Upload
rohit-ramesh
View
219
Download
0
Embed Size (px)
Citation preview
7/31/2019 Risk Management - Kaplan
1/52
Copyright President & Fellows of Harvard College
Managing Risks: A New Framework
Anette MikesHarvard Business SchoolIRM, Manchester, 25 April 2012
7/31/2019 Risk Management - Kaplan
2/52
A Case Study in Risk Management
7/31/2019 Risk Management - Kaplan
3/52
Risk Management is Non-Intuitive
3
7/31/2019 Risk Management - Kaplan
4/52
JPL engineers graduate from top schools at the
top of their class. They are used to being right
in their design and engineering decisions. I haveto get them comfortable thinking about all the
things that can go wrong.
- Gentry Lee, Chief Systems Engineer, NASA JPL
7/31/2019 Risk Management - Kaplan
5/52
Risk Management and the Financial Crisis
Conflicting pressures?
Faster, better, cheaper
Growth, profit, control
The cultural position of the risk function
Companies that failed had relegated risk management toa compliance function, with no access to topmanagement.
HBOS had "a cultural indisposition to challenge" and thatthe task of "being a risk and compliance manager felt abit like being a man in a rowing boat trying to slow downan oil tanker. UK Treasury Committee (7threport); Paul Moore
7/31/2019 Risk Management - Kaplan
6/52
Do complex organizations fail inevitably?
7/31/2019 Risk Management - Kaplan
7/52
BP Deepwater Horizon: Post Mortem
The disaster can be attributed toan organizational culture and incentives
that encourage cost cutting and cutting of corners
that reward workers for doing it faster and cheaper,but not better.
Management failure crippled the ability of individuals
involved to identify the risks they faced, and to properly
evaluate, communicate, and address them.
-The National Commissions Report to the President
7/31/2019 Risk Management - Kaplan
8/52
8
Individual and Organizational Biases
Risk mitigation is painful; not a
natural event for humans to
perform.Gentry Lee Chief Systems Engineer,NASA, JPL
7/31/2019 Risk Management - Kaplan
9/52
Individual biases:
Overconfidence
Tendency to anchor our estimates
Confirmation bias
Escalation of commitment
Organizational biases:
Groupthink
Rather than mitigating risk, firms incubate risk through the normalization of
deviance
Effective risk-management processes must counteract those biases
9
Individual and Organizational Biases
Risk mitigation is painful; not a
natural event for humans to
perform.Gentry Lee Chief Systems Engineer,NASA, JPL
7/31/2019 Risk Management - Kaplan
10/52
Whats distinctive about risk management?
A practice-based definition
(Kaplan & Mikes, HBR forthcoming):Active and intrusive processes
that
are capable of challenging
existing assumptions about the
world within and outside the
organization
... communicate risk information with
the use of distinct tools (risk maps,
value-at-risk models, stress testsetc.)
complement, but do not displace,
existing management control
practices
10
7/31/2019 Risk Management - Kaplan
11/52
Risk management is too often treated as a compliance issue
New categorization of risk
Some risks can be managed through a traditional rules-based model and some
require alternative approaches
Companies need to anchor risk discussions in their strategy formulation and
implementation processes.
11
Different Types of Risk Management
7/31/2019 Risk Management - Kaplan
12/52
Different Types of Risk
12
7/31/2019 Risk Management - Kaplan
13/52
Risks arising from within the company that generate no strategic benefits
Eg: risks from employees and managers unauthorized, illegal, unethical, incorrect,
or inappropriate actions; risks from breakdowns in routine operational processes
Companies should seek to eliminate these risks
Active prevention: monitoring operational processes and guiding peoples
behaviors and decisions toward desired norms
13
Category I: Preventable Risks
7/31/2019 Risk Management - Kaplan
14/52
Risks voluntarily accepted by the company in order to generate superior
returns from its strategy
Eg: credit risk assumed by a bank when it lends money; risks taken on by
companies through their R&D activities
Not inherently undesirable
Reduce the probability that the assumed risks materialize and improve the
companys ability to contain the risk events should they occur
14
Category II: Strategy Risks
7/31/2019 Risk Management - Kaplan
15/52
Risks arising from events outside the company and beyond its influence or
control.
Eg: natural and political disasters; major macroeconomic shifts
Companies cannot prevent such events from occurring
Management must focus on identification (obvious only in hindsight) and
mitigation of their impact
15
Category III: External Risks
7/31/2019 Risk Management - Kaplan
16/52
Managing Preventable Risks
16
7/31/2019 Risk Management - Kaplan
17/52
Failures in Controlling Preventable risks
Siemens Bribery and Corruption Scandalo Pay $1.6 billion in fines and $850 million for internal investigations by
outside lawyers and accountants.
o Nine former members of Managing Board sued for $28.3 million for
breaching fiduciary duties
o Two former CEOs agree to pay more than $10 million to settle cases
brought against them.
Socit Gnrale: The Jrme Kerviel Affair
o Losses of about7 billion (2007).
o Socit Gnrale has to raise5.5 billion in new capital.
7/31/2019 Risk Management - Kaplan
18/52
Situational forces: The fraud triangle
18
7/31/2019 Risk Management - Kaplan
19/52
Situational forces - How good people turn bad
19
Organizational pressure
Group pressure and the Lureof the Inner Circle
Blind obedience to authority
Not recognizing red flags andan exit opportunity
7/31/2019 Risk Management - Kaplan
20/52
What individuals can do - Step up to situationalforces
20
Stand firm on principle despite intense pressures
I am responsible
Whistle blowers: individuals who are aware of illegal or unethical
activities who report the activities without expectation of reward
Heroes risks:
Career risk
Professional ostracism
Loss of status
Financial loss
Loss of credibility
7/31/2019 Risk Management - Kaplan
21/52
Companies cannot anticipate every circumstance or conflict of interest that an
employee might encounter, but should clearly articulate their
Mission
Values
Boundaries
Top managers must serve as role models
Importance of strong internal control systems and independent internal audit
department
21
What corporate leaders can do
7/31/2019 Risk Management - Kaplan
22/52
Medicine is for people, not for
profits. The profits follow, and
if we have remembered that,they have never failed to
appear.
-George Merck, CEO and founders son (1950).
The Mission
7/31/2019 Risk Management - Kaplan
23/52
Beliefs System
Domain for Searchand Empowerment
Boundary System
Boundary Systems
Opportunity Space
7/31/2019 Risk Management - Kaplan
24/52
Managing Strategy Risks
24
7/31/2019 Risk Management - Kaplan
25/52
Building great things means taking risks.
This can be scary and prevents most companies from
doing the bold things they should.
However, in a world thats changing so quickly, youreguaranteed to fail if you dont take any risks. We have
another saying:
The riskiest thing is to take no risks.- Facebook IPO prospectus
25
7/31/2019 Risk Management - Kaplan
26/52
3 distinct approaches to managing strategy risks
One size does not fit all In terms of the structures and roles for the risk
management function
However, all encourage employees to challenge existing assumptions and
debate risk information
26
7/31/2019 Risk Management - Kaplan
27/52
27
7/31/2019 Risk Management - Kaplan
28/52
High intrinsic risk, but risk changes slowly over time
Risk management handled at the project level
Case: Risk management at JPL
CRO
Risk review board made up of independent technical experts
Role is to challenge project engineers design, risk-assessment, and risk-mitigation
decisions (culture of intellectual confrontation )
Authority over budgets: establishes cost and time reserves according to its degree
of risk
28
I. Independent Experts
7/31/2019 Risk Management - Kaplan
29/52
29
7/31/2019 Risk Management - Kaplan
30/52
30
7/31/2019 Risk Management - Kaplan
31/52
31
7/31/2019 Risk Management - Kaplan
32/52
Risk stems largely from seemingly unrelated operational choices across acomplex organization that accumulate gradually and can remain hidden for along time
Risk management by a small central risk-management group that collects
information from operating managers
Hydro One
CRO runs workshops with employees from all levels and functions
Employees identify and rank the principal risks to the strategic objectives
Capital allocation and budgeting decisions linked to identified risks
32
II. Facilitators
7/31/2019 Risk Management - Kaplan
33/52
33
7/31/2019 Risk Management - Kaplan
34/52
Risk profile can change dramatically with a single deal or major marketmovement
Risk management by embedded experts within the organization tocontinuously monitor and influence the businesss risk profile, working with
line managers
Danger for the embedded risk managers to go native
JP Morgan Private Bank
Report to both line executives and a centralized risk-management function
Continually ask what if questions
34
III. Embedded Experts
7/31/2019 Risk Management - Kaplan
35/52
Companies tend to label and compartmentalize risk, especially along
business function lines
Companies can achieve an integrated risk perspective by anchoring their
discussions in strategic planning
Companies also need a risk oversight structure
35
Avoiding the Function Trap
7/31/2019 Risk Management - Kaplan
36/52
Risk discussions generated from the Balanced Scorecard
Eg: growing client relationships identified as a key objective,
Management realized that strategy had introduced a new risk factor: client default.
Implication: monitor CDS rates of large clients etc....
36
Infosys As we asked ourselves about what risks we
should be looking at, we gradually zeroed inon risks to business objectives specified in
our corporate scorecard.MD Raganath, CRO, Infosys
7/31/2019 Risk Management - Kaplan
37/52
Risk discussions generated from the companys strategy map
Risk events identified for each objective
Risk Event Card prepared for each risk
High-level summary of results presented to senior management
37
Volkswagen do Brasil
7/31/2019 Risk Management - Kaplan
38/52
38
Volkswagen do Brasil: Risk Event Card
7/31/2019 Risk Management - Kaplan
39/52
39
Volkswagen do Brasil: Risk Report Card
7/31/2019 Risk Management - Kaplan
40/52
Hydro One:
Large company, but small risk group
JPL / JP Morgan Private Bank:
Small companies/units, but multiple project-level review boards or teams of
embedded risk managers
Infosys:
Dual structure: central risk team; specialized functional teams
40
Organizing the risk function
7/31/2019 Risk Management - Kaplan
41/52
Managing External Risks
41
7/31/2019 Risk Management - Kaplan
42/52
Some external risk events sufficiently imminent for managers to manage themlike their strategy risks
Eg: risk of increased protectionism at Infosys
Most external risk events require a different analytic approach
Probability of occurrence very low
Difficult to envision them during the normal strategy processes
42
7/31/2019 Risk Management - Kaplan
43/52
Natural and economic disasters with immediate impact
Eg: 2010 Icelandic volcano eruption; bursting of a major asset price bubble; 2011
Japanese earthquake and tsunami
Geopolitical and environmental changes with long-term impact
Eg: political shifts; long-term environmental changes; depletion of critical natural
resources
Competitive risks with medium-term impact
Eg: emergence of disruptive technologies; radical strategic moves by industry
players
43
Sources of External Risk
7/31/2019 Risk Management - Kaplan
44/52
Tail-risk stress tests Assess major changes in one or two specific variables whose effects would be
major and immediate, although the exact timing is not forecastable
Depends critically on the assumptions (may themselves be biased)
Scenario planning
Systematic process for defining the plausible boundaries of future states of the
world
Long-range analysis (typically 5-10 year)
War-gaming
Assesses a firms vulnerability to disruptive technologies or changes in
competitors strategies
44
Dealing With External Risks
7/31/2019 Risk Management - Kaplan
45/52
Wrap-up
45
7/31/2019 Risk Management - Kaplan
46/52
Risk management focuses on uncertainties that could impair mission andstrategic objectives
Mitigating risk involves dispersing resources and diversifying investments
Most companies need a separate function to handle strategy- and external-
risk management
46
Risk Management is Not Strategy Management
7/31/2019 Risk Management - Kaplan
47/52
Smart questions or dumb questions?
Do you have an embedded risk management system?
Do you have a strong risk culture?
Do you have a risk appetite policy that is well understood by every member of
the organization?
47
7/31/2019 Risk Management - Kaplan
48/52
Dumb questions
Lack traction, and is relatively easy for a CEO or CRO to answer and deflectwithout revealing much of substance
Invite busy executives to rehearse risk management clichs
The answers to banks of dumb questions are more likely to be self- reinforcing
and reveal little about the real risk management.
They will tend to produce an illusion of control.
Power, M., Smart and Dumb Questions to Ask About Risk Management.Risk Watch, May 2011
48
7/31/2019 Risk Management - Kaplan
49/52
Smart questions to the CEO
What are the processes by which you satisfy yourself that risk appetite is a realconstraint on action?
Is the organization good at stopping bad projects that have gained
momentum?
When was the last time something was stopped in the organization because itwas considered too risky?
How do you feel about meetings with the chief risk officer? Do you feel you talk
to your chief risk officer enough?
What are the three most important bits of management information that you
use each day? What do they tell you, if anything, about risk?
49
Power, M., Smart and Dumb Questions to Ask About Risk Management.Risk Watch, May 2011
7/31/2019 Risk Management - Kaplan
50/52
Smart questions to the CRO
Have you ever been excluded from meetings that you felt you ought to attend?
What did you do about it?
Do you feel you have enough contact with the CEO?
Can you envisage being able to veto developments? Did you ever try, and why?
Are you involved in product development from the beginning? If not, why not?
50
Power, M., Smart and Dumb Questions to Ask About Risk Management.Risk Watch, May 2011
Its an evolution: Risk managers shape their
7/31/2019 Risk Management - Kaplan
51/52
It s an evolution: Risk managers shape their
own fate too!
Taking responsibility or shifting blame
Competing with other staff groups
Expanding or limiting boundaries
Working on the relationship with the business
51
7/31/2019 Risk Management - Kaplan
52/52
Thank you!