For a lesson in the importance of risk manage ment in governing public companies, look no further than the tens of billions of dollars in mortgage-related write-downs that have rocked Wall Street. The activities of a small number of traders were enough to wipe out entire firms’ profits, triggering rare quarterly losses at the likes of Bear, Stearns & Co. and Morgan Stanley.
“These write-downs are very much a governance failure,” says Ellen Hexter, head of the enterprise risk management center at the Conference Board, the business research group. “These companies have their arms around credit and market risk, but they’re not necessarily looking at risk strategically, and they’re not making this part of governance. Boards should have been more involved in monitoring the risks that were being taken when things were going well.”
Despite the seeming lack of oversight in the financial sector, directors are taking a greater interest in how well their companies manage risk. According to a November Conference Board report authored by Hexter, 55 percent of corporate risk, finance and audit executives say that their boards are pushing enterprise risk management programs, which are systems for evaluating companywide risks and incorporating risk management into everyday decision making. When the group last surveyed these executives two years ago, 49 percent reported strong board involvement with ERM programs.
Implementing ERM, which first came into vogue in the mid-1990s, can bring significant benefits to companies — from reducing earnings volatility to better identifying acquisition targets. When Eastman Chemical Co. developed an ERM plan in 2005, managers discovered that the hedging of raw materials and energy costs was making earnings overly volatile. Eastman transferred hedging activities from its procurement department, which had been focused on protecting the business from short-term price spikes, to a companywide team consisting of representatives from the board and the finance department. The new hedging program uses sophisticated analytics to measure the potential impact of hedging on earnings and adjust tactics accordingly, according to the Conference Board report.
Still, despite increased board engagement, companies are not integrating ERM into their corporate cultures, the report says. Even when management and directors endorse the concept, implementing a companywide program can take years to complete.
But today’s headlines may accelerate the adoption of these programs. “ERM tends to get a boost every time there are some massively publicized governance failures,” says Hexter, a former health care stock analyst, noting that many companies first began to pay attention to the concept after the bursting of the 1990s stock bubble and the turn-of-the-century wave of corporate scandals.
Another nudge may come from debt-ratings agency Standard & Poor’s, which in November sought feedback from issuers and investors on integrating an evaluation of ERM policies into the ratings process. The move is an outgrowth of a two-year-old effort to do the same with financial services companies, some of which persuaded S&P that they should receive credit for their ERM efforts.
“It refines our capabilities,” says David Ingram, senior director of enterprise risk management at S&P. “Without ERM, if a company had higher risk, we tended to give it a lower rating, all other things being equal. With ERM, we changed that landscape somewhat. If a company has higher risk but really fine ERM practices, we won’t necessarily give it a lower rating. If it has lower risk but flawed ERM practices, we might give it a lower rating.”
The agency expects to review comments in February and may expand the ERM analysis to nonfinancial companies, possibly phasing it in on a sector-by-sector basis. S&P’s effort, says Hexter, might be the most powerful motivator of all: “It’s going to hit every company where they live — in their cost of capital.”