Companies Are Thinking About Risks In New Ways

Why do some companies loathe risk management? Well, many will say because it is a bureaucratic exercise devoted to minimizing risks at the expense of future growth and innovation – and in many cases they are right. This is due to the way risk management as a discipline has evolved as well as how risk management practitioners have been taught. For better or worse, risk management tends to lean towards insurance and compliance or, in other words, ways to minimize risk and increase paperwork.

So, when board directors and senior executives hear the words “risk management”, they immediately shift their focus to the more commonly held view and neglect the real value of the discipline. The real value of risk management comes from developing a keen understanding of the critical risks related to a company’s strategic objectives. With this understanding, companies can leap-frog the competition by addressing risks in an innovative and unique manner.

Wheelhouse Advisors has developed a tool set to help companies jump-start their new approach to understanding risks. Known as The ERM Compass™, the tool set is designed to identify opportunities to improve a company’s “risk mindfulness.”  Risk mindfulness is a new way of viewing risks – a forward-looking and continuous approach that allows a company to use risk as a driver of intelligent growth and innovation.  The level of a company’s risk mindfulness is measured using The ERM Compass™ Scorecard.  The Scorecard focuses on four primary areas of risk as they relate to a company’s strategic objectives (see figure below). Scores are calculated for each risk area using five critical components of risk mindfulness. With the scores in hand, companies can easily determine the direction they need to take in order to increase their risk mindfulness and create value.

To learn more about The ERM Compass™ and to schedule a complimentary review, email us at


Integrated ERM Becomes Critically Important to CFOs

Chief Financial Officers in corporations across the globe are becoming more involved in how their enterprises are managing both risk and information. There are many reasons for their greater involvement. However, the primary reason is that both risk and information have been managed historically in a fragmented way. As a result, the CFO has had great difficulty in understanding the broader financial implications of risk and performance across the enterprise. This need has been highlighted by IBM in their 2010 Global CFO Survey. The survey notes that from 2005 to 2010, there has been a 93% increase in the number of CFOs who view risk management as critically important and a 109% increase for those who view information integration as critically important (see chart below). These results from more than 1,900 CFOs demonstrate the pressing need for more integration and, as you can read below, the changing role of the CFO.

Across the Finance agenda, two activities – information integration and risk management – have become remarkably more prominent. Since 2005, the importance of integrating information has more than doubled, mirroring the exponential rise in information volume and velocity within businesses today. As one CFO from China asserted, “If I had complete freedom, integration of information would be my number one priority. Unfortunately, there are too many IT and business unit barriers at present.”
Among CFOs, managing enterprise risk also garners almost twice the attention it did in 2005. This is not a recent reaction. Back in our 2008 study, CFOs acknowledged serious shortcomings with risk management. Two out of three companies with revenues over US$5 billion had encountered material risk events within the prior three years. Of those, 42 percent admitted they were not well prepared.
We believe this sharp rise in the importance of risk management is further evidence of CFOs’ expanding purview. Finance leaders are no longer focused solely on financial risk but are becoming more involved in mitigating corporate risk in all its many forms – whether strategic, operational, geopolitical, legal or environmental. All forms of risk ultimately have a financial consequence, which is why it is essential for CFOs to be engaged in risk management.
With strategic partners such as Apptio, Approva and OpenPages, Wheelhouse Advisors can provide a total solution for CFOs who are seeking an integrated enterprise risk management platform.  For more information, please visit or email us at

Risk Management Receiving More Attention & Investment

The New York Times reported this week that senior executives at major corporations are now investing more time and money to develop effective risk management practices at their companies.  Here is what they had to say.

Corporate leaders are focusing more attention on risk management after excessive risk-taking during the boom times helped bring about the global financial crisis, according to a survey of senior executives by Korn/Ferry International, the world’s largest recruiting firm. About 57 percent of senior executives surveyed said their companies were spending more time dealing with risk management, while 26 percent said there had been no change at all. Only 14 percent said their companies were actually spending less time on risk management.

The chief executive is usually called out first if a company runs into trouble with its risk management. That led to some prominent resignations in the banking sector in 2007, including E. Stanley O’Neal from Merrill Lynch and Charles O. Prince III from Citigroup.  Corporate boards are largely seen as weak when it comes to making tough decisions, especially in cases where the chief executive is also the chairman. The study indicates that boards today are more aware of how important risk management is to a company’s survival than they were during the boom times.

The reasons for this increase in investment should come as no surprise given the crisis we have experienced. However, it is imperative that the focus on remains on risk management long after the crisis has faded from our memories. Otherwise, the increased investment will certainly be wasted.

