Exceptional Performance. It is the ultimate goal of any Chief Executive, and yet year after year, the numbers say most organizations ultimately miss the mark.
Are you getting the results you expect?
Are you really doing everything you can to focus on consistently achieving exceptional performance?
It starts with the basics
If you want to build a skyscraper that stands the test of time, you make sure you start with the right foundation. If you don’t have the right design, the right materials, or the right number of supports, it won’t be long before your building collapses in a pile of rubble and your investors are out a ton of money.
Naturally, consistently achieving exceptional performance requires the same thing. In this case, the 4 foundational elements are:
- Risk Management
- Legal & Regulatory Compliance
- Corporate Governance
If any one of those aspects doesn’t exist in the right balance with the others, the inevitable collapse of your organization and the associated negative investor impact is waiting around the corner.
You don’t want that, and neither do we. That’s exactly why we’ve built our business around supporting you in these 4 areas.
To ensure it doesn’t happen to you, it is essential to understand precisely what each of those terms mean, how they’re related, and what you can do to build your own processes and structures that naturally gives each aspect the proper focus.
Passing the execution test
What’s the point of spending time and money creating the perfect strategy if you’re not sure you can actually execute it? Ensuring a strategy is actually feasible – even if your strategy involves doing things nobody has ever done – is a critical part of the strategic planning process, so why is it one of the biggest mistakes made by organizations implementing their strategy is not having the right resources in place?
If your strategic plan doesn’t have a top-level implementation plan describing your approach to ensuring what you want to do actually gets done, you’ve failed even before you start communicating your plan to the organization. It’s actually simple: if you don’t establish the rules of the game, there’s no way in hell the people in your organization – no matter how hard they try – can deliver your objectives. It just won’t happen.
Strategic planning and strategy implementation may be different things to consultants, but they can’t be different things to you.
To be confident your plan will get implemented, you need to understand all the areas of uncertainty involved or implied in achieving your business objectives. Where there’s any uncertainty, it means you’re dealing with risk. Therefore, successful strategy execution requires managing risks, not just following the plan.
Strategy execution is Risk Management
Yet, Risk Management isn’t necessarily strategy execution. Strategy execution is effectively managing the risks associated with achieving your business objectives. It is not effectively managing all the risks you can identify.
In many organizations, risk has two primary characteristics:
- it’s always a bad thing, and
- it’s managed by a whole team of people specializing in risk.
If this is the way you think about risk, you’re in trouble.
Risk exists wherever there’s any uncertainty around achieving an outcome. Risk isn’t just what bad things might happen. Opportunity is the other side of the traditional, negative view of risk. It’s what happens when we get more of what we want than we expect. Negative risk, or “downside” risk, is what happens when we don’t get what we expect.
While getting hung up on the first point won’t necessarily get you in too much trouble, getting the second one wrong is fatal.
There are many types of risks, but the type that is the biggest influence of success or failure in strategy execution and ultimate business performance is Operational Risk. It’s also the one that’s least understood.
How big is your Operational Risk team?
Operational Risk is any deviation from successful business execution. You expect you will succeed in implementing your strategy or you wouldn’t have created it in the first place. Operational Risk pervades everything your organization does because it’s about people—it’s the risk of business failure due to human error.
Again, how big is your Operational Risk team?
In practice, your Operational Risk team includes everyone in your extended enterprise. That’s everyone in your organization: all your board members; all your suppliers; all your partners; your shareholders and investors; and even your customers–past, present and future.
The good news is that you’re now part of a select group who understands how risk and strategy fit together, so you have the edge over everyone else. The better news is that effectively managing operational risk isn’t impossible. All you need is to have the right tools and know-how. That’s just another way we can give you what you need to deliver exceptional performance.
Compliance: the tax you pay for everyone else’s mistakes
A long time ago, I read an interesting anecdote about contracts. It went something like this:
Every contract tells a story, and the story it tells is the history of every problem the author of the contract has ever faced when doing this type of transaction.
The story of compliance is much the same. The specific legal and regulatory obligations you must follow tell a vivid story of the history of how doing business in an industry or jurisdiction has all gone horribly wrong. In fact, things went so horribly wrong and enough people were upset about it that the long and onerous process of actually drawing up and ratifying legislation or industry regulations was worth the hassle.
Compliance is something you unfortunately can’t avoid. Compliance is like starting your car’s engine before you can actually go anywhere. It’s necessary, so we might as well just accept it and move on.
The worst part about compliance, however, is that it’s getting a little out of control—especially in the US. Because of the scope and impact of some of the most recent business and economic failures, the world seems to have adopted a “Mother Hen” approach with politicians and industry experts trying to enumerate every possible behavior of an organization takes as part of whatever it is you’re actually trying to do in the first place.
It’s easy to get lost in the whole compliance exercise too. If you can name an aspect of your business or industry, there’s probably a whole slew of laws, rules and regulations that apply, intersect, cause confusion and otherwise present opportunities to get you and your organization in trouble.
