2006 CS BPRM Extended Workshops 1.0

2007 Entente
Development
Building your Business

Performance and Risk
Management (BPRM)
Framework
Fall 2006
Agenda
 Set the context
 Share key definitions and benefits
of a BPRM framework
 Build the framework
 Look back at our
accomplishments
 Look forward to next steps
2 Building your BPRM Framework

Context
 Workshop objectives
 To help you understand business
performance and business risk
management concepts
 To help you apply these concepts to
shape a BPRM framework that will
support you in leading and managing
your business line

Context
 Why we are here today?
 Over the past year we have engaged in both corporate
and departmental activities to look at what we need to
do over the medium-term:
- we reviewed our mandates, identified our core activities and
key initiatives through the corporate MTP process
- through a CS-driven process we developed strategy maps to
help us maintain and strike relevant and reasonable
workloads with the appropriate balance not only between
competing priorities but between internally and externally
focused activities
 The result:
- an MTP or corporate three-year plan that summarizes
functional, departmental and business line strategies across
the Bank
- departmental and business line strategy maps

Context
 To ensure alignment to our parent

function, Corporate Administration,
PCS shaped what the CA Strategy Map
would look like based on the published
MTP
 This clarifies how strategy cascades
from the function to department to the
business line
 The end result:
 your strategy map = your MTP
Context
Making the Links “from High Level to My Level”
Mandate
Desired Outcome
CORPORATE External Perspective
ADMINISTRATION
Bus Process Perspective
Business Performance
People, Learning & Growth Perspective

Management
Mandate Mandate Mandate Mandate Mandate Mandate
Desired Outcome Desired Outcome Desired Outcome Desired Outcome Desired Outcome Desired Outcome
AUDIT
External Perspective
ELS
External Per spective
CS
FIN
COM
ITS
Bus Process Perspective Bus Process Perspective Bus Process Perspective Bus Process Perspective Bus Process Perspective Bus Process Perspective
People, Learning & Growth Perspective People, Learning & Growth Perspective People, Learning & Growth Perspective People, Learning & Growth Perspective People, Learning & Gr owth Perspective People, Learning & Gr owth Perspective
Mandate Mandate Mandate Mandate

Employee Performance
Desired Outcome Desired Outcome Desired Outcome Desired Outcome
HR
K&IM
PCS
SEC/FACExternal Perspective
Management
Bus Process Perspective Bus Process Perspective Bus Process Perspective Bus Process Perspective
People, Learning & Gr owth Perspective People, Learning & Growth Perspective People, Learning & Gr owth Perspective People, Learning & Gr owth Perspective
STAFF PERFORMANCE AGREEMENTS

Context
CS 2007-2009 STRATEGY MAP –How It Works
CORPORATE
ADMINI STRATI ON
• What do others need from us to

fulfill our
help them succeed (e.g., services,
mandate
new initiatives)?
• How do we want others to view the
CS to
ensure
delivery of our services; our working Mandate we
relationship with them; and, our delivery
on corporate/Bank priority initiatives?
our desired
Desired Outcome outcome
leading • What resources do we need?

us to
External Perspective achieve
• How should we monitor the use of
resources?
client, partner & stakeholder • How can we ensure we are
• Which processes should we do satisfaction
providing the greatest value for
really well or should we further the Bank’s investment in CS?
optimize?
• Do our processes encourage a which
partnership culture & do they drives
support the Bank’s stewardship Business Financial
responsibilities? If not, how should Process
they change? operational
Perspective
Perspective excellence
enable • What skills & development opportunities

us to do our people need to succeed?
realize
• What kind of work environment do we
People, Learning & need to foster?
Growth Perspective Our • Are we well-positioned for potential
people
retirements?

Context
 Now for the hard part

 the real challenge will be executing
our strategies
 this depends largely on three critical
success factors:
- you! BLLTs focused on translating strategy
into operations
- having the right tools in place to support in
making sound decisions around strategy-
operations linkages
- integrating performance and risk
management
Building your BPRM Framework
8
Insights from KPMG
 Typically leaders/managers dedicate the
following time to the following main
categories of activities:
Planning
0% - 5%
Managing
20% - 40%
Doing
40% - 80%

Insights from KPMG
 Ironically, when asked how they would rank the
importance of these categories with respect to their
impact on influencing outcomes and results, most
agree that planning is the most important activity
followed by managing, then doing :
Planning
A
Managing
B
Doing
C

