Integrating Risk with Business Planning

by Jim DeLoach


While some may use the two terms interchangeably to describe the same process, “business planning” is distinguished from “strategy setting” in two fundamental ways.

First, strategy setting establishes the enterprise’s overall strategic direction, differentiating capabilities and required infrastructure to make those capabilities a reality, whereas a business plan lays out how the company intends to execute its strategy.

reputational compliance

Second, the business plan is often developed in the context of a shorter time horizon (say one year or the operating cycle, if longer) than a longer-term strategy. Some companies have a rolling multiyear business plan (three years, for example) that takes on the appearance of a continuous strategy update. Our focus here concerns a shorter-term business plan, such as an annual plan driven by the budgeting and forecasting processes.

In a business plan, it is critical to define the inherent soft spots, loss drivers and incongruities that could dramatically affect performance and adversely impact execution. In addition, the budgeting and forecasting processes supporting the business plan must be effective in managing liquidity risk to ensure the organization’s solvency. With respect to the selected business planning horizon, ensuring that the plan itself can be delivered according to expectations and that the company won’t run out of money as it executes the plan (liquidity risk) are the two primary risks that really matter.

With respect to liquidity risk, there are a number of areas to consider. For example, there are the normal seasonal fluctuations, the inevitable unexpected developments causing revenue declines and operating cost increases, and the issue of inadequate financing facilities or poor working capital and/or cash flow management processes.

Then there are the unexpected events causing business disruption and exposing the company’s failure to match the maturity profile of debts to the ultimate realization of the assets they are funding. Finally, there are the extraordinary circumstances leading to unplanned capital expenditures or breaches of loan covenants. All of these areas point to the need for reliable budgeting and forecasting processes in which management and the board have complete confidence.

Every business plan should identify the appropriate metrics and measures to monitor. If the strategy-setting process contributes to an understanding of the risks inherent in the strategy, that understanding provides inputs to the determination of key metrics and targets. It is at this point where risk management begins to intersect with performance management. In effect, traditional key perfor­mance indicators (KPIs) and key risk indicators (KRIs) should converge to create a single family of metrics to drive the planning process.

While KPIs monitor progress toward the achievement of the strategy and are the primary means for communicating business results across the organization, KRIs provide lead and lag indicators of critical risk scenarios, resulting in a more balanced mix of forward-looking indicators to complement the usual KPI metrics around customer and employee satisfaction, quality, innovation, time, and financial performance. For example, accumulated deferred maintenance in a manufacturing plant or refinery may be a lead indicator of environmental, health and safety risk.

Together, KPIs and KRIs provide direction around what should be managed in the execution of the business plan. The metrics selected must enable the organization to track progress toward the achievement of strategic objectives, monitoring and mitigation of risks, and compliance with internal policies, external laws and regulations. They supply the foundation for integrated business planning to provide a comprehensive framework to deploy and execute corporate strategy across an organization in concert with risk mitigation planning, budgeting, forecasting, resource allocation and the reward system. In many organizations, these are separate, individual processes, often championed by different parts of the organization.

An effectively integrated business plan does several things:

  1. It describes the steps required to achieve strategic objectives and reach the targeted levels of success, and cascades the strategy down through the organization by decomposing it into performance plans that are supported by specific policies (including limits), procedures and integrated metrics to establish management accountability for results.
  2. It links supporting budgets, KPIs and KRIs with performance expectations.
  3. It focuses resource allocation on meeting the organization’s overall strategic needs while managing risks within the entity’s risk appetite.
  4. It links the reward system to performance expectations through a compensation structure that is adjusted for risk and is fair to both the executives in question and the shareholders.

In summary, integrated business planning deploys the strategy at the level of greatest achievability and accountability, engages the appropriate managers who can access the resources required to get the job done, and incorporates risk capabilities (policies, processes, reports and systems) needed to address critical risks inherent in the plan.

This article was written by Jim DeLoach   and originally published on corporatecomplianceinsights


Leave a reply

Your email address will not be published. Required fields are marked *



We're not around right now. But you can send us an email and we'll get back to you, asap.



Log in with your credentials

Forgot your details?