Sponsored content: From regulatory compliance management to performance management

Changing the value of risk management in the Australian Property Sector

“No risks here, leave us alone, say property industry leaders” (AFR, 27th September 2014).

While the Reserve Bank continued to express concerns about the continuing surge in demand for Australian office towers, shopping centres, industrial facilities and residential property, the leaders of the leading property sector firms downplayed potential risks to their businesses – “No risks here”.

So what has been the major risk focus of the property sector over recent years? In a recent survey of the European real estate development sector conducted by Thomas Wiegelmann (PhD student at the Institute of Sustainable Development & Architecture Bond University, June 2012), almost 90% of respondents agreed or strongly agreed that legal risks, including health and safety risks, were effectively being managed. However, the same survey found that almost two thirds of respondents had no or minimal clearly defined policies and procedures for monitoring other risks, and over 70% had no formal risk reporting systems in place. While the survey focused on Europe, our experience leads us to conclude that similar results would be seen for Australia.

Legal risk management, and especially compliance with health and safety obligations, is a key risk focus for management within the property sector. This has been driven by the need to comply with the high degree of regulatory scrutiny and significant financial and reputational damage when incidents occur. Yet, slip and fall injuries continually make headlines in the daily press as exemplified by the High Court ruling against Woolworths (see the Sydney Morning Herald of 7th March 2012: “High Court rules on potato chip: $580,000 for slip injury”) and the more than 300% increase in personal injury claims from supermarket shoppers slipping in their aisles see the Daily Telegraph of 6th May 2012: Shoppers ring up $100m in compensation for falls in supermarkets). In fact, Slip and Fall claims account for 16% of all insurance payout’s, and 26% of all costs.

Such stories of injury and associated legal claims results in risk management conjuring up a feeling of negativity in many peoples’ minds. Risk Managers are often seen as “doom and gloom” merchants – looking for weaknesses and being bearers of bad news. Risk management is viewed by some in the property sector as a hindrance rather than a help in the achievement of business objectives. The AFR headline quoted above clearly demonstrates this.

However, such views fail to recognise the underlying principles of risk management.

The AU/NZS ISO 31000 standard defines risk as “the effect of uncertainty on objectives”. Therefore, by definition, risk management must be “the management of the effect of uncertainty on objectives”. Objectives are business outcomes. This makes risk management “outcome management”. This simple recognition turns risk management (and the narrower health and safety management focus) from a perceived hindrance to an enabler.

There is also the common misconception that risk management is focussed on risk mitigation, reducing the effect of uncertainty on objectives. Although this is often the focus of regulatory compliance risk management in many property sector organisations, it should not be the sole focus.

The right outcome of risk management may well be to increase the effect of uncertainty on objectives, or increase the level of risk being undertaken.


Risk and Reward are linked. For those that choose to pursue adrenalin sports, one of the key objectives is to feel good from the release of adrenalin and from the feeling of achievement in overcoming fear. This derives from the actual (or perceived) risk in the sport. The greater the risk, the greater the potential for positive feeling (reward). We commonly refer to this as the Risk / Reward equation.

Performance in business is most often focused solely, or mostly, on the reward side of the equation. This is primarily because the reward side is the main focus of accountants, analysts, senior management, shareholders and the basis of many remuneration schemes. Also, it is easier to measure the rewards side. Performance should however, be relative to the risk the business faces. We refer to this as risk based performance and have the common measures of “risk adjusted return” (RAR), “return on risk adjusted capital” (RORAC) and “risk adjusted return on capital” (RAROC).

This means that everything we do has an expected reward (the expected outcome) and a level of risk (the degree to which there may be variation between the expected outcome and the actual outcome). Performance management should therefore focus on the relationship between expected outcome (Reward) and potential variation in that outcome (Risk). Risk management is therefore one half of performance management.

When performed correctly, moving from regulatory compliance management to the broader enterprise risk management should:

  • Assist in decision making by assessing the expected outcome against the level of risk and aiming for the optimal balance. We should be asking: are we are getting the best return for our risk dollar?
  • Ensure that we only take intelligent risk. i.e. We only take risk which has an adequate reward.

The common misunderstanding that risk management means risk minimisation, damages the risk management profession. Risk management is about ensuring we make intelligent risk based decisions that provide an adequate reward for the risk we take. Risk and risk management is therefore an integral part of performance management. An organisation that halves risk for the same reward adds equivalent value to one that doubles reward for the same risk. When an organisation realises this, risk management is immediately recognised as a business enabler, not, as many people currently think, a business hindrance.

To finish with an example: A number of years ago we carried out a series of risk assessments for a large property company. As part of the final presentation to Board, the Chairman asked the divisional heads what they had got out of the process. Most, as expected, commented that they better understood their risks and had tightened controls in a number of areas. One head, on the other hand, made the comment “My take-away is to reduce and remove some of our controls!” He was the head of a property development division which was previously a family company acquired by the larger organisation. He had run the family company. He had continued the same level of controls into the new company. What he realised was that the larger company’s risk appetite (their tolerance to risk levels) was much greater than his old family company and as a result, he could loosen controls and start accepting higher risk developments for potentially higher rewards. He did this and built a successful, higher reward business.

Interested in learning how your organisation can move thinking away from regulatory compliance risk management to performance management?

Download Our Free eBook: <i>Moving From Risk Management to Performance Management</i>.