Royal Dutch Shell Plc  .com Rotating Header Image

Strategies for weathering the corporate storm

Financial Times: Strategies for weathering the corporate storm

“Royal Dutch/Shell was one of the first companies to use quantitative scenario planning.”

By Ayse Onculer

Published: August 20 2004

The news dominating the world’s attention in recent years – terrorist attacks, corporate scandals, natural disasters and turbulent financial markets – has triggered a shift in corporate risk management practices. The calculation of risk has always been central to managerial decision-making, but today executives are acutely aware of the need to deal proactively with uncertainties that can threaten their business.

Risks are often closely connected. Operational risks, for example, can quickly evolve into market risks if word gets out and the share price falls.

When a bad batch of carbon dioxide at a Belgian Coca-Cola bottling plant provoked a health scare in the summer of 1999, the subsequent product withdrawal and poor management of the crisis were followed by a 13 per cent drop in the company’s share price in two months. The company spent more than $100m (£55m) in product recall, reducing its second-quarter net income for the year by 21 per cent.

Human error can have similarly profound effects. In 2001, the FTSE 100 index fell by 2.2 per cent after a trader mis-typed an order and mistakenly sold shares worth $430m instead of $43m.

The regularity of such incidents along with high-profile corporate scandals – such as those at Barings Bank, Enron and Worldcom – provoked a response from regulatory bodies throughout the 1980s and 1990s. The Basel Committee for Banking Supervision, the Europe-based regulatory body, and the UK’s Turnbull Committee now require corporations and financial institutions to adopt a more thoroughgoing approach to risk management, otherwise known as enterprise risk management.

ERM is a systematic way of understanding and managing the various risks a company faces. How is it carried out? First, managers must identify business risks facing the company at all levels, from the board of directors to line managers. This may not be as straightforward as it seems because people tolerate different levels of risk within each company. Also, while an ERM framework offers the prospect of a transparent and consistent language of risk throughout organisations, most companies have yet to speak such a language. A May 2002 survey of executives by McKinsey revealed that 36 per cent did not fully understand the risks facing their businesses.

When identifying risks, managers should consider three broad categories:

* Financial risks can be created by market fluctuations or changes in the status of the company’s creditors. The Russian government’s bond default in 1998 and the subsequent currency devaluation, for instance, caused financial losses at companies holding Russian assets.

* Operational risks, as illustrated by the Belgian Coca-Cola case, can stem from inadequate procedures and systems. There are methods for reducing such errors. Manufacturers such as

General Electric have initiated programmes such as Six Sigma, which aim radically to reduce the number of errors in a given production cycle.

* Businesses are exposed to business-volume risk when they suffer unexpected changes in the demand for their products and services, their supply structure or the competitive environment. The growth of the internet spawned a host of such risks:, for example, upset the balance of competition in the book market by challenging the traditional business model of bricks-and-mortar companies such as Barnes and Noble.

The second step in ERM is the assessment of risk. Advanced techniques in risk modelling – such as decision analysis, value-at-risk calculations and scenario planning – allow managers to gauge the likelihood of certain events. Microsoft, for instance, uses the value-at-risk technique to measure its market risk, while Royal Dutch/Shell was one of the first companies to use quantitative scenario planning.

The final step is the most crucial: once risks are identified and evaluated, they must be managed. There are typically two options here: using internal resources, such as self-insurance, or transferring risk and sharing it with another party.

Self-insurance involves a company putting aside money for investment to cover its losses if problems do occur – the company essentially sets up an internal insurance fund. In one type of risk sharing, a manufacturer may outsource part of a production process to another company. This does not mean that the threat disappears entirely but, if the outsourced company has expertise in the relevant aspect of production, the likelihood of faults is substantially reduced. Moreover, it may leave the company with a more manageable set of risks to deal with in-house.

Risk-sharing can also involve capital markets. Companies may decide to issue catastrophe bonds in order to transfer some of their exposure to catastrophic risk to financial markets. How does such a bond work? Consider an insurance company that issues a bond covering earthquake risk. If an earthquake occurs within a given time period and location, the bond’s investors get no return and the insurance company uses the money invested to cover its losses. If the earthquake does not happen, investors receive their investment back, plus a premium.

