STRATEGY & RISK OVERSIGHT. David F. Larcker and Brian Tayan Corporate Governance Research Initiative Stanford Graduate School of Business

Similar documents
building a better board book

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Strategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.

Risk Management Policy

Enterprise Risk Management Montana State Fund

MANAGING RISK AT SUNCORP

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Aurora Energy Corporate Governance Disclosures

Mandate of the Board of Directors

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016

COSO 2013: Updated internal control framework

Plans for a Balanced Scorecard Approach to Information Security Metrics

Risk Culture: The Heart and Soul of Enterprise Risk Management

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

Current State of Enterprise Risk Oversight:

716 West Ave Austin, TX USA

2014 Integrated Internal Control Plan. FRCC Compliance Workshop May 13-15, 2014

Deloitte Governance Framework and Maturity Model

Risk Management in the 21 st Century Ameren Business Risk Management

Fraud Risk Management

MEASURING ENGAGEMENT TO UNLOCK YOUR COMPANY S COMPETITIVE ADVANTAGE

Enterprise Risk Management

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

Strong Risk Culture leads to Effective ICAAP

Enterprise Risk Management

IDI Internal Control System

Valuation, Economics & Modeling

What Makes a Successful Integration

Corporate Governance Statement

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com

A Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

Chapter 2: The Balanced Scorecard and Strategy Map Objective 1

KING III COMPLIANCE ANALYSIS

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

In the Middle East since. Capital Efficiencies Assessing the optimal solution to your Capex Programme

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Strategy and Objective Setting. Using the Balanced Scorecard รองศาสตราจารย ดร.นภดล ร มโพธ คณะพาณ ชยศาสตร และการบ ญช มหาว ทยาล ยธรรมศาสตร

CFO AS ADVISOR JUNE 16, 2014 MACPA. Copyright 2008 RIGHT ADVISORY LLC. All Rights Reserved

Instructor Background

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Make money, save money and manage risk

Managing Volatility. Risk in mining investment decisions. Managing Volatility

Asset Acceptance Capital Corp.

The Balanced Scorecard- A strategic Management Tool. By Mr. Tarun Mishra. Prologue:

The Ideal Proxy Statement

AUDIT COMMITTEE CHARTER APRIL 30, 2018

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

The New Realities of Executive Compensation in the Banking Industry

It s All About Strategy!

Risk Advisory Services Developing your organisation s governance for competitive advantage

Enterprise Risk Management Integrated with Strategy & Performance

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

CORPORATE GOVERNANCE FRAMEWORK

2014 Integrated Internal Control Plan. FRCC Spring Compliance Workshop April 8-10, 2014

State Street in the UK Pillar 3 Disclosure - Remuneration

AFM Corporate Governance Code

Culture: Why is it important?

Corporate Governance Statement

Achieving Business/IT Alignment through COBIT 5

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management

9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

Report on the Current State of Enterprise Risk Oversight

Governance Institute of Australia Ltd

Session 56, Model Governance: What Could Possibly Go Wrong? Part II. Moderator: David R.W. Payne, MAAA, FCAS

Strengthening Your Enterprise Risk Management Process

KING III CHECKLIST. We do it better

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

Risk Management Developing an Effective Audit Plan

Risk Management Policy and Framework

BALANCE SCORECARD. Introduction. What is Balance Scorecard?

Capitalizing on the Difference Between Project Management and Project Leadership

What works best in the boardroom

Process Management Framework

Enterprise Risk Management Aligning Risk with Strategy and Performance COSO ERM Framework Update

Risk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade

REMUNERATION DISCLOSURES Performance Year ended 31 st December Bank of America, N.A. Frankfurt Branch

Internal Control Integrated Framework. May 2013

Value-based Performance Management Approach & Application

GENERALI GROUP GROUP INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM VERSION 2.0

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Corporate Governance Principles 2015

EY Center for Board Matters. Leading practices for audit committees

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

Review of Operations and Activities: Listing Rule Guidance Note 10. Introduction. Issued: March 2003

2013 EXECUTIVE COACHING SURVEY

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

WORLD-CLASS AUDIT REGULATION November Big Four Inspections Report.

