Protecht.ERM Showcase: Manage the full lifecycle of risk management in one system
Register Now
  • The accountability of an organisation for its performance is limited by a narrow focus on its financial performance.
  • Developments in risk management and accounting provide a practical solution for measuring true performance using a mix of reward, risk and risk appetite.
  • Measuring true performance requires the measurement of both risk and reward across each stakeholder.

spaceships-prince-charles-and-reporting-truer-business-performance (1)

When I started my career as a chartered accountant, it was instilled into me to assess financial performance using debits and credits as a basis to determine the performance and financial position of an organisation. I practised as an auditor for over a decade, helping to form an opinion as to whether the financial statements showed a ‘true and fair’ view of the organisation’s performance and financial position.

During this time, a few things always bothered me:

  1. What is performance? As accountants, we were solely worried about the financial performance but what about the non-financial performance?
  2. The performance we show as accountants is an historical record of the ‘to date’ financial impact of past decisions. We do not show the true impact of decisions that have been made as to how they are expected to affect future time periods.
  3. In addition to the expected future impact of past decisions, what about the degree of uncertainty there is around the expected impact, that is, risk?

Who was, and is, assessing and auditing these? The quick answer was no-one!

In short, traditional accountability of an organisation for its performance covers a very limited view of its financial performance. It is missing so many other components and therefore cannot reflect the entity’s ‘true’ performance.

Spaceships and ‘true’ performance?

The analogy I like to use to understand ‘true’ performance: is that of a spaceship.

Imagine your organisation is a spaceship. It is cruising through space and interacting with its environment. On the outside surface of the ship, there are holes (entrances and exits) through which things pass both in and out. This is how the ship (your organisation) interacts with its environment. So,
what are the key entrances and exits?

The ‘true’ performance of the organisation is the net of all the positive and negative ins and outs across all interactions, in a given period.

Entrance/Exit Spaceship inflow and outflow Organisation inflow and outflow
1. Financial Monetary value both in, from funding and revenue (if the ship generates revenue) and out from expenses, salaries, funding repayments, fuel etc. Monetary value both in from revenue, funding, grants etc, and out from expenses, salaries, loan repayments, taxes etc.
2. Employees Human capital both in, from crew joining the ship and coming onto work shifts and out from leaving the ship and clocking off at the end of the shift. What is their level of satisfaction, well being, physical and mental health, intellectual and financial value between coming in and going out? Human capital both in, from employees joining the organisation and coming into work each day and
out from leaving the organisation and finishing work each day. What is their level of satisfaction, well-being,
physical and mental health, intellectual and financial value
between coming in and going out?
3. Customers If the ship is being used by paying passengers for transport, the inflow is financial through payment for services and goods and outflow is the degree of satisfaction with the trip and service. Customer satisfaction from the net in and out. In through payment for goods and services and out, the degree to which the goods and services met their needs.
4. Regulators The compliance requirements for the ship flow in and the level of adherence to those requirements flows out. Compliance requirements flow in and degree of compliance flows out.
5. Vendors/partners/third
Goods and services such as fuel, supplies, maintenance etc. flow in and financial payments and supplier relationships flow out. Goods and services flow in and financial payments and supplier relationships flow out.
6. Society Depending on the purpose of the ship outflows may include such things as research and an increase in human knowledge etc. What the organisation takes from society flows in and what it adds to society through corporate social
responsibilities etc, flows out. These flows can be both financial and nonfinancial. Financial will include tax
payments, grants, charitable donations etc and non-financial will include such things as benevolent
community service etc.
7. Environment The ship will take in raw materials such as fuel and pass out such things as waste. Environmental inflows will include such things as raw materials, energy, food and outflows, waste, pollution, environmental renewal projects etc.

The ‘true’ performance of the organisation is the net of all the positive and negative ins and outs across all interactions, in a given period. Over time, there will be trade-offs between the holes. Training, for example, will lead to a depletion in financial resources but an increase in intellectual resources. Value is created and positive performance achieved when there is a net excess of value increases over value decreases.

The issue is, we traditionally have had hundreds of accountants measuring every in and out around the financial hole but no one watching or measuring the ins and outs of the other holes.

If we now wish to add in the impact of decisions made on future periods, we need to add in risk.

Definition of performance

The Business Dictionary defines performance as ‘The accomplishment of a given task measured against preset known standards …..’ These standards are the organisation's objectives. A traditional view of performance is, therefore, the degree to which the organisation meets the set objectives. This gives us a wider measure of performance but it is still historical looking. If we now wish to add in the impact of decisions made on future periods, we need to add in risk. Risk is the ‘the effect of uncertainty on objectives’ and it manifests itself in the future.

True performance should therefore consider:

  • both reward and risk
  • the effect of past decisions on future performance, that is, the recognition that true performance also needs to take account of the performance over the full life of any decision.
  • all types of reward, not just financial rewards
  • the rewards and risks of all stakeholders of the organisation, not just the shareholder.

Looking back, one of the reasons I transitioned from accounting into risk management was my passion for overcoming these shortcomings.

The role of risk management in better performance reporting

What does risk management give us regarding a ‘truer’ view of performance?

Firstly, the level of risk taken in achieving the reward is recognised. This allows risk-based performance to be identified — not just reward-based performance.

Secondly, the recognition of risk allows the recognition of the uncertainties around the achievement of objectives. This provides an understanding of the future impact of past decisions.