Insights from KPMG
 This data confirms that good management is

critical to your success as a business line and
our success as a department and function
 the one constant that never changes is the
importance of managing. It links plans with
operational activities and directly influences doing
results
 So it stands to reason that you, as a BLLT,

need to have the time and the tools to
effectively manage

Context
 This is what is driving significant change to how we
shape and use our ententes:
 we need to develop them as management tools rather
than as baseline documents for reporting to senior
management
 This means better defining how we will be going about

managing our performance, risks and resources
 Over the next few months we will build your Business

Performance/Risk Management (BPRM) Framework
 we will first focus on building the performance piece
 then we will move to developing your key risk
information
 once developed, you will always be looking at
performance and risk information in tandem

Context
 So what are we getting into?

 we are developing something practical, direct and
simple
- we don’t need volumes of information to make
decisions; we need the right information at the right
time and at the right table (oftentimes, less is more)
 we want to develop something that will be useful
and trademarks of successful frameworks include:
- strong horizontal cohesion at the leadership table
- engaging in a formal, consistent and systematic approach
- measuring for decision-making vs measuring for reporting
- leveraging the framework to engage the workforce towards the
achievement of outcomes

Performance Mgmt
 In terms of performance management, we
are not starting from scratch
 BPM concepts are not new to CS:
- we have been engaged in Employee Performance
Management through manager-staff relationships
- as for business performance management we have done a
lot in the area of performance measurement through the
ententes
 We will be building on this by:

 expanding business performance measurement to
the larger concept of business performance
management
 this means measuring to manage rather than
measuring to report
 With time this will lead to improved linkages
14
across Employee and Business Performance
Management
Key Definitions
 So what is Business Performance
Management?
 a comprehensive and structured
approach
to deploying strategy
in a consistent and continuous manner
to ensure the right things are being
done in the right way
with the right stakeholders around the
table
Key Definitions
How does performance management differ
from performance measurement?
Performance Measurement - is a management tool to assess
specific progress against pre-
determined goals
- helps us learn about our
performance
Performance Management - makes use of that tool and

incorporates performance
learnings into decision-
making
- helps us manage performance,
i.e. ensuring that the right work is
being done in the right way
to support desired outcomes

Benefits of BPM
 How can Business Performance

Management improve leadership &
management?
 good leadership/management depends on
sound decision-making
 sound decision-making depends on our ability
to monitor, assess, and learn as we lead,

manage and implement
 business performance management will
strengthen our abilities as we engage in all

these activities
Benefits of BPM
 Business Performance Management will enable us to
derive even more value from performance measurement…
it pushes us to learn from our performance for more than
reporting purposes
Planning
Decision-
Managing Reporting
making
Doing

Benefits of BPM
In more concrete terms, Business

Performance Management: will
 help you promote relevant entente-
workplan linkages
 enable you to incorporate actionable
learnings, improve decision-making and
continuously strengthen performance
 help you establish realistic, reasonable and
relevant expectations, accountabilities and
measures in terms of both business and
employee performance

Building the Performance
Piece
Four-Step Process:
Step 1: prioritising strategic objectives for 2007
Step 2: developing Key Performance Indicators
(KPIs)
Step 3: setting 2007 targets
Step 4: confirming/prioritising activities to
achieve targets

Workshop approach
1 2 3 4

Workshop approach
 We will go through step by step

using the following model:
 explore underlying concepts
 share best practice tips
 apply it to your context

Ground rules
 We have a limited amount of time to

do a significant amount of work
 Ground rules can enhance our
effectiveness by providing us with
agreed upon parameters against which
we can collectively monitor our
meeting behaviours

Ground rules
 Things to think about to ensure we
achieve our desired outcome:
Process: how can we encourage
balanced participation, clear and
respectful communication?
Content:how should we handle ignored

discussions, tangents, closure on
issues, etc.?

Step One: prioritising strategic
objectives for 2007

Performance/Risk Management
(BPRM) Framework
Fall 2006
Step 1
1

Step 1: Concepts
 What do we mean by the term
prioritising?
 it is the process of filtering
to determine an order of priority
for what needs doing
 Why is it important?
 it enables us to ensure effort and
resources are focused on what is most
important to achieve our desired
outcomes
Step 1: Concepts
 Why is prioritizing so important?
 we can’t do it all at once
 we want “to do the right things”
 we want to make the best use of available
resources while striking and maintaining
reasonable workloads (WECU)
 we need to increase the effectiveness of
work-planning and reduce risk of over-
committing

