The biggest failure in the global banking system for generations, the worst oil spillage ever in the Gulf of Mexico and the greatest disruption to civil aviation in the post-war period caused by volcanic ash.
These catastrophes highlight how the business environment can change dramatically, for individual companies or the market as a whole, in a very short time. Despite all our scientific, technological and economic advances, or maybe because of them, the business landscape seems increasingly risky and uncertain. Unsurprisingly in these circumstances risk is at the top of the boardroom agenda.
The board’s role in ensuring that risk is managed effectively is pivotal and at the heart of its mission to promote the longterm success of the company. Risks come in all shapes and sizes — strategic, operational, financial and compliance; some with potentially very large impact, others less so; some with a high likelihood of occurrence, others a low one; some able to be transferred, treated or terminated, others just having to be borne. Amidst such a kaleidoscope, the board must accept overall responsibility for determining the nature and extent of risks it will accept and the policies for managing them though naturally day-to-day management will be in the hands of the executive team.
Risks need to flow directly from the strategy which should be carefully aligned with the organisation’s culture and capabilities. Independent directors, with their broad external perspective, are well placed to offer a helicopter-eye contribution to the identification of strategic risks and to spot emerging risks at an early stage. It can sometimes be emotionally more difficult for those immersed in the business to do so especially when the consequences are troubling and not well within their control.
Strategic risks may originate from within or outside the business and include significant acquisitions not yielding the intended results (EMI and Terra Firma), acquisitions being called off (the Pru in Asia), horizontal diversification not succeeding (Ford moving into the luxury car market), a failure to keep up with innovation (IBM and personal computers), a dominant player being outsmarted by a hungrier competitor (Apple winning markets Microsoft could have taken) or simply a business losing marketplace credibility over time (Woolworths).
Whilst management is likely to be in the best position to assess operational and compliance risks the board needs to exercise appropriate oversight of the process. The banking crisis highlighted the worry that there may be a tendency to pay too little attention to potentially rare events which may overwhelm the business. Oversimplified scoring approaches that seem to treat low impact/high probability events symmetrically to their high impact/low probability counterparts are to be avoided. Moreover, as the recent BP situation has shown, when an operational problem is compounded by reputational damage the effect can escalate exponentially.
Setting the right tone from the top is crucial. The board must demonstrate to all parts of the organisation that it takes risk management seriously. A ‘strong challenge strong support’ culture will lead to the board’s own decisions, such as those relating to major capital programmes, acquisitions
and disposals and the raising of funds from the market, being subject to thorough scrutiny. The board must also have full regard to risks arising from the structure or level of senior executive remuneration packages.
Enron clearly testifies to the dangers when there is a yawning gap between a board’s espoused values and those being applied in practice. A transparent culture is needed that enables the board to gain a reliable picture of ‘how it is’ warts and all. Allied to this, the board needs to foster a virtuous learning circle: effective risk management must be embedded throughout the business with all staff involved in timely and regular two-way
communication on weaknesses and failures arising, near misses, what’s happening elsewhere in the sector and lessons learned.
In a modern market economy a business that is not taking sufficient risks through product or service innovation or entering new markets is unlikely to enjoy prolonged success. The objective is effective risk management not merely risk elimination. The winners – not to mention survivors – will be those committed to sustainable growth built on enduring values who take care to identify and be responsive to foreseeable changes in their internal and external worlds while at the same time building the capacity to be resilient to the unforeseeable. As recent events have shown, this is far harder to
achieve than it seems.
Anthony Carey is a partner in Mazars LLP and an honorary professor at WBS. He is a chartered accountant and a chartered director and a member of the Financial Reporting Review Panel. He was project director for the Turnbull report on risk management and internal control for listed companies.
Anthony also acts as director of threefifty, the joint initiative between WBS and Mazars which discusses key boardroom issues for leading companies and which is chaired by Norman Murray, chairman of Cairn Energy. Speakers at threefifty events have included Richard Lambert, Warwick University's chancellor and director general of the CBI; Sir Ian Gibson of Morrison Supermarkets, Sir Mike Rake of BT and Alan Thomson, President of the Institute of Chartered Accountants of Scotland.
This article originally appeared in Nexus: Warwick Business School Alumni Association magazine (Summer 2010).