Developing an effective governance operating model A guide for financial services boards and management teams

Enterprise Risk Management

Governance SPICE. Using COSO and COBIT Process Assessment Models BPM GOSPEL

Risk Appetite Statement

Board Effectiveness and Culture

Transcription:

STRATEGY & RISK OVERSIGHT David F. Larcker and Brian Tayan Corporate Governance Research Initiative Stanford Graduate School of Business

STRATEGIC DEVELOPMENT AND OVERSIGHT One of the primary responsibilities of the board is to ensure the strategic guidance of the company. - OECD Directors should constructively challenge and help develop proposals on strategy. - U.K. Corporate Governance Code Directors consider strategic planning and oversight to be their most important responsibility. NACD How exactly does the board perform this function?

STRATEGIC DEVELOPMENT AND OVERSIGHT Strategy development and oversight involves four steps: 1. Define the corporate strategy. 2. Develop and test business model. 3. Identify key performance indicators. 4. Identify and develop processes to mitigate risk. Board does not perform these tasks (management does). Board evaluates and tests the work of management to ensure that it appropriately builds and protects shareholder value.

STRATEGIC DEVELOPMENT AND OVERSIGHT Management Board of Directors Proposes CORPORATE STRATEGY How will we create value? Reviews Develops BUSINESS MODEL How does strategy translate into value? Tests Identifies KEY PERFORMANCE INDICATORS How will we measure our performance? Monitors Identifies RISK MANAGEMENT What can go wrong? Reviews

CORPORATE STRATEGY Identify the organization s overarching mission. Identify the process by which the company expects to create long-term value. Scope: The activities the firm will participate in. Markets: The markets it will participate in. Advantage: The advantages that ensure it can compete. Resources: The resources required to compete. Environment: Market factors that influence competition. Stakeholders: Internal/external constituents that influence firm s activities.

CONSIDERATIONS IN DEVELOPING THE STRATEGY Strategy development may not be a formal (linear) process. Company might refine strategy over time (iterative) or stumble on strategy and articulate it later (random). Board needs to understand how the specific strategy was selected and when to change approach. Is management anchoring on current activities? Does the strategy bind the future too closely to the past? Does management understand the dynamics, pressures and resources required to achieve company objectives? Is there proper information sharing across functions?

BUSINESS MODEL Develop a causal business model that explains how the corporate strategy translates into shareholder value. A business model links specific financial and nonfinancial measures in a logical chain to delineate how the firm s activities create value. The business model lays out a concrete plan that can be tested through statistical analysis. It then provides the long-term basis for measuring management performance and awarding compensation.

EXAMPLE: INVESTMENT ADVISORY FIRM Customers invest more assets with the firm when they are satisfied with their advisor. How do investment advisors drive customer satisfaction? LEVEL OF COMPENSATION +++ ASSETS INVESTED CHALLENGE/ACHIEVEMENT ++ RESPONSIVENESS + + WORKLOAD/LIFE BALANCE + INVESTMENT ADVISOR TURNOVER CUSTOMER SATISFACTION + SENIOR LEADERSHIP ++ TRUSTWORTHINESS + + WORK ENVIRONMENT +++ KNOWLEDGE CUSTOMER RETENTION

CONSIDERATIONS IN DEVELOPING BUSINESS MODEL The business model is based on rigorous, statistical analysis (not management intuition). Board relies on business model to test management assumptions and satisfy itself that the strategy is sound. Board evaluates for logical consistency, realism of targets, and statistical evidence that relationships are valid. Board should be aware of challenges. Management might take shortcuts. Management might resist scrutiny. Relevant data might be difficult to obtain.

KEY PERFORMANCE INDICATORS Key performance indicators (KPIs) are the financial and nonfinancial metrics that validly reflect current and future performance. KPIs should be used to track performance and to award compensation. MEASURES USED TO DETERMINE CORPORATE PERFORMANCE ACCOUNTING METRICS % OTHER METRICS % EARNINGS 61% BUSINESS UNIT PERFORMANCE 3% SALES 24% CUSTOMER RELATED METRICS 4% PROFIT MARGINS 7% INDIVIDUAL PERFORMANCE 13% RETURN ON ASSETS 4% OTHER OPERATING METRICS 9% RETURN ON EQUITY 8% SAME STORE SALES 3% RETURN ON INVESTMENT 18% OTHER 80% CASH FLOW 11% ECONOMIC VALUE ADDED (EVA) 2% OTHER 17% NUMBER OF COMPANIES 1,128 Bettis, Bizjak, Coles, and Kalpathy (2013)

