Probability of Execution (POE)

RBPM methodology
Written By Andrew J Smart

Risk Management, particularly Enterprise Risk Management, is often defined in terms of risk related to the achievement of objectives.

Risk management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve objectives. - ISO31000. https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en

The culture, capabilities and practices, integrated with strategy-setting and performance that organizations rely on to manage risk in creating, preserving and realizing value – COSO Enterprise Risk Management, 2017. https://www.coso.org/Pages/erm.aspx

These definitions show the importance of linking risk to strategic objectives. However, the standards provide little guidance into how this linkage should be implemented.

Risk-Based Performance Management is unique in that it provides a structured methodology that sets out how businesses can integrate enterprise performance management and enterprise risk management.

One of the critical points of integration between these two management disciplines is the concept of a Probability of Execution (PoE).

The idea behind the Probability of Execution is to provide a risk-based view of the probability that an individual objective or a group of objectives will be achieved within their due date. Easy to say, but maybe more difficult to understand.

Let's go into that now.

When executives sit down to review performance against objectives, current good practice suggests that each objective has a small number of related Key Performance Indicators (KPIs) which indicate if the objective is on-track to be achieved or not.

Typically, KPIs are colour-coded using a traffic light or RAG RAG (Red, Amber & Green) approach.Within the RBPM methodology the preferred scoring approach is RAGAR (Red, Amber, Green, Amber, Red).

For many executive teams who use traditional performance management systems; whether that system is the Balanced Scorecard (BSC), Objectives & Key Results (OKRs) or simply a collection of objectives on a dashboard, getting all objectives to green and keeping them there is the desired outcome.

KPIs provide a performance perspective on the achievement of objectives, however they do not take into account the level of risks related to the accomplishment of an objective or objectives. This can create a false sense of security and lead to a surprise when objectives are missed due to a risk or risks crystallising.

Within the Risk-Based Performance Management (RBPM) methodology, the traditional KPI driven RAG status are complemented with the concept of a Probability of Execution.

The Probability of Execution is an aggregated, easy to understand percentage value showing the probability that a single objective, or group of objectives will be executed by their due date based on the various data points which have a causal relationship to the objective(s). This includes linkages between objectives and aligned processes and initiatives, and of course, risks, risk events and controls at various levels within the RBPM framework.

The Probability of Execution has proven to be a powerful, yet simple to understand and easy to action way of integrating risk into the strategy execution conversation.

A balanced suite of KPIs provides a performance perspective on the status of the objective. In contrast, the Probability of Execution provides a risk-based view which is, by its nature forward-looking. The Probability of Execution also work well with Appetite Alignment, another central concept within Risk-Based Performance Management.

Andrew J Smart
Previous

Risk-Taking Boundaries – A Risk Appetite and Risk Capacity Primer
Next

Gray Rhino - Why we ignore obvious problems