Risk management has been thrust to 'top of mind' status for company boards, CEOs and CFOs. Events like the recent BP oil spill would surely be a wake up call for all CFOs that events perhaps seen as 'external' factors can no longer be considered from a do-nothing mindset.
(Read more about risk management.)
CFOs in Australia must be breathing sighs of relief as they watch in horror the spectacle of the CEO, the CFO and the Chairman of BP being publicly interrogated by US Congressman. "What do you or didn't you know about the risks? What risk assessment was in place in relation to deep sea oil drilling." And so on.
Then again, Australian CFOs should take note of what is going on in their own back yard. As far as poor management risk assessment goes, it seems that James Hardie is Australia's own BP; a corporate pariah.
The asbestos saga led the company, its senior management and directors into the courts, accused of misleading and deceptive conduct and breaking director's duties. In its own public utterances the company is addressing the asbestos challenge as a "legacy" issue, firmly placed on the desk of CFO Russel Chenu. (See, Improve Corporate Performance through Risk Management for another perspective).
The BP and James Hardie dramas are illustrations of public relations disasters as well as near-death financial disasters.. BP drills for oil – a high risk endeavour by any standards but so too is the legacy business of James Hardie: it makes fibre cement siding for homes. In previous interviews the Hardie CFO has noted that the legacy issue of asbestos was originally considered as one that would take "a couple of years" to work through; a task which obliged hashing out a deal with the NSW government to pay compensation into a fund for victims of asbestos poisoning as well as a dispute with the Australian Tax office.
Legacy problems and future activities need therefore to carry equal loading as far as risk assessments. Ironically, whereas BP's name in the USA is mud, James Hardie has built up a very successful business in the US.
Conducting a risk assessment
Legacy issues and high risk ventures have been thrust to the forefront by these two high profile calamities. Risk assessment needs to evolve and CFOs learn from such experiences. The CFO deals in numbers and accountability. As such, they have the unpopular task of confronting people with the kind of hard data that make others in the organisation face the cold realities of business. CFOs have a strong grounding in risk assessment, analysis. They can influence better risk assessment outcomes.
Some pointers are:
-- As a direct consequence of the global financial crisis, checks and balances and corporate governance need to be done at the top of corporations not just financial-services firms. If not already overhauled there needs to be a refocus with a view to capital adequacy, unassessed derivative exposure. All need to be forensically assessed
-- Top down, a good risk-management culture also helps companies respond when the unforeseeable does happen. The key to a good risk culture is cultivating an awareness at the top levels of the company that businesses are in business to take risks intelligently, and that opportunities can either be leveraged or missed.
-- Scenario testing may have a quantification base but common sense should prevail. A scenario analysis should be understood by people at all levels of the company. If they can't get their head around it then its not really risk management. Deep drilling is extreme but it highlights the risk of the unknowns
-- Look at risk assessment as a portfolio exercise where an organisation has a number of divisions subsidiaries or silos.
-- Integrate risk assessment to other displaces such as ethics, social responsibility, audit, and compliance. James Hardie may not have a legacy issue if the earlier senior managements and Boards had integrated risk assessment with ethics and social reasonsibility.
-- While not yet enshrined in law corporations will one day have a duty to disclose risks faced through potential climate change. Local councils throughout Australia have already begun doing this.
CFOs would do well to watch this space.
This story, "Tips For Conducting a Risk Assessment" was originally published by CIO.