Ajit Kambil, Mark Layton and Rick Funston outline the findings of a recent analysis on the causes of major shareholder value losses, and suggest ways of reducing vulnerability

Consider a senior executive's worst nightmare. Over just a few days, the company's share price plummets. Available credit quickly dries up. Expansion plans are put on hold. The firm takes years to recover its original value, and by the time it does so, senior management has been replaced. Unfortunately, this nightmare is all too often a reality for the world's largest companies.

Deloitte Research, a part of Deloitte Services LLP, undertook a study to analyse the causes of major shareholder value losses in the last decade.

While the past does not necessarily predict the future, our study sought to better understand the factors underlying corporate value losses, and to suggest better ways to reduce vulnerability and disarm the 'value killers'.

Our analysis identified the largest one month declines in share price for the 1,000 largest international companies (based on market value) from 1994 to 2003. The results were sobering. Almost half of the companies had lost more than 20% of their market value relative to the MSCI world stock index over a one month period at least once in the last decade (see Figure 1).

And the value losses were often long-lasting. Roughly a quarter of the companies had to wait more than a year before their share prices regained their original levels, sometimes much longer. By the end of 2003, the share prices for almost a quarter of the companies had still not regained their original levels (see Figure 2).

To understand the drivers of major value losses better, we studied the 100 companies that suffered the greatest share price declines from 1994 to 2003. We reviewed public disclosures, analyst reports, and news articles on each firm to glean insights into the events driving shareholder value losses.

Adapting the COSO framework, we categorised events into four broad risk categories:

- Strategic Risks, such as demand shortfalls, failures to address competitor moves, or problems in executing mergers
- Operational Risks, such as cost overruns, accounting problems from failures in internal controls, and supply chain failures
- Financial Risks, such as high debt, inadequate reserves to manage increases in interest rates, poor financial management, and trading losses
- External Risks, such as an industry crisis, country-specific political or economic issues, terrorist acts, and public health crises.

The events were further classified into more detailed sub-categories, as shown in the panel, 'Analysing the Value Killers'. The accompanying graph (Figure 4) shows the frequency of risk issues across the 100 largest value losses. To our surprise, we found major value losses were not always driven by a failure to respond adequately to a single category of risk failure - but were often due to the failure to respond to many different types of interdependent risks over a short period of time. Indeed, more than 80% of the 100 companies that suffered the greatest losses had experienced risk events of more than one type. Low-probability, high-impact events also played an important role.

Based on our analysis, we identified four key areas of focus for managers to better disarm lurking value killers. These are to:

- manage critical risk interdependencies better
- review and mitigate low frequency/high impact risks
- foster a more ethical culture
- increase the capacity to recover

Critical risk interdependencies

A key finding of our research is that many major value losses are caused by several types of risk interacting. Consider the following case, for example.

After its fourth profit warning in five quarters, a major manufacturer saw its shares plunge by more than 25%. In total, the firm lost more than half its market value over the course of the year. Traditionally a market leader, the manufacturer was initially slow to respond to the strategic risk posed by competitors aggressively introducing products with new features.

But its effort to reduce costs through massive reorganisation left it vulnerable to further losses from inadequately managed operational risks.

The firm consolidated more than 30 administrative centres into just three, which slowed order fulfilment and billing, and increased customer administration costs and accounts receivable, leading to further losses.

While many firms have invested in enterprise risk management, all too often they manage risk in silos, often leaving themselves blind to relationships between risks. For example, in a 2003 survey of financial services executives by the Global Association of Risk Professionals, more than half of the respondents said their firm used disparate systems for operational risk and credit risk, while only 10% said that they had integrated technology that covered both sets of risks. Our analysis suggests that it is critical to model and manage the interdependencies between risks. Risk management strategies should include an analysis of how responses to one type of risk may trigger other types of risks.

How can managers gain a comprehensive view of risk interdependencies?

The essential first step is to build an integrated risk management function, championed and supported by senior management, that sits above all divisions and departments. The purpose of this group is to identify the key risks across the corporation, understand the connections between them, and develop a risk-management strategy that takes into consideration the organisation's appetite for risk.

For example, a large multinational bank integrates risk management at the time business strategies are developed, rather than planning for risk after a strategy has been established. Central to their approach is looking at risks holistically, rather than in isolation. For instance, when considering risks in the underwriting process, the bank assesses how its business strategy, sales practices, and business development practices affect the risk profile.

This comprehensive approach not only helps the organisation reduce overall risk but can also lower the costs of risk management. For example, a global manufacturing company formerly bought product liability, property, and foreign exchange insurance policies separately. By understanding the risk interdependencies of these products, it developed a comprehensive insurance contract with its insurance company that bundled several different kinds of policies. This has enabled the company to cut its overall risk abatement cost by more than 15%.

Low-frequency, high-impact risks

During the period covered by our study, many large value losses were the result of events that were considered extremely unlikely, but which still occurred. Rare events that can dramatically destroy value include terrorist acts, industry crises, country crises, currency crises, and natural disasters (see Figure 3).

For example, in the early 1990s, a Mexican manufacturer used dollar debt from major US banks to acquire plants in other Latin American countries and modernise operations. By the end of 1994, about three-quarters of the company's debt was in dollars, while the company's revenues were largely peso-denominated. The company had not prepared for the unlikely event of a major currency devaluation coupled with an economic crisis. During the Mexican financial crisis of 1995, the devaluation of the peso and the resulting recession slashed cash flow from its Mexican operations by more than 50% in dollar terms. The company only survived by arranging emergency financing.

Despite the potentially devastating impact of unlikely events, managers often emphasise the most likely risks faced by a company when assessing its risk position. Given the low likelihood of rare events, managers can often be misled into not addressing them.

While rare events are not always preventable, companies can improve the resilience of their operational and capital structures to better manage them. Stress tests and scenario analyses can be used to understand the potential negative impacts from rare events that are typically omitted in risk models. Scenarios help managers to answer the question, 'What can go terribly wrong?' And stress tests, such as assessing a portfolio's resiliency under different financial assumptions, can help assess the company's ability to withstand specific events, without having to develop a statistical model of them.

A firm can also build the flexibility to respond to different scenarios by selectively investing in capabilities that can be exercised in the event that a specific scenario is realised. For example, a firm might take a partial equity stake in a company in another market or region, with the option to migrate to full ownership. Or a media company could simultaneously support many different technologies and strategies for online media distribution until standards become well-defined. By initially supporting multiple technologies, the vendor in effect takes an option to allow it to adapt quickly to future market conditions. Given the recent highly-publicised examples of terrorism, security, and weather-related risks, firms are also reviewing their business continuity plans to improve their resilience.

Fostering ethical conduct

A permissive corporate culture or a lax control system contributed to many high-profile value losses in the past decade. For example, in just two days, a major healthcare firm saw its share price plunge by almost half and watched $6bn in market value evaporate. The company had looked like a high flyer, but its extraordinary growth had come at the expense of an ethical corporate culture and solid controls. A variety of lawsuits filed against it had alleged fraudulent billing and other improprieties in government health programmes, under-staffing, and labour violations.

When it was reported that changes in Medicare payment procedures would cut the company's revenues, and that the federal government was investigating allegations of unnecessary surgery, its stock price nose-dived.

Several structural changes have been adopted to improve control systems and processes, such as Sarbanes-Oxley in the US, or the Turnbull report in the UK. The Securities and Exchange Commission (SEC) and equities markets such as the New York Stock Exchange have also promulgated new governance and listing requirements. The increased attention to risk management by investors and the media has led many firms to upgrade their risk management and monitoring systems against fraud and unethical business practices.

These legislative and structural initiatives will only be effective, however, if companies complement them by placing premium value on a sound ethical culture. A corporate culture frames the shared beliefs of most members of an organisation and can often guide employee behaviour more consistently than formal rules.

Setting or changing a firm's culture is a key leadership activity that must start at the top. It requires senior management to consistently communicate - through actions even more than words - the ethics and key values of the firm. These values should include dealing honestly with difficult situations by directly addressing bad news rather than avoiding it, sharing information, keeping commitments, and not stressing the ends more than the means.

Increase the capacity to respond

As our data illustrates, bad things can happen to good companies. Failures in risk management were often compounded by the lack of timely information for senior executives and boards of directors on the causes, financial impact, and possible resolution of the problem. This naturally reflects poorly on the senior executive team and their control of the organisation, and often led to their departure. The shock felt by investors who suddenly learn about the existence or severity of problems that had previously been undisclosed has often driven share values down even further. For example, when a business service company disclosed that its second quarter earnings would fall short of expectations, investors drove down its share price 37% and erased more than $12bn from its market value. The firm's inability to offer much explanation as to what had gone wrong contributed to the losses. After the turmoil, the CEO, CFO, and COO left.

With CEOs and CFOs of US public companies now having to attest to the accuracy of financial information, some companies have improved the ability of their information systems to provide more current visibility. However, this does not mean companies are able to gather and provide information in a timely way to address investor or board concerns. Building the capacity to gather information flexibly and quickly to respond to crises can help managers take control of difficult situations.

Where now?

Deloitte Research found many of the world's largest companies suffered tremendous losses in market value during the last decade. These losses occurred due to failures in correctly anticipating, hedging against, and managing, diverse risks. To preserve value, companies need to model critical risk interdependencies and manage risk in a holistic way. While risk can never be eliminated, it can be more proactively and effectively addressed.

Companies that move beyond traditional risk management to implement a more comprehensive approach to their control environment will be better placed to prevent, or recover from, losses in shareholder value.

Ajit Kambil is global director, Deloitte Research, Mark Layton is global managing partner, enterprise risk services, Deloitte & Touche LLP, and Rick Funston is enterprise risk management leader, Deloitte & Touche LLP, www.deloitte.com The views expressed in this article are those of the authors and do not necessarily represent the views of Deloitte & Touche ANALYSING THE VALUE KILLERS

There were a number of contributing causes to the 100 largest value drops. The adjacent chart provides an illustration of the frequency of different types of contributing causes.

Note - Four companies were omitted from the top 100 list for this analysis because of the lack of reliable information. The frequencies add to greater than 100 as many different risks can contribute to a particular value loss.

The contributing events are:

- Demand shortfalls - Insufficiently managing drops in demand either due to an industry-related event or firm-specific events
- Customer losses/problems - Insufficiently managing losses when specific valued customers have problems leading to falling demand or payments
- M&A problems - Insufficiently valuing or merging two firms
- Pricing pressure - Insufficiently sustaining margins vis a vis competitors
- Product/services competition - Ineffectively introducing innovative products into the marketplace
- Product problems - Insufficiently addressing product quality issues
- Regulation - Ineffectively planning for regulatory driven compliance, demand and supply constraints
- R&D - Ineffectively harnessing research into successful products and services
- Cost overruns - Insufficiently managing costs of operations
- Poor operating controls - Insufficiently managing HR, operations or other functions
- Accounting problems - Fraud or manipulation of accounting information
- Capacity problems - Inadequate or too much capacity to handle demand
- Supply chain issues - Insufficiently managing supply chain execution leading to delays, overstocks or stockouts
- Employee issues and fraud - Insufficient staffing or employee fraud
- Noncompliance - Insufficient compliance with general industry norms, rules and regulations
- High input costs - Insufficiently forecasting and controlling the costs of inputs
- High debt and interest rates - Inadequately managing borrowings
- Poor financial strategies - Incorrectly using options, derivatives and other financial risk management and investment strategies to preserve value
- Asset losses - Insufficient levels of investment leading to asset losses
- Goodwill and amortisation losses - Incorrectly accounting for goodwill and amortisation
- Industry crisis - Problems arising from industry wide supply, demand, regulatory or other events
- Country economic issues - Insufficiently addressing country-specific economic risks (currency et al)
- Foreign economic issues - Insufficiently addressing foreign economic risks
- Political issues - Insufficiently anticipating changes in government or policies
- Legal risks - Insufficiently anticipating and ineffectively addressing legal issues
- Partner losses - Unanticipated losses from partner weaknesses
- Terrorism - Insufficiently anticipating and managing possible terrorism
- Supplier losses - Unanticipated losses from the failure of suppliers to meet their commitments
- Weather losses - Losses from weather-related events.