Reflecting on risk management

‘Everything we do is completely enclosed in uncertainty,’ says Kloman. ‘Risk management is an attempt to take some information and experience and try to convert that into the likelihood of occurrence and the likelihood of a range of possible consequences over a certain time period.’ He believes that it’s important not to look at uncertainty negatively – ‘something very good could happen tomorrow. Focusing on the potential downside is restricting. You can become very risk averse and you will miss great opportunities. Any bad thing that happens is a tremendous opportunity not only for the organisation it happens to but for its competitors and other firms. They can all learn and do things better in the future.’

He sees the basic flaw in the insurance industry as being that it only looks at the downside. ‘We need a new funding source which will step in after an unusual occurrence not only to replace what you’ve lost but also to make additional funds available so that organisations can take advantage of the situation and improve their lot.’

Severe natural catastrophes and the banking crisis have shown that governments (for that, read tax payers) generally provide the funds when there’s a real major disaster. ‘In a sense that is a more appropriate funding mechanism because the loss is spread through a greater universe than could ever be achieved through insurance,’ says Kloman. He proposes an international initiative to which all countries would contribute to help bail out a potentially disastrous loss in a particular country. Unlike the International Monetary Fund (IMF) which in most cases raises funds post loss, this would have the funds available in advance.

Would countries really be prepared to bail out other jurisdictions where, for example, they felt that problems might have been incurred or inflated because of local deficiencies such as lack of adequate regulation or poor policing of compliance? Kloman suggests that an international fund could be a driver for improving systems with the threat that a particular country might receive less unless it got into line. And he makes the very valid point that the world today is a fairly small place. ‘We are each responsible for each other in some way. If we allow the Bangladeshis who live on the flood plain simply to expire, that is going to rebound on us in some way in the future.’

So what about risk management?

Kloman’s first point is that we need to develop a rationale that clearly demonstrates the benefit that the risk management discipline can deliver to an organisation. He doesn’t think that we’ve come close to that yet, and convincing boards and stakeholders to accept risk management as ‘an article of faith’ won’t work, with the danger that risk management will slip back into being a network of minor operations.

He believes that scenario planning is probably the most effective proven technique for risk analysis, citing the example of an oil company that used this to enable them to anticipate possible major shifts in oil prices and take advantage of them. The risk (that word again) is that the competitive advantage that a pioneer gains will be lost once its competitors use the same technique. This poses an interesting point. Are some organisations actually demonstrating internally that their risk management is adding value but not sharing techniques in order to protect their advantage? And who can blame them?

Kloman believes that no-one to date has been able to ‘prove’ the value and effectiveness of risk management. He says that financial metrics are too narrow – and how do you measure ‘trust’ and ‘confidence’? So is risk management worth the effort?

To back this question, he cites the current economic crisis. ‘A number of financial companies had CROs and said they had highly sophisticated risk management frameworks and yet they came to grief. Is it that risk management doesn’t work, was it overtaken by other events or were the risk manager’s warnings of heading for disaster ignored by senior management?’

Communication

Kloman is convinced that risk managers must find a better way of explaining the value of the discipline to senior management, the board and key stakeholder groups. ‘The obvious ones are the shareholders but the others include the employees who invest their time and energy, suppliers, customers, communities where the company is located, regulators, lenders and the public at large. Reputation is crucial. Take the case of Enron – it could easily have survived if it hadn’t lost the confidence of the investors. No-one wanted to do business with them.’

How do you communicate about both upside and downside risks to stakeholder groups in a way that does not compromise confidentiality of certain information or inadvertently compromise your reputation? Kloman suggests that a possible solution is to create focus groups in each stakeholder area. ‘By communication I don’t mean just printing something and sending it out. It should be a continuing two way dialogue which in today’s world can be done quickly and relatively cheaply electronically.’ He believes that the outside perspective this type of communication with stakeholder groups would provide would allow an organisation to get a much better appreciation of its own risks.

‘Building trust and confidence in this way could be very valuable if something goes wrong. Investors are prepared to put in more money; lenders will lend more; regulators will give you a little slack; customers will continue to buy your product or services.’

Understand behaviour

Kloman’s last point is the need to understand behavioural influences. ‘Risk management has got to embrace the new ideas of behavioural economics – how people react in the face of a possible event in the future whether for good or bad.

‘The more you can learn about people the better equipped risk managers will be to evaluate their quirks and idiosyncrasies.’