Printer Friendly

Bringing risk management into the boardroom.

The stakes in risk management have never been higher. Especially for firms operating nationally or globally in technology- or asset-intensive industries, the potential for debilitating financial loss is great. At the same time, the accelerating pace of global competition and the resulting wave of corporate restructurings have created severe cost pressures on companies in virtually every industry. For the risk manager, this has meant job elimination, dwindling staffs and shrinking budgets.

With the stakes so high, and resources so precious, it is more important than ever for the risk manager to have a well-defined risk management strategy that articulates to executive management the vital role played by risk management in helping the company meet its goals. The challenge is not so much in crafting a risk management strategy that anticipates and advances the company's business objectives, but rather in communicating the strategy with words and pictures that grab management's attention and drive home risk management's acute importance.

One way to express the vitality of risk management, and thereby ensure that protecting the company's earnings and physical and human assets is foremost in the minds of top managers, is to tightly link risk management strategy to the company's corporate strategy and its components: competitive strategy, operating strategy and financial strategy. The benefits of intertwining risk management strategy and corporate strategy are many. For the risk manager, linking the two provides a framework for designing a risk management strategy that is comprehensive, cohesive and consistent. It also elevates risk management's importance by grounding it in concepts and thought patterns that are second nature to senior managers.

Meanwhile, the company benefits because potentially crippling exposures to loss are more widely understood and better managed.

While there are many possible definitions for risk management strategy, the framework for linking it with corporate strategy defines it as the sum of the choices risk managers and companies make with respect to risk assessment, risk control and risk finance. It is the interplay of these three disciplines that determines risk management strategy. The significance of this definition is illuminated by pairing each risk management discipline with its corporate strategy sibling: risk assessment with competitive strategy, risk control with operating strategy and risk finance with financial strategy. (See Exhibit 1.)


Risk management strategy begins with risk assessment. In turn, risk assessment - identifying, analyzing and quantifying the risks of financial loss a company faces, insurable or otherwise - is rooted in the company's competitive strategy.

To persuasively communicate risk assessment'$ relationship to competitive strategy, a risk manager must first strive to develop a thorough understanding of the company's strategy.

Every organization consciously seeks to occupy a place within its industry that will maximize its profit opportunity. Its policies, statements and actions that contribute to attaining or preserving this place make up its competitive strategy. In his book Competitive Strategy, Michael Porter identified five forces that influence competitive strategy: 1) the threat of new entrants to the industry; 2) the threat of substitute products or services; 3) the bargaining power of suppliers and 4) customers; and 5) the intensity of rivalry among the industry's existing competitors. A company's response to these five forces can take one or a combination of three basic strategic forms:

Cost Leadership. The company seeks to be the low-cost producer or service provider in its industry, enabling it to underprice its competitors yet still make a profit.

Differentiation. Instead of striving to achieve cost leadership, the company seeks a premium price for its product or service by distinguishing it in the marketplace through superior product features and/or outstanding customer service.

Focus. The company chooses a narrow product-market niche, such as a product targeted to a defined geographic region or to a precise subgroup of the population.

A company's competitive strategy must drive the assessment of its risks. The central question facing a risk manager when linking competitive strategy and risk assessment is: Given the company's strategic focus, what exposures to loss are likely to significantly impact the company's ability to manage its business(es), its earnings, its assets and its continued growth?

Failing to ask this question could lead a risk manager to an incomplete assessment of the company's risks, or worse, to a risk assessment that fails to adequately address the exposures likely to cause the company the greatest financial harm.

Some examples will help to show how a firm's competitive strategy informs risk assessment. One example is a retailer whose competitive strategy is to achieve cost leadership through ever-increasing operational scope and scale, and is therefore expanding into global markets and pursuing vertical integration in the manufacturing and supply chain. For this expanding retailer, a risk assessment rooted in its competitive strategy would focus on concentrations of property values exposed to loss, both in the United States and abroad; on the risks facing global flows of merchandise, information and people; and on the business interruption risks inherent in an interconnected supply and distribution network.

Another example is a manufacturer whose strategy is to achieve industry differentiation by appealing to affluent customers who are willing to pay more for branded products with a perceived value-added difference. For this company, risk assessment would focus on product quality and safety, including how the product is manufactured, sold, used and supported by service after the sale.

