Against the Odds

Even in business, it is overall uncertainty—an unmeasureable—that tends to bedevil risk advisors the most

Knowledge and courage maketh success, goes the old adage: you should know what risk will yield what return, and must have the guts to act on your choice. Business, alas, has got much too big and complex to keep it all so simple. And risk management is in disarray globally, as exposed so sharply by the Great Recession—a grand failure of grasping risk. A survey of about 500 companies across Europe, Africa, the Middle East and India (which accounts for over half the sample), conducted by the consultancy KPMG, reveals that just 59 per cent of them have a ‘formal framework’ for risk management. Even so, what they mean by this tends to vary. Only a fifth have defined their risk tolerance level comprehensively and had it approved by the CEO and Board; 61 per cent say they discuss risk as part of strategy, but have no exact fix on how much they’re ready to bear.

Not only does risk appetite remain largely fuzzy, KPMG finds that efforts to cushion the company are led by regulatory compliance rather than strategic foresight. “What we would like is for companies to understand risk from a perspective of how to add value, from a strategic point of view,” says Neville Dumasia, head of governance, risk and compliance, KPMG in India, “It is not a documentation effort.”

All too often, risk remains woefully out of whack with strategy. This happens not just because the Board’s role is too blurred, but because risk identification is too short-termist and inward looking, even as firms are vague about the links of one event with another. Risk aggregation, which entails a long chain of events weighted by their probabilities, is often faulty. Scenario planning, which involves stress tests under varied possibilities, is rarely done. Of course, quantitative approaches are not foolproof, as post-Lehman (or rather, post-LTCM) Wall Street would attest. This is why soft analysis—an entrepreneur’s instinct—also counts.

Dumasia recommends a Chief Risk Officer. By KPMG’s survey, a third of all respondents have a CRO already, and 31 per cent intend to appoint one over the next 12 months. Some 37 per cent of companies reject the idea. Isn’t the job of weighing risk, so integral to business, that of the CEO though? “The CEO is bothered mostly about strategy,” replies Dumasia, “but a CRO not only provides a challenge to the CEO, but also understands the processes.”

The nitty-gritties of risk deserve a closer look, no doubt, but there’s no alternative to an alert CEO. A company that slots its brains and guts too far apart would end up challenging its odds of survival much too steeply.

About The Author

Aresh Shirali