Step 1: Best Practice Tips
 Trademarks of successful
prioritisation activities:
 engagement in prioritisation as a group
activity particularly when it concerns a
shared responsibility for results or
outcomes
 a systematic, objective and transparent
approach based on a clear approach/set of
criteria

 How can we determine our 2007

priority objectives?
 using a Grid/Decision Matrix as a
common CS approach
 it is effective when there are a good
number of alternatives and several
factors or criteria to take into account

 To ensure a common approach across CS,
criteria has already been identified:
 what is the value of each objective relative to your desired
outcome?
 what is the value of each objective relative to the CS desired
outcome?
 how and to what degree does each objective contribute to the
achievement of other objectives (cause and effect)?
 what is the degree of negative impact if a 2007 priority
objective?
 what is the level of risk to the Bank if not a 2007 priority
objective?
 For the time being, they will be weighted
equally

 Using an excel-based worksheet, we will
score each objective on a scale of one to five
for each criteria.
 one being the lowest value/degree/level
 five being the highest value/degree/level
 Then we will add up the scores, review and

rank the results:
 A: top 3
 C: bottom 3
 B: remainder

Step 1: Application
 Now to apply it:
 on the handout is the grid where you will
individually score each criteria for each objective
 we will then
- enter in the results
- identify A, B, C priorities
- review the results, discuss and refine those that
cannot be lived with
- finalize A, B, C priorities

To loosen up….
Attach the dots using four straight lines, but never cross a
dot more than once and don’t lift your pen/pencil up from
the paper…
Psst…
Don’t forget
to think out
of
the box

Step Two: developing Key
Performance Indicators (KPIs)

(BPM) Framework
Fall 2006
Step 2
2

Step 2: Concepts
 What is a Key Performance Indicator
(KPI)?
 it is an essential component of performance
measurement
 it is that which you determine the most
important with respect to learning about

your ability to achieve your strategic
objective
 it helps you monitor how well your business
is achieving its stated objectives

 it will enable performance learning that will
37
guide you in making more strategic
Step 2: Concepts
 The difference between a Critical
Success Factor (CSF), a Key Performance
Indicator (KPI) and a Key Risk Indicator
(KRI)?
 CSF: what is essential for us to get where
we want to go
 KPI: what we need to monitor to know how
successful we are and judge how we
can be more successful
 KRI: what we need to watch out for lest it
come in the way of success
Step 2: Concepts
 We have been working to develop a
rudimentary analogy:
Objective To get to Montreal in 2 hours, 5 minutes.
For the sake of this analogy: the road is smooth, weather is good and
there is no traffic or construction; you are a stickler when it comes to
following the speed limit, you love coffee and always take a thermos
with you on the road; its dinnertime and you had no time to pack some
food; and who knows what the status of your gas tank is….
 CSF need 4 working wheels
 KPI speed/time ratio (target: 50km/30
minutes)
 KRI number of stops you make
Step 2: Concepts
 Distinguishing between two types of
indicators:
Strategic result indicators
outcome-focused on the broader benefits of
a group of activities (doing the right things)
Activity result indicators

output-focused on the direct benefits of an
activity or group of activities in response to
a specific client need (doing them in the
right way)

Step 2: Concepts
 Here our focus is primarily on Strategic
results indicators
 We are focusing on the benefits, the
value of multiple cross-business line
activities to achieving your desired
objectives
 Hence the importance of working
collectively as a leadership team
Step 2: Concepts
 The value of having strategic KPIs in your
Entente?
 it will clarify what you as a BLLT consider to be what you
are accountable for
 it will support the collective role you play in managing
your BL’s performance
 it will focus your leadership on the bigger picture and
strengthen your decision-making as you re-assess/re-
prioritize activities to best support your desired outcome
 it will provide a foundation to translate strategy into
operations and in so doing help you in your
communications to staff
 … resulting in less disconnects between detailed
workplans and your BL entente

 KPIs need to be developed for your desired
outcome and strategic objectives
 To determine a KPI that will be useful to you,
it will be helpful to ask yourselves:
 if you were on EMC what would you consider to be
evidence of success?
 if you were a client what would you care about?
 what would industry professionals consider to be
evidence of success?
 why is the outcome or objective important?
 what's a critical success factor to getting there?

 Some criteria to bear in mind:
Supports Decision-making
Is it relevant to real decisions you will be faced with as a leadership team?
Repeatable and Reliable
Will it be possible to have a constant and consistent snapshot and at an
appropriate frequency to draw reasonable conclusions from the information?
Usefulness for Target Setting
Will it be possible to establish meaningful targets for improvements?
Easily understood
Is the indicator clear and easy to understand?
Useful for Strategic Communications
Does it adequately focus on the strategic issue, will it help in communicating to
staff when trying to drive the relevant and appropriate behaviour?
Feasible/cost-effective to measure
Is it a practical indicator?

