The concept of corporate risk

Andrew Sawers Risk is inherently both an opportunity and a challenge and yet the failure to identify and manage strategic risk is probably the single biggest destroyer of economic value. That’s why understanding and managing risk is probably the number one priority for corporate boards in general and for finance teams in particular.

Sir Paul Judge, one of the aims of the RSA is “encouraging enterprise”. So what is the purpose of the RSA Risk Commission and what are the possible lessons for businesses that might come out of that?

Sir Paul Judge The RSA Risk Commission was set up to bring some balance to the understanding and discussion of risk. As you quite rightly say it’s a combination of opportunity and challenge. But often the risk ­ the downside ­ gets the publicity and the upside doesn’t. We all read about the planes that crash, but not that at any one time there are 8,000 planes flying around the world, that four million people take a commercial aircraft every day. And the same thing is true in the corporate world: people read about the problems with business but don’t necessarily read and hear about and understand the benefits of business and all the good work business is doing. What we are trying to do through having a very eminent group of commissioners is to try and bring a balance to that debate and to look at both sides.

Sawers Ken Lever, it was your words that I was using in the beginning when I said the failure to identify and manage strategic risk is the most significant destroyer of economic value. How is that? What sort of risk failures did you have in mind?
Ken Lever Strategic risk tends to be very much more fundamental [than financial or operational risk]. There is a lot of risk research being done and the significant destroyers of value have often been businesses that have gone that one step too far. Frequently, it can be associated with acquisitions where there has been a failure to properly assess the direction that a business is going in. Marconi is a good example where it chose a particular track to go down and clearly that turned out to be fraught with danger, it wasn’t properly evaluated, it overpaid for a number of businesses that they acquired and that led to the downfall of the Marconi business.

Sawers Corporate risk has been around for quite some time. So what’s led to corporate risk being given such prominence now?

Ian Smith Things are tougher in the global marketplace. Making mistakes tends to have a consequence. But it is a different world now: the regulatory interventions of Sarbanes-Oxley and others mean that you should be more aware of what your corporate governance processes are. All companies needed to have process and procedures documented and reviewed and evaluated and amended if they weren’t right. Companies should have been making sure that their employees knew what was going on in their business, that they were part of a balanced scorecard so that you could actually see what the corporation was trying to achieve.

The irony is that a lot of people mix up processes and procedures with bureaucracy and they miss the point that if you can simplify and standardise your processes and automate them, that frees up people to be creative. Too many companies have manual processes that they are expecting their people to re-invent every five minutes rather than allowing the systems, the processes, the secure way of doing business to happen.

One of the weaknesses of Marconi was that it acquired many companies but left them standalone in a very fluid marketplace. It was very interesting that it was Cisco that first noticed that the dotcom bubble had burst and it was a long time before Marconi realised because it delegated a lot of responsibility to the companies that they acquired and all the messages that they were getting was that the forecast is fine.

Sawers What do you think is the unique role that finance can bring to risk assessment?

Richard Raeburn Finance people start, one would hope, with the toolset of understanding the identification and the measurement of financial risk. But the challenge for finance people is to break out of the box and be able to apply those tools and techniques in ground which is not typically the province of the finance staff. That is when you begin to get issues around enterprise risk and defining a common language of risk, so that you can have a more value-added debate at a risk committee level and also have a much better dataset in front of that risk committee.

Sawers One of our viewers says: “Stuff happens” and really what we need is a culture of contingency planning because things will go wrong. So how can you bring about that sort of a culture in an organisation?

Lever I think it is quite difficult to do. A lot of organisations talk about things like scenario planning, disaster planning and so on, but frequently they don’t actually do it terribly well because you are asking them to think about situations which are almost unimaginable and then get them to come up with some actions as to how they are going to address that unimaginable. Often, the people who do it best are the ones who have been hit by something [in the past] that comes in from left field, that they didn’t expect. Because they have had the experience of that hindsight they can frequently say: “Well, actually, we do need to think about it”. Often if you have got people who haven’t had that sort of experience, they don’t ever imagine that it might occur.

Sir Paul At Premier Brands we had three things that happened, none of which I think could have been predicted. One was to do with a paperclip, one to do with a television show and one to do with a magnetic spectrometer. The television show was Esther Rantzen [That’s Life] where there was a promotion we had and she held up the tin of Cadbury’s drinking chocolate and said “Is this promotion safe for children?”. And nobody was ever injured and nothing ever happened. But because of that, on the Monday morning the supermarkets all phoned up and we had to clear the shelves. Nobody could have predicted that ­ it cost us £200,000.

We had a paperclip where some well-meaning person in the receivables department clipped together the invoice to Sainsbury with the invoice to KwikSave. This was not good news because they had different prices. And we had a very traumatic period.

And the spectrometer issue was that some scientist found dioxin in our teabag paper. This sounded pretty bad because dioxin causes cancer. Investigation showed that there was no more dioxin in our teabag paper than there was in the general atmosphere, but nevertheless it was a potentially lethal headline.

The lesson from that was not having a risk management culture and lots of committees; the lessons from each of those three was to have a management team that can react very quickly, to cut through the bureaucracy and make whatever decisions were necessary. The idea that you could react to those sort of things through a committee system I find quite difficult. You can have committees to look at opportunities and to make sure that everything has been evaluated before the big decisions are finally endorsed. But to try to guess every possibility on the downside is ridiculous as it is in private life.

Raeburn In my experience there is a very healthy process in a well-functioning risk workshop, where we apply a pyramid process so that ultimately only the most significant material risk comes to the board, but in the process of winnowing upwards I think it isn’t actually a negative process, it is actually about opening up the awareness of, “Where do we receive reward for taking risk?” ­ which is clearly what fundamentally this debate is about and trying to encourage prudent taking of risk.

Lever I think it is very important to have a process in place and that should be an open process so that people can participate actively. And I think there needs to be transparent reporting of risks externally because it will impact ultimately the cost of capital of the business.

Sir Paul If you have a fairly steady utility-type business you don’t need a lot of risk, you need a lot of protection of the downside. If you are in a very innovative area you really need to encourage the innovation and not worry quite so much about the downside. So it is “horses for courses”, but you need to look at both the risk and the opportunity and every board and indeed every manager needs to look at that.