Establish Value by Connecting to Business Objectives (Step 2 of 15)

Part of Build a Strong Business Case

Use this toolkit to develop and pitch a winning business case for your risk, compliance, internal audit or any other risk-related program, large or small!

Part of Build a Strong Business Case

Use this toolkit to develop and pitch a winning business case for your risk, compliance, internal audit or any other risk-related program, large or small!

Establish Value by Connecting to Business Objectives (Step 2 of 15)
Article filed in Business Case

Connect to the business strategy by drawing direct lines from business objectives to the needs/solution and outline the way this idea should be measured.

Every organization has a strategy and many document it using structured tools such as the Balanced Scorecard/Strategy Maps or OKRs (objectives and key results). These tools make explicit the organization’s mission, vision, values, objectives and key initiatives.

The most direct way to establish how your solution will provide value to the organization is to connect to these strategic hooks; and to do it from the very beginning.

Not all objectives are equal and you will find that in any given month, in any given quarter and in any given year, certain objectives may take higher or lower priority. When building your case for a risk-based initiatives, start with those objectives that the executive committee has top of mind -- not those that you think “should” be top of mind -- those that are ARE top of mind TODAY.

Make sure to map the points of connection between your initiative and the organization’s strategy.

The more alignment you demonstrate with business objectives and key priorities, the more relevant your project will feel to the audience, which may or may not include the owners (or even developers) of the company’s strategic direction.

Remember, make sure that you connect with those objectives that are priorities TODAY.

Common Mistakes

As risk leaders, we typically hatch a plan to achieve the objective of managing risk in one way or another including: operational risk, compliance risk, conduct risk, legal risk, IT risk and the way management gains assurance that risk is being managed properly.

That’s understandable from our perspective, of course.

However, asking the executive committee for resources to improve YOUR operation, so YOU can address risk isn’t enough!

In other words, managing risk for the sake of managing risk isn’t enough!

That approach places your risk-based initiative among the many other business initiatives that the executive committee must vet and approve. And, these other initiatives are more “naturally” connected to the business objectives that are top of mind.

You must frame your initiative against a backdrop of existing and important business objectives. You must show the C-Suite how your idea supports THEIR objectives. And their objectives tend to be quite a bit different, broader, and more complex than simply managing risk.

Which objectives?

What might those business objectives be? Using the Balanced Scorecard, business objectives might fall under four perspectives: Economic Perspective, Customer Perspective, Internal Perspective and Enabling Perspective.

Some sample business objectives might be to:

  1. Increase profitability by reducing costs (Economic)
  2. Expand into new markets to increase net new revenue (Economic)
  3. Enhance reputation with customers (Customer)
  4. Improve innovation to deliver new products (Internal and Enabling)

What kinds of connections?

Then you can connect your initiative into those business objectives. For example when exploring a third party management solution:

  1. More automated third party systems can help to reduce costs
  2. Stronger third party due diligence can: accelerate expansion into new markets
  3. Stronger vetting of third parties reduces the risk that we will do business with questionable vendors; and thus reduce the risk that our reputation will be tarnished
  4. Faster and more agile third party vetting allows us to connect with smaller more nimble third parties in emerging economies that can help us develop more innovative products more quickly; and do so without increasing the risk that we work with a questionable vendor.

Or consider a more strategic example. If a top business objective is to avoid reputation harm, that means your business wants better insight into its supply chain — to reduce the risk of, say, human trafficking in your finished goods. That will require a better ability at due diligence and vendor risk management.

A shrewd business case here is to frame better due diligence and third-party oversight as a means to make your own company a better third party: your customers no longer have to worry about the fourth parties in their supply chain, because those businesses are your third parties, and you have them properly vetted.


You see, connecting your initiative to business objectives is really about giving primacy to the business and recognizing that risk-based work serves the goals of the business and not the goals of a risk-based department (risk management, compliance, internal audit, IT security, etc.)

And, whenever you communicate about your initiative, formally or informally, make sure to vocalize this primacy.

Always discuss business objectives first, to communicate that everyone — including you — has the organization’s most important priorities at heart.

Then talk about the value your initiative delivers given these objectives.

Define metrics that matter

More detailed metrics will be developed once you choose a specific solution. However, even at this early stage, you should begin selecting metrics that matter based on the value you plan to deliver to the organization. These metrics will help you keep an eye on what matters to the organization as you shape your options and solution.

Using the example of a third-party management solution, you might consider these Key Performance Indicators:

  • Economic Performance
  • Revenue generated in new geographies increases XX% (Yes, we will use this measure because our solution plays a role!)
  • Efficiency / Cost
  • Costs to vet third parties decreases XX%
  • Number of third parties vetted per staff person increases XX%
  • Agility / Cycle Time
  • Number of days to vet third party vendor decreases XX%
  • Effectiveness / Quality
  • Number of errors in third party contracts decreases XX%
  • Number confirmed vendor issues decreases XX%
  • Culture / Perceptions
  • Employee perceptions that vendors are “doing the right thing” increases XX%
  • Management perception of the third party management process increases XX%

Now, you might not be able to select specific targets yet. But simply having a handle on the scope of change that you (and others) find compelling will determine the kind of solution you begin to propose/plan.

For example, decreasing costs 5 percent is a very different goal than decreasing costs by 50 percent. Improving cycle time by 100 percent is a very different goal than improving cycle time by 10 percent. Figuring out your scale of change at this early stage helps to shape they way you approach the rest of the business case.