Escolar Documentos
Profissional Documentos
Cultura Documentos
PII: S0024-6301(99)00052-7
415
multi-national companies, both nancial and industrial.
The tree of modern risk management has its roots
in a number of unrelated disciplines. Military risk
analysis led to the evolution of operational
research.4 Personal and commercial risks generated
the insurance and actuarial approach to risk management.5 Strategic risk analysis and the recognition
that the future may not be like the past gave birth to
scenario planning.6 Another approach is the use of
option pricing theory to view different alternatives.7
Currency, interest and credit risks generated a banking approach to risk management and various hedging instruments.8 Operational and environmental
risk management gave rise to contingency planning
approaches.9 With the millennium bug almost upon
us, the risks of computer failure are generating their
own management science.10 All of these focused
contributions add value to our understanding of
risk.
can be used by top management to guide the development of the risk management process, the organizational structure and the culture towards a best
practice approach, incorporating all aspects of risk.
It is a systematic approach to managing risk. It can
be viewed as enterprise-wide risk management
because it addresses all of a company's risks at an
enterprise or strategic level.
Denition
August 1999
416
Large
Stake
Financial gain or loss
Strategic position
Reputation/image
Existence/health
Sense of security
Risk
Small
Low
High
Validity of data
Validity of process
Risk tradeoffs
Inputs
Data on the
firm's
environment
Opportunities
Threats
Scanning for
Opportunities
Threats
Sizing
Evaluation
Stakeholder
appetites
Trade-offs
Risk
Strategy
Development
Options
Selection
Action
Planning
Learning
Outputs
Implementation
Returns
commensurate
with risks
Avoidance of
catastrophes
Contingency
plans
Speed
417
Once the opportunities and threats are assessed,
management needs to decide what are its risk tolerance levels and its goals for risks and returns.
Companies such as Shell and BP have close to a
zero tolerance for environmental risk due to the potentially huge impacts on their reputations of
catastrophes, let alone the immediate nancial
impacts. Different investor groups usually have
different risk reward appetites. Widows and orphans
clearly wish to take fewer risks than vulture funds
and venture capitalists. The latter also expect higher
returns.
Management needs to develop a risk management
vision and strategy based on the risk environment
and stakeholders' risk appetite. The overall strategy
for risk management should include the risk management philosophy and organizational responsibility. Policy choices can range from a highly
centralized `controller' model (as evidenced by some
nancial institutions like J. P. Morgan) to a highly
de-centralized and autonomous risk policy (as evidenced by GE and its subsidiaries). From our benchmarking for clients, best practice companies have an
explicit and widely understood risk management
charter or policy document.
Like matter, risk cannot be destroyed. It can only
be changed from one form to another. This is shown
in Figure 3. There are clear trade-offs between risk
reducing activities. Risk can be reduced but only by
Alliances
Greater Analysis
Portfolio Spread
Smaller Scale
Focus on Core
Business
No Risk
Consequences of
Management
Approaches
No Returns
Lower Returns,
Opportunities for
Competitors,
Sub Scale Risks
Restricted to
Core Returns
Average Returns
Slower Returns,
Competitive Threats
FIG. 3. Like matter, risk cannot be destroyed. It can only change from one form to another.
Long Range Planning Vol. 32
August 1999
418
Stake
Management
Competencies
Examples
. Scale to absorb
bigger projects
Ability to manage
high stakes
. Alliance skills to
Greatest
Competitive
Advantage
. Use of government
share stake
relations
. Unique technology
to reduce stake
. Speed
Examples
Limited ability to
manage stake and
uncertainty
. Influence on law
Ability to manage
high uncertainty
and regulation
. Superior databases
. Use of allies
Uncertainty
Management
Competencies
FIG. 4. Competitive advantage comes from superior competencies, i.e. risk processes, culture, incentives, training and organization.
cies that a company can use in order to reduce
uncertainty. A company can make use of personal
government relations and contacts (which is particularly prevalent in many Asian and developing
countries). Companies can also have an inuence on
law and regulation (as evidenced by accounting
rms working with regulators to have derivatives activities disclosed in annual reports in order to protect themselves from shareholder lawsuits). Another
uncertainty management competency is to use superior databases (e.g. credit scoring, as used by
credit card companies to reduce fraud and bad
debts). Lastly, companies can make use of allies to
reduce uncertainty (such as a local partner in
Chinese joint ventures; the ally has insights into
local culture and procedures which reduce uncertainty). Superior competencies also result from a
company's risk processes, culture, incentives, training and organization.
