CHAPTER 2 ENTERPRISE RISK MANAGEMENT RISK QUOTE: When you arrive at a fork in th
ID: 347095 • Letter: C
Question
CHAPTER 2 ENTERPRISE RISK MANAGEMENT
RISK QUOTE: When you arrive at a fork in the road, take it. —YOGI BERRA, BASEBALL PLAYER
RISK QUOTE: The greatest glory in living lies not in never falling but in rising every time we fall. —NELSON MANDELA, SOUTH AFRICAN STATESMAN
Enterprise risk management (ERM) emerged in the early 1990s as an extension of hazard risk management. It argues that an organization should manage enterprise risks in a single, comprehensive program.
RISK VERSUS UNCERTAINTY
Risk. Something that we attach to a probability. In many cases, we can also calculate or estimate the financial cost or benefit.
Uncertainty. Something that can go wrong without an understanding of the consequences, likelihood, or cost or benefit.
ERM raises issues about risk tolerance. How much risk are we willing to take? Which risks are we managing? Which risks are unbearable? Which are important? Which are unimportant? ERM became an organizational priority to identify and manage new exposures. ERM became a buzzword on the lips of CEOs, CFOs, members of boards of directors, and shareholders. Everybody understood that ERM was important. The question confronting organizations was how to get it right.
By 2005, ERM had bogged down. Still, many risk observers pushed a strong ERM agenda. They recognized the logic of coordinating the management of risk. So why did ERM implementation stall? The answer starts with several definitions of ERM.
ERM Defined
Enterprise risk management is a broad and complex concept that reaches into every major area of an organization. As such, it is not surprising that many definitions of ERM have been offered. These definitions fall into three categories. A strategic definition focuses on results, as ERM is expressed in terms of organizational objectives. A functional definition describes ERM in terms of activities that reduce risk. A process definition focuses on actions undertaken by managers to manage risk. A consensus definition might look something like this:
GENERAL MOTORS INVENTORY
As organizations reach maturity, they can no longer depend on a rapidly growing market for goods and the continuation of the business that made them successful. They must seek new approaches to operations to increase their success in managing life cycle risk. The following discussion involves Bo Andersson and his experience at General Motors Corporation. It provides a good story about modern risk management.
In 2001, Bo Andersson became the top purchasing manager at GM. When he arrived, he realized that GM was spending $85 billion on car parts each year, purchased from 3,200 suppliers. He also learned that GM had separate engineering for almost every type of vehicle it produced. Vehicles did not share common parts. Seat frames were an example of a particularly interesting subculture feature. They were expensive, partly because GM had 26 different seat frames. Toyota had only two.
A similar situation existed with V6 engines. Once again, GM had high costs because it had 12 V6 engines, whereas Toyota and Honda had two each. What about fuel pumps? GM had 12. Toyota and Nissan had two.
Moving on, Bo Andersson addressed the rather simple topic of door hinges. He learned that they could be made out of three pieces instead of five. Making the change would save $100 million annually. He had a subculture response. Engineers and designers debated the change for more than three months. Then they reluctantly began a lengthy process of design and testing for the new door hinges.
After studying the situation to be sure he understood it, Bo Andersson identified the design and purchasing problems and brought them to the attention of the engineers who worked in manufacturing. His arguments were carefully framed, but they were not well received. The different units did not support changes, arguing that a change in one component would have ripple effects throughout the entire line of automobiles. In the end, change came slowly over the period from 2001 to 2006 (BusinessWeek, July 31, 2006).
Lessons Learned: GM lacked a modern risk management approach to internal manufacturing. Production efficiency lagged badly while GM failed to make desperately needed changes to be competitive. GM needed ERM.
The Need for ERM
Why do we need to manage risk and pursue opportunity in a single coordinated program?
A few quick answers:
Survival. We want a better chance to identify, mitigate, avoid, and treat risks that could close us down.
Stability. We want reliable and predictable behaviors when creating, distributing, financing, and selling products and services.
Fiduciary Responsibility. ERM helps the board and CEO meet their shareholder, employee, community, social, and ethical responsibilities.
Ethics. ERM helps build good relationships with other parties who expect us to observe legal and ethical behaviors in the conduct of our operations. This affects customers, employees, suppliers, creditors, and regulators.
As we move past the definitions and need for ERM, some heavy hitters have joined the discussion.
TOWERS PERRIN ON ERM Towers, a professional services consulting firm, was an early advocate, believing that ERM is essential to achieve operating stability, build organizational resilience, and increase economic value. As shown in Figure 2-1, Towers Perrin developed a six-stage ERM Road Map to create a customized ERM program.
MOODY’S ON ERM Moody’s was also an early advocate of ERM, using the tool to assess banks. In 2004, the company deployed Risk Management Assessments (RMA) to help it understand exposures facing nonfinancial companies. An RMA is built on four pillars, as shown in Figure 2-2.
STANDARD & POOR’S AND ERM S&P uses ERM in rating financial securities for nonfinancial companies. It acknowledges management’s overall capabilities, quality of strategies, and adaptability to changing conditions. It believes companies with superior ERM should have great stability of earnings and a high likelihood of repaying debt obligations.
FIGURE 2-1. TOWERS PERRIN’S ERM ROAD MAP.
Stage 1. Establish the current state of ERM capability.
Stage 2. Contrast the current state to ERM best practices and produce a gap analysis highlighting areas that need improvement.
Stage 3. Define a target goal for ERM based on organizational strategy and risk profile.
Stage 4. Prepare a formal action plan for implementation. Seek quick wins as well as longer-term ERM objectives.
Stage 5. Implement the ERM vision using timelines, milestones, and assigned responsibilities.
Stage 6. Establish a formal monitoring process with continuous evaluation and reporting and follow-up initiatives.
FIGURE 2-2. MOODY’S PILLARS OF RISK MANAGEMENT ASSESSMENT.
Risk Governance. Are board members engaged in defining and reviewing the company’s risk philosophy and appetite? Does the reporting structure, including budgeting and capital allocation, contain risk considerations?
Risk Management. Does the company have risk control processes with unit- and operating-level reporting lines and risk discipline? Does the company understand its risk appetite and have controls to set limits in portfolio diversification and business decision-making processes? Does the company use risk mitigation, risk control, and risk financing processes and technologies?
Risk Analysis and Quantification. Does the business quantify the level of risk that is acceptable? Does it have effective risk monitoring and reporting?
Risk Infrastructure and Intelligence. Does the company have a risk infrastructure and supporting systems? Is risk intelligence developed with valid risk models and accurate and timely data?
JETBLUE AIRWAYS Standard & Poor’s proposed a unique approach to ERM in 2008. Instead of a specific formula or checklist, S&P believes managing enterprise risk depends largely on the quality of management. Still, even a high-quality management team can stumble if it does not use ERM.
An example came on February 14, 2007, when New York City’s Kennedy Airport was hit by a nasty ice storm. JetBlue Airways, the largest airline at Kennedy, used the airport as the hub of its entire network but was not prepared. Thousands of passengers were trapped in planes on runways for up to eight hours. Aircraft ran out of food. Toilets overflowed. The airline canceled more than 1,000 flights and required six days to get the backlog cleared.
Now suppose JetBlue had had an ERM program that had identified the possibility of such an occurrence. Let us follow this through:
Source of the Risk. The risk stems from disruption of operations at peak flying time. Examples include ice storms, police action, and acts of terrorism. The upside would be a display of JetBlue’s high level of customer service and enhanced reputation. The downside would be a negative public reaction and financial loss.
Risk Owner(s). This scenario is assigned to the senior vice president of operations, who further assigns it to the Kennedy Airport Operations Center.
Frequency. Ice storms hit New York City once every three winters. The likelihood is one chance in three that it will hit at a busy time. A peak-travel disruption is thus likely to happen once every nine years.
Severity. The disruption could be a public relations boon if handled smoothly and a customer relations nightmare if passengers were stranded on planes for long periods of time. It could be financially beneficial if good news attracts new customers or costly if the airline has to reimburse passengers for losses or time spent.
Evaluation. A disruption is a major risk opportunity.
Options. First, JetBlue could arrange to have buses available for an emergency. It could unload passengers stuck in planes sitting on the tarmac when all gates are full. Second, it could provide additional personnel to solve problems, handle luggage, and mitigate discomfort. The company headquarters was a short distance from the airport. The company could train office staff on tasks needed during a crisis. Third, the company could institute rapid-response capabilities for weather or other crises.
Cost-Benefit Analysis. Any approach you use would be good risk management compared to leaving passengers stuck on planes.
Epilogue: Before the incident, a BusinessWeek magazine survey ranked JetBlue Airways fourth in the United States in customer satisfaction. After the incident, the magazine pulled the ranking from its March 5, 2007, edition and reported the failure in considerable detail. Prior to this single event, JetBlue had earned many honors for customer service. It was the top choice in a national airline quality rating four years in a row. It won a readers’ choice award five years in a row from Conde Nast Traveler. It always ranked high in J. D. Power’s quality ratings. Then it stumbled.
Lesson Learned: An ERM program with constant scanning and sharing of risks might have avoided losses that exceeded $30 million. As former JetBlue customers purchase future tickets on other airlines, we will never know the true extent of the loss to JetBlue.
Conclusion The scope of ERM is broad. Therefore, it is important to simplify risk and to get it right in a complex world. We will continue to tell stories of how to do it right and wrong.
QUESTION:
What are the four reasons that often drive the need to implement ERM? Briefly describe each one.
Using the brief Jetblue case study in the text, which of the above four reasons should have driven them to improve their approach to risk? Be specific and support your answer.
Explanation / Answer
The four reasons that drive the need to implement ERM in the business are:
- Survival- In the competitive and unstable environment it becomes difficult for the business to survive with new risks and complexities arising. ERM is a tool to identify, eradicate and tacle with risks in the most effecient manner which avoids the business fromclosing down.
-Stability- In business products are created and sold with the process of distribution and financing invovled. All this requires a stable and predictive market behavior. Study of market trends and consumer behavior for bringing the product in the market can be done with the help of an ERm system.
- Fiduciary responsibility- It is the responsibility of the top level management to answer the shareholders, employees, customers and other stakeholders connected with the business. ERM helps them to evaluate the future of risks and instability involves and methods to reomve them and gain stability for the product in the market which makes the stakeholders feel a safety towards the risk they can predict.
- Ethics- ERM helps to maintain ethical relations with the groups connected to the business in anyway. It gives a forecast of identifying and dealing with the risk which help us to tackle with the different people who will be effected with those risks and help us to maintain ethical and legal relations with them.
The reasons that would have improved their approach to risk were they required stability to run their business smoothly which did not happen and it got adversly effected by the natural disaster that occured. A business that was so much successful and at its profitability heights, needed stability as its prime element. It also required an ERM for the responsibility it had towards its customers who in this case suffered a lot due to its poor risk management. They were answerable to the customers who had paid big amount of money to travel and reach their destinations safely but were instead stranded on the planes due to their fault in not accessing the risk factor.