Extended Balanced Scorecard (1/3): Risk & Compliance as a source for strategic value

“Traditional” Balanced Scorecard has become one of the main strategy execution frameworks for companies and organizations since it was first developed by Robert S. Kaplan and David P. Norton early in the 1990s. Based in the assumption that strategy should be lead by measurable indicators, it tries to achieve strategic objectives by avoiding being driven by short term financial performance providing proper balance between four main perspectives:

• Customer perspective: How customers perceive the company.
• Internal Perspective: Performance, what it is that they must excel at; expectations; …
• The innovation and learning perspective: Can the firm continue to improve and create value? How an organization learns and grows?
• Financial perspective: How the company looks to shareholders.

Is this model suitable to manage the new challenges that financial institutions and public companies need to confront in the present times?

The generation of value for public companies in general and financial institutions in particular comes from (1) their operating profit, (2) their share value and (3) their capacity to convert its assets into liquidity through the financial markets (with the associated risk implied in the process); as a consequence, the traditional accounting approach might get short to manage all the variables required for an organization to establish strategies for sustainability growth and provide increasing benefits for its employees, Board of Directors and owners (shareholders).

Present business practices and the new and coming regulation shift focus in financial management from accounting (the traditional approach to assess the financial statement of a company or an organization based on present and past states), to shareholder value, which can only be achieved by managing future earnings, and implies the use of risk management techniques at all levels of an organization.

But, is this shift so important and creates such an impact in the financial statement of an organization, as to drive corporate strategy?

Risk management techniques are not something new; they have been available for companies for a long time. It is the increasing regulatory pressure and its impact, together with the actual economic crisis, what has raised risk management as a key factor in modern business management not only in financial institutions in particular but also in public companies in general. For example, in Spain, following European Directives, the transposition of Basil II gives the Board of Directors and Senior Management Teams of financial institutions full responsibility in establishing the risk strategy and appetite for the whole organization. Not only that, it states the necessity to integrate the benefits of risk management in all business activities, so that the whole organization is risk driven. Finally, the whole organization needs to be aware of these strategies and procedures so that there exist a vertical alignment between corporate governance strategy and vision, business decisions and processes, as well as the technology that supports them. To complement this vision, the economic sustainability legislation (Ley 2/2011, de 4 de marzo, de Economía Sostenible) extends this requirements to all public companies and states the necessity for the Board of Directors and Senior Managers to define internal controls and risk management procedures under the threat of criminal and administrative liabilities in case of no compliance. Those policies and procedures shall be defined in the Corporate Governance annual report.

But it is not only a matter of compliance, because risk management, with any of the components that need to be accounted for, such as credit risk, operational risk, market risk, ALM risk, liquidity risk, cash flow risk, and so on, are a set of techniques and controls, both quantitative and qualitative, aimed to maximize profit for the organization´s owners (like shareholders), providing business sustainability and avoiding business disruption and/or market distress. Risk management rides along internal control procedures to fully accomplish its objectives.

More of it, in a time of crisis such as the present one, with the need to struggle with an increasing number of global competitors, for a decreasing volume of income, a good risk management model might mean the difference between good or bad financial results or for some public companies, their own survival.

Thus, these techniques shape the financial perspective and help to achieve the expected financial results.

So we can conclude that risk management and compliance together are important enough to drive strategy for financial institutions and public companies. Those companies capable to manage risk and compliance will have a clear competitive advantage, and a balance scorecard will play a primary role in it.

Coming to this conclusion, can risk and compliance be modeled under the existing perspectives, or do they need a perspective on their own? My answer will be placed in a week.