So for those new to this space, risk management represents the clear business value generation out of G,R, and C. If risk management is done properly, companies perform better than companies who think the world is full of “opportunity only.” I would disagree with the notion that risk management means stifling innovation. A case in point is the work that our partner Cisco has been doing. Cisco is a company known for innovation, that has ensured greater success of those innovations through better risk management. In fact recently, Chris Kite, their VP of Risk Management was named to 100 most influential in finance, giving you a sense of how deep this runs inside Cisco's culture. And companies like Cisco are not alone. I would posit that most of the brand companies have a risk management organization that either manages the supply chain risk or manages enterprise risk. Not surprisingly, I usually find companies that don’t have risk management functions in their organization, don’t have as much success. [Note: clearly a subjective view, no real scientific analysis was done by me, however should someone have data please let us know]. Risk management is a discipline that allows both risk seeking and risk averse companies maximize their risk preference for corporate and shareholder gain. As one customer put it to me: “Risk management leads to better informed decisions, but still not a perfect decisions.” While some in the blogosphere believe that talking process is bad, I actually believe that you need to start there. Risk management assumes information flow to be intact. If you don’t clean up your documentation and provide a process for managing what you don’t know, you can never identify that “blinding insight.” Case in point, a large airline went through a risk management exercise about 8 years ago to understand where their risks were. Most airlines tend to focus on risks such as unions, procurement of parts for maintenance, and ensuring or procuring the right routes and hubs. While running a simulation, this particular airline realized that should oil prices move beyond a certain threshold of a reduced period of time (say a gas crisis), they would not be able reasonably pass that increase on to customers. This was not just because of customer satisfaction, but the process to adjust those rates could not be executed fast enough to protect the airline margins. Net,net this became a risk that they chose to take action on. The result was the procurement of 10 year contracts on oil well below today’s current rates. This is of course not an isolated story, according to Deloitte Consulting, over half the Fortune 1000s will see two correlated risk events occurring at the same time, resulting in a loss of 20% of their market cap. The impact worsens because 50% of those companies hit, take over a year to recover their lost market cap value, while 25% never recover. It is even more important to note that usually, no single risk will undo a company. It is the situation when two correlated risks occur at the same time in different parts of the company that lead to major shareholder loss. The key element to takeaway is that process, not blinding insight would have helped avoid those issues.