Step 2: Application
 As we go forward, remember:
 the goal is not to measure what’s
easy to measure, but to measure
what matters most
 you may not have to reinvent the
wheel, there may be something
already in place that you can
improve upon
Step 2: Application
 First we will take an initial stab at developing
critical success factors and key risk indicators
 Then we will consider what we would need to
successfully engage in measurement, such as:
 the unit of measurement
 appropriate frequency of measurement
 the calculation or formula that would be applied
 where the data will come from, who, what tools or
processes will be involved
 what the current availability of data is
 potential proxy measures where data is currently
unavailable

Step Three: setting 2007 targets

(BPRM) Framework
Fall 2006
Step 3
3

Step 3: Concepts
 What is an indicator target?
 the ‘indicator target’ refers to the specific
level of performance that a business unit
considers to be achievable and relevant
within a specific period of time
 it is the desired value or range of values
for the indicator

Step 3: Concepts
 Why are indicator targets useful?
 they remind us of where we are trying to
go
 they allow us to develop and use
performance information to ensure we get
there
- assessment of current against desired state
enables us to learn about our performance and
provide us the flexibility to identify if, when and
how we need to alter our course

 Things to think about when setting indicator
targets
 they can be based on:
- past performance
- performance of comparable organizations
- service or industry norms/standards
- market research
 they are often influenced by:
- resource constraints
- service demand
- policy priorities
- strategic plan
- environmental variables

 Though hard to develop, the SMARTer
the target, the more useful it will be:
 Specific: it is clear what you need to do
 Measurable: you can prove that you have
reached them
 Achievable: you can reach it within the
respective time frame
 Realistic: it is supported by actions
you will be able to engage in
 Time-bound: can be clarified through
milestones and deadlines

Step 3: Application
 Back to our Excel worksheet…
 Bear in mind workloads
 Remember that your operational and
project managers need to incorporate time
for planning, managing and doing
 Be careful not to over-commit!

Step Four: confirming/prioritising
activities to reach
targets

(BPRM) Framework
Fall 2006
Step 4
4

Step 4a: Concepts
 Identifying and prioritising business
activities in support of the KRIs and
2007 targets is the first step to
translating strategy to operations
 it is time when you determine what
activities will be undertaken and which of
these will be priorities
 often difficult decisions have to be made
- when a current activity is found not to support a
KRI or target, a decision needs to be made as to
its continuity the degree of resources allocated
towards it
Step 4a: Best Practice Tips
 When identifying and reviewing
activities for each KPI/target, it is
important to ask:
 willthe activities contribute to the achievement of
the the performance target?
 are there some missing?
 are there some that no longer appear to align?
if so, what justifies undertaking them?
 are the activities currently listed of strategic
importance or do they belong in service line work
plans?
 have they been appropriately identified in terms of
R/G/T?
Step 4a: Application
 2007 activities were linked to your
strategic objectives in MTP and budget
preparation documents
 Let’s start with those and then work on
what might be missing…
 Once you are comfortable with the
activities identified we will engage in
another prioritisation exercise

Step 4b: Best Practice Tips
 Now that you are comfortable with the activities it is
time to prioritise them to ensure you are well-placed
for any trade-off discussions through the year
 As a first step, we will map your activities to the
strategic objectives
 this will bring to light activities that support multiple
objectives; these become clear priorities providing a
bigger bang for the buck
 Again we are looking for a balance across the A, B, C
categorizations to ensure we do not run the risk of
over-committing and under-delivering
 If the first prioritisation activity does not clarify the
priorities sufficiently, we will plot the activities still
under discussion on an Action Priority Matrix
 this will bring to light the effort/feasibility versus
impact

Step 4b: Application
 For the first of these approaches, let’s turn back to
excel…
 On this new worksheet, there is a grid with your

strategic objectives on the left and all your activities
laid out horizontally across the top
 We are looking to determine which objectives each

activity contributes to
 The more objectives an activity hits, the higher the

priority

Now for the second of our approaches

Action Priority
Matrix

There are two key steps to using the

Action Priority Matrix:
 plotting each activity on the matrix

along the impact and effort scale
 assessing which activities will give you
the greatest return on your efforts

Quick Wins: Action Priority Major Projects
most attractive Matrix good investment
projects, with a returns but take a long
good return for time to complete –
relatively little Quick Major make sure you engage
Wins Projects
effort in these as effectively
and as efficiently as
Fill Ins: possible
Fill Hard Hard Slogs:
shouldn’t worry
about doing these Ins Slogs to be avoided.
– if you have spare Low returns and
time great, but they crowd out
drop them if time which could
something better be used elsewhere
comes along

Action Priority Matrix
High
Impact
Low
Low Effort High

2007 Entente
Development
Developing your Business

Performance/Risk
Management (BPRM)
Framework
Fall 2006
The Context for RISK
 Now for the Risk component of our
framework:
 our success does not hinge on our
ability to make progress within a
perfectly controlled environment
 It hinges on our ability to make the
right level of progress in the right
areas while mitigating the right risks
when faced with challenges outside of
our control
Context
 Again, we are looking to develop something
useful, practical, direct & simple
 We will be integrating risk and performance
management by developing business risk
info as we did our business performance info:
by strategic objective
 Equally important, we will be embarking on
an approach that can roll up into corporate
risk management & cascade down into
operational & project risk management
effectively & efficiently

Context
LOW PERFORMANCE HIGH PERFORMANCE

CULTURE CULTURE
• Unclear vision • Clear vision to which staff give their all
• Focus on control/structure • Frank discussions are had
• Turf issues • ‘Cross-boundary’ collaboration
• Emphasis on status and • People give & receive feedback/
hierarchy challenge each other regardless of
• Risk averse hierarchy
• Risk aware - there is no ‘need’ to
• Poor information flow cover up, threats are reframed as
challenges
• Lack of accountability • Good information flow even when
news is ‘bad’
• Unclear roles &
responsibilities • People admit & learn from mistakes
• Clear roles, responsibilities
Context
 Risk mgmt failures are most
commonly due to:
 risk avoidance or risks not being
recognized
 risks not being properly prioritized
 risks being managed in isolation of
each other

Context
 Again we are not starting from scratch…
 Risk Mgmt concepts are not new to CS or the Bank:
- in late 1990s, Bank senior mgmt identified risk mgmt as an essential
component of good mgmt practice & developed a risk mgmt
framework in 1997 in consultation with the Board of Directors
- CS has been engaged in the annual self-assessment process,
whereby the senior managers across the Bank identify & assess key
risks that could impede the Bank’s responsibilities & the
achievement of its objectives, & outlines risk mitigation strategies
 We want to build on our knowledge & practice to date:

- as in the case of performance info, risk info has been primarily
developed/used to contribute to the corporate risk process rather
than for business line mgmt purposes
- our goal today is to work towards a framework that will enable you
as a leadership team to develop & use risk info to make more
informed decisions on an ongoing basis

Key Definitions
 So what is Risk?
 refers to uncertainty that surrounds future events
& outcomes
 possibility that an event, activity or action will

reduce your ability execute your strategy & meet
your objectives
 a combination of the probability of an event & its

consequence or impact in terms of your objectives
 it is typically perceived as negative, but positive

opportunities can arise from responsible risk-
taking…
Key Definitions
 Distinguishing between strategic & operational risks:
Strategic risks - relate to the strategic objectives
- clear link to the department’s outcome
- likely to remain evident for duration of the MTP
- managed by departmental and business line
leadership teams
- Strategy: ‘doing the right things’
Operational risks - relate to delivery of service, program or project

- rarely have a clear link to the department’s
outcome
- can be short-lived
- are managed by operational/project managers
- Operations: ‘doing things the right way’

Key Definitions
 So what is Risk Management?
 Acknowledging that problems will occur
& preparing in advance to help avoid or
minimize their impact
 Taking action to ensure that all
significant risks are identified, prioritized,
assessed, handled & monitored effectively
 Recognizing and acting upon
opportunities where you can take risks &
innovate

Benefits of Business Risk Mgmt
‘Risk smart’ managers
They understand which risks to take, which to avoid & how much time &
effort to devote to managing risk; they are more alert to relevant changes
in the environment & better able to adapt appropriately in a timely &
effective manner
Stronger decision‑making & governance

Stronger performance and greater capacity to achieve objectives. We
will also be in a position to make stronger contributions to the Bank’s
corporate risk assessment
Improved stakeholder confidence

They will notice that we can raise flags more efficiently & escalate
risk concerns before there is a crisis on our hands
Fewer crisis mgmt situtations

We can reduce high costs of crisis managementt & ensure that our risk
mitigation dollars are going to the right things

Benefits of Business Risk Mgmt
 In more concrete terms, Business Risk

Management will help you:
 manage risks versus just reporting risks
 identify which risks require attention
 reduce the fear of unknowns &
uncertainties for both staff & stakeholders

 establish realistic, reasonable & relevant
expectations, accountabilities around risks

across your BL

Workshop approach
Again we have a five-step process:

Step 1: confirming 2007 priorities/activities for
attention re risk
Step 2: developing Key Risk Indicators (KRIs), assessing
impact/consequence and determining your risk
tolerance
Step 3: defining current mitigation, assessing likelihood
given status quo to develop initial risk profile (Jan. 1st
2007)
Step 4: developing your target risk profile (Dec. 31st, 2007)
and defining mitigation activities to
maintain/achieve targets

Workshop approach
1 2 3 4

Step One: confirming 2007 priorities
for attention re risk

Performance/Risk
Management (BPRM)
Framework
Fall 2006
Step 1
1

Step 1: Concepts
 Reminding ourselves what we mean by
“prioritizing”?
 it is the process of filtering
to determine an order of priority
for what needs doing
 Why is it important?
 it enables us to ensure effort & resources
are focused on what is most important to
achieve our desired outcomes

 Trademarks of successful
prioritization exercises:
 It is done as a group activity, particularly
when it concerns shared responsibility for
outcomes
 It is done using a systematic, objective &

transparent approach, based on a clear set
of criteria

Step 1: Application
 How should we determine our 2007
priority objectives re risk?
 by adopting the prioritization results identified
through your business performance management
discussions
 Why?
 we are integrating business performance and risk
management
 the strength of your decision-making will depend
on the extent to which you have both performance
& risk-related information

Step Two: developing KRIs, assessing
impact/consequence and
determining risk tolerance

(BPRM) Framework
Fall 2006
Step 2
2

Step 2a: Concepts
 What is a Key Risk Indicator (KRI)?
predictive tool
can provide insight into risk position & signal how
well or not we are managing our business
early warning system

a smoke detector if you will which can alert you to
the need to make a decision about adjusting our
course in the face of upcoming risk events
It is what we need to watch out for lest it comes in the

way of
success; a high-risk hotspot that can help anticipate a
downfall
Step 2a: Concepts
 Let’s remind ourselves of the differences
between a Critical Success Factor (CSF),
a Key Performance Indicator (KPI) & a
Key Risk Indicator (KRI)
CSF: what is essential for us to get where
we want to go
KPI: what we need to monitor to know how
successful we are & where we need to
improve in order to be successful
KRI: what we need to watch out for lest it
come in the way of success

Step 2a: Concepts
 Types of KRIs
Strategic risk indicators
what could come in the way of doing the right things,
achieving your strategic objectives
Operational risk indicators

what could come in the way of doing things the right
way, achieving a specific activity, initiative or project

Step 2a: Concepts
Much like KPI’s, we have KRIs that are
either
LAG indicators
May help with post-mortems but are not forward-
looking or particularly ‘predictive’; can reveal
underlying deficiencies that need to be redressed
LEAD indicators
More predictive of potential for risk event in the near
future & consequences being realized should no action
be taken; relates to potential failures or lapses in risk
controls

 Good KRIs should:

 must not be at too high a level
otherwise their relevance will be
unclear & they will not be useful to
you
 predictive and, timely in flagging
anomalies
 inform decision making
 That being said…

 the predictive capability of a risk
indicator is as good as the accuracy
in the identifying potential
‘hotspots’
 don’t fret if it is difficult –it should
be. Solid KRIs are rarely developed

overnight. It is often a question of
trial & error
 So let’s take a stab at it. Our objective is to
develop KRIs for your desired outcome &
priority A objectives
 Try to establish KRIs by asking yourselves:

 what are the critical success factors?
 what could come in the way of success?
 where might there be uncertainty?
 what we are trying to prevent?
 if current mitigation is already in place, what might
measure potential control failures?
 If you get stuck, think of areas and drivers of

risk…
Areas and
Drivers of Risk

Step 2b: Concepts
 Now that we now what you consider to be
threats to success we can focus on the
consequences of such threats should they
come into play.Now to determine your
tolerance to the risks you have identified
 Risk are measured by assessing the
likelihood and consequences of potential risk
events, which is why risk is often defined as
the expression of the likelihood and impact of
an event with the potential to influence the
achievement of an organization's objectives
 For the time being let’s just focus on
assessing consequence

Step 2b: Concepts
 So what do we mean by consequence?
 it refers to the impact or outcome of risk
events
 Consequence ca n be measured in qualitative

or quantitative terms.
 Qualitative analysis is the most cost effective

and is generally used as the first line of
evaluation to obtain a general indication of
risk levels and to clarify major risk

 To ensure alignment with the corporate risk
management framework it stands to reason that we
adopt tools already developed and in application
across the Bank
 As we mentioned earlier, there is an annual self-

assessment process, whereby senior managers assess
key risks that could impede the Bank’s responsibilities
& achievement of objectives
 So using the corporate risk assessment guidelines we

will assess potential impact across three parameters:
 financial
 operational
 reputational

 For each objective consider the KRIs
and rate the impact should a risk event
occur
 So if the risk is related to manager
buy-in, if the manager buy-in is not
what it needs to be what is the
consequence on your ability to achieve
your objective
 The rating scales are as follows:
96
Consequence
Minor, Moderate,
Serious
Step 2c: Concepts
 Now for risk tolerance…what does it mean?
 sometimes referred to as level of risk acceptance, it sets a
boundary of how much risk you (or the Bank) are prepared
to accept, tolerate or be exposed to at any point in time
 it is the tendency of the Bank, CS or BLs to work within a
certain level of risk
 Why should you care?

 operating within risk tolerances can provide both you &
your stakeholders greater assurance that you will achieve
your objectives
 it will help you identify your risk mgmt priorities in
conjunction with the initial profile (which we will be
developing a little later)
 it will help want achieve a healthy attitude to ‘well-
managed’ risk taking; we can overcome risk aversion by
being clear about where we have high & low risk appetite.

Step 2c: Best Practice Tips
 Level of acceptable risk is a
mgmt decision, in this case a
leadership team decision
 No right answer, but must
consider CS & the Bank’s overall
risk appetite

Step 2c: Application
 So, let’s run through your priority A
objectives and categorize your
tolerance to the risks (KRIs) previously
identified
 The ratings are as follows:

Can’t live with Low
it
Can live with it Medium
No problem High

Step Three: defining current
mitigation, assessing likelihood
to develop initial risk
profile

(BPRM) Framework
Fall 2006
Step 3
3

Step 3a: Concepts
 Our next step is to identify mitigation
activities already in place
 We want to have a better
understanding of the status quo to
develop your 2007 profile
 ‘Risk mitigation’ activities can be
defined as:
 actions taken to enhance the likelihood that
established objectives can be achieved in
the face of a particular risk
102 Building
actions to reduce the severity/impact of a
your BPRM Framework
 Focus only on the “here and now”
 If you are dealing with a net new

set of initiatives, then the work is
likely done – chances are no
mitigation is yet in place

 So, let’s objective by objective and
discuss what risk mitigation activities
have been undertaken
 We are looking to discern what is

currently in place in the context of KRIs
you have identified

Step 3b: Concepts
 It is now time to complete our
intial risk assessment
 We have already assessed the

consequences, now we need to
assess the likelihood

Step 3b: Concepts
 What do we mean by Likelihood?
 ‘likelihood’ refers to the probability
or frequency of a risk event
occurring

 It is important to assess likelihood in terms of
the status quo
 This means that if there are current

mitigation activities in place they are part of
that status quo
 In other words, you are looking to assess the

likelihood should no further mitigation
activities be taken

 Again we will use the corporate
guidelines
 The rating scale are as follows:

High the event is likely to
occur
Medium the event may occur
Low the event is unlikely to
occur
 Now that you have assessed
likelihoods and consequences we
can develop your initial risk
profile by plotting your
determinations on a risk grid

High
Medium
Consequence
Low
Minor Moderate Serious
Likelihood

Step Four: developing your 2007 target
profile and defining
mitigation activities to achieve targets

(BPRM) Framework
Fall 2006
Step 4
4

Step 4a: Concepts
 Now that you have developed your risk
profile it is time to determine which risks
require attention
 In so doing we will develop a target profile

that delineates where you are going focus
your efforts in 2007 with respect to risk
management
 there are limited resources, it doesn’t make sense
to mitigate every risk
 you and your stakeholders, however, need to have
the confidence that you are taking only calculated
risks
So bearing in mind limited resources and
workload constraints, look to identify
those areas that truly need attention in
2007
A simple ‘how-to’ to determine if you

need to sustain or strengthen risk profile:
 focus on those risks, where you identified a gap
between the initial profile and tolerance ratings
 consider whether you need to sustain current
risk-related resource allocations
 if you need further clarification use the
following best practice criteria

