This action might not be possible to undo. Are you sure you want to continue?
” by Leo M. Tilman and David Martin
I choose this article to reflect upon the latest economic crisis and the opportunities which were lost to mediate the eventual downfall of many a company. The article identifies the problem as an “urgent need for the new kind of corporate governance. A strategy grounded in risk management.“ This article states that many businesses “Failed due to inadequate risk management expertise, lack of adequate support, and outdated tools.” This article outlines a framework for risk thinking and development of a risk oriented culture. Prior to the recent failure of our economy most companies were fortunate to enjoy a long and continual trend of expansion. While enjoying the easy successes of a strong business environment attention to risks were often ignored. Companies should have been asking themselves.,“Are we putting ourselves at risk.” The failure to take appropriate actions to identify and react to risk is a major contributor to poor corporate performance especially during turbulent times. These failures demonstrate a lack of focus and a failure to execute a proper risk strategy. Due to the increasing complexity of today's business world the board of directors can easily be distracted from even the most basic issues. In today's economy a multitude of data is generated and presented to the board. Due to the number of competing priorities it is easy to lose focus on something as important as a well developed risk strategy. The established way of risk identification and mitigation fails to fully address risks within functional areas. A better way of drafting plans to mediate those risks is sorely needed. The latest crisis has made it clear that we cannot operate in a business-as-usual state of mind. The first question of risk strategy asks, “Do we fully understand our institution's risk exposures?” The first step towards understanding the risk facing the organization is the identification and quantification of the risk. Risk identification is probably most effective when developed by the business unit where the risks can readily be identified. It is essential that the presentation of the risks be
“Is our organization adequately dynamic from the viewpoint of risk management?” Tilman and Martin state that a “Lack of organizational dynamism.” This can be related to early identification of risks and other changes and drafting responses to those elements identified. Examples include the exiting of certain markets and the shuttering of operations deemed non-strategic in order to focus on the primary business activity. Execution of a well defined action plan will be the result when board-level executives are able to see through the clutter. “Are our risk exposures appropriate relative to earnings objectives. Companies may well choose to invest capital into strategies that alter the long-term structure of the company. Obviously that approach is driven by the preservation of capital and investments which correspond to reduction of risk throughout the enterprise.. “How do risk and uncertainty factor into our strategic decisions?” .was one of the main characteristics of failed companies during the recent financial crisis. This cannot just be the development of a report that goes into a filing drawer but must be continually monitored by the board of directors. risk appetite. The formation of these strategies must be include long-term changes in the market which they operate and take into account outliers such as that of a disruptive technology. I believe this demonstrates that large corporations often miss the important issue as their attention spans over a multitude of events occurring simultaneously. Tilman/Martin give an example of British Petroleum's lack of organizational dynamism. The third risk strategy asks. and desire for long-term sustainability?” The interrelationships between both risk and business opportunities must be recognized for proper mitigation strategies to be formed. capital levels. BP's ability to react to the crisis may have been better managed had their been a better system of risk reporting. The second risk strategy question addresses.properly presented to ensure focus is spent on those issues with the most importance. The drive to increase shareholder value must be tempered within an equivalent risk and reward portfolio. The fourth strategy question asks. During times of crisis opportunities from this portfolio must be approached in an entirely different fashion.
" Wachovia's strategic opportunities were driven by this philosophy and resulted in a merger with an entity whose risk ran deep." A board will become easily overwhelmed without a proper system that is capable of both the collection and dissemination of risk information throughout the enterprise. last. As a company identifies where to compete they must also take into account the downside of each decision.along with clearly delegated responsibilities for managing risk at all levels. governance policies and limits. the risk management function must be genuinely empowered. With each opportunity the corresponding cost of risk needs to calculated into the equation. The board may see trends across business units and have the chance to act accordingly. Wachovia's failure to fully identify risks within the merger lead to their failure. A key here is the aggregation of this information. measuring and aggregating all risk on the enterprise-wide level. leadership and management structures must be correctly aligned with the firm's business . and dynamic and integrated firm-wide process.Tilman/Martin give an example of Wachovia and the deeply-held belief that "growing deposits is perhaps the most profitable thing that a retail and small business bank can do. The fifth strategy asks “Is there is an integrated firm-wide risk management policy?” Tilman/Martin outline the important questions that an organizational risk management strategy must entail: "comprehensive risk reporting. with senior risk officers gaining not only the "seat" but also a "voice" at the table where important decisions are made. it is equally essential to see the overall trends emerging from each operating unit. If each business case is developed with a quantified risk component choices may become a little clearer." They go on to identify the prerequisites necessary for the above policies to be in place. action triggers. escalation procedures. Tilman and Martin’ sixth identified question of empowerment: “Are all professionals at all levels empowered to manage risk?” Tilman/Martin identify the important components necessary for the company to instill a culture where all professionals are charged with risk management: common risk language must be established throughout the organization . Although it is important for risks to be reported from the bottom up. "an analytical system capable of properly: identifying. As with Wachovia plans are sometimes drafted without enough diligence paid to each option.
and that the right balance must be established between competing priorities and constituencies. The tone must be set by the companies C-level leaders and represent the real driver of change throughout the organization. The board must demonstrate their willingness to listen and assimilate the issues outlined by the companies risk professionals to legitimize the importance of the companies risk management function. I also took away the relevance of the proper communication related to the companies risk strategy. Each individual must go beyond just the understanding of risk.. Without common metrics it would be hard to evaluate or quantify risks throughout each business unit and without a common reporting system risk truly becomes unmanageable. therefore. It becomes critical at the time of aggregation of risk data. A strong risk culture can be built over time but it must be inspired.model from a risk perspective. A risk strategy will not be successful without a context in how to apply risk principles. The last risk issue to address is whether there is an appropriate risk management culture. communication is the key to it’s success. Each manager must understand their company’s beliefs that police risk. I learned the importance of a properly implemented risk culture. Without empowering the risk professional the risk function will not be taken seriously. A common risk strategy must include common operating procedures between units to ensure that the risk message has been both received and dutifully implemented. Tilman and Martin alluded to the fact that risk is a system of values and behaviors that need to apply to everyone as they conduct business. Executives must continually demonstrate their 'buy in' for the company into risk strategy for the company to benefit. Developing a common definition of risk throughout the organization facilitates the collaboration of both risk professionals and functional management. The rules of risk and how they apply to everyday operations must remain through a risk framework which clearly sets out policies and standards to consistently follow. The organization will follow the actions of their leaders so they must go beyond nearly recognizing the importance and actually put the strategy . Employees must know where the company stands.
A constant. A proper risk environment may also need to take into account things such as hiring practices and be a part of real performance reviews and rewards for applying the companies risk strategy. Understanding risk management and learning how to apply that knowledge is a crucial part the corporate risk strategy. A company's risk culture should clearly outline the behaviors and practices to which employees are expected to adhere to on a daily basis. ethical considerations of risk strategy. It is not sufficient to demonstrate risk behavior. There must be a consistent and repeatable approach to risk. Education is a very large piece of the risk equation and in order to effectively implement the strategy there must be a corresponding investment. There is a strong value correlation between those companies which choose to develop a risk culture and then enforce it's compliance and those who choose to simply communicate and lead through example. Without proper educational opportunities employees will not make the most use of risk strategy. Another area where I can apply material is with the actual application of risk strategy thought the enterprise. The second area I felt could have been explored was the association of risk with ethics. clear message is key to enforce the policies and procedures needed for compliance. There must be a personal buy-in from employees as they will be the key to implementing the risk strategy on a daily basis. disseminate the risk message and develop risks and rewards for risk behavior. Implementing risk policy in a common fashion allows for the upward reporting and allows for trend analysis. there will be differences between business units.into everyday practice. Placing a priority on risk education will reinforce the importance of the risk mitigation throughout the enterprise. . There are two areas where this article failed to focus: proper training of the organization in risk. otherwise.