The Knowledge Exchange / Risk Management / GRC, business strategy, and the Board

GRC, business strategy, and the Board

Arm your board of directors with a knowledge playbook including competitor and industry analysis, SWOT, risks, financials

Clark Abrahams, Chief Financial Architect, SASPerformance management, corporate strategy and risk management collectively represent the main ingredients to the corporate recipe for creating sustainable long-term value.  Furthermore, strategic planning was the number one issue for directors in 2010, according to the 2010 NACD Public Company Governance Survey.

Strategy attempts to balance the corporate risk appetite with business opportunities to produce desired shareholder returns and enhance the long-term value of the enterprise. Strategy formulation involves a rather involved planning exercise that reflects the core mission of the enterprise. Business strategy drives out key objectives and quantifiable measures of goal attainment, identification of required business elements (e.g. products, services, capital investment, resources, markets, distribution, customers, and so on), scenarios (economic, competitive, market, environmental), sets of assumptions, performance metrics (sales volume, revenue, market share, profit, shareholder value, RAROC, ROI), forecasts, alternative courses of actions, assessment of internal strengths and weaknesses, in addition to opportunities and threats, and finally enumeration of major risks and mitigation strategies.

Boards need to be involved in strategic planning from the beginning. Oftentimes there is a board committee whose focus is strategic planning. In general, strategy has linkages to several standing board committees: First is Nominating/Governance, where strategy overlap occurs relative to board composition, evaluation, shareholder communication and board committee assignments. Second, is Audit, which oversees financial impacts, risk assessment and risk intelligence. Third, is Compensation, where performance criteria are formed and applied (especially relative to the CEO).

CEOs are responsible for crafting strategic direction, making recommendations, and possible alternatives, and sharing them with the board. The CEO and management team also provide the board with context, such as competition, market positioning, and so on. It is management’s responsibility to monitor and deal with risks embedded in the strategic plan. Boards know that management of those risks is required for successful strategy execution. The board is responsible for reviewing plans, suggesting changes to strategy, approving, and monitoring strategy performance during execution.

In my own experience as a CRO reporting to a board, and as a Board Director, I have found that a necessary prerequisite for corporate strategy is for the members of the board to be well versed in the business of the firm, the manner in which the firm creates and monetizes value, and the industry in which it operates. You can think of it as a “playbook” that can be shared and ensures that every board member has a “level set” of knowledge upon which to inform perspectives and opinions. This is especially important for relatively new directors who may not be industry subject matter experts. Major headings in this hypothetical playbook would include such things as:

  • Mission, Key Objectives
  • Strategic Assessment (Market and Competition, Products and Services, Management and Organization, Operations and Partners, Strengths and Weaknesses, Opportunities and Threats)
  • Strategy (Do-Nothing, Conservative/Protective, Aggressive/Grow Business)
  • Scenarios (Worst Case, Most Likely, Best case)
  • Pro Forma Financials
  • Risks and Solutions

With a foundational knowledge of the business, the market position of a company and consideration of the current and future business climate, board members can begin to ask a number of relevant questions about strategy. The following come immediately to mind:

  • What are the key strategy assumptions and the level of confidence placed upon them?
  • How does the company stack up to the competition?
  • What risks are inherent in each strategy?
  • What are the emerging opportunities and market trends?
  • What level of investment is required and how much of the firm’s capital is the strategy putting at risk?
  • What sorts of alternatives exist?
  • What is the downside associated with a strategy (e.g. potential disruptions, earnings decline, increased turnover)?
  • What is the upside associated with a strategy (e.g. increased market share, boost in shareholder return)?

Boards provide management with insight based on experience and expertise in business affairs. For more about the board’s involvement in strategy, the NACD publication entitled “The Role of the Board in Corporate Strategy” is most helpful.  The board is an emerging persona that possesses clear business pains and identifiable pain drivers, which can be addressed by a GRC solution.

Relative to governance, risk, and compliance (GRC), and enterprise risk management (ERM), it is widely accepted that any corporate GRC or risk management program must address strategy.  Relative to a GRC solution, you may be wondering how technology can play a role.  Strategy is an evolving GRC area.  The strategy officer also represents an emerging solution persona.  Manoj Kulwal and I presented our thoughts on integrating risk management and business strategy in a one-hour webinar that provides illustrative examples of how strategy meshes with GRC.  I will have much more to say about business strategy in future posts.

Note: Originally published on The Principled Achiever blog. Edited for length and republished here by permission.

Tags: , ,
  • Facebook
  • del.icio.us
  • Twitter
  • Digg
  • LinkedIn
  • email

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>