Furthermore, investors separate risk into two components: downside and upside. They care differently about downside losses versus upside gains. While investors do not mind making less money than they expected, they detest losing money. Thus, when a risk has relatively more downside, they demand a higher payoff as compared to a similarly sized risk but with equal downside and upside components. Investors also take into consideration the interplay among risks: how a risk behaves in relation to other risks they have already taken on and in relation to the general movement of the economy.
For example, if the payoff from one risk tends to decrease in a declining market more than it tends to increase in a rising market, it is an unattractive risk because it usually has very low payoffs precisely when the wealth of investors is low. Investors will then require a premium for taking on risks with payoffs that co-vary strongly with the overall economy, or with the payoff from other risks already taken on by the investors. Risk managers can become indispensable to their CEOs if they develop the expertise to think through (and act on) risk-related information in this same nuanced way.
Think about insurance. A large carrier has the strategic goal of sustained growth in book value. To achieve this goal, the insurer needs to consistently make a profit from selling its polices. But selling polices involves taking on risk. So then, the challenge is to underwrite only good risks. By thinking through the information that flows to and from the underwriters, the risk manager can predict how well the firm will meet its strategic goal.
If underwriters are rewarded on premium volume and the heroes are the ones with the largest book of business, then bad risks will also be underwritten and the firm is unlikely to meet its strategic goal. If, instead, underwriters are meaningfully rewarded and celebrated on their long-term loss ratio (the percent of incoming premium the insurer paid out to policyholders to settle their claims) then bad risks are less likely to be underwritten. When information is further used to understand the firm as a collection of risks, underwriters may even seek out the right sort of “bad” risks to offset risks already on the books.
Keeping Up With — Then Surpassing — the Joneses
Evidence suggests that a firm’s risk management processes depend on the nature of competition in its market and on the risk management processes of its competitors. There does not seem to be a one-size-fits-all solution when it comes to the processes a firm uses to manage risk.
This evidence is good news for the entrepreneurial risk manager even if it is at odds with enterprise risk management (ERM) frameworks that conceive the management of risk as a universally standardized internal control process. When corporate risk becomes the focus of management, even if management takes no specific action, the dynamics between the firm and its risk change; just the impression of better understanding a firm’s risk leads managers to take on more (or less) risk. Thus, risk managers should promote understanding of the firm’s risk distribution and increase the scope of their thinking to also manage for future possibilities rather than only managing against possibilities. In this way, ERM and strategic risk management (SRM) become complementary processes.
Tactical decisions—how much insurance to buy, at what price to lock in a particular commodity, how much interest rate risk to hedge, how strong digital firewalls should be or how much debt to take on—are usually made independently. But since these decisions affect the volatility in the firm’s financials, there are clearly benefits to integrating (but not centralizing) them into a common framework. Even though we currently do not know how to quantify many risks—let alone the sum of all risks taken together—risk integration helps managers see the overall interplay among the firm’s risks, thus allowing them to identify and eliminate excess volatility. Reducing excess volatility is good because most investors (as well as customers and employees), rather than working through a firm’s volatility, instead undervalue the firm. Therefore, the management of tactical risk through an integrated framework, such as the ERM framework, adds value by enhancing the quality of information that flows from the firm to its markets.
For an ideal integration of risk, however, unedited information needs to freely flow up, down and across departments. But of course this is not how information actually flows in most firms. Also, over time, the management of tactical risk turns normative in the sense that specific techniques and processes become so prevalent that they are institutionalized within an industry. Any firm that fails to adopt them finds itself at an informational disadvantage.
In contrast to the management of tactical risk, SRM deals with the core risks of a firm. Core risks stem from activities for which the firm’s managers have some information advantage in determining their outcome.
Again, think about an insurance company. Interest rate risk is a non-core risk for an insurer; its managers have no better idea than the managers of the next insurer—or the managers of any other non-banking firm for that matter—what level of interest rates will prevail in the future.
Underwriting risk, however, is a core risk for an insurer. Its managers are paid to know the likely payoff on any given risk presented to them for an insurance policy. They then act on this informational advantage to generate positive economic profits.
The key to generating positive economic profit is in a firm’s ability to charge highly for its products and services. In a competitive marketplace, a firm can only do this if it possesses some difficult-to-replicate advantage over its competitors. Such a firm enjoys market power, which means that when the firm raises its price it loses only some, not all, of its sales. It might take years of incremental progress, or months of inspiration, before a firm builds up difficult-to-replicate advantages. They may range from patents to scale/scope efficiencies to network economics to superior information. Research suggests that relatively few firms succeed in generating sustained, profitable growth. Those that succeed often do so by diversifying their core risks into related markets.
For example, a firm specializing in selling policies to accident-prone drivers analyzed all transactions from its customers and used insights from its analysis to create a family of insurance products with varied terms, costs and services for all drivers. As a result, the firm is doing well compared to its competitors.
The Largest Strategic Risk
By far the most common risk to a firm’s strategy—its plan for earning economic profits—is competitors coming up with smarter insights in running their own operations. In any ranking of firms, therefore, the firm with the better strategic plan—assuming all are equally capable of executing their plans—inches up the rankings. The idea of a firm’s rank is a familiar concept: There are annual lists compiled and published that rank the top firms by their revenue, by their ethical practices, by the quality of their products and so on. SRM is then about managing the rank position of the firm. In this context, SRM safeguards and promotes events that lead to a gain in rank position and defends against events that lead to a loss in rank position. Of course, given the focus on quarterly financials, the temptation is to maximize profit in the short-term.
Indeed, much has been said as to whether firms should ultimately serve the interests of investors or the interests of a larger group of non-investor stakeholders. The justification for serving only the interests of investors rests on a utopian view of markets.
Markets, however, do not function as perfectly as we like to imagine, and investors occupy many roles. Evidence suggests that successful managers, on balance, consider in their decisions the many roles their investors occupy. For example, actions managers take in the name of investor value affect investors in their roles as consumers of the firm’s products, as investors in other firms, as next-door neighbors to the firm’s factories and as citizens who benefit from programs funded by the firm’s donations and taxes. This is why managers are increasingly attempting to deliver long-term rather than short-term wealth to their investors by optimally managing relations with all their stakeholders. One way to manage stakeholder demands is to manage for sustainability.
Sustainability is perhaps one of the most difficult goals to achieve since it requires a balance between antagonistic growth objectives: For its financial health, a firm requires a minimum of economic growth, while environmental integrity may impose a limit to economic growth. A common theme among sustainability principles is integrating environmental, social and governance risk considerations to the formal decision-making processes of firms. Several of these sustainability principles also call for the firm to assess and monitor the environmental, social and governance performance of their supply chain, key customers and business partners. Sustainability principles, therefore, represent an expanded view of ERM and SRM. The ERM/SRM thinking simultaneously informs the pursuit of sustainability and is moderated by it.
Consider, for example, the practice of shifting risk from the firm to third parties. Such practice might be good risk management but it can threaten the firm’s own sustainability if third parties that are essential to the firm are less able than the firm to manage risk.
If ERM is about enhancing information flows from the firm to its markets and SRM is about managing the rank position of the firm, sustainability is about the application of risk management to ensure a firm’s perpetual access to finite resources. ERM dials down excess volatility in the operations of the firm, which then allows SRM to take a critical view at the context in which the firm does business: Is the firm’s strategy good, or is the firm simply riding a favorable economy? Then sustainability thinking takes over to moderate the moral hazard of pursuing short-term rewards at the expense of the long-term success.