Why risk management is letting down companies and what to do
Trang 1 trong tổng số 1 trang
Why risk management is letting down companies and what to do
Pham Ha Chau 27/05/09, 10:29 pm
Bart Le Blanc is certainly reassured by the fact that risk management has "always been an integral part" of the company where he works. Urenco, a privately held joint venture with German, Dutch and British owners, is one of a handful of uranium-enrichment companies that supply fuel for nuclear reactors. Its centrifuge technology in the wrong hands could be used to enrich uranium used in nuclear weapons. For obvious reasons, Urenco's plants — three in Europe and one under construction in the US — are heavily regulated, requiring a ermanently "proactive risk management mindset" to keep safeguards in place, says Le Blanc, Urenco's CFO.
Yet the finance chief isn't one to rest easy. The company is growing fast, with its global market share rising from around 15% five years ago to nearly 25% today. As a result, Urenco's supply chain is being exposed to numerous new operational, as well as financial and strategic, risks. And with Urenco's executive team drawing up major investment plans to propel the company's growth even further, those risks are set to multiply. The challenge isn't lost on the CFO. Urenco's executive team is "very much aware" that selling its growth plans — with $2 billion in investments over the next two years — to the board and investors requires "a different and a more proactive risk approach for not only this investment project, but also across the business," Le Blanc says.
But what approach should that be? Le Blanc isn't the only CFO searching for the answer. As a burgeoning profession in its own right, risk management has developed in leaps and bounds. But the discipline is not nearly as effective as many executives would like. "Risk management should be an inherent part of good management," says Michael Power, director of the Centre for Analysis of Risk and Regulation at the London School of Economics. "But often it's not."
Consider, for example, the banking sector, where arguably the corporate world's most sophisticated risk
practitioners couldn't prevent, let alone foresee, the current financial crisis. As a result, confidence in companies' ability to identify and mitigate risks has been shaken, and stakeholders are looking for reassurance that they won't be let down again. "What isn't acceptable now is to roll forward old risk plans," suggests Gerard Gallagher, head of business risk services at Ernst & Young. "Many are no longer valid."
What's more, the downturn has shown CFOs how rapidly the array of strategic, financial and operational risks can change, with devastating results. According to a recent survey by the Federation of European Risk Management Associations, nearly half of 555 executives polled said that their companies weren't managing the full spectrum of risks. The survey also found a number of other shortcomings, ranging from a lack of clear policies or charter to weak centralised oversight. (See "Of Policies and Procedures" at the end of this article.)
So what has been holding the implementation of risk management back? One of the biggest restraints is complacency. Ever since Sarbanes-Oxley and the like came into force, risk management at many companies hasn't gone beyond regulatory box-ticking — or as Jonathan Hayward, CEO of corporate governance consultancy Independent Audit, puts it, "the year-end Turnbull process," referring to the UK's risk-reporting regulation. "That makes my heart sink."
No Excuses The one thing CFOs shouldn't do in their quest to smarten up risk management procedures is let the pendulum swing so that it "takes on a life of its own," says Hayward. "That's part of the reason why it's gone wrong over the past decade — risk managers tried to establish themselves as something distinct. I'm not advocating not having chief risk officers, but the existence of a CRO can be used as an excuse for boards not being aware of what the risks are or which controls are in place."
On this point, companies outside of the financial services industry should take heart, he says. Their risk management "is not so far down the road," Hayward says, "and that's partly an advantage." Banks, he believes, have become over-dependent on data-driven quantitative analyses and esoteric mathematical models, while "corporations haven't fallen into that trap."
MAN, a €15.5 billion German commercial vehicles, engines and engineering company, is a case in point. Rather than relying on complex "mathematical models that bankers thought they could use to help manage themselves out of [the downturn]," CFO Karlheinz Hornung is armed with an arsenal of simple tools.
One of these that Hornung says he is "a big fan" of is a traffic-light system — MAN uses four levels, with the first signalling risks with the lowest potential for disruption, and the fourth signalling the highest risk. A risk will be reported to the board if it reaches the third or fourth light, "but I see any risk that is at the first or second light because it might escalate," explains Hornung, who jokingly refers to himself as the company's de facto chief risk officer.
