Abandoning Silos for Enterprise Risk Management
“Traditionally”, that probably refers to large firms around 10 - 15 years ago and most small to medium firms still today, companies manage risk in silos. Think about grain silos, independent and isolated metal containers lined up out in the farmlands of Texas. They are useful, and they do their job of storing grain. Now think of a company, instead of containers of grain you have departments of people: purchasing, finance, treasury, sales, R&D, etc. They manage their risks; I’d guess most treasury departments and those in the supply chain would argue they are fantastic at managing risk. They very well might be, but they are doing it independently and isolated of each other.
Now think about the problems. There is no communication between the departments. Let’s say we are a Swedish company sourcing textiles in India, we have been doing so for years with a single large supplier. That is exposing us to risk of movement in the exchange rate between the Swedish krown and the Indian rupee. The treasury department has this under control. They will identify the appropriate FX instrument to hedge this exposure. Meanwhile, over at our good friends in purchasing, our quality mangers have determined that our supplier in India no longer passes quality controls, they’ve felt this coming for a while, and that supplier has to be phased out immediately and replaced with a Chinese supplier. What about the positions the treasury just entered based on our average expenditures each month? Guess those two buddies should have been talking more.
The list of things that could go wrong are endless: poor communication from the top-down and from the bottom-up about risk, weak internal risk control, lack of appropriate risk information for decision making, taking too much risk, taking too little risk, missing natural hedging opportunities, etc. While you may not all have the neurotic, downward spiral headspace to fear traditional risk management the way I do, we can probably agree that there might be something to breaking down the walls and creating some integration between departments. This essentially lands us at enterprise risk management. Blog over.
No, really though. The concept of abandoning silos, “portfolios of risk” (insurance companies and financial institutions function in this realm), and integration across the firm, more or less kicked off the whole thing. Then came the financial crisis and everyone decided it seemed like a good idea if risk management was a bit better…well, managed; this put pressure on companies to have better governance and ERM filled that need nicely. Then once companies gave up on portfolios because it was too hard to calculate and conquered the heat map (I hope you sense my sarcasm here - the former is probably true for many though there are plenty who are working hard at this and the latter is probably true but sad because the heat map isn’t much to conquer), the discourse changed to the importance of being “strategic” with ERM. I agree this is of utter importance, but there is a lot of work to do in sorting out what that might actually mean.
Never fear, this blog will help bring some clarity to the situation! In a week, the course I teach on ERM will begin. This will be my third year teaching. As the course passes, I’ll post about all things ERM and by the end of 5 weeks you and the students will know everything I know about ERM; thus, rendering me useless. Just kidding, I have way more up my sleeve (I hope), and I will always be useful for your consulting, teaching, or research needs. Give me a call at 1-800-…I don’t have an 800 number but shoot me an email.
Stay tuned for upcoming posts on shifting how risk is defined and a politically charged example of risk versus opportunity.