Risk has traditionally been a minor part of strategy discussions in many firms.
Usually you get it out of the way at the very start with a Strengths, Weaknesses, Opportunities and Threats (SWOT) discussion. As quickly as possible, the planners shift into concentrating on discussion of Opportunities. That is what they are there for anyway – Opportunities.
Utility theory and the business education that flows from utility theory suggests very little consideration of risk. Not none at all, but very little. Opportunities where the gains from the expected opportunities exceed the losses from the expected threats are considered good. That is one spot where risk creeps in. In addition, risk might be also reflected as an externality – the capital required by a regulator or ratings agency.
Financial economics came along and offered a more complicated view of risk. Instead of using a fuzzily determined present value of risk from utility theory, Financial Economics substitutes the market cost of risk.
Risk management suggests a completely different and potentially contradictory approach.
The risk management approach to bringing risk into planning and strategy is to make risk appetite central to strategy selection. The internal risk appetite becomes the constraint instead of the external capital constraint. For firms that were using that external capital constraint as a key factor in planning, this could be an easy switch. But often is actually is not.
The boards and management of most firms have failed to choose their own risk appetite constraint.
Riskviews believes that this is because the folks who have spent their entire careers under and external constraint system are ill equipped to set their own limits. They do not have the experience with trial and error of setting risk appetite unlike the long experience that they have with most of their other management decisions. For most management decisions, they came up through the management ranks watching their predecessors make good and bad decisions and succeed or fail. When they reached their current positions, they had a lifetime of experience with most of the types of decisions that they need to make.
Now risk managers and regulators and rating agencies and consultants tell them that they need to make an entirely new decision about risk appetite, and then lever all of their other important decisions off of that one decision. And when they look back upon their education and experience there was no mention at all of this risk appetite stuff.
And as the discussion at the start of this post states, the business education did not include risk appetite either.
But there are other ways that risk can be incorporated into the planning and strategy.
- Risk Profile. A part of the statement of the impact that the plan will have on the company should be a before and after risk profile. This will show how the plan either grows the larger risks of the firm or diversifies those risks. Risk cannot be fully described by any one number and therefore there is not one single pie chart that is THE risk profile of the firm. The risk profile should be presented so that it shows the key aspects of risk that are the consequences of the plan – intended or unintended. That may mean showing the geographic risk profile, the product by product risk profile, the risk profile by distribution system or the risk profile by risk type. By looking at these risk profiles, the planners will naturally be drawn to the strengths and weaknesses of the risk aspects of the plan. They will see the aspects of risk that are growing rapidly and therefore need extra attention from a control perspective. And even if there are none of those reactions, the exposure to the risk information will eventually lead to a better understanding of risk and a drift towards more risk aware planning.
- Risk management view of gains and losses. Planning usually starts with a review of recent experience. The risk managers can prepare a review of the prior year that describes the experience for each risk in terms of the exceedence probability from the risk models. This could lead to a discussion of the model calibration and possibly to either better credibility for the risk model or a different calibration that can be more credible.
- Risk Controls review. Each risk operated within a control system. The above review of recent experience should include discussion of whether the control systems worked as expected or not.
- Risk Pricing review. The review of gains and losses can also be done as a review of the risk margins compared to the risks for each major business or product or risk type. Comparison to a neutral index could be considered as well. With this review, the question of whether the returns of the firm were a result of taking more risk or from better selection and management of the risks taken should be addressed.
Some management groups will be much more interested in one or another of these approaches. The risk manager must seek to find the approach to discussing risk that fits management’s interests for risk to become a part of planning and strategy. Without that match, any discussions of risk that take place to satisfy regulatory or rating agency pressures will be largely perfunctory.