Financial Risk Managment

profileslh9642
riskmanagment.pdf

In Practice Balancing Risk and Reward: Time to Overhaul Oversight Processes Risk and volatility are explicitly integral to any discussion of strategy and growth.

By Alex Wittenberg

Boards of directors, in collaboration with their management teams, are being called upon to revise risk-oversight processes.

"The Report ofthe National Association of Corporate Directors (NACD) Blue Rib- bon Commission on Risk Covernance: Balancing Risk and Reward" focuses par- ticular attention on explicitly considering risk in making strategic decisions, defining the corporate risk appetite, and designing financial analytics and reporting.

The report, based on a year-long study with Oliver Wyman, can be viewed within the larger context of growing stakeholder demands and expectations for greater risk transparency and disclosure. In particular, stakeholders are looking for greater infor- mation on how the company manages risks, the company's risk profile, risk driv- ers, risk volatilit)' and the potential impact on performance.

— I t is clear that directors-must address- concerns about risk oversight, but many will be challenged. Here are some guide- lines to consider:

1 . Understand the business' key drivers of

success.

Directors must understand the factors that drive success and introduce and/or amplify volatility in the company's performance. Risk and strategy discussions must be based on informafion about the sources of risks under alternative strategies, how key

7 0 Directorship February/March 2010

risks contribute to the overall corporate risk profile, the potential variability in its financial performance, and how risks interact and aggregate under alternative scenarios. The close examination of fac- tors affecting success is critical to under- standing the main sources of the com- pany's value creation.

2. Make explicit the risk appetite implicit in the company's strategy. All businesses take risks to generate returns, but the types of risk taken, the lev- els of risk to which the company is exposed, and how and where risk is taken must be an input into strategy decisions, not a collateral by-product.

Risk appetite is defined as the amount of risk that the enterprise is willing to accept; risk tolerance is the degree of variance from risk appefite that the enterprise is will-

- ing to accept. A defined-risk appetite in- cluding both quantitative elements (such as target debt rating, target and minimum leverage ratios and exposure concentration limits) and qualitative elements (such as reputational risk and operational risk-toler- ance levels) is a crifical basis for assessing alternative strategies, allocating capital and resources, selecting risk mitigation and re- sponse strategies and providing for effective communication with stakeholders, includ- ing capital markets.

When the board and management dis-

cuss strategy, they make decisions about which risks the company will accept and take. Civen this, directors must not simply "review and concur with" management's strategic plans, but must offer active input into management's portfolio view of strate- gic alternatives and capital investments, giving explicit consideration to the risk pro- files and risk/reward trade-offs associated with each option. This has two significant implications: first, management and the board will require a process and methodol- ogy to compare the risks, rewards and volatility presented by stratégie alterna- tives; and second, this informafion must be considered within a clearly defined risk aj)- petite, and associated tolerances, against which the acceptability of alternative risk profiles can be evaluated.

3. Define the role of the full board versus -its standing committees-with regards to - risk oversight.

The full board must have primary responsi- bilit)' for risk oversight with acfive review of the risk-reward balance in strategic plans, the company's risk appefite and tolerances, and the overall risk profile. TTiis role can- not be delegated to a specific committee.

Committees can still play a critical role in supporfing the full board by focusing on key areas such as financial-reporting risks or nominating risks. To date, many boards have delegated risk oversight to the audit

committee. Consistent with recommenda- tions from external bodies, such as the New York Stock Exchange, the report notes that this committee or a risk commit- tee may play a role in overseeing the com- pany's risk-management system and can serve to aggregate risk analysis to present to the full board.

The role of the board and committees should be detailed in board charters and risk-management documents that specify the risks to be addressed by the committee and the information and reporting processes that the committee requires to execute oversight roles.

4. Confirm whether the company's risk- managment system—including people and processes—is appropriate and has sufficient resources. Too often, the risk-management system runs parallel to the overall decision-making processes of the company. Eor example, the 2009 Einancial Times/Oliver Wyman report "Emerging Risks: Strategic Decision- making in the Eace of Uncertainty" indi- cates that a key risk-management challenge is developing risk data that aligns to strategic and operational planning. Another major challenge cited is obtaining management focus and resources to develop the neces- sary analytical capabilities.

Companies must ensure that the risk- management system is geared to supporting the overall management of the company. Many companies will need to redesign processes to better integrate and utilize risk- management information in decision-

into the financial and strategic planning and reporting proeesses; and how management will eommunicate risk to stakeholders.

5. Work with management to understand and agree on the types (and format) of risk information the board requires. Currently, board-level risk reporting may consist of an annual entity-level risk-assess- ment process resulting in a list of risks and high-level assessments of potential risk

Where to Start? Risk and volatility are explicitly integral to any discussion of strategy and growth. It's time for boards and management teams to put in place processes that support dynamic risk-adjusted decision making against a clear understanding of their eompany's risk appetite. Common start- ing points for improving risk governance include:

• Creating board training and orienta-

"Management and the board should work together to establish acceptable levels of volatility or variance for each business operation."

—NACD's 2009 Blue Ribbon Commission Report on Risk Governance

impact and likelihood, presented in the form of a register or heat map. These one- dimensional tools do not illustrate how a given risk will affect the corporation's ability to achieve its strategic goals and objectives, the volatility in performance that the risk represents, or the impact of different risks in aggregate.

Organizations need to fundamentally redesign risk analytics and reporting to sup- port risk-adjusted decision making to en- able management and the board to:

• Consider a portfolio of strategic choices and the associated risk profiles and differing risk/reward trade-oflfs of each alternative.

• Identify key risks and how the risks contribute to the overall risk profile and

tion on how the organization integrates risk management into strategic decision making.

• Developing a elear and consistent un- derstanding of the risk-adjusted perform- ance of the current portfolio.

• Improving strategic and operational risk reporting to reflect uncertainty in per- formance under different operational and externally driven scenarios.

• Developing a clear risk appetite for the organization.

• Understanding how the risk profile of the organization is positioned relative to competitors, to create positive, competitive advantage. HI

making processes, requiring enhancements to existing risk assessment and evaluation methods. Boards and management must consider the most appropriate risk method- ologies and measures (qualitative or quanti- tative); how risk analysis will be integrated

volatility of operational and financial per- formance.

• Identify how risks interact and aggre- gate under alternative scenarios.

• Measure and traek performance against defined risk tolerances.

Alex Wittenberg is the managing partner in

the Corporate Risk Practice at Oliver Wyman. Join the discussion: To read and provide

comments on this article, or for information on reprints, visit www.directorship.com.

February/March 2010 www.directorship.com / I

Copyright of Directorship is the property of Directorship Inc. and its content may not be copied or emailed to

multiple sites or posted to a listserv without the copyright holder's express written permission. However, users

may print, download, or email articles for individual use.