
654
2 3
Consequence
Minor
Moderate
Serious
Likelihood
Low Medium High
St 4b C t
8/14/2019 2006 CS BPRM Extended Workshops 1.0
118/127
118 Building your BPRM Framework
Step 4b: Concepts
Last but not least, it is importantto identify mitigation activitieswhere you have identified itnecessary to sustain orstrengthen a risk rating
So again, what is a mitigationactivity?
St 4b C t
8/14/2019 2006 CS BPRM Extended Workshops 1.0
119/127
119 Building your BPRM Framework
Step 4b: Concepts
A mitigation activity is a meanscontrolling a risk
Generally speaking, there are two
types of controls: preventative controls that reduce the
likelihood of something happening (e.g.systems access)
corrective controls that reduce the implactif something does occur (e.g. contingencyplans)
St 4b B t P ti Ti
8/14/2019 2006 CS BPRM Extended Workshops 1.0
120/127
120 Building your BPRM Framework
Step 4b: Best Practice Tips
When identifying mitigationactivities focus on the key riskindicators to ensure that youractivities will appropriatelyaddress the threats, otherwiseresources and effort will not have
been directed in a meaningfulway
St 4b A li ti
8/14/2019 2006 CS BPRM Extended Workshops 1.0
121/127
121 Building your BPRM Framework
Step 4b: Application
So lets identify relevant andreasonable mitigation activitiesfor those risks (KRIs) where youhave identified it necessary tosustain or strengthen a risk rating
I l i
8/14/2019 2006 CS BPRM Extended Workshops 1.0
122/127
122 Building your BPRM Framework
In closing
Do you have a better understanding ofperformance and risk managementconcepts?
Can you begin to see how it might beof value to you as you plan, manage,implement, learn through and reporton your entente and MTPcommitments?
I l i
8/14/2019 2006 CS BPRM Extended Workshops 1.0
123/127
123 Building your BPRM Framework
In closing
Next steps
What challenges do you seemoving forward?
I l i
8/14/2019 2006 CS BPRM Extended Workshops 1.0
124/127
124 Building your BPRM Framework
In closing
Thank you for taking the time andputting in the energy to work withus over the last few months
With time the value of thisframework and the discussions
around it will become more andmore evident
MIND B k
8/14/2019 2006 CS BPRM Extended Workshops 1.0
125/127
125 Building your BPRM Framework
MIND Break
Attach the all the dots using four straightlines, but never cross a dot more thanonce
Psst
Dont forget
to think outof
the box
Risk Profile MB/CA
8/14/2019 2006 CS BPRM Extended Workshops 1.0
126/127
126 Building your BPRM Framework
Risk Profile MB/CA
Consequence
Likelihood
Minor
Moderate
Serious
Low Medium High
Prioritisation Tool
8/14/2019 2006 CS BPRM Extended Workshops 1.0
127/127
Prioritisation Tool
Important
Low
High
Time Priority Matrix