RISK MANAGEMENT – Running risks

The human appetite for risk is considerable. Sport, travel, gamingris-Jones. and investment reveal a propensity for risk that is almost absent in other species.

Although we take on different risks, they are still compartmentalised.

Risks tend to be defined and assessed in a relatively specific context.

The ability of game players to calculate risk is restricted to the action of the game. Investment risks are lengthier, but usually defined in purely financial terms. Where a single event risk may affect us, such as fire or accident, these are parcelled up and separately insured.

Businesses have tended to adopt a similar fragmented approach, which occasionally leads to problems. A classic example is Perrier in 1990 (see box overleaf) when a contamination incident led to a collapse in sales as a result of Perrier having no framework to deal with such a problem.

Local solutions were determined by autonomous managements, which exacerbated its difficulties.

There is evidence that a more integrated approach to risk management is now being taken by UK businesses. This is partly driven by recent management developments in, for example, corporate governance and accounting standards.

Ultimately, though, the need to deliver shareholder value should encourage the implementation of these ideas. Firms that perceive risk accurately and handle it well can expect this skill to reflect in the share price.

The evidence of this change has emerged as a result of a two-year research project by the Association of Corporate Treasurers. This concluded that: ‘many UK companies recognise that their concept of risk, its definition, assessment of level and its subsequent management is currently inadequate and needs completely revising’.

Yet the difficulty that many firms face is the lack of a framework by which to measure and analyse risk. One consequence of the survey is the publishing of an ACT book called ‘The Management of Corporate Risk – a Framework for Directors’.

At its core, the book seeks to encourage managers and directors to adopt a broad definition of risk, to put in place mechanisms for measuring the impact of various risks and to manage them effectively. In order to do this, according to ACT’s book, most firms need first to establish a risk-assessment and reporting process.

ACT suggests the corporate treasurer is well positioned to be the ‘risk champion’, responsible for creating a framework for evaluating risk across the spectrum of a company’s activities. Being a risk champion does not mean taking on the responsibility for managing or containing all types of risk.

A traditional departmental approach means that financial, operational, environment, and other risks are assessed and managed independently. Overall handling of risk tends to be similarly fragmented, event specific and often reactive.

An integrated risk framework allows the development of a more considered approach in an attempt to reduce the number of surprises and manage them better. The first and most obvious recommendation to emerge from ACT’s research is for firms to consolidate the process of defining risk into a company-specific assessment framework.

The proposal that the corporate treasurer is best positioned to take on this responsibility recognises that his normal activity covers numerous functions within the firm. Treasurers also report to the board, or should do, particularly in this context.

A recent example of this policy in action is Diageo, the company formed from the merger of Guinness and Grand Met. The appointment of Phil Bentley to the specially created position of director of treasury and risk management signalled Diageo’s willingness to be systematic about risk in its broadest sense. The role includes monitoring currency exposure, plant breakdown and contaminated products.

Those who do not learn from the lessons of the past are bound to repeat them. No bottled-water company, for example, should make the same mistake as Perrier if faced with a contamination problem now.

But there are other reasons for focusing on risk. One is that the increasing pace of change exacerbates uncertainty. Corporate governance and regulatory imperatives are other considerations. But focusing on risk can also help to improve planning and capital allocation.

But as well as being good at defining and measuring risk, firms need to respond to actual problems, not theoretical concepts. What practical features do managers need from better risk assessment? Certainly they want risks ranked in order, to establish management priorities, and they want assessments of the relationship between certain risks and their reward. Ultimately, though, the process should develop managers’ perceptions about the balance between a business’s viability and its capital employed.

Management improvement

The ACT study does not discourage managers from taking any risks whatsoever – this would negate the first principles of commerce. Instead, a new, thoughtful approach to risk presents managers with a framework for defining levels of risk and establishing better mechanisms for determining which are commercially acceptable and which are not.

The ultimate effect of these and similar processes is an overall improvement in management. It may be too early to determine how precisely this leads to a tangible effect on the share price. Intuition suggests companies that have in place a systematic approach to assessment and managing risk will perform better than those that do not.

This assumption, however, is obscured by the many other factors that determine share price levels. What has been demonstrated is that news stories of the consequences of unmanaged risk will affect the relative performance of the share price by damaging investor confidence, particularly in the short term.

In due course, it is likely that standardised risk-and-reward paradigms may be applied to companies in the way that they are now to investment portfolios – the Sharpe Ratio of portfolio return relative to volatility, for example – or credit assessments. Managers capable of delivering better returns with lower risk will be highly regarded. We’re not there yet, but it may not take too long.

‘The Management of Corporate Risk – a Framework for Directors’ is published by the Association of Corporate Treasurers.

Judith Harris-Jones is a member of ACT’s council and a partner in charge of corporate treasury consulting services at Arthur Andersen


Systematic risk management is not an abstract concept. Corporate history is peppered with instances of firms that, in retrospect, seem to have handled unexpected events clumsily. The point of a risk-management framework is to have installed a filtering process that can anticipate problems and reduce their negative impact. Examples of firms that were faced with unexpected risk include:

PERRIER The discovery in 1990 of contamination in Perrier water led to a collapse in sales and reputation. Once the contamination became known, it was clear that Perrier had no framework to deal with the market response.

The problem was exacerbated by local, autonomous management as there was no central plan in place to deal with such a problematic situation.

HOOVER The free flights offer to buyers of certain Hoover products turned into an out-of-control marketing and PR nightmare. The risks of the promotion campaign were simple to evaluate but the plan went wrong. The result was a shift from marketing paradigm (Hoover is synonymous with vacuum cleaners) to PR negativity (Hoover equals marketing misjudgement).

SHELL The problems in 1997 which focused on Brent Spar and its political affiliations in Nigeria were, individually, foreseeable and unconnected.

Their coincidence exacerbated their individual impact but, without a centralised risk champion, there was no easy way within Shell to assess this. A third problem dealt with inadequately would have made Shell seem accident prone and caused shareholders some nervousness.

Recently, a fine example of the unexpected being managed well emerged: BA and BAA On Friday 12 December, a fire in Heathrow shut terminal 1, causing BA to divert its planes. At the end of the day, BA had over 300 planes out of position. Within 24 hours almost none was out of position.

BA and BAA had an effective disaster recovery plan in place which was efficient and co-ordinated.

Related reading