Here is a story to make any CFO shudder. The treasury department of a major automotive company, noticing that platinum prices were forecast to rise, tied one of its major suppliers to a long-term, high-volume, fixed-price contract.
Finance managers congratulated themselves on a deal well done, not knowing that, at that very moment, their R&D department was developing a new method of making cars that used a lot less platinum. The end result? A senior finance manager, who had done the sensible thing – on the basis of the information he possessed – paid for this organizational dysfunction with an unwanted early retirement.
John Farrell, a Global Advisory Partner for KPMG in the US who is an expert in risk and compliance, says this story illustrates why the management of risk is too serious and complex to be handled entirely by a chief risk officer.
“Organizations need to realize there are two aspects to risk: control and content. Controlling risk might be a task for a select few in the risk function, but every employee is responsible for the content of a risk and should be able to articulate what they see as a growing risk, confident that their assessment of pending danger will be fed into a process which monitors concerns.”
Magnifying, Multiplying
Gunter Dufey, Professor of Finance at the Michigan Ross School of Business, identifies five major types of risk which can impact companies:
- strategic (the risk that plans will fail)
- financial (controls might fail)
- operational (human error)
- commercial (the risk of business interruption)
- technical (the risk of assets failing or being damaged)
This categorization is helpfully reassuring, but the insurance giant Swiss Re’s list of significant risks – which includes everything from a warning that skin cancer from sunburn could cost the construction industry billions in damages to the observation that one in three countries has absolutely no plan to deal with bird flu – is an unsettling reminder of just how many variables are involved.
Risks are magnifying and multiplying. In the UK, many companies are struggling to understand how the new Bribery Act will affect their business, especially in developing markets. Systemic risk – be it another economic meltdown or a global pandemic – can keep scenario forecasters fully occupied for the rest of their working lives. There are so many variables that any business’s attempt to assess, manage and control risk might seem doomed.
Dufey says: “There’s an old saying in the risk business that the only perfect hedge is in a Japanese garden. Companies now must deal with risks – for which we have historical information which we can use to measure their impact – and uncertainties, for which there is no known historical precedent so we have no way of knowing how they will impact us. If an airline hedges against the price of fuel, that is a risk. What is happening in the Middle East right now is an uncertainty.”
CFOs and CEOs can’t do much about uncertainties, but they can help their companies manage risk more effectively. “Every entity exists to create value for its stakeholders,” says Dufey.
“Value is created, preserved or eroded by management decisions in every aspect of a company’s activity: from setting strategy to operating the enterprise. And all important decisions are fraught with risk.”
Without risk, there is no profit. So the goal isn’t to minimize the risks a company takes, but to choose the level of risk that will best maximize shareholder value.
Defining that level of risk is crucial – but so is ensuring the company doesn’t take on more or less risk than is necessary. That is why many companies have risk councils and why practitioners frequently emphasize the importance of consultation, reliable business information, early warning mechanisms, changing employee behaviour and the creation and application of fundamental controls.
No Magic Bullet
Since the recent economic crisis, many companies desperate to identify the next big emerging risk have spent much unproductive time and money, Farrell says, looking for “a magic solution which will home in on the gravest danger and eliminate it with a minimum of fuss.”
There is no such thing. Companies need to realize that identifying risk isn’t just about looking around corners or scanning horizons. “Emerging risks do not appear as something an eagle-eyed observer with a telescope might spot,” says Farrell. “They frequently arise from within – as a direct consequence of management actions.”
Ironically, given that the economic crisis was triggered by a colossal failure of risk management in certain parts of the finance industry, one risk many CFOs felt obliged to take to ride out the ensuing storm was to downsize their risk management function.
The folly of the ‘do more for less’ approach to risk management was graphically illustrated by last year’s Fukushima disaster, which left many companies realizing how poorly they understood the risks to their suppliers. One factory, which made one fifth of the world’s silicon wafers (a vital computer component), was only 40 miles away from Fukushima and had to shut temporarily.
Culture and Risk
Upsizing risk management departments is a straightforward task, but the factors which can change a company’s risk profile are complex, cultural and easily missed.
Let’s start with an obvious one. Senior managers make a presentation to the board arguing for investment in a new pet project. So far, so straightforward.
But Dufey says even this everyday ritual has hidden risks. “The people who run companies – and lead projects – are optimists. They have to be because if they weren’t, they wouldn’t be any good at their job.”
“But because they are optimists, there is an in-built bias in favour of action. If a manager’s selling you a project, they’re not going to highlight everything that could go wrong.”
At this point, the culture of a company becomes critical. If managers are not encouraged to realistically appraise risk, it is left to the chief risk officer – or the manager’s boss – to act the killjoy and highlight the potential downsides. In such a situation, where risk is not thoroughly analysed or represented by one voice, there is an inherent bias in favour of action.
The official report by the court-appointed examiner into Lehman Brothers’ collapse found that the ailing investment bank made a deliberate decision to seek out risk – then ignored voices of reason as it “significantly and repeatedly exceeded its own internal risk limits and controls.”
Farrell says: “If you’re proposing to build a factory in Florida, you can easily calculate the risk that it will be hit by a tornado. But there are also many other less tangible risks.”
“How robust is your supply chain? Could technology affect the demand for the product you’re manufacturing? What are the chances that construction might be delayed pending approval by the authorities? You need to be sure you have the thinking and the techniques in place to consider all the possible risk ramifications that could arise from such a decision.”
If companies don’t have such thinking and techniques in place, their risk profile could change without them realizing it. Dufey says: “I can understand why many companies want to appoint chief risk officers, but the danger is that other managers abandon their responsibility for assessing risk.”
Return on Investment
One of the difficulties is that many leaders fail to understand the ROI in risk management. “If risks are managed properly, the disaster never happens and managers don’t even notice,” says Dufey.
That ROI may not be as straightforward as investing in a new product or new plant, but it does exist.
In an industry – and a market – as volatile as technology, Microsoft has cushioned itself against risk, keeping costs flexible by using more temporary workers than its rivals and maintaining a low leverage.
Some mismanagements of risk can prove fatal. Take the case of Hechinger, an American retailer of do-it-yourself (DIY) products that relied on its suppliers for financing. In 1999, one default on an interest repayment prompted anxious suppliers to slash their credit, intensifying the firm’s credit crunch so it couldn’t adequately stock its own stores. As customers deserted, Hechinger went into liquidation.
The repercussions are not always that stark in the short term, but they can significantly affect long-term outcomes. Every change of strategy can alter a company’s risk profile and that shift can, in turn, increase, protect or destroy value.
And sometimes, Farrell says, new risks can be created by the ripple effect as a dozen variables change throughout the business. If the controls, capabilities and culture of a company aren’t right, these emerging risks can eventually pose a substantial threat.
Setting the Example
With the swings of the business cycle becoming more extreme, the pace of change accelerating and the value of a company’s reputation ever more fragile, mismanaged risks can do serious damage very quickly. That is one reason, Farrell says, why CEOs and CFOs need to take the lead.
“You can’t change your risk management culture if the impetus is coming from the risk management function alone. The company leadership must drive the change. But it is important for them to realize that senior and middle managers often influence behavior and set the tone. Many employees will take their attitude to risk from their immediate supervisor.”
Making sure the message is consistent from top to bottom is especially important in large organizations. Farrell says: “Sometimes, without the leadership knowing, mid-level managers may have decision-making authority that could put millions or billions of dollars at risk.”
The most powerful lesson CEOs and CFOs should take from all this is that sometimes the biggest risk to a business can be themselves.
Trans World Airlines was one of the most innovative companies in the aviation industry. In its heyday, TWA seemed too big to fail. But Charles C. Tillinghast Jr, the TWA boss from 1961 to 1976, made two colossal misjudgements.
His insistence that “there’s no money in the Pacific and there’s no money in cargo” was a strategic error that started this famous company’s gradual decline – it filed for bankruptcy in 1992. With a risk management culture that encouraged staff to feed back their views of the risks of misreading the market, TWA might still be flying today.
Five Emerging Risks You Need to Understand
Infrastructure
A booming global population, urbanization and the need to be more competitive are pressing governments to invest in infrastructure. The OECD says the world needs a US$60 trillion boost to infrastructure by 2030, but so far only 40% of that has been pledged. As supply chains now traverse the globe, this underspend could threaten sourcing networks.
Environment
The risks of environmental damage are graphically illustrated on news bulletins. But headlines only tell part of the story. Green risks are many, varied and some don’t even figure on the media radar – in the US, for example, many bee colonies are shrinking by 80%. This mysterious carnage will, if it continues, pose a threat to US$15 billion of crops that depend on bee pollination.
Regulation
Europe’s bankers are fretting over a web of new regulations which, one study suggests, could wipe out 37% of their profits. Oil and mineral giants are nervous about sudden, expensive windfall taxes. Insurance companies in California are furious about new regulation of home and health insurance. Uncertainty over regulation – at state, national and global level – affects all.
Commodities
In June 2010, wheat cost US$4.25 a bushel. Three months later, you couldn’t have bought a bushel for less than US$8. The spike caught out many farmers, who had sold their stocks on forward contracts when prices were low. Such volatility is in danger of becoming the norm. Extreme swings can be self-perpetuating, as suppliers and buyers try to second-guess the market.
Innovation
For many companies, innovation isn’t a cultural value, it’s a guarantor of profitability. But with R&D globalized and dispersed – many centers are based in emerging markets – there is a growing risk that innovations get lost in bureaucracy or don’t achieve creative momentum. Companies may make the wrong cuts, and become, in innovation terms, one-hit wonders.
About the Author
Paul Simpson is Editor of KPMG Agenda Magazine. This article is
an extract from the November/December 2011 issue of KPMG Agenda, the website on advisory and other issues by KPMG, a global network of professional firms providing audit, tax and advisory services.
Orignal Author:
Paul Simpson, KPMG Agenda Magazine
Related articles
0 comments
Print
Digg