Corporations are beginning to see the need to reconsider risk management holistically. Whilst management in the relatively mature and stable food
industry shows a lower focus on risk management,
at the other extreme, rapidly changing or speculative
industries such as nancial services, mining/
exploration, information technology, and venture
capital already exhibit a `think risk' culture. The telecommunications and the power industries are
going through a period of globalization, privatization
and deregulation. Management in these industries is
shifting from an `avoid risk' culture to a `think risk'
culture (see Figure 5).
Strategic Risk Management
419
'Think Risk'
Culture
Venture Capital
Telecommunications
Airline
Power
Risk
Management
Capabilities
Technology
Defense Technology
Health Care
Telecommunications
Automotive
Power
Little or No
Focus on Risk
Management
Food
Risk Control Focus
Mature / Stable
Nature of Business
Changing Rapidly /
Speculative
Maximization
of Cash Flows
Value Based
Strategy
Dynamic
Capital
Allocation
Capital
Allocation
Techniques
Quality of
Earnings
Linking Risk
and
Return(s)
Consistent
Measurement
Across Risks
Protection
Against
Unforeseen
Losses
Identification
of Risks
Risk Management Sophistication
August 1999
420
1.
2.
Set
Direction
3.
Baseline and
Benchmark
5.5.
4.
Create the
Vision
6.
Design
Embed
Process
Continuous
Improvements Improvements
Implement Change
FIG. 7. Structured methodology for risk management process evaluation and change.
this as `the Napoleon tendency', i.e. the drive
through which victories reinforce risk-taking until,
ultimately, there is a Moscow or a Waterloo, where
too much has been bitten off.
421
Example
Credit Risk
Continuity of Demand or
Supply
Counter
Party Risk
Demands
Equity Price
Risk
Project Risk
Operational
Risk
Enterprise
Risk
Market
Risk
Interest Rate
Risk
Foreign Exchange
Risk
Transaction
Risk
Event Risk
Liquidity Risk
Reputation Risk
Systems Risk
Disaster Risk
Political Risk
Correlation Risk
Like the AWACS long-range airborne radar and control system for detecting enemy aircraft and vehicles, the vision of management should be to scan
the environment and to identify quantitative and
qualitative opportunities and threats, and to determine the most appropriate response, depending on
stakeholders' risk sensitivity. A risk management
vision is created, comprising the three key components of measuring, managing and monitoring
risk. Management may develop appropriate strategies, for example, decrease the stake, through sharing the risks and rewards with co-investors,
suppliers and customers. It may reduce the uncertainty, through bringing in partners with data and
who can control risk drivers. It can also prepare
scenarios and contingency plans. It can focus on
core business or spread its risks through a range of
businesses and geographies.
Based on the data gathered in earlier steps, management decides on the most appropriate improvement
options. Improvement options include designing
processes and documenting policies (if the problem
is ad hoc processes), and tighter process management and parallel processing (to remedy decision
delays). The top management team can use a risk
returns matrix to evaluate the overall risk position
of projects (see Figure 9). The risk matrix is used to
decide where each strategic business unit lies on
the risk axis. This can then be plotted against
expected returns.
The designing of process changes usually occurs
in four areas. Firstly, strategy and policy changes
need to be made. A clear risk management strategy
must be articulated by top management in the
visioning phase and this is converted to a risk management policy document and training plan in the
design phase. It is important to ensure that the overLong Range Planning Vol. 32
August 1999
422
Example
Risk Matrix
Returns
Risk
Matrix
High
Stake
High
Medium
High
Medium
Medium
Low
Medium
Low
High
Uncertainty
Low
Low
Medium
Risk
High
FIG. 9. Design process improvements: top team evaluates the overall risk position of projects or
businesses.
all business policies are supported by the risk management policy. For example, a growth-focused
business objective will not work whilst maintaining
a minimal risk tolerance, as seeking growth will
inevitably lead to undertaking enhanced risk. The
policy manual outlines the risk objectives, tolerance
levels, acceptable procedures, specic risk-related
accountability and risk measurement and reporting
guidelines. Once the risk process design is nalized,
management endorsement and commitment is
needed to provide a mandate for the risk management program. Management also needs to review
the organization structure that will be used to support risk management. Centralized risk management
options tend to work for a `controller' company (as
evidenced by many nancial institutions), whereas
decentralized risk management models tend to work
for a `portfolio manager' company (as evidenced by
conglomerates such as BTR). Depending on the risk
vision, design changes relating to the formation of
risk committees/councils need to be made.