The last example is a pharmaceutical company seeking to grow by acquiring biotechnology companies with promising new products. Like the manufacturer seeking product differentiation, a risk assessment based on this company's competitive strategy would concentrate on product quality and safety, but would also focus during the due diligence process on assessing the known and potential liabilities of acquisition targets.


The second leg of risk management strategy is risk control. After bringing to senior management's attention the magnitudes and probabilities of pure loss implicit in the firm's competitive strategy, a risk manager should strive to ensure that his or her initiatives to control these risks are grounded in the organization's operating strategy.

Doing so will lead not only to measures with a greater likelihood of avoiding and reducing loss, but also to more effective communication of risk control's importance to the company.

A company's operating strategy has several dimensions. The first is the degree of organizational centralization or decentralization, either functionally or by business unit. The second dimension is the company's degree of operational flexibility. This determines how swiftly the company can modify the manufacture of products or delivery of services. The third dimension is the degree to which the company has skilled vs. unskilled workers in the labor force, as well as the concentration of union vs. non-union workers.

To illustrate the effect of a company's operating strategy on its risk assessment and risk control strategies, consider the example of a company - it could be a manufacturer or service provider - that has two deeply ingrained operational strategies: it employs the technique of stockless inventory, or just-in-time delivery of the inputs to the production or service delivery process, and it uses total quality management, or TQM.

Risk assessment and risk control efforts for this company would need to recognize that stockless inventory and TQM techniques create strong webs of interdependency within and between both related and unrelated companies. For this firm, a risk assessment rooted in its competitive strategy would pay dose attention to the exposure to direct and contingent business interruption losses stemming from perils affecting its - or its key suppliers'- operations. It also would focus on exposures arising from poor quality inputs entering the manufacturing or service delivery process.

Similarly, risk control initiatives grounded in the company's operating strategy would center risk avoidance and reduction techniques on supplier-partuers. They might take the form of assisting in the risk management efforts of these suppliers, or they could involve seeking multiple suppliers of critical parts, components or products.

Because of the rigorous requirements placed on suppliers by stockless production and TOM, however, the pool of qualifying vendors could be limited, making it difficult to find suitable alternates.

Also illuminating the need to match risk control strategy to operating strategy is the example of a decentralized company that comprises several autonomous business units. In such a firm, centralized risk control initiarives would have limited effectiveness because tactical and even strategic decisions are made locally. To carry clout, risk control measures would have to put incentives in place at the profit center level, perhaps in the form of a loss-sensitive, cost-of-risk allocation system. Business unit managers would then have a financial stake in risk control efforts. It goes without saying that such a system would need the input and active support of senior management, making the strategic framework outlined here all the more important to a risk manager as a communication tool.


The third leg of any risk management strategy is risk finance. As with the two previous risk management disciplines, to be truly effective, the financing of a company's risks should be tailored to its corporate strategy twin in this case, financial strategy.

A company's financial strategy is embodied in its policies and decisions with respect to such things as earnings goals, since some firms stress earnings growth while others emphasize earnings consistency. A firm's financial strategy is also contained in its capital structure, because all firms establish target ratios for maximum total indebtedness to total capital.

Tax policy also embodies financial strategy: some firms seek to maximize current deductions while others firms experiencing operating losses, for example - do not.

Also, some companies are more willing than others to assume audit risk, or the risk that aggressive deductions will invite IRS scrutiny.

Lastly, investment strategy is a key plank in financial strategy since each firm has a distinct risk personality when it comes to the kinds of businesses and securities in which it is willing to invest. Furthermore, each of the decisions companies make regarding earnings goals, capital structure, tax policy and investment strategy help to determine its overall cost of capital, which is a key yardstick for senior managers when considering the merits of alternative financing decisions.

To examine the importance of linking a risk finance program to a company's financial strategy, consider a company whose senior management seeks rapid growth in earnings; adheres to a reasonably conservative debt policy because its businesses are characterized by a high degree of operating leverage; wants to shelter as much income from taxation as possible; and desires to invest in high-growth businesses. At the same time, the company invests surplus cash in relatively low-risk securities while management scans for appropriate acquisition candidates.

In designing a risk finance program for a company with this financial profile, some tentative conclusions can be made. First, any surprises in the form of large unforeseen losses that might constrain or cripple the company's ability to grow would invite senior management's wrath, suggesting the need to transfer significant amounts of risk. Second, increases in total indebtedness, in the form of large self-insured reserves, might conflict with the company's capital structure targets. Third, current deductions for insurance premiums would assist in the sheltering of income. And last, investments in any risk financing vehicle - for example, in the form of funds dedicated to a captive insurer or other alternative risk finance program - would be weighed vis-a-vis other investments the company could make. Any scenarios that did not measure up to its cost of capital or other appropriate benchmarks would likely be rejected.

While there are many risk financing schemes that could support the conclusions drawn from this simple example, to fit snugly with the company's financial strategy at a minimum its risk finance program would have to transfer significant amounts of risk. Furthermore, while it may be simple, the example reinforces the need to match risk finance with financial strategy, and highlights the framework's usefulness in engineering a risk finance program and communicating its importance to senior management.


In addition to the framework for linking risk management strategy and corporate strategy, another way for risk management to gain currency among executive management is to ensure that its elements - assessment, control and finance - incorporate the key financial, accounting, tax and legal considerations employed by the company when making any strategic or tactical decision. (See Exhibit 2.)

The identification and quantification of the potential losses of earnings and resources arising from operational exposures is the first step in building an effective risk management program. Yet they are important, too, in the design and implementation of risk control measures. An effective way to measure the success of an investment in risk control is to quantify its cost/benefit or return on investment.

By definition, financial considerations are key to risk financing decisions. The questions a risk manager should answer in considering the merits of different programs are: How are investment decisions made at the company? What criteria are used? And, how will funds invested in a risk financing program be viewed vis-a-vis alternative investments?

However, accounting considerations generally are not important when assessing risk. They are more significant when making risk control decisions, inasmuch as the controls insisted upon by the company's inside and outside auditors contribute to controlling its fidelity, fiduciary and directors and officers risks. In contrast to risk assessment and control, however, accounting considerations are very important to risk financing decisions. To be consistent with financial strategy, any proposed risk finance program should recognize and incorporate the company's tax and financial accounting policies. A basic example of the importance of accounting considerations is that of the company weighing the benefits of a loss portfolio transfer.

If the cash required to transfer the presently self-insured liabilities to an insurer is less than the book value of those liabilities on its balance sheet, the company can recognize an accounting gain, and thus boost earnings. If, however, the book value of the liabilities is less than the cost of risk transfer, the transaction will have an adverse effect on earnings,


Tax considerations are not important to risk assessment, and generally are not germane to risk control decisions.

An exception to this generalization might be if an investment in risk control were to provide an investment tax credit. In such a case as this, a risk control decision should incorporate its relevant tax consequences. Tax considerations are very important to risk finance decisions, as was illustrated when financial strategy and risk finance were discussed earlier in this article.

Legal considerations are key in assessing a company's risks. The questions to ask are: What is the legal climate in each of the countries in which the company has operations?

What legal liabilities could arise from the pursuit of the company's business strategies, now and in the future?

Legal considerations are also important when making risk control decisions, especially with respect to the protection of workers, customers and the environment. Workers' compensation risk control is informed by Occupational Safety and Health Administration regulations, federal and state product safety laws help guide liability risk control, and federal and state Environmental Protection Agency requirements drive environmental risk control. Legal considerations also are important when making risk financing choices. The central question to answer is: What are the country, state and local legal requirements, restrictions and opportunities with respect to any proposed risk financing program?

Risk managers, like virtually everyone operating in today's leaner companies, must do more with less.

Furthermore, with flattened and more decentralized organizational structures, they must influence through persuasion rather than fiat. Therefore, the advantage goes to the risk manager who can craft a potent risk management strategy and communicate its vitality to executive management. In the end, effective risk management is the result of a sound risk management strategy that is grounded in the realities and culture of the company, and that has top management commitment. Proper packaging does not hurt, either.
COPYRIGHT 1993 Risk Management Society Publishing, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Ealy, Thomas V.
Publication:Risk Management
Date:Apr 1, 1993
Previous Article:Foreign insurers in the U.S. market.
Next Article:The evolution of risk management.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters