10 Lessons in Integrating Risk Management with Strategy is a thought paper published by Protiviti, which uses both failure and success stories of companies that were at a crossroads to learn what contributed to their survival or demise. The thought paper provides lessons learned as well as tools and techniques executives can use to improve their company’s chances of surviving and thriving in an ever-changing world. The thought paper finds those companies that were able to respond to a pending crisis did so because they integrate risk into their strategic discussions, positioning them to proactively take advantage of emerging opportunities. This abstract highlights some of the key take-aways from Protiviti’s analysis.
Challenge Assumptions to Identify Unknown Risks
Discovering enterprise risks to strategic goals involves a process. In order to unearth these unknown risks, management should first identify the key assumptions that make the current strategy successful. Protiviti suggests that asking questions like, “What needs to go right for a strategy to be successful?” These assumptions include but not limited to consumer preference trends, brand recognition, regulation, capital accessibility, capabilities of competitors, and current technology. Once the key assumptions are identified, the next step in the process is to develop contrarian statements that make the assumptions invalid. Lastly, management should develop an implications statement designed to identify changes or events that could make the assumptions invalid and then develop a response to that event.
The thought paper used the 2008 financial crisis and financial institutions as an example because the institutions that focused on the unknowns were able to identify a change in the market 12-14 months ahead of their peers. This gave them the ability to react in time and stay in business.
Here is how challenging assumptions and thinking about contrarian views would be helpful in assessing the lending strategies that got many banks in trouble.
- Lending Strategy: Lend to the low-income housing sector at an accelerated pace and high volume with the intent to sell these loans as collateralized mortgage obligations (CMO).
- Key Assumptions: Increasing and stable home prices, capital accessibility would be constant and continued demand for CMOs.
- Contrarian Statement: Housing market collapses nationwide, rendering CMOs worthless.
- Implications Statement: Monitor housing markets related to loan portfolio and decrease or increase investment in CMOs as indicators indicate.
Adapt to the Every Changing Environment
The longer a business is in operation, the more likely it will experience a fundamental change in its operating environment. In order to deal with these changes, businesses need to become more adaptable. By becoming more adaptable they become more resilient. An intelligence-gathering process that is aligned to strategy will give direction as to what to pay attention to. The Protiviti thought paper uses the bookstores, Boarders and Barnes & Noble, to demonstrate how aligning the intelligence-gathering process to strategy can help businesses adapt to a fundamental change.
In 2003, Boarders’ strategic growth initiative was to expand brick and mortar stores in the US and abroad. The key assumptions were that Boarders’ extensive inventory and alternative types of media (CDs and DVDs) would make Boarders’ “the place to go”. Boarders did not anticipate a consumer preference shift to online shopping and downloadable media like mp3s or e-books. However, Barnes & Noble did see a consumer shift coming as well as emerging technology and decided to change its strategy in order to stay relevant. Barnes & Noble decreased its square footage, developed an e-reader and offered titles online, and deceased its inventory in CDs and DVDs. Barnes & Noble was able to adapt to the new market because it anticipated and reacted to a fundamental change.
The thought paper also discusses the concept of “early mover status”. Like Barnes & Noble, early movers not only recognize changes but also have the ability to react to changes by:
- Adjusting their strategy
- Creating new plans and processes
- Promoting a culture that expedites information that can impact or disrupt the status quo
Non-early movers tend to fear change and deny that a change is coming. They focus on today instead of obsessing over new opportunities or risks tomorrow.
Manage Your Most Valuable Asset: Your Reputation
The thought paper explains that reputation risk can be avoided by risk management and mitigated by crisis management. For instance, when assessing reputation risk, management should consider the “big picture” approach by assessing risks to the entire value chain. Executives should not only consider risks that directly affect their company but also risks that could directly affect their suppliers, their supplier’s suppliers, distributers and retail partners. When consumers are injured due to a faulty supply part, they don’t blame the supplier who is in another country. Rather, they blame the company whose name is on the product. In assessing end-to-end reputation risk, executives should consider environmental conditions that could stop the flow of materials and inventory, labor conditions that could be embarrassing to the company, or inadequate controls over raw materials that could be toxic to consumers. If these conditions exist and continue they will eventually be exposed and your reputation will suffer because of it.
The other side of reputation risk is crisis management. Crisis management involves a quick response time coupled with honest and open communications to consumers designed maintain customer’s faith in the brand. Companies should have a crisis management team designated to act quickly with a pre-determined plan when needed. For instance, Tylenol responded to its crisis in 1982 perfectly. They responded quickly, informed consumers and acted with consumer’s best interest at heart. As a result, Tylenol was able to protect their brand and reputation.
Promote a Risk Intelligent Culture
There are three aspects to developing a risk intelligent culture:
- Having and listening to a contrarian voice. The thought paper uses Washington Mutual as an example. In 2007, two former chief risk officers (CRO) attempted to limit risky lending practices. When the CROs attempted to warn the other executives, they were ignored at first and then eventually isolated. A strategically well-placed CRO with a direct line to the board of directors could have changed Washington Mutual’s lending practices before the financial crisis.
- Balancing value creation and value protection. As companies purse value they accept risks. But how do companies know when they are taking on too much risk? In order to answer this question, management should understand the risk appetite of the company. In doing this, the management should develop a risk appetite statement, which is approved by the board of directors, which creates a boundary for management to operate in. The thought paper mentions Lehman Brothers as a perfect example, because its executives defined their risk appetite but decided to ignore it and accept more risk than the company could handle.
- Develop forward-looking key risk indicators. Using retrospective performance indicators are great for performance management, but these indicators, also known as “lag-indicators”, tell us about the past. Companies should devote time looking forward by assessing the business environment and how it is changing, using scenario analysis to determine whether plans are in place, implement a risk identification and assessment process, and defining situations in which the current business plan is no longer working.
Center Board’s Risk Focus on Critical and Emerging Risks
Critical and emerging should be the focal point of the board when it comes to the risk management process. The thought paper states that the board should place risks into five categories:
- Governance Risks: board composition, CEO selection, executive compensation.
- Critical Enterprise Risks: strategic risks.
- Board-Approval Risks: requires the board and management to understand each other concerning major decisions and activities that need board approval.
- Business Management Risk: operational, compliance and financial risks.
- Emerging Risks: a new competitor, new technology, changing regulation.
By placing risks into these categories, it will limit the board’s scope to concentrate on the bigger issues instead of all the risks that each division faces. The board should be ensure that management has an effective risk management process in place that (1) identifies, assesses and manages critical and emerging risks; (2) communicates these risks to the board.
Developing an enterprise risk management process will be unique to each company. However, the lessons provided in the thought paper provide insight to developing a risk intelligent culture with an emphasis on aligning risk management with strategic initiatives.
Download the Protiviti thought paper below.