Sunday Times Business Times
21 November 1999
Management of risk is an integral part of corporate governance, and the Companies Act imposes penalties on managers who act negligently.
Eamonn Ryan reports.
The buck now stops on the boss’s desk
JUST AS INVESTMENT managers are being held legally liable for deviating from their stated investment philosophies, company chief executive officers are under growing pressure to adhere to clearly defined investment strategies. Those who don't could face legal sanction.
The Companies Act already imposes legal penalties on managers who act negligently, but not on those who deviate from their declared investment strategies.
Tony Valsamakis, chairman of London-based Eikos Risk Applications, was recently brought to SA by the Institute of Directors (IOD) to attend the IOD Risk Management Conference. He says there has been a fundamental shift in the role and function of CEOs in recent years. This has been accompanied by a shift in the psychology of risk, with individuals now more inclined to hold others responsible for perceived wrongdoing or damage. Now, more than ever, management and board members are expected to define, quantify and control risks.
"The Hampel Report in the UK overturned the age-old assumption that management should be primarily concerned with maximising profit," says Valsamakis. "It declared that no matter the size of business, its principal overriding objective should be the preservation and greatest practicable enhancement of shareholder value over time."
The inclusion of the words "over time" should help reconcile the apparent conflict between profit maximisation and the enhancement of shareholder value. Profit maximisation is often pursued by management as a short-term objective, while the enhancement of shareholder value implies a longer-term, sustainable prosperity.
A study recently completed by Oxford University establishes on scientific grounds what many have always suspected: there is a direct correlation between management’s handling of corporate calamity and shareholder value. In a review of several corporate catastrophes, the study found that where management had a sound risk management policy in place, the effect on shareholder value was positive.
Risk should more properly be defined as the volatility of unexpected outcomes
A case in point is Heineken which was found to have bottled its export beer using defective glass that splintered when opened or transported. A total of 15.4-million bottles were recalled from around the world, destroyed and replaced. Nobody was injured as a result of the glass splinters. Despite the estimated US$50-million cost of the recall, the smooth handling of the crisis by management resulted in a steady appreciation in shareholder value.
UK businesses face tough new rules on how they manage and report on business risks. The Turnbull Committee – the last piece of the corporate governance jigsaw – requires listed companies to establish an internal control system to monitor the most important threats to the company.
Valsamakis says the management of risk is an integral part of corporate governance.
"Risk management models typically reflect an integrated approach to physical risk management, including systems and crisis management, financial protection through insurance and, more recently, the hedging of risks through the use of derivatives or what are known as alternative financial instruments."
Valsamakis adds that there is a tendency to consider risk in terms of downside risk, which is typically offset by insurance. Risk should more properly be defined as the volatility of unexpected outcomes.
Paradoxically, this definition regards positive volatility as risky, too.
Nick Leeson lost Barings Bank US$1.9-billion from derivatives trading, Bob Citron lost US$1.6-billion for Orange County in California. Both exposed their organisations to huge positive risk in the period leading up to the collapse. Had there not been positive risk, they could not have gone on to crash so spectacularly.
"There is a tendency for people to blame derivatives for these collapses, but the real enemy is the lack of appropriate risk management. Derivatives penalise those without sound risk management," says Valsamakis.
Financial risks tend to receive a disproportionate amount of attention, but what about non-market type risks? These are treated as insurance-type risks, although insurance is increasingly recognised as a poor substitute for good risk management.
Three types of risk can be identified: business, strategic and financial. Business risks are those the corporation willingly assumes to gain competitive advantage, add value to shareholders and include technological innovations, product design and marketing.
Strategic risks are occasioned by fundamental shifts in the economic and political environment. Financial risks relate to possible losses in the financial markets from movements in currencies, interest rates and asset prices. Financial risks can be further subdivided into market risk, credit risk, liquidity risk, operational and legal risks.
Risk management is increasingly becoming integrated with corporate governance, adds Valsamakis: "Even when one comes across so-called integrated risk management plans these go only as far as considering integrated, or alternative, risk financial mechanisms. They aim to provide benefit to shareholders through risk dispersion, tax and accounting efficiency, flexibility and customisation of covers, security of insurers and administration cost reductions."
This article is reproduced with the permission of the publisher.