Risk measurement is the third area where changes
need to be designed. Effective tools to proactively
assist in monitoring and managing risks are crafted.
According to risk managers polled in the UK, one of
the greatest challenges is simply searching for the
risk-related information.16 Several of our clients
now use a PC-based risk dashboard that allows top
Strategic Risk Management
423
Example Overall
Risk Monitoring
Risk Types
Country
Red
Yellow
Green
Country Risks 1 2
3
Trading
Operating
Project
Credit
Project
Credit Risk
Trading
Operating
Environmental
Environmental 1 2
3
Value at Risk
Conclusion
Risk and turmoil are normal in all industries and
Long Range Planning Vol. 32
August 1999
424
geographies. Financial services, telecommunications, aviation, public works, energy and shipping
are deregulating aggressively. Cross-border trade
investment has increased signicantly, capitalizing
on broad-scale tariff changes initiated by the
ASEAN Free Trade Area, GATT/WTO, and APEC
activities. Technology is changing rapidly. Political
and nancial mineelds abound.
Companies affected by changes must be nimble in
their response. Yet, in such a highly uncertain environment, a quick move in the wrong direction will
be costly. The recent turmoil in global nancial mar-
References
1. I. Porter, Big or Small, All Can Win With Risk Management, Australian Financial Review,
June 17 (1997).
2. A New Approach to Financial Risk, The Economist, October 17, pp. 1516 (1998).
3. P. Martin, Hedge of the Abyss, Financial Times, November 11, p. 14 (1998).
4. A. Jones, The Art of War in the Western World, Harrap (1998), pp. 351353 gives a good
review of Lanchester's N-square-rule an early example of how mathematics was used to
calculate the chances of troops getting shot according to the number of attackers. These
models are now more advanced; see also Paul K. Davis, Interactive Simulation in the
Evolution of Warfare Modelling, Proceedings of IEEE, Vol. 83, No. 8, August (1995).
5. M. S. Dorfman, Introduction to Risk Management in Insurance, Prentice-Hall, Englewood
Cliffs, NJ (1994).
6. K. Vander Heijden, Scenarios: The Art of Strategic Conversation, Wiley, New York (1996).
7. T. A. Luchman, Strategy as a Portfolio of real Options, Harvard Business Review,
SeptemberOctober (1998).
8. K. Dowd, Beyond Value at RiskThe New Science of Risk Management, Wiley, New York
(1998).
9. A. M. Zevitt, Disaster Planning and Recovery, Wiley. See also Chris Chapman, Project Risk
Management, Wiley (1997).
10. I. C. Palmer and G. A. Pot, Computer Security Risk Management, Van Nostrand Reinhold,
New York (1989). See also Capers Jones, Assessment and Control of Software Risks,
Yourdon Press (1994).
11. Australian Securities Commission Survey, AAP Information Services, April 15 (1998).
12. D. Keefe, Don't Mention the D-Word, Energy and Power Risk Management, March 10 (1997).
13. R. S. Dembo and A. Freeman, Seeing TomorrowRewriting the Rules of Risk, Wiley, New
York (1998).
14. Turmoil in Financial Markets, The Economist, October 17, pp. 2123 (1998).
15. N. Reed, Facing up to Risk, Asia Risk, November (1996).
16. D. Keefe, The Search for Success, Energy and Power Risk Management, September 5
(1997).
Christopher J. Clarke,
Visiting Professor at
Henley Management
College, was formerly
Managing Director of
A. T. Kearney's
management
consultancy in
Southeast Asia.
Previously he was a
managing director in
investment banking.
He is a former
chairman of the
Strategic Planning
Society and has
degrees in Economics
and Management.
Corresponding
address: VP and MD
Southeast Asia, A. T.
Kearney Pte Ltd,
1 Temasek Avenue,
]35-01 Millenia Tower,
Singapore; e-mail:
gina.goh@atkearney.
com
17. Hedging can Minimize Risk of Malaysian Companies, Asia Pulse, June 4 (1998).
Suvir Varma is a
manager with A. T.
Kearney in their
Singapore office. He
has advised various
clients on risk
management.
Previously, he was in
commercial and
investment banking.
Strategic Risk Management