Tue, Nov

Playing the risk game

Playing the risk game

Take no risk and you can expect no reward. It can be a ruthless game, but follow these tactical tips and you will stand a better chance of coming out on top. By Walter Hale.
Who manages risk for you? Like many simple questions, it's hard to answer. If you go to a risk management seminar, or read the voluminous literature on the subject, you might conclude that the only way to really manage risk is by investing in some expensive, hideously complex technology. This is dangerous nonsense. Many of the large corporations destroyed by the credit crunch had very sophisticated risk management systems, but still fatally miscalculated their risks. That's because technology is, according to risk management guru Ren? M. Stulz, a professor of finance at Ohio State University, no substitute for having a culture where everyone is thinking about risk. Not in a counterproductive, scaredy-cat "do we really want to do this?" kind of way. But on a sensible, measured basis that recognises a fact that too many CEOs have forgotten recently: every reward comes with a risk attached. The good news is that, in some ways, it is easier for smaller to medium sized companies to control risk than a large conglomerate. In smaller, more homogeneous businesses, spread over a few sites in the same country, risks should be easier to spot and communicate. Here are ten tips to help you focus on risk management.

1. Stick to the basis
Mathematical models and sophisticated technology can help but they can lead you to underestimate risk by making the business of risk management seem arcane, specialist and quasi-scientific and encouraging managers to discount, suppress or forget concerns that may help you avoid a disaster. Complex systems and models may also instil false confidence in your situation. In truth, as financial journalist Paul Wilmott says in his manifesto: "All models sweep dirt under the rug. A good model makes the absence of dirt visible." The most common risk in wide-format printing at the moment is probably that a customer might go bust. This isn't necessarily going to be flagged by a risk management system. Some evidence - notably increased delays in payments - will come up on your management information system but often the decisive evidence may be a tip from a rival or supplier or other behaviour - e.g not returning calls or emails - which might only be visible to the account manager. You need a clear reporting route - probably to your finance director or someone he or she trusts - so that such 'soft' signals are presented to the right managers.

2. Don't leave it all to the risk manager
Overworked managers sigh with relief, assume that risk is no longer their problem and stop thinking about it. A risk manager may be a useful focal point but they can be no substitute for a clear, cogent, risk strategy that is communicated to all staff. This strategy should be based on the principle that your major risks have been identified and understood, that you understand which risks are natural to your business, that you know how much risk you are happy to take on and that risk is embedded in the decision making process and central to the way you run your business.

3. Don't silo risks
It's easy to look at a single risk in isolation. Easy and - as many financial institutions discovered - fatal. Individual risks that may look comfortable in isolation can look ominous if you aggregate them. To take a basic example: an interruption to supplies, the troublesome installation of new technology and granting credit to a new customer might, individually, seem acceptable. But all three simultaneously may have a severe impact on cashflow. Sounds obvious but many business failures have, at their root, the suspension of common sense. The Swiss bank UBS wrote off ?22.6bn in loans to the sub-prime mortgage market. The Swiss federal banking commission investigating this colossal failure of risk management found, among other things, that there was no consistent approach to risk across the business. In 2007, at the very point that UBS's own analysts were warning about the dangers of sub-prime mortgages, the teams selling collateralised debt obligations and mortgage-backed securities were asking if they could take greater risks.

4. Cut to the bad news
When things go wrong, you need to know. Encourage all staff to give you bad news quickly, and in one go, not the drip-drip approach in which over-optimistic assessments simply mean that a particular problem goes from bad to worse. And encourage clarity. Some UBS managers did try to warn their board of the risks posed by sub-prime mortgages but their reports were so long, complex and packed with jargon that the bank's experienced directors failed to recognise the danger.

5. Spin scenarios
Too many companies have been caught out, in the last two years, because they relied exclusively on historical data. This is understandable. Eight times out of ten, what has happened before is a pretty reliable predictor of what is to come. But the risks that a historical analysis ignores can be of such a magnitude they destroy your business. For example, you might assume, on the basis of the historical record, a certain level of bad debt as you budget for the year ahead. But if two of your significant customers go bust, what will that do to your finances? Stulz recommends the kind of scenario analysis that disaster services routinely practice. This might seem over the top but the practice of asking "what if?" may help you get a better handle on the kind of risk that seem to come from nowhere but can seriously damage your business. Scenario analysis can be a useful way of confronting large, unpredictable risks such as the swine flu epidemic. There is one kind of situation where the historical data should be trusted: whenever someone - the media, business leaders, Uncle Tom Cobley - suggests that a particular trend/market/industry/economy is immune to it. Despite repeated assurances to the contrary from Gordon Brown, the UK economy has not, alas, proved immune to the usual ups and downs of the economic cycle.

6. Remember that risks change
Traditionally, even large companies often only assessed their risks once or twice a year. But as the credit crunch bit, a new phrase entered the risk management lexicon - 'the velocity of risk' - as firms realised that they had failed to track the changes in risk, sometimes with disastrous consequences. If risk is embedded into your culture, you should avoid this, but you might want to ask yourself and your team, pretty frequently, whether your risks have increased or diminished.

7. Nobody gets it right all the time

The financial meltdown has often, justly, been blamed on a massive failure in risk management. But Stulz says blaming risk management isn't always the answer: "A decision to take a known risk may turn out poorly even though, at the time it was made, the expectation was that taking the risk increased shareholder wealth."

8. Keep a lid on inter-company politics
The mathematical models that many financial institutions used had one advantage: they had a kind of scientific credibility about them that could focus internal debate about risk. Without them, it is too easy for an assessment of risk to become bogged down in intra-company politics. Typically, sales may be more sanguine about risk than finance. That's why it's importance that your risk strategy is agreed, clear and understood.

9. Ignore risk at your peril
Some risks are hard to measure, so we ignore them. Others seem irrelevant, so we ignore them too. But risks that are deemed ambiguous or irrelevant can come back to haunt us. From 1935 to 1950, America's Soil Conservation Service encouraged farmers in southwest America to plant kudzu, a vine native to China and Japan, to control soil erosion. But scientists later discovered that the region's climate was so perfect for kudzu that the vine was soon out of control. Today, kudzu costs America ?300m a year in lost cropland and control programmes.

10. Managing risk is not the same as avoiding it
The credit crunch has focused every business's mind on the ways some large financial institutions spectacularly underestimated risk. In normal times, over-estimating risk can be damaging too. Your company may not go bust, but it could miss out on potential revenue. In other words, take no risks and expect no rewards.

Upcoming Events