A new aspect of MAN's risk practice is what Hornung calls "scenario budgeting." This sits alongside the raditional annual budget process and serves as an early-warning system, giving the company a range of plans to help it respond to changes in market conditions. The CFO describes it as "a key way to show [operational colleagues] that risk management isn't just a legal obligation, but an instrument to help them manage their businesses better."
(Internet)
Yet the finance chief isn't one to rest easy. The company is growing fast, with its global market share rising from around 15% five years ago to nearly 25% today. As a result, Urenco's supply chain is being exposed to numerous new operational, as well as financial and strategic, risks. And with Urenco's executive team drawing up major investment plans to propel the company's growth even further, those risks are set to multiply. The challenge isn't lost on the CFO. Urenco's executive team is "very much aware" that selling its growth plans — with $2 billion in investments over the next two years — to the board and investors requires "a different and a more proactive risk approach for not only this investment project, but also across the business," Le Blanc says.
But what approach should that be? Le Blanc isn't the only CFO searching for the answer. As a burgeoning profession in its own right, risk management has developed in leaps and bounds. But the discipline is not nearly as effective as many executives would like. "Risk management should be an inherent part of good management," says Michael Power, director of the Centre for Analysis of Risk and Regulation at the London School of Economics. "But often it's not."
Consider, for example, the banking sector, where arguably the corporate world's most sophisticated risk
practitioners couldn't prevent, let alone foresee, the current financial crisis. As a result, confidence in companies' ability to identify and mitigate risks has been shaken, and stakeholders are looking for reassurance that they won't be let down again. "What isn't acceptable now is to roll forward old risk plans," suggests Gerard Gallagher, head of business risk services at Ernst & Young. "Many are no longer valid."
What's more, the downturn has shown CFOs how rapidly the array of strategic, financial and operational risks can change, with devastating results. According to a recent survey by the Federation of European Risk Management Associations, nearly half of 555 executives polled said that their companies weren't managing the full spectrum of risks. The survey also found a number of other shortcomings, ranging from a lack of clear policies or charter to weak centralised oversight. (See "Of Policies and Procedures" at the end of this article.)
So what has been holding the implementation of risk management back? One of the biggest restraints is complacency. Ever since Sarbanes-Oxley and the like came into force, risk management at many companies hasn't gone beyond regulatory box-ticking — or as Jonathan Hayward, CEO of corporate governance consultancy Independent Audit, puts it, "the year-end Turnbull process," referring to the UK's risk-reporting regulation. "That makes my heart sink."
No Excuses The one thing CFOs shouldn't do in their quest to smarten up risk management procedures is let the pendulum swing so that it "takes on a life of its own," says Hayward. "That's part of the reason why it's gone wrong over the past decade — risk managers tried to establish themselves as something distinct. I'm not advocating not having chief risk officers, but the existence of a CRO can be used as an excuse for boards not being aware of what the risks are or which controls are in place."
On this point, companies outside of the financial services industry should take heart, he says. Their risk management "is not so far down the road," Hayward says, "and that's partly an advantage." Banks, he believes, have become over-dependent on data-driven quantitative analyses and esoteric mathematical models, while "corporations haven't fallen into that trap."
MAN, a €15.5 billion German commercial vehicles, engines and engineering company, is a case in point. Rather than relying on complex "mathematical models that bankers thought they could use to help manage themselves out of [the downturn]," CFO Karlheinz Hornung is armed with an arsenal of simple tools.
One of these that Hornung says he is "a big fan" of is a traffic-light system — MAN uses four levels, with the first signalling risks with the lowest potential for disruption, and the fourth signalling the highest risk. A risk will be reported to the board if it reaches the third or fourth light, "but I see any risk that is at the first or second light because it might escalate," explains Hornung, who jokingly refers to himself as the company's de facto chief risk officer.
A new aspect of MAN's risk practice is what Hornung calls "scenario budgeting." This sits alongside the raditional annual budget process and serves as an early-warning system, giving the company a range of plans to help it respond to changes in market conditions. The CFO describes it as "a key way to show [operational colleagues] that risk management isn't just a legal obligation, but an instrument to help them manage their businesses better."
(Internet)
Pham Ha Chau- Thành viên chăm chỉ
- Tổng số bài gửi : 11
Join date : 24/04/2009
Age : 49
Trang 1 trong tổng số 1 trang
Permissions in this forum:
Bạn không có quyền trả lời bài viết|
|
|