Considerable
Management Extensive
Serious management
effort required management
required
essential
Accept, but Management Must manage

Consequence Moderate monitor risks effort
worthwhile
and monitor
risks
Accept risks Risks may be Manage and

worth monitor risks
Minor accepting with
monitoring
Low Medium High
Likelihood

Specify Detailed mgmt To be managed

management planning & by senior
Serious responsibility attention management
required with a detailed
plan
Manage by Specify Detailed mgmt

specific management planning &
Consequence Moderate procedures responsibility attention
required
Manage by Manage by Specify

routine specific management
Minor procedures procedures responsibility
Low Medium High
Likelihood

Serious
7 8 9
Consequence Moderate
4 5 6
Minor
1 2 3
Low Medium High
Likelihood

Step 4b: Concepts
 Last but not least, it is important
to identify mitigation activities
where you have identified it
necessary to sustain or
strengthen a risk rating
 So again, what is a mitigation

activity?
Step 4b: Concepts
 A mitigation activity is a means
controlling a risk
 Generally speaking, there are two
types of controls:
 preventative controls that reduce the
likelihood of something happening (e.g.
systems access)
 corrective controls that reduce the implact
if something does occur (e.g. contingency
plans)
 When identifying mitigation
activities focus on the key risk
indicators to ensure that your
activities will appropriately
address the threats, otherwise
resources and effort will not have
been directed in a meaningful
way
 So let’s identify relevant and
reasonable mitigation activities
for those risks (KRIs) where you
have identified it necessary to
sustain or strengthen a risk rating

In closing…
 Do you have a better understanding of
performance and risk management
concepts?
 Can you begin to see how it might be

of value to you as you plan, manage,
implement, learn through and report
on your entente and MTP
commitments?
In closing…
 Next steps
 What challenges do you see

moving forward?

In closing…
 Thank you for taking the time and
putting in the energy to work with
us over the last few months
 With time the value of this

framework and the discussions
around it will become more and
more evident

MIND Break…
Attach the all the dots using four straight
lines, but never cross a dot more than
once…
Psst…
Don’t forget
to think out
of
the box

Risk Profile MB/CA
Serious
Consequence Moderate
Minor
Low Medium High
Likelihood

Prioritisation Tool
Time Priority Matrix
High
Importan
t
Low
Low URGENT High

2006 CS BPRM Extended Workshops 1.0

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2006 CS BPRM Extended Workshops 1.0

Uploaded by

Copyright:

Available Formats

2007 Entente

Building your Business

2 Building your BPRM Framework

3 Building your BPRM Framework

4 Building your BPRM Framework

 To ensure alignment to our parent

People, Learning & Growth Perspective

Mandate Mandate Mandate Mandate Mandate Mandate

Mandate Mandate Mandate Mandate

Desired Outcome Desired Outcome Desired Outcome Desired Outcome

STAFF PERFORMANCE AGREEMENTS

6 Building your BPRM Framework

• What do others need from us to

leading • What resources do we need?

enable • What skills & development opportunities

7 Building your BPRM Framework

 Now for the hard part

9 Building your BPRM Framework

10 Building your BPRM Framework

 This data confirms that good management is

 So it stands to reason that you, as a BLLT,

11 Building your BPRM Framework

 This means better defining how we will be going about

 Over the next few months we will build your Business

12 Building your BPRM Framework

 So what are we getting into?

13 Building your BPRM Framework

 We will be building on this by:

Performance Management - makes use of that tool and

16 Building your BPRM Framework

 How can Business Performance

to monitor, assess, and learn as we lead,

strengthen our abilities as we engage in all

18 Building your BPRM Framework

In more concrete terms, Business

19 Building your BPRM Framework

20 Building your BPRM Framework

21 Building your BPRM Framework

 We will go through step by step

22 Building your BPRM Framework

 We have a limited amount of time to

23 Building your BPRM Framework

Content:how should we handle ignored

24 Building your BPRM Framework

Building your Business

26 Building your BPRM Framework

28 Building your BPRM Framework

29 Building your BPRM Framework

 How can we determine our 2007

30 Building your BPRM Framework

31 Building your BPRM Framework

 Then we will add up the scores, review and

32 Building your BPRM Framework

33 Building your BPRM Framework

34 Building your BPRM Framework

Building your Business

36 Building your BPRM Framework

important with respect to learning about

is achieving its stated objectives

Activity result indicators

40 Building your BPRM Framework

42 Building your BPRM Framework

43 Building your BPRM Framework