CONSIDERATIONS IN DEVELOPING KPIs Sensitivity: How sensitive is the measure to performance? Precision: How much measurement error is embedded? Verifiability: Can measure be audited or verified? Objectivity: Is measure objective (# of safety incidents) or subjective (level of employee commitment)? Dimension: Would measure be interpreted differently if expressed differently (#, %, survey scale, yes/no, etc.)? Interpretation: What attribute is measured (i.e., does product failure rate measure quality of manufacturing or design)?

HOW ARE BOARDS DOING? There is a surprising disconnect between the metrics that are important drivers of firm performance and the KPIs companies actually use to track results. >90% of directors believe nonfinancial KPIs are critical. <50% get good information on nonfinancial KPIs. There does not appear to be a good reason. 59% say that the company has undeveloped tools for analyzing such measures. If true, this is a serious lapse in oversight by boards. Deloitte (2004, 2007)

RISK AND TOLERANCE Risk represents the likelihood and severity of loss from unexpected or uncontrollable outcomes. Risk cannot be separated from the corporate strategy. They are intimately related. Each company must decide its risk tolerance. This decision should involve the active participation of the board. The risks that the firm is willing to accept should be managed in the context of the strategy. The risks that the firm is unwilling to accept should be hedged or transferred to a third party (insurance, derivatives, etc.).

RISKS TO THE BUSINESS MODEL The risks facing an organization are comprehensive and touch all aspects of its activities (operations, finance, reputation and intangibles, legal and regulatory, etc.) The business model provides a rigorous framework for identifying risks. By stress testing key linkages and assumptions, the board and management can determine what might go wrong and the possible consequences. Management can then develop very detailed risk management analyses around each key issue.

RISK MANAGEMENT Risk management is the process by which a company evaluates and reduces its risk exposure. COSO framework on risk management: 1. Internal Environment: Philosophy toward risk. 2. Objective Setting: Evaluate strategy in this context. 3. Event Identification: Examine risks of each opportunity. 4. Risk Assessment: Determine likelihood/severity of each. 5. Risk Response: Identify actions to deal with each. 6. Control Activities: Policies to support each response. 7. Communication: Create information system to track. 8. Monitoring: Review data from system and take action. Committee of Sponsoring Organizations (1990)

CONSIDERATIONS IN RISK MANAGEMENT The board has four important responsibilities in this area: 1. The board determines the risk tolerance of the company, in consultation with management, shareholders, stakeholders. 2. The board evaluates the company s strategy and business model in the context of the firm s risk tolerance. 3. The board ensures the company is committed to operating at an appropriate risk level. It relies on risk KPIs to help make this assessment. 4. The board should satisfy itself that management has developed necessary internal controls and that procedures remain effective.

HOW ARE BOARDS DOING? Survey data suggests that boards could stand to improve. Most companies do not integrate risk management and strategy. It is often treated as an isolated function (internal audit, risk management function, etc.). 50% have no enterprise risk management in place. Only 20% describe their risk management as mature or robust. 45% have no structure for identifying and reporting risk to the board. 38% do no formal risk assessment when developing strategy. Risk management might be delegated to the audit or risk committee, but it is likely best handled by the full board. AICPA (2014)

BIBLIOGRAPHY OECD. Principles of Corporate Governance. 2004. Financial Reporting Council. The U.K. Corporate Governance Code. 2012. NACD. Public Company Governance Survey. 2014. J. Carr Bettis, John Bizjak, Jeffrey Coles, and Swaminathan Kalpathy. Performance-Vesting Provisions in Executive Compensation. Social Science Research Network. 2013. Deloitte. In the Dark: What Boards and Executives Don t Know about the Health of Their Businesses. 2004. Deloitte. In the Dark II: What Boards and Executives Still Don t Know about the Health of Their Businesses. 2007. Committee of Sponsoring Organizations. 1990. American Institute of Certified Public Accountings (AICPA). Report on the Current State of Enterprise Risk Oversight: Opportunities to Strengthen Integration with Strategy. 5th Edition. 2014.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback