Corporate risk is any threat to financial objectives, measured in financial terms.
Risk is defined not necessarily as absolute risk, but relative to a benchmark.
If risk is free, corporate departments will squander it. By putting a price on risk, it is managed when it should be.
Corporate treasuries tend to minimize risk, probably not consistently with corporate objectives.
Procurement risk problems often come from fixed budget levels.
Marketing risk problems often come from giveaways in customer contracts.
An integrated corporate risk policy defines how risk should be measured, priced, and rewarded in the corporation, leading to better corporate decisions in all departments.
Defining Risk—Harder Than It Seems
Risk can be described as the threat of an adverse outcome. Many firms take the benchmark strategy of doing nothing (i.e., investing in Treasury Bills), and measure their risk in absolute terms relative to the strategy of doing nothing. Others measure their risk-taking behavior relative to what might be considered risky benchmarks. Mutual funds, for example, do not focus on the absolute risk of their portfolios; rather, they determine how far away they are from a market benchmark, such as being long the S&P 500. Corporations should explicitly determine their proper benchmarks.
For example, when a gold company hedges its exposure to gold prices, it is arguably reducing risk. However, shareholders may see this as an increase in risk, since it moves the company away from its natural gold exposure. Similarly, shareholders own all sorts of assets and diversify their risks; if a company moves away from its natural risk profile it is making the shareholder portfolio less diversified.
Most financial institutions should measure their risks relative to holding Treasury Bills, since that is an appropriate benchmark strategy for its shareholders. Furthermore, because financial institutions’ risk capital levels are regulated, risk is a scarce resource that must be consumed wisely.
In all cases, shareholder preferences should be considered in establishing the risk benchmark, risk measure, and risk appetite. This is the first critical step in establishing a best practice integrated risk policy.
Many treatments of risk deal with risk silos: treasury risk, insurance risk, budget risk, procurement risk, sales price risk, and marketing risk. While specialized knowledge in each of these areas informs risk management and execution, it does not address questions like the following:
How important is one risk vis-à-vis the corporation’s entire risk profile?
Is it better to manage a risk operationally or through financial means?
Are there natural risk offsets to consider before targeting a particular risk for elimination?
What are the interactions among risks and the natural diversification benefit companies generally have?
The following sections consider selected risks that are shared by many corporations, within the framework that good risk management in each area must be consistent with the overall corporate standard. The overall corporate standard should include a cost for risk to prevent it from being squandered, measures of risk that are consistent with corporate objectives, consistent policies for treasury and insurance risk, best practices in procurement and marketing risk, corporate hedging policy to hedge integrated risk (not in each silo), and risk-based performance measurement to reward those who manage risk prudently.
The Cost of Risk
Financial institutions often place an explicit cost on risk to ensure it is being taken prudently. For example, a bank may require that a transaction that risks $100 million in bank capital must earn at least $25 million in present value. This cutoff percentage (25%) can be called a risk-adjusted return on capital, or RAROC.
Bank capital is affected by market risk (changes in market prices), credit risk (default risk and counterparty performance risk), and operational risk (people, processes, and systems). Any activity that increases risk should not be voluntarily undertaken without earning a commensurate return. The logic is as simple as net present value: if money were free, people would squander it more. When risk is free, it is also squandered. Nonbanks also need measures of the cost of risk, although the measures may be different.
The risk-based performance measurement process is designed to ensure that managers take risk prudently, by reflecting the cost of risk in assessments of their performance, and thereby affecting their compensation.
Measuring and Reporting Risk
If risk is the threat of an adverse outcome, that threat should be measured against the corporation’s business objective. If the business objective is to “maximize shareholder value,” then the logical risk measure is the potential reduction in share price. If the business objective is to “maximize earnings while keeping an investment grade rating,” then the appropriate risk measures are “earnings at risk,” a probabilistic statement of how bad earnings can get, and the probability of a ratings downgrade.
Many corporations report their risks in terms of value-at-risk or, worse, Greek letters such as sigma (standard deviation) and delta (sensitivity to a pricing benchmark). Best practice firms report their risks not only in financial terms that senior managers can understand easily, but also in terms that map directly into financial goals.
A company’s treasury usually has the best opportunity to manage risk, since it deals mostly with issues related to interest rates and foreign exchange. A treasury risk policy that requires 100% hedging may be at odds with corporate objectives. For example, a large corporation with little debt probably does not need to worry about whether its debt is financed on a fixed or floating basis. Since floating debt is usually cheaper, it may be better not to hedge. The same thing is true of foreign exchange. If the risks are small relative to the company, the question should be asked if hedging is necessary.1 If the risks are large, hedging may be justified.
Other treasuries trade quite a lot within their hedging boundaries, creating a pocket of speculative activity within the firm. Unless the firm can demonstrate a core competence in trading foreign exchange, this does not usually contribute positively to corporate objectives.
Procurement and Budgeting
Fixed price budgets are the classic example of a procurement risk management policy that may be inconsistent with corporate risk policy. Budgets create the artificial incentive to hedge regardless of the cost of doing so, as long as the realized price is within budget. Other procurement policies have to do with portfolio price risk management of the company’s factors of production. This subportfolio of the company must also be managed in a way that is consistent with overall corporate objectives.
The other major procurement risks include supplier performance, often modeled as a credit risk, and supply chain management, usually modeled as an operational risk. By establishing a cost of risk at the corporate level, a procurement division can make intelligent choices about which risks to take, which risks to manage, and how to manage them most efficiently.
Risk problems in procurement and budgeting can be best demonstrated in the accompanying case study.
A large multinational corporation operates a distribution facility in Puerto Rico. The facility maintains automobiles and light trucks, requiring the use of significant amounts of diesel over the year. The price of diesel is determined by a local index that fluctuates roughly along the lines of US gas prices. The company’s procurement officer has a budget to meet for the year, and will not meet his target if diesel prices increase over the year. He has two alternatives: to try to fix a price with a small distributor, or to try to hedge the price using market derivatives. What should he do?
Answer: First, since this is a large corporation, it is likely that it does not need to manage this risk. In other words, the costs of managing risk are probably greater than the benefits. The only driver for hedging is the policy that affects the procurement officer’s compensation. Therefore, the procurement officer should seek a solution whereby his budget is adjusted in line with the changes in diesel prices; if diesel prices go up $0.50, his budget should go up as well. His budget should drop if diesel prices fall, so he is not rewarded for a windfall outside his control.
Regarding the hedging methods, both are problematic. By fixing the price with a small distributor, he may be using his market clout to put the distributor in jeopardy, since the distributor may have to take the deal and will not be able to hedge. Since there are not many diesel distributors in Puerto Rico, this may not be wise, since the distributor could go bankrupt. By hedging the price with derivatives, the procurement officer will see increased trading costs, including risk of rogue trading (see the Ford debacle on platinum), margining, and counterparty credit risk (see the article in this volume on Dangers of Corporate Derivative Transactions).
Marketing and Sales
While most companies are well aware of the credit risk in their receivables, they are usually less aware of the risks in their sales contracts. For example, a product warranty creates a potentially costly obligation for the company that needs to be considered in product pricing. That calculation should include not only the expected warranty service costs, but also consideration for the risk that warranty claims may be much higher than expected.
Other sales contracts may be inadvertently giving away valuable options:
renewal options (at the same price);
options to increase or decrease purchase quantities;
options to match price (for example, a most-favored nation clause);
requirements to post collateral (financial products);
options for additional free services.
In many environments, salespeople are rewarded on the basis of revenue. Hence, they are loath to cut price. An alternative for many of them is to continue to “throw in options” until the deal gets done, hoping they will never be valuable, but running that risk for the company. They are hoping those risks will never be quantified or attributed to the sales group.
Best practice risk management in marketing prices the various contract features considering both expected losses and risks, and charges the sales department for the costs of the options it gives away.
Risk-Based Performance Measurement
The common theme in all the corporation’s departments is that if risk has no cost, departments should not be penalized for taking it (as with the case study). If risk has a cost, it should be quantified and charged to the department to make sure they take risk only when it is appropriate (as with the marketing example). Policies that require minimizing risk are usually inappropriate (such as the treasury example), since that is not the corporate objective.
The risk-based performance measure for a company that measures risks relative to earnings would be:
Department’s contribution to earnings over benchmark – (Earnings-at-risk department contribution × Cost of earnings risk)
For example, if a procurement is expected to cost 25 cents per share in earnings, has the risk of going up to 30 cents per share, but ends up costing 24 cents per share, its earnings contribution is 1 cent, its earnings-at-risk contribution is 5 cents, and its performance measure (assuming cost of risk of 25%) is –0.25 cents per share. If the department can cut its risk in half at no cost, its contribution is +0.38 cents per share. This performance measure gives explicit guidance on procurement risk management, and rewards procurement for finding a way to reduce risk.
Finally, risk-based performance measurement systems, like any performance measurement systems, invite abuse from those whose compensation depends on those systems. Care must be taken in the design of these systems to reduce or eliminate the risk of “gaming the system.”
Overall Hedging Policy
Many firms prefer to manage their risks in silos, with separate departments for insurance risk, treasury risk, procurement risk, and pensions. This has the benefit of putting decision authority where the expertise lies, and can improve execution of policy. However, the cost is that the departments may have different objectives and may manage risk in inconsistent ways.
Some firms establish a single central hedging authority that takes ownership of all the departmental risks and decides how to hedge those risks at the portfolio level for the benefit of the company. This process tends to ensure that small risks are not managed, but large risks that cross department lines are actively measured and managed.
Making It Happen
Determine if risk is a scarce resource for your company.
If it is, seek to identify risks in all parts of the firm.
Risks are often hidden in contracts, procurement, budgeting, marketing, sales, and even risk mitigation.
Put a cost on risk to facilitate a culture of smart risk-taking.
Risk management policy is more than a risk control policy. It sets out defined threats to corporate objectives, measures threats relative to the financial indicators that define success, and ensures consistent interpretation and pricing of risk throughout the company. A widely used measure at financial institutions is RAROC or something similar. A corporation’s choice of risk measure and cost will depend on its own particular circumstances.
1 Copeland, Thomas E., and Yash Joshi. “Why derivatives don’t reduce foreign exchange risk.” McKinsey Quarterly (February 1996): 66–79.