It makes absolutely no sense to try to optimize performance without taking into account risk. While you’re busy trying to cut a few percentage points out of your costs using Six Sigma or Lean Management, your entire company might get wiped out by “unforseen” events.
Anybody with a stock portfolio knows that you can’t ignore risk when trying to figure out how to increase your assets, and organizations are no different.
Do you, like me, wish you’d followed Nassim Nicholas Talib’s advice and kept all your money in treasury bonds? I read his books, believed every word, and encouraged others to read them — but still didn’t do anything about it.
Talib and others have used the analogy of “picking up dimes in front of a steam roller” — you make a living until one day the steam roller wins. Risk management gives you a chance to look around you while you’re picking up the dimes and see if you’re about to be flattened — or simply take the odds into account when you’re working on your revenue forecasts.
“Financial performance is a lag indicator. … Now we’re seeing the consequences of not making risk management a strategic part of strategy”
Technology vendors are now offering increasingly integrated risk and business intelligence / performance management porfolios. As Madan Sheina of Ovum mentioned in a recent article, Risky business for SAP:
“SAP underscored its commitment to the governance, risk and compliance (GRC) market at its recent GRC Insider event in Las Vegas, Nevada by unveiling new software designed to link supply-chain risk, trade compliance and execution across various industry sectors. SAP wants companies to embed risk into their daily business processes to help them proactively manage risk by operational exception management – what it calls “risk-adjusted strategy management”
Overall risk management can be integrated with operational processes such as Global Trade Services.
Another example of integration is risk-adjusted planning and budgeting — being able to easily create and compare budget scenarios that include expected average losses and risk mitigation expenses.
Finally, BI techniques are extremely useful for risk mitigation — especially fraud detection. In order to minimize fraud in your organization, you can use software to enforce separate of duties (i.e. making sure that the same person can’t both create companies in the system and pay invoices — it would be easy for them to create fictious companies and syphon off money). But you can also use analysis and reporting to spot any type of strange behavior.
For example, one software company I worked with put in place new sales compensation rules that were designed to make sure the direct and indirect sales teams worked closely together: both the direct sales person and the partner lead would receive credit for the deal. Unfortunately, some direct sales people pushed deals through a partner, even when they hadn’t been involved, and split the (higher) total commission under the table with the indirect rep. The company only spotted the behavior at the end of the year — using more proactive reporting and analysis, they might have noticed the sudden spike in double commissions.
I typically find that organizations that are implementing and managing BI systems have almost nothing to do with the teams that are concerned with risk (who are typically more in the finance area). But that’s no excuse for ignoring risk integration. If you’re in charge of a BI project, you’re responsible for optimizing information use, even if you don’t own a particular technology area.
If you haven’t yet looked at GRC as part of your BI implementation, you should ask yourself the question: “can my organization really risk NOT doing this?!”
Other posts on risk: