Banner Home Page About Us Joining Qualifications Courses Careers Events Publications Members

 

 

Risk Management and the Credit Crunch

The modern practice of risk management is fundamentally a systematic and comprehensive approach to the management of risks within an organisation, drawing on transferable tools and techniques that have been established as effective. The basic principles are sector-independent, although each sector will also develop its own specialist approaches to the particular risks important for that sector. Nevertheless, risk management is still relatively new and evolving as a formal subject compared to other more senior management disciplines such as accounting, or even marketing.

Corporate risk management first emerged in the US during the 1950’s and 60’s. Growing interest in contingency planning and formal health and safety practices started to come together with insurance purchase. During the 1970’s and 80’s risk management techniques also started to develop within project planning. Financial instruments grew more complex and sophisticated, derivatives emerged and finance directors started to recognise that there were benefits in a co-ordinated approach to insurance risk and financial risk. Developments in corporate governance, starting with the 1992 Cadbury report in the UK, and moving on to the Sarbanes Oxley Act in the US, established the principle that boards are responsible for overseeing an effective risk management process within their organisation. This laid the foundations for the emergence of enterprise risk management or ERM which requires an integrated, or holistic, approach to the risks facing an organisation and, most importantly, the way it organises itself to deal with them.

Not surprisingly, events of recent months have brought risk management into sharp focus. On the one hand, company directors who wish to stay out of the newspapers (and out of jail) and keep their customers and shareholders happy can see the sense of a strong, effective ERM plan, operated by risk professionals who also make an effective input into business decisions. On the other hand, questions must be asked about the shortcomings in risk management that have occurred (NINJA* loans anyone?).

Here are some areas that need exploring further: 

  • Over-complexity – new and innovative products like derivatives and financial instruments have brought great benefits, reducing risks and costs, but at the same time their complexity has made it more difficult to calculate overall risks. Complexity can be a shield hiding unpleasant truths from investors, regulators and risk managers. Expect greater scepticism about arrangements that cannot be effectively communicated – in whatever market.
  • Unknown unknowns – even the most sophisticated models only give some of the answers, some of the time. Financial models are not yet good enough at dealing with extreme events. For example, the Value at Risk measure of market risk, which tries to estimate how much a bank can expect to lose, typically bases its estimates on data from the last few years. If those years have been calm and uneventful then the model assumes that’s how things are going to continue, which is counter-intuitive to our experience of the real world. Consequently we are likely to see more emphasis on the qualitative analysis of risk alongside the quantitative side. The best risk managers have a strong streak of curiosity about what is going on outside their immediate environment and this trait will be increasingly important.
  • Corporate culture – the culture of the organisation must not allow effective risk managers to be perceived as spoilsports or killjoys, stopping others in the organisation from the all important business of earning money. This sort of toxic culture expresses itself in dangerous bonus arrangements that take insufficient account of long term risk, decision-making procedures that involve risk management too late in the process and an inbuilt bias towards approving deals unless risk management can build an overwhelming case against. Directors, and particularly non-executive directors, have a role to play in understanding and managing a risk-aware culture. Risk managers also have a responsibility to ensure that their communication and influencing skills, and their understanding of the business, are of the highest level.

* Loans for those with No INcome, Job or Assets

 

 

Carolyn Williams

Development Manager

The Institute of Risk Management

September 2008

This article first appeared in Finance Week