Performance measurement in Intuit's ERM program has been a journey of continuous improvement. As ERM programs mature over time, increasing their complexity and value, performance measures and reporting must evolve as well. What gets measured at each level of maturity may vary greatly. The ERM performance measurement approach at Intuit has been continuously updated to keep it relevant and flexible with respect to the organization's level of risk management maturity. At each stage in the evolution of ERM maturity, objectives and expectations are adjusted. In addition, the appropriateness of current metrics is evaluated given the constantly changing business environment.

First Evolution: ERM Process Adoption

In the early stages of ERM maturity at Intuit, performance measurement was focused on adoption of the ERM process. The objective was to ensure a robust process of risk identification and prioritization facilitating focus on the most significant risks. The measures at this point were twofold: process participation and risk assessment impact and likelihood. Reporting to executive management and the board included the results of the annual assessment, participation rates and heat maps, as well as an outline of strategies to improve the company's top risks.

ERM Process Participation

Participation in the process was targeted at senior leadership at both the company and business line levels. Business line leadership provided subject matter expertise and insights into the most significant risks facing their specific businesses. Executive management provided an enterprise perspective. The desired participation rate target was 80 percent or greater. Participation rates were calculated at the individual business line level as well as at the company level. This may seem like a very simplistic measure, but you need to consider the level of risk management maturity that was in place at this point. Expecting business leaders to track complex measures when they are just beginning to build a risk management capability may be unrealistic. Measuring participation in the ERM process provided an indicator of risk awareness and risk management currently in place. This was an important benchmark. Since performance measurement provides information on the gaps between actual performance and targeted performance, this measure highlighted opportunities to help business leaders increase their risk focus and knowledge.

Risk Impact and Likelihood

Intuit's ERM program, like many other companies' programs, includes an annual risk assessment. The annual risk assessment provides an enterprise-wide understanding of key risks. Intuit conducts risk assessments at both the company level and on an individual business line level. The assessment solicits information from the company's executive management on the impact and likelihood of risks affecting the organization's strategies and objectives. Measuring impact and likelihood is clearly defined and standardized, facilitating aggregation of the information received from participants across the company. Heat maps, as illustrated in Exhibit 12.4, are used to show the results of the assessment, and attention is then focused on the risks in the upper right-hand quadrant.

Risk Impact and Likelihood Diagram

Exhibit 12.4 Risk Impact and Likelihood Diagram

This type of performance measurement and reporting provided many benefits, including:

• Helping business leaders to understand the effect of risks on performance against strategic goals and objectives

• Targeting focus to the critical few, and in doing so accelerating progress on addressing these risks

• Identifying potential events or circumstances that may impede ability to optimize performance

< Prev   CONTENTS   Next >