Thirdly, enterprise risk management encompasses both non-financial and financial risk. This means that as risk managers we recognise the non-financial objectives. These are defined as the various impact/consequence types. These typically include:

  • customer satisfaction
  • employee satisfaction
  • people safety
  • reputation
  • compliance
  • social (CSR)
  • environmental.

Lastly, the range of reward and risk impact types ensure that all key stakeholders are included in a true performance assessment:

Stakeholder Primary objectives/risk impact types
Shareholder Financial objectives: (profit and loss, financial stability, share price).
Customer Customer satisfaction
Employees Employee satisfaction, people safety
Vendors, third parties  Financial stability
Regulators Compliance
Society CSR
Environment Environment (carbon emissions, energy use etc.)

Where does Prince Charles fit in?

HRH Prince Charles was concerned about the lack of reporting by companies, in which the royal family invested, on how they impacted society and the environment. As a result in 2006, he started the ‘Accounting for Sustainability Trust’. This led to the formation of the International Integrated Reporting
Council (IIRC) whose chairman is the father of governance and risk management from South Africa, Mervyn King.

From here, the ‘Integrated Reporting’ movement was born which seeks to address the serious shortcomings of current accounting practice to show ‘true’ performance. In short, integrated reporting is measuring all of the ins and outs across every hole in the spaceship. An integration of all value-adds and value-subtracts.

The International Integrated Reporting Framework addresses these concepts as follows:

  • Each value type is a ‘capital’. This covers financial, manufactured, intellectual, human, social and relationship and natural.
  • It focuses on performance over the short, medium and long terms and therefore a future orientation.
  • It seeks to explain how the organisation interacts with its environment over time.

The alignment of accounting and risk management to determine true performance

With these developments in risk management and accounting, we can start seeing a practical solution for measuring true performance using a mix of reward, risk and risk appetite.

The Australian Prudential Regulation Authority (APRA) in its Prudential Inquiry report into the Commonwealth Bank of Australia (CBA), highlights the concept of the ‘voices’. I like to use this concept to bring together all of the above to provide a true view of performance.

So, what are the ‘voices’?

Each stakeholder has a voice, the voice of the customer, the voice of the shareholder, the voice of the environment etc. Each of these voices has two parts, the voice of reward and the voice of risk. The true performance of an organisation is, therefore, the aggregation of all of the risk-based rewards across all

It is interesting to note that the CBA was highlighted by APRA as having a sustained period of financial success. Financially they are a high-performing bank. However, APRA highlighted that the voice of finance was much louder than the voice of the customer or the voice of risk. Given the current enforceable
undertaking and the remediation effort in progress, it reflects that the ‘true’ performance was perhaps somewhat lower once all of the other non-financial and a wider range of stakeholder risks and rewards were taken into account.

Risk and reward information across the various stakeholders should not be viewed in isolation but instead brought together to provide a balanced snapshot of all the things that matter.

Moving to a practical solution

There are clearly many difficulties in practically implementing a truer measure of performance. The key challenges are how non-financial rewards and qualitative risks can be measured. There will no doubt be much development in this space over the next few years. However, there is plenty to do right now if you wish to begin measuring the true performance of your organisation. The following is a list of considerations to get you started.

  • Have you clearly identified all of the stakeholders of your business?
  • Have you clearly identified and articulated the range of rewards and risks you bring to each stakeholder?
  • Do your strategic and business plans take into account reward objectives for each stakeholder?
  • Does your risk management framework adequately cover all stakeholder risks, both financial and nonfinancial?
  • Are your objectives measurable, so that the performance against those objectives can be measured and reported?
  • Are your risks, both financial and non-financial being measured?
  • Do you have adequate management information systems to be able to collect and report information on risk and reward across all stakeholders?
  • Does your risk appetite provide thresholds for both key performance indicators (KPIs) and key risk indicators (KRIs) to allow ‘zoned’ reporting (red, amber, green RAG reporting is an example) for both risk and reward?
  • Is your reporting adequately bringing together the risk and reward information across all stakeholders? An example report is shown below.

This highlights that the voices of shareholders and employees are most keenly heard while the voices of the customer, regulator and suppliers are not being prioritised. It also shows the voice of reward (KPIs) is louder or preferred to the voice of risk (KPIs).

This highlights that risk and reward information across the various stakeholders should not be viewed in isolation but instead brought together to provide a balanced snapshot of all the things that matter.

In conclusion, risk management should not be viewed in isolation or as just a compliance/risk process. Its true value is much more than that. Measuring true performance requires the measurement of both risk and reward across each stakeholder. Does your enterprise risk system encapsulate the reporting of all risk as well as reward and present it in a manner that truly integrates the risk/reward performance across all stakeholders?

This article was first published in the November 2018 issue of Governance Directions, the official journal of Governance Institute.

Related Articles

feature image
Compliance Management, Protecht News & Events, Risk Management, Risk Reporting, Videos, Compliance Professionals

Modern Slavery - Being Prepared

Do you know what the Modern Slavery Act is and how it will impact your business? We had the opportunity to have Associate Professor Justine Nolan...
Read more
feature image
Risk in Motion, Risk Reporting, Videos, Risk Management Framework

Understanding RiskInMotion: How to bring all your risk information into one dashboard

Risk is always in motion - its measurement is forever changing. In this webinar, David Tattam and David Bergmark talk about how using dynamic...
Read more
feature image
Protecht News & Events, Risk in Motion, Risk Reporting, Videos, Internal Audit

Auditing your Control Framework - SOPAC 2019

How do you encourage your staff to embrace risk and controls? In this recording, David Tattam talks about how understanding the dynamics and...
Read more