The two most important things to remember about compliance are:
- compliance requirements exist only because of previous, high-profile failures to “do the right thing”, and
- being “compliant” is a matter of demonstrating you have appropriate controls in place to make sure you’re “doing the right things”
Compliance forces you to demonstrate you are appropriately managing the risks leading to past business or humanitarian failures in every jurisdiction in which you have customers, employers, partners, suppliers or shareholders. It really isn’t any more complicated than that.
The trick is to stay focused on “the right things” – the objectives you want to achieve – and to put in place the right framework and approach allowing you to maintain focus in the face of ever-changing and seemingly never-ending compliance requirements.
Part of what we do is provide you with this framework so that mapping compliance requirements to existing controls is the majority of what you need to do to demonstrate compliance with the relevant legislation. Once this has been done, it’s pretty easy to identify the gaps where new compliance requirements merit deployment of new controls.
Compliance is complex, but it doesn’t need to be as hard as it often is.
Corporate Governance: much more than “tone at the top”
In today’s high-pressure business environment where the lingering effects of the biggest world-wide financial crisis since 1938 are still felt every day, a new, more proactive approach to corporate governance is not only necessary—it’s essential. After more than 14 years of high-profile misconduct, fraud and scandals rocking some of society’s core institutions and service industries, it is well past time to admit the traditional approach doesn’t work.
Boards are accountable for the overall performance and ethics of the organization, however they can only function effectively if there is a healthy and effective relationship between the board, executive management along with the organization as a whole.
The strength or weakness of an organization’s corporate governance may not be evident during clear sailing, but it is what will ultimately determine how well the organization weathers regional or global economic storms.
How confident are you about your governance capability?
Governance today is viewed in many different ways dependent on the country, industry and individuals participating. Some industries such as banking have attempted to ensure good governance through voluntary industry regulation like Basel II and Basel III, yet nearly 20 of the world’s largest financial institutions went bankrupt, were nationalized, absorbed through acquisition or were dramatically restructured during the global financial crisis.
Yeah, that worked well.
The core issue – as highlighted in other areas above – is focusing on the wrong problem—in this case, the financial aspects of risk.
The main focuses of the Basel accords are bank capital adequacy, stress testing and market liquidity risk. The clear implication is that financial risks are the only ones that matter, despite the extensive enumerations and discussions of other risk types.
Most of the emphasis and focus on corporate governance eventually comes down to the Audit Committee and Internal Audit functions. The result: today’s corporate governance is actually hampered by an audit-centric view of risk oversight that is biased by a financial-centric focus on risk ingrained in the origins of the audit function itself, first documented in 1314—exactly 600 years ago!
The entire function of the modern audit is to determine whether there is reason to believe the financial statements of the organization in question accurately relate the entity’s financial performance for the year and then to determine and enumerate the major audit risks that would result in the auditor issuing the wrong opinion.
While historically, “reporting the numbers” to external owners and investors of the firm may have been sufficient because of the relatively straightforward link between operations and results, this is certainly no longer the case for most of the world’s medium and large firms.
Internal audit is also often a bit of a mess in most organizations, although not always for lack of efforts by the internal auditors themselves. Generally under-funded, understaffed and without much positive visibility, internal auditors often work under ill-defined charters, don’t have adequate skills for the job and lack the independence required to positively contribute to the organization.
In the end, internal audit often relies on external audit, and therefore suffers the same financial bias towards risk and controls.
Everyone ostensibly wants the same goal – sustainable, exceptional performance – and yet everyone ends up going about it in dramatically different ways, with little or no coordination. The boards that do care have overstretched non-executive directors and no consistent way to exchange relevant information required to perform their function, leaving overall assessment and assurance of the effectiveness of the organization to instinctual judgements.
Are we really to believe this is what corporate governance should be?
I don’t think so.
Effective governance by the board is essential in today’s organizations. The board must not only fully understand the business environment of the organization and its extended enterprise so they can establish the operating framework, approach to risk, ethical standards, compensation policies and assurance practices, they must also act to ensure their principles, directives and practices are fully integrated into the day-to-day activities of the firm.
It is no longer acceptable to answer the question of who is accountable for whether the organization reacts appropriately – and in time –to turbulent events with finger-pointing and a deafening, “not me.”
It can be different. The global economic conditions demand it is different.
A common framework and methodology exists to enable such a change, and, once adopted and implemented, it makes effective governance easier and more consistent. It makes it more transparent, and that makes accomplishing the goal of maintaing long-term shareholder value through exceptional performance the norm, not the exception.
4 Foundations, working together in harmony to support your success
Only through taking a balanced and complete view of the individual foundations and understanding how they fit together can result in exceptional performance. It’s about equal focus, not equal measures.
Governance establishes the rules and sets the parameters and priorities for managing the risks facing the organization. Compliance is demonstrating the appropriate and necessary controls are in place for operating within the industry and locale. Strategy sets the direction within the organizational constraints of governance and compliance, and strategy execution chooses the best course around expected and unexpected obstacles through calculated and coordinated action in the unfolding and ever-changing business environment.
Four foundations, bound by a consistent approach to risk management, delivering exceptional performance.
It can be different. Let us help.