Communicating corporate objectives and the strategic plan is a key consideration in the governance of an organization. Promoting effective communication throughout the organization is essential as it establishes a “Tone from the Top” that is consistent with good governance.
Communicating corporate objectives is easily facilitated through enterprise risk management processes. Most companies have a succinct statement of corporate strategy that includes a statement of objectives. Objectives emanate from or are included within a statement of mission (the company purpose) and/or a statement of vision (where the organization wants to be within one to five years). When risk management embraces corporate objectives, the objectives themselves become a starting point for the determination of risk. No matter what level of the company where risks are contemplated, once objectives are defined it is a natural follow-on to think in terms of what are the risks to meeting each objective in terms of an employee’s role and level within the company.
When risks are aligned with corporate objectives, organizations ensure that each risk (along with its treatment costs and related process costs) is in line with corporate revenue and profit expectations. It also ensures that no risk or related treatment activity is in opposition to corporate strategy and therefore that no risk is in opposition to revenue and profit expectations.
The benefits of linking corporate strategy to risk management include:
- The costs of risk treatments (whether mitigated, transferred, accepted or avoided) are always in alignment with revenue and profit expectations.
- The cost of risks and risk exposure is measured and compared in a way that supports the strategic plan.
- The communication of corporate strategy is inherent in the risk management process and serves to enhance the maturity of corporate governance.
- Each level of the company that participates in risk management thinks in terms of how their processes and risks align with corporate objectives.
- The risk assessment and analysis process addresses operational and compliance considerations (and their associated risks) to ensure alignment with corporate strategy.
- Determining risks is often easier when first considering an objective, such as “What are the risks that will prevent me from achieving [fill in the blank]?”
When the risk determination process starts with company objectives and is associated with operational risks and compliance risks, risk determination is naturally aligned with corporate strategy. Once defined, all risks are assured to be associated with a corporate objective and therefore all risk treatment plans and associated costs are directly measurable to corporate strategic planning and revenue and profit expectations.
Linking corporate strategy to risk management is simple: Create an assessment that captures corporate objectives in your risk management software system, and then link it to the associated risks. For more information on how Cura Software can help you connect corporate strategy to risk management, click here to contact us.
Posted by Steve Money, Professional Services, Cura Software
Comments