more-arw search

Strategic Alignment Across the Enterprise Video

Strategic Alignment

In anticipation of ProformaTECH 2014 we are introducing you to some of the best presentations from past Proformative Conferences.  If you haven't already, please visit the ProformaTECH conference page and discover the amazing lineup and content we have planned.

In this video, Michael Lortz of SAP discusses alignment in business strategy at an enterprise level.   He goes into great detail about enterprise risk management (ERM) and it's importance to the company.  Watch the video for the full talk...

Interested in learning more about topics just like this?  Sign up for ProformaTECH 2014 today.

Full Transcript:

Probably the most comprehensive of these studies tells us that 80% of the ERM is immature if you look out at the different companies. They serve nearly 500 different companies. It is bit of an older study. It is the most comprehensive. It's a really good rate and somewhat straight forward.

There is also evidence of immaturity in this report where they tell us that 28% of companies, only 28% I should say, regularly report on risk to top executives and use a systematic approach.

What that means is that over or I guess it's nearly three quarters here we have of the rest don't have those formal practices in place. At best they have siloed risk practices without effective communications out to executives and Board.

And if we look beyond this 33% or I guess I should say only 33% of companies are satisfied with their risk management results. In particular, this talks about risk oversight process which is not reporting to the Board which is so critically important and top executives.

Moving on here, we can see that the majority of companies here are really successful in achieving their objectives. I want to point out two very important lines here.

The first of those is their ability to seize real business opportunities through their risk management program.

The second is the third line here, which is identifying risks across the organization.

I'll leave it to you guys to take a look at this. We certainly can provide the content for you to peruse.

Risk programs aren't altogether successful. At the same time we see a variety of different leaders inside of organizations asking for more. The resounding tone that we hear from organizations is that "we need to improve our risk management. We need to make advances."

Companies are really looking for help. There are also standards. We talked about some of the frameworks, but there is also pressure, if you will, from outside organizations. It's not just coming from internal organizations.

You may be familiar with a couple of these here. FSA is an organization in the U.K. that focuses on financial services. It's called the 'Financial Services Authority'. Then there is the organization for Economic Cooperation and Development.

Of course, NACD has a strong voice to directors to talk about the value of risk management organizations. We already touched on it.

Let's just review really quickly where the state of risk management and more broadly risk and compliance in organizations. There's really appreciation in for the need and the value of risk management but programs haven't really taken a strong hold inside of organizations, both large and small.

I think the results of the little, incredibly informal, survey here is proof of that. Companies want to go further. They want to know what they can do and we believe in talking to our customers that companies are looking for very practical guidance.

They want to know what to do. They want less academic information about risk management, what risk cap and type, risk capacity. They want more of recipe. They want more of a guidebook on how to put risk management practices into place. Leaders are basically asking for help.

Let's explore what they need. We believe that they primarily need three things or it falls into three categories. They need actual ideas. Things like roadmaps that are less theoretical as I mentioned.

They need very practical guidance. Things like case studies and examples from companies that have been successful. We'll have the great pleasure of hearing from Bruce later on, about the success that they had at Sybase with their risk and compliance programs.

Then, they need very simplistic information. As I said before, they want that recipe, that how-to that gives very clear guidance on what to do. On top of that, we believe companies want contacts.

They want, in essence, content for their particular risk scenario, maybe an industry scenario could be for a particular line of business, maybe even a finance scenario.

Now, let's just quickly take a look. One of the things I wanted to do to prepare for this discussion here today, knowing that we'd be talking to finance leaders is the sort of comparing contrast, the success and standardization we have within the finance practice to risk management across a couple of different dimensions here.

If we just look at this, for example, we have trained and certified professionals worldwide across the world for finance.

In risk management the profession is emerging. You can't take a class. Maybe, nowadays you can. If we rewind 18 months you probably can't take a class at many universities on this. There is a lot of diversity here. There is ad hoc nature to the training that's available.

If we look at finance, it's governed by specific rules and practices. There is the alphabet soup that you guys are incredibly familiar with starting with an SEC, AICPA, GAP, IFRS, I could go on and on.

That doesn't exist for risk management. There is a ton of, I don't want to say a ton. There is an enormous diversity in the practices as you move from company to another that you won't see inside of the finance organization. There isn't that standard.

There's audits, there are very standard audits performed by independent external auditors for financial reports as well as internal control. That isn't the case for risk management. Neither the reports nor the practices for risk management are audited.

There is a ton of Board involvement that is mandated in many geographies especially here in the U.S., by legal mandates. There is Board involvement in risk management. We are starting to see risk committees. We certainly see audit committees on Boards but there are no legal mandates.

I've sort of given them half credit here. Of course for finance, there are incredibly standard reporting formats that you're using, not only the public financial reports that you issue but the standards or methodologies that you use for the internal management reports, that doesn't exist for risk management.

There is no standard there. In fact, it's interesting to go and talk to a company. You'll find that the risk reports are sort of hidden away. The practitioners aren't on purpose but they may even seem elusive.

Then the last way here is they are supporting technology for [sure], that's been in place, very mature for finance. For risk management, it's there but there is no standard with regards to how it's adopted and how content is used in conjunction with the risk management technologies that exist today.

I think it's really interesting to consider the strides that we as a group can make, whether it's the vendors, the system integrators, as well as your companies can advance the practice of risk management here and contrast that with finance.

The next thing I want to take a look at is what else is needed. Coastal outlines these seven key success criteria that you can see here. Much of the advice is worth taking. Bruce is going to be talking about the involvement from the very top at Sybase and the success that played in the success of their risk and compliance programs. There is no doubt that that is critically important.

What I want to spend a few minutes talking about is, where do you start with risk management? What risks do you start with? I think we heard some great examples from Thack this morning about focusing risk efforts.

There too often are 'boil the ocean' approaches. I'd like to contrast that with an alternative that I will introduce to you here this morning that we call "the three value questions.' In linking your risk management efforts and priorities, where do we start and, maybe, where do we end as well of linking to value?

Thack talked about it when he talked about the risk part of his presentation this morning, two areas that he focused in. He said, this is when he was talking about maybe jumping off of the building and how depressing that was. He didn't need to hear about economic downturn and the impact of global climate change and the sea rising in Latin American markets.

He said he really wanted to focus on two things. He wanted to focus on revenue recognition and our ability to deliver our product and get our revenue from our customers. Secondly, key customer projects.

I'm going to suggest that these are two primary value drivers that we link to our risk management efforts too in Latin America. The first of those is customer satisfaction. The second is risk.

We're going to offer this alternative that we call 'the three value questions'. This really starts with instead of looking in every corner of your organization for every risk that popped up and have that list that Thack talked about, focusing on the value drivers.

Asking yourself three questions. The first of those questions is, where in your business do you drive value? What portions of your business are actually creating value? That could be revenue value. It could be shareholder value. It could be the accumulation of competitive advantage. It could be the relationship that you have with your customers. Really, it could be anything.

The second question is, what drives that value? What business processes and activities are you engaged in that specifically allow you to achieve the creation of value?

Then the third question is, what uncertainties, what risks current or future are linked to those areas that drive value and could potentially keep you from achieving your objectives in those areas?

My suggestion, just for conversation's sake here today, is focus your risk efforts. Focus your prioritization, linking risk to value.

Don't miss next year's action at ProformaTECH 2014, where you can learn how to leverage technologies to maximize business results.

Products and Companies: