Risk fundamentals

There are some fundamentals about risk that need to be carefully understood.

Risk can neither be avoided nor eliminated completely. Indeed, without taking risk, no business can grow. If there were no risks to take, managers would be without jobs!

The Pharaoh in the earlier example was obviously taking a risk in the sense that his investment would have been unproductive had there been no famine. Microsoft has laid huge bets on its next operating system, Windows 7. But without this investment, Microsoft realises it may lose its market share as the threat from Google intensifies. Similarly, Tata Motors has made a huge investment in buying out Daewoo's truck division in South Korea. The Tatas have also purchased the luxury marque, Jaguar, realising that without this kind of investment they may become a marginal player in the global automobile market.

In short, risk management is as much about managing the upside as the downside. But as John Fraser and Betty Simkins [“Ten common misconceptions about Enterprise Risk Management,” Journal of Applied Corporate Finance, fall 2007] mention, the upside should not become a distraction and dilute the focus of tactical risk management. The upside should be dealt with during periodic strategic planning exercises or when circumstances change in a big way. But once the strategy is in place, ERM should focus on the downside: “By keeping shifts in strategy and discussions of the upside apart from normal operations, companies avoid having their management and staff distracted by every whim or misunderstood opportunity.”
Risk management should not be viewed in absolute terms. It is often about making choices and tradeoffs between various kinds of risk. These choices and tradeoffs are closely related to a company's assumptions about its external environment. In the Indian pharma industry, players like Dr Reddy's Laboratories are challenging the patents of global players as the generics market in the US opens up with many blockbuster drugs going off patent. But another leading player, Nicholas Piramal (Nicholas), believes in a different approach - partnering with global majors. Nicholas does not want to challenge patents but wants to join hands with large players in various areas such as contract manufacturing. CEO Ajay Piramal believes that Nicholas' capabilities in managing strategic alliances with the big guns in the pharma industry will stand the company in good stead in the coming years.

All risks are not equally important. Without a clear understanding of the impact and frequency of different risks, some relatively unimportant risks may receive more attention than they warrant. As a result, there may be sub optimal utilization of corporate resources. Risks must be classified according to their frequency and potential impact, to facilitate prioritization.

Not all risks are external. Very often, the risks organizations assume have more to do with their own strategies, internal processes, systems and culture than any external developments. For example, the collapse of the Hyderabad based Global Trust Bank (GTB) in 2004 had more to do with poor management control systems than any other kind of risk. GTB took heavy risks while lending money to low credit worthy customers and investing money in the capital markets. The board failed to ask the right questions and impose the necessary checks and balances.

The crisis at UTI in 2001 was again due more to internal than external factors. UTI made a number of questionable investments in the late 1990s. There is considerable evidence that systems and processes were routinely violated when UTI's fund managers purchased risky stocks.

Every company needs to grow its revenues and generate adequate profits to survive in the long run. Unprofitable or stagnating companies are doomed to failure. So, investments, which are needed to stay ahead of competitors, cannot be avoided. And any investment does carry some amount of risk. Risk management ensures that these risks are identified, understood, measured and controlled. By understanding and controlling risk, a firm can take better decisions about pursuing new opportunities and withdrawing from risky areas.

Risk management cannot be completely outsourced. Companies must be clear about what risks to retain inhouse and what risks to transfer. In general, retaining risks makes sense when the cost of transferring the risk is out of proportion to the probability and impact of any damage. The first step for managers is to understand what risks they are comfortable with and what they are not. Often, companies are not comfortable with risks caused by external factors. This is probably why financial risk management, which deals with volatility in interest and exchange rates, has become popular among non banking organisations in the past few decades. Companies also tend to transfer those risks which are difficult to measure or analyze. A good example is earthquakes, where an insurance cover often makes sense. On the other hand, companies often prefer to retain risks closely connected to their core competencies. Thus, a software company like Microsoft would in normal circumstances, not transfer technology risk, but would in all likelihood hedge currency risk. These are only general guidelines. Ultimately whether to retain the risk or to transfer it should be decided on a case-to-case basis.