Unlike traditional insurance or reinsurance contracts, there is no limit on the amount of money that can be raised by a catastrophe bond. For instance, Vivendi, the media company, issued a catastrophe bond in 2003 that gave it coverage worth $175m against earthquake risk in its Californian operations.

Managers can also bundle together different types of risk and trade these with other parties. In 1997, for instance, the technology company Honeywell took out an insurance policy that bundled property and liability risks against currency risks. The initiative helped the company cut down its risk management costs by more than 15 per cent.

A well-managed ERM policy encourages a common language of risk among board members, managers, suppliers, customers, investors and so on. It helps people at the front line – who spot warning signals of potential problems – to communicate them more quickly to those who can decide to take evasive action.

ERM does not impose a centralised decision-making process for risk management. On the contrary, it is designed to increase accountability for risk in each and every business unit. This “bottom-up” approach encourages managers to be actively engaged in measuring and controlling the risks facing their part of the business.

What does it take to put an ERM policy into place? First, no risk-related initiative can be launched without high-profile commitment from senior managers. This might mean regularly communicating on risks with employees and outsiders, such as investors or suppliers. Some companies have adjusted their incentive schemes to encourage managers to think not only about rewards for profits but also those for reducing risk.

Second, risk awareness must be part of the corporate culture. The question is how can you achieve this? One answer is to appoint a chief risk officer (CRO), whose prime function is to make risk management a central part of the business.

Throughout the 1990s companies in risk-intensive industries such as financial services, utilities and the energy industry appointed CROs. However, the trend is spreading into other parts of the corporate world. A recent survey by Tillinghast-Towers Perrin, the consultants, shows that about one-third of S&P 500 corporations have a CRO position, including Boeing, General Motors and Cisco Systems.

ERM often exposes unforeseen risks to the company and challenges managers to look for enterprise-wide solutions. Done well, it frees up company resources and capital reserves for activities that can raise shareholder value. Integrating risk management into day-to-day operations, rather than letting employees react to risks as they crop up, makes it a source of competitive advantage. In these turbulent times, ERM will continue to strengthen its role in creating a smarter, safer organisation.

Ayse Onculer is an assistant professor of decision sciences at Insead, France.

HOW ACCOUNTING FOR DISASTERS POSES UNKNOWN PROBLEMS There are certain risks we expect to face very rarely in our everyday lives: earthquakes, terrorist bombings, large-scale industrial accidents, hurricanes and so on. However, the frequency of these events has been on the increase in the past decade or so. Their cost is high. The September 11 2001 attacks alone caused more than $40bn (£22bn) in insured losses, and the toll of floods in Europe and hurricanes in the Caribbean in 2002 was $4bn. Yet identifying and quantifying low probability-high consequence (LP-HC) events is challenging. What are the chances of becoming the target of a terrorist attack? What is the financial impact of a business disruption? New tools, such as extreme value analysis, can help to assess these LP-HC events, using infrequent historical data to help researchers make a risk forecast. Our perceptions of LP-HC events are quite biased: we tend to overestimate small probabilities, which means that the possibility of a catastrophic event provokes a high level of popular anxiety. For instance, during the Sars outbreak of 2003 the chance of catching the virus was quite low. Had the virus multiplied and spread, it may have posed an immediate danger; yet during the early phases of the outbreak public anxiety was out of proportion to the risk. Since LP-HC events are unknown, incomprehensible uncertainties with catastrophic results, communicating them in an unbiased manner is crucial. So how should they be managed? Insurance markets usually fail to finance them completely. The US government had to cover about $25bn of losses after the 1992 Hurricane Andrew due to a shortfall in funding from insurance companies. Recently companies have issued catastrophe bonds, which are traded on the market. Yet the investment community has shown little interest in them. About 1per cent of industry-wide exposure is financed this way, mainly due to the difficulties of quantifying the LP-HC risks. The market will grow only if researchers, managers and investors can solve the problems.

This website and sisters,,,, and, are owned by John Donovan. There is also a Wikipedia segment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.