This CIMA report provides insights into how it is possible to link risk to performance management via top management reporting. It examines how risk-related information is reported to senior managers, and how it is linked to performance management.
- Risk and performance are related, but the combination of risk and performance information into a single instrument is not always the most feasible solution to reach alignment.
- The way in which risk is related to performance management is based around a variety of organisational elements that may inhibit or conversely facilitate the integration of risk and performance management processes. For instance:
- The presence of a different periodicity of risk and performance reporting may limit their integration.
- The presence of a clear cut strategy that serves as a reference point for both risk and performance targets may foster alignment.
- Risk is often implicitly related to performance management. Performance management tools can provide risk information without much additional efforts. For instance:
- Performance reports can contribute to develop an awareness of emergent issues by highlighting performances that are changing unexpectedly.
- In certain areas, for example Health and Safety (H&S), KPIs can become good measures around risk. Trends in the number of incidents (or near misses) can be analysed to understand whether the business is becoming more or less risky.