Why Risk Should be Everyone's Problem
IESE Professor of Accounting and Control Markus Maedler: “Risk should be everybody’s problem” / Photo: Archive
Is risk management becoming more important to how companies are run? A recent poll cited by IESE's Prof. Markus Maedler states that 98% of business professionals believe so. But what exactly constitutes effective risk management?
In an Alumni session last week, Prof. Maedler urged businesses to move away from tactical or passive approaches to risk, and become more strategic. He stresses that risk management has to be a holistic, organization-wide activity that creates value, as well as protecting it.
A Tale of Two Telcos
Take the example of Ericsson and Nokia. Back in 2000 they had plenty in common. With similar market share and revenue, both companies used Philips as their supplier, and sourced their chips from the same warehouse.
When this factory was struck by lightning, the resulting fire was quickly extinguished and the damage was reportedly minimal.
Ericsson took the ‘minor’ incident at face value and continued with business as usual. Nokia did not and secured new chip suppliers.
After it emerged that smoke from the fire had contaminated the warehouse’s inventory, Ericsson soon ran out of useable chips. Its stock and market share crashed. Two years later, the company was forced into a partnership with Sony.
Meanwhile, rivals Nokia enjoyed a rise both in stock and market share, delivering considerable shareholder value.
Holistic, Strategic Approaches
The Nokia-Ericsson case study is a textbook example of risk management going beyond value protection to value creation. Most current thinking, says Prof. Maedler, only deals with the former, through well-understood measures such as compliance, audit and insurance.
Going beyond them to take a holistic, strategic approach to risk is vital for effective risk management – not just measurement – that consistently creates value. Risk needs more of the care, attention and scrutiny that go into profit making, he insists.
Elements of Risk Management
Nominating risk managers and instituting risk-reporting systems can help formalize the idea of risk management within a business.
COSO, ISO 31000:2009 and the Bank for International Settlement’s Basel III provide potentially valuable frameworks to manage risk. Risk Adjusted Performance Metrics can also allow an organization to produce profit figures that reflect the risks inherent in its activities.
However, Prof. Maedler cautions that these frameworks may not always reflect the true level of risk – and can become a bureaucratic "straight-jacket" for the business.
A Whole-Company Perspective
Avoiding rigidity and embracing flexibility has to be key in a strategic approach to risk, says Prof. Maedler. And to do this, the whole organization needs to be involved in thinking about risk, as well as the part each individual plays in creating it. "Because we all deliver performance," he notes, "and we all deliver risk."
An elegant corollary of the maxim: ‘no risk, no reward’, is the underlining idea that any productive activity carries risk. Take bonuses. The higher the rewards, the higher potential risks would seem logical approach. Yet according to Deloitte, only 49% of businesses consider risk when designing bonus structures.
Communication is Key
Prof. Maedler cites the example of Lehman Brothers. As it turns out, Lehman did consider the risk of high bonuses. So what went wrong?
It was Lehman’s failure to communicate the mushrooming levels of risk inherent in its bonus-driven, high-return culture that helped create its disastrous collapse. Not that culture per se. The Lehman collapse and its aftermath could have been avoided, says Prof. Maedler, if everyone in the company had been informed and motivated to understand the level of the risks being taken, as well as their potential consequences.
Inspiring People to Create Value
Prof. Maedler stresses that it is the people in a company who need to help manage risk. Employees should not only be kept informed, he says, but should be inspired to play a proactive role in risk management. Managing risk has never been more important. And to be effective it must be strategic, holistic and create value. "It’s about inspiration, not prescription. And it’s about management - not just measurement."