The concept of corporate risk

Andrew Sawers Risk is inherently both an opportunity and a
challenge and yet the failure to identify and manage strategic risk is probably
the single biggest destroyer of economic value. That’s why understanding and
managing risk is probably the number one priority for corporate boards in
general and for finance teams in particular.

Sir Paul Judge, one of the aims of the RSA is “encouraging enterprise”. So
what is the purpose of the RSA Risk Commission and what are the possible lessons
for businesses that might come out of that?

Sir Paul Judge The RSA Risk Commission was set up to bring
some balance to the understanding and discussion of risk. As you quite rightly
say it’s a combination of opportunity and challenge. But often the risk ­ the
downside ­ gets the publicity and the upside doesn’t. We all read about the
planes that crash, but not that at any one time there are 8,000 planes flying
around the world, that four million people take a commercial aircraft every day.
And the same thing is true in the corporate world: people read about the
problems with business but don’t necessarily read and hear about and understand
the benefits of business and all the good work business is doing. What we are
trying to do through having a very eminent group of commissioners is to try and
bring a balance to that debate and to look at both sides.

Sawers Ken Lever, it was your words that I was using in the
beginning when I said the failure to identify and manage strategic risk is the
most significant destroyer of economic value. How is that? What sort of risk
failures did you have in mind?
Ken Lever Strategic risk tends to be very much more fundamental [than financial
or operational risk]. There is a lot of risk research being done and the
significant destroyers of value have often been businesses that have gone that
one step too far. Frequently, it can be associated with acquisitions where there
has been a failure to properly assess the direction that a business is going in.
Marconi is a good example where it chose a particular track to go down and
clearly that turned out to be fraught with danger, it wasn’t properly evaluated,
it overpaid for a number of businesses that they acquired and that led to the
downfall of the Marconi business.

Sawers Corporate risk has been around for quite some time.
So what’s led to corporate risk being given such prominence now?

Ian Smith Things are tougher in the global marketplace.
Making mistakes tends to have a consequence. But it is a different world now:
the regulatory interventions of Sarbanes-Oxley and others mean that you should
be more aware of what your corporate governance processes are. All companies
needed to have process and procedures documented and reviewed and evaluated and
amended if they weren’t right. Companies should have been making sure that their
employees knew what was going on in their business, that they were part of a
balanced scorecard so that you could actually see what the corporation was
trying to achieve.

The irony is that a lot of people mix up processes and procedures with
bureaucracy and they miss the point that if you can simplify and standardise
your processes and automate them, that frees up people to be creative. Too many
companies have manual processes that they are expecting their people to
re-invent every five minutes rather than allowing the systems, the processes,
the secure way of doing business to happen.

One of the weaknesses of Marconi was that it acquired many companies but left
them standalone in a very fluid marketplace. It was very interesting that it was
Cisco that first noticed that the dotcom bubble had burst and it was a long time
before Marconi realised because it delegated a lot of responsibility to the
companies that they acquired and all the messages that they were getting was
that the forecast is fine.

Sawers What do you think is the unique role that finance can
bring to risk assessment?

Richard Raeburn Finance people start, one would hope, with
the toolset of understanding the identification and the measurement of financial
risk. But the challenge for finance people is to break out of the box and be
able to apply those tools and techniques in ground which is not typically the
province of the finance staff. That is when you begin to get issues around
enterprise risk and defining a common language of risk, so that you can have a
more value-added debate at a risk committee level and also have a much better
dataset in front of that risk committee.

Sawers One of our viewers says: “Stuff happens” and really
what we need is a culture of contingency planning because things will go wrong.
So how can you bring about that sort of a culture in an organisation?

Lever I think it is quite difficult to do. A lot of
organisations talk about things like scenario planning, disaster planning and so
on, but frequently they don’t actually do it terribly well because you are
asking them to think about situations which are almost unimaginable and then get
them to come up with some actions as to how they are going to address that
unimaginable. Often, the people who do it best are the ones who have been hit by
something [in the past] that comes in from left field, that they didn’t expect.
Because they have had the experience of that hindsight they can frequently say:
“Well, actually, we do need to think about it”. Often if you have got people who
haven’t had that sort of experience, they don’t ever imagine that it might
occur.

Sir Paul At Premier Brands we had three things that
happened, none of which I think could have been predicted. One was to do with a
paperclip, one to do with a television show and one to do with a magnetic
spectrometer. The television show was Esther Rantzen [That’s Life] where there
was a promotion we had and she held up the tin of Cadbury’s drinking chocolate
and said “Is this promotion safe for children?”. And nobody was ever injured and
nothing ever happened. But because of that, on the Monday morning the
supermarkets all phoned up and we had to clear the shelves. Nobody could have
predicted that ­ it cost us £200,000.

We had a paperclip where some well-meaning person in the receivables
department clipped together the invoice to Sainsbury with the invoice to
KwikSave. This was not good news because they had different prices. And we had a
very traumatic period.

And the spectrometer issue was that some scientist found dioxin in our teabag
paper. This sounded pretty bad because dioxin causes cancer. Investigation
showed that there was no more dioxin in our teabag paper than there was in the
general atmosphere, but nevertheless it was a potentially lethal headline.

The lesson from that was not having a risk management culture and lots of
committees; the lessons from each of those three was to have a management team
that can react very quickly, to cut through the bureaucracy and make whatever
decisions were necessary. The idea that you could react to those sort of things
through a committee system I find quite difficult. You can have committees to
look at opportunities and to make sure that everything has been evaluated before
the big decisions are finally endorsed. But to try to guess every possibility on
the downside is ridiculous as it is in private life.

Raeburn In my experience there is a very healthy process in
a well-functioning risk workshop, where we apply a pyramid process so that
ultimately only the most significant material risk comes to the board, but in
the process of winnowing upwards I think it isn’t actually a negative process,
it is actually about opening up the awareness of, “Where do we receive reward
for taking risk?” ­ which is clearly what fundamentally this debate is about and
trying to encourage prudent taking of risk.

Lever I think it is very important to have a process in place and that should
be an open process so that people can participate actively. And I think there
needs to be transparent reporting of risks externally because it will impact
ultimately the cost of capital of the business.

Sir Paul If you have a fairly steady utility-type business you don’t need a
lot of risk, you need a lot of protection of the downside. If you are in a very
innovative area you really need to encourage the innovation and not worry quite
so much about the downside. So it is “horses for courses”, but you need to look
at both the risk and the opportunity and every board and indeed every manager
needs to look at that.