You are currently browsing the tag archive for the ‘Performance Management’ tag.
Ventana Research recently completed an in-depth benchmark research project on long-range planning. As I define it, long-range planning is the formal quantification of the more conceptual strategic plan. It makes specific assumptions and expresses in numbers how a company expects its strategy will play out over time. Almost all (95%) of those participating in the research see a need to make improvements to their long-range planning process. The research shows that one useful improvement is integrating long-range planning with the budgeting process. Today, many corporations confine their long-range planning to a high-level, less detailed extension of their current budget. Our research shows that companies that incorporate individual capital projects and major business initiatives as discrete elements of the long-range plan get better results. Marrying the high-level business outlook with the more significant bottom-up investment details produces better results.
Incorporating specific projects and initiatives into the long-range planning process has been common in companies in project-centric industries, including engineering and construction, aerospace and shipbuilding. Pharmaceutical and other long-cycle businesses that need to plan their major investments also have made specific projects and initiatives explicit parts of their forward-looking projections. Doing so allows drug companies, for example, to map out the transition from late-stage trials to post-approval so they can lay out the details needed for sales, production and distribution, and understand the financial consequences of these actions. The success of early-stage drugs is hit-and-miss, and because the actual timing of approval in various jurisdictions is difficult to forecast, pharmaceutical companies need to be able to revise near-term and long-range plans on an ongoing basis. Yet many other types of businesses can benefit from a more detailed approach to long-range planning that incorporates major initiatives and capital spending projects. Doing so offers a competitive advantage for shorter-cycle businesses that need to manage rapidly evolving products in dynamic markets. Asset-intensive businesses that must plan and execute capacity growth and heavy maintenance programs will also gain from greater integration of capital project details in their long-range plans.
Our research found that there are differences among companies in the degree to which they explicitly integrate planning for capital projects and major corporate initiatives into their long-range financial plans. Only one-fourth of organizations participating in the benchmark research report that their strategic plans are highly integrated with the management of individual projects. A majority – 61 percent – has some degree of integration of the two, and 10 percent say they’re not integrated at all. We cross-tabulated companies’ assessments of the quality of their long-term planning processes with the degree of integration of capital projects and major initiatives and found a positive correlation. That integration results in a better process: Nearly all (85%) of those with a highly integrated process say theirs works well or very well, compared to 63 percent that have a somewhat integrated process and just 22 percent that have not integrated these at all. The research demonstrates that there is a positive correlation between the degree of integration and the quality of alignment of long-range planning with a company’s strategy. The results were similar to the previous point: Nine out of 10 that have a highly integrated process also create long-range plans that are well-aligned with strategy, compared to seven out of 10 that have a somewhat integrated approach, and just one-third where there is no integration.
The research also found a correlation between the maturity of a company’s long-range planning process and its ability to manage the execution of projects and initiatives. Our analysis of long-range planning practices finds the majority (62%) of organizations participating in our research concentrated at the second and third levels of our four-part hierarchy. One-fourth are at the lowest Tactical level while only one in nine have reached the highest Innovative level. More mature companies are those that have a well-designed process, one that explicitly includes initiatives and projects. In addition, they also manage data more effectively, limit their use of spreadsheets and have clear strategic direction from senior executives, among other traits. The cumulative impact of all of these positive qualities is evident in better management of these strategically important and resource-intensive activities. All of the Innovative companies are able to manage the execution of their projects and initiatives well or very well, while nine out of 10 of Strategic companies are able to do so. By contrast, only 57 percent of the Advanced companies and only one-fourth of the Tactical companies are able to handle their execution well. Achieving better outcomes from strategic and long-range planning starts with including key details about projects in the process, yet companies can achieve even better results with a concerted effort to address shortcomings in the people, information and technology elements of strategic and long-range planning.
Organizations – even those that think they’re doing an adequate job – should reexamine their long-range planning to identify where they need improvements. Companies, especially those with more than 100 employees, that don’t do formal long-range planning need to begin the process. Going through the motions of planning is better than nothing, but our research indicates a connection between more mature long-range planning practices and achieving superior results.
Robert Kugel – SVP Research
I’ve frequently commented on the artificiality of the emerging software category of governance, risk and compliance (GRC). The term is used to a cover a combination of what were once viewed as stand-alone software categories, including IT governance, audit documentation and industry-specific compliance management, to name three examples. While it’s still common for specific types of software to be purchased piecemeal by different departments, these disparate areas have started a long convergence process. Since just about all controls and risk management efforts require a secure IT environment to be effective, there is a growing interdependence between effective IT governance and everything else connected with enterprise GRC.
Our research has established that companies are immature with respect to their risk and compliance activities. One fertile area where most companies can make substantial improvements is in operational risk effectiveness. Although one-fifth or fewer said their operational risk controls are ineffective, even fewer rated them very effective. For example, just 20 percent said their company’s controls for natural disasters are ineffective, but only 15 percent assessed them as very effective; the rest rated their controls in the middle category, effective. Just 9 percent have controls for supply chain disruption, and therefore almost all must improvise in response to these relatively common occurrences. Certainly, companies with big, important brands pay attention to the risk of reputational loss. Yet even small businesses must now contend with the impact of negative reviews on a range of websites – assuming they even know that one has been posted. Just one in eight (13%) has effective controls to deal with natural disasters – and that’s the leading risk category. More than a decade after the Sarbanes-Oxley Act was enacted to address it, just 6 percent of companies say they have effective internal fraud controls. (For private U.S. companies, it doesn’t matter if they don’t document these controls, but for the sake of good governance they must be present and effective.) The research shows that companies are least good at controlling demand disruption (26% said their controls are ineffective and just 5% said they are very effective) and reputational loss (26% and 9%, respectively).
The responses show that a majority of organizations believe they are doing reasonably well, but I disagree. “Somewhat effective” is a risky attitude. This type of thinking leads to complacency and a lack of effort to improve risk management. I think “very effective” ought to be the standard companies apply to their risk controls.
Financial controls are easier to implement, and there is a long history of their use, yet here again many companies are lagging. Of six key financial risk management efforts we listed, participants identified as the most effective their controls for material financial misstatements (the key objective of the Sarbanes-Oxley Act), with 37 percent saying they are very effective and 51 percent calling them effective. Fewer rated their credit controls very effective (24%), though only 5 percent said they are ineffective. The explanation for this distinction may be that, whereas the consequences of material financial misstatements are direct and severe (likely requiring restatement of financial results and possibly a loss of investor credibility), there may be a strategic reason for a certain laxity in granting trade credit (such as trading off higher revenues against increased credit losses). Controlling risk through contingency planning was identified as the least effective control, with just 14 percent saying it is very effective and 34 percent labeling it ineffective. (Of course, in this case such an assessment is speculative.) Across industries, fire, insurance and real estate companies rated their risk management efforts more effective, likely because risk management is a well-established practice and readily quantifiable in that industry. Midsize companies rated their tax risk management as very effective much less often than larger ones, likely because they have fewer resources to devote to it; they also said more often they are ineffective at preventing disruption of funding.
Managements in heavily regulated industries are more attuned to the risk of compliance failures. Those in financial services businesses are regularly focused on risk because it is a core competence (after all, risk is what insurance is all about). Other types of industries, however, pay less attention to managing risk and usually implement change after disaster strikes. Human nature being what it is, many successful executives and managers are less inclined to focus on risk, yet companies will find that regular risk reviews are in order to challenge assumptions and consider potential responses when unfavorable events occur. Along with this, companies must define and develop methods for spotting risk events sooner and responding faster. The research finds that one of most often identified benefits companies get from GRC efforts is being able to identify and manage risk faster (chosen by 79%), followed by improving the control environment (59%) and preventing situations from occurring because of neglect (54%).
Managing risk and compliance effectively is an important component of good governance. Managing risk intelligently enables organizations to be more successful because it can deliver a competitive edge. Those businesses that are good at managing risk are able to make aggressive moves more prudently, spot negative trends faster, and respond more quickly and effectively when disaster strikes. Harnessing IT for more intelligent risk and compliance management is an important practice in operational risk management. Executives and managers must become familiar with the technology if they want to manage risks as intelligently as they should.
Robert Kugel – SVP Research