H-P CEO Resignation Highlights a Bigger Risk

Hewlett-Packard’s announcement last week that its CEO had resigned as a result of code of conduct violations was a clear sign that corporate boards are taking their governance role more seriously.  However, in the aftermath of the resignation, a bigger and more pervasive risk throughout many corporate C-suites has been highlighted – the lack of a clear succession plan.  Here is what the Wall Street Journal reported today.

In the wake of Chief Executive Mark Hurd‘s sudden resignation, Hewlett-Packard Co. has declared that its focus on business remains intact. But its CEO’s unexpected departure reopens questions about H-P’s strategy and succession that had largely been absent over the past few years. On Friday, confidence over Hewlett-Packard’s prospects appeared to slip following Mr. Hurd’s resignation—which stemmed from misuse of corporate expense accounts, uncovered in an investigation into allegations of sexual harassment by an actress named Jodie Fisher who was hired as an event-planning contractor for H-P. The news, released after stock markets closed Friday, shocked investors and caused H-P shares to plunge 8.3% to $42.48 in after-hours trading.

Given the limited number of qualified external CEO candidates, it is imperative for companies to build their bench strength to support their succession plan in the event of a CEO’s or other senior executive’s untimely exit.

ERM Success Rests on the CEO & CRO

An editorial in this month’s US Banker magazine discusses the role of both the Chief Executive Officer (“CEO”) and the Chief Risk Officer (“CRO”) in managing risk. It all starts with the CEO establishing the appropriate risk culture and setting the risk appetite for the organization. When this is fully delegated to the CRO as part of an enterprise risk management program, the CRO is doomed to failure. Here’s why.

The CRO cannot be expected to do what only the CEO can do—which is to take the lead in strategic risk-taking, protecting the franchise and building a strong risk culture. But if the CEO takes on these fundamental risk management responsibilities, the CRO can be an effective and valuable contributor to the bank’s success. The CRO helps the CEO and the board implement a credible, consistent risk management framework to govern the bank’s risk-taking across all businesses; provides expert, unbiased advice on risk issues; and offers constructive ideas that use smarter risk management to unlock new business opportunities.

Handing off full responsibility for the bank’s enterprise risk management is the wrong reason to have a CRO. The result is likely to be an expensive compliance bureaucracy that creates a false sense of security. The CRO becomes merely an actor in a diverting farce that presents the façade of risk management without the reality of risk management. As many banks discovered in the financial crisis, this farce can turn into a tragedy when the music stops.

A solid CEO/CRO partnership is crucial to the long-term success of an enterprise risk management program. Even more crucial is having a CEO who understands and is willing to accept his/her role as the true risk leader in the company.

Mind the Knowledge Gap

Former SEC Chairman Arthur Levitt delivered some very interesting remarks in a recent speech at the Annual Audit Committee Conference sponsored by the National Association of Corporate Directors (“NACD”).  Mr. Levitt challenged companies to improve the knowledge base of its board members to allow for more fulsome discussions on risk.  He also provided some recommendations for better governmental oversight and regulatory reform.  Here are a few of his thoughts.

Let’s talk about steps that need to be taken by corporate boards on their own. In general, I favor elements that improve transparency and accountability. Basic improvements, like giving investors access to the proxy, would push boards to be more proactive, and more sensitive to investor concerns.

But being more accountable is a lot easier when you have the right expertise. Right now, independent board members often don’t have the base of knowledge they need. When someone working every day inside a corporation is presenting information and analysis to the board, there will always be a gap between what they know and what the board knows. This gap is inevitable, but it need not be permanent. That is why I would strongly favor that boards of directors include individuals with financial market experience, and especially expertise in understanding, pricing, and managing risk. With even one  member regularly raising challenging questions and issues, boards would be able to press management to think far more creatively about issues such as counter-party risk, operational risk, and so on.

Mr. Levitt is right in his view that the knowledge gap must be bridged to ensure board members are truly effective in their roles.  It will take renewed efforts on both sides – management and board – to accomplish this feat. However, not only will they benefit, their shareholders will as well.

Losing Their Way

The recent troubles of global car manufacturer Toyota offer a real-world example of the need to reinvent enterprises with a focus toward enterprise risk management.  As Jack Bergstrand and I discussed in our recent webcast, companies today are relying on outdated management principles that emphasize specialization and limited communication across business units.  This contributes to greater risk and ultimately a diminished brand.  Here is what Forbes magazine reported this week about the management failures at Toyota.

President Akio Toyoda acknowledged in an opinion piece he wrote for The Washington Post last week the company had “failed to connect the dots” between the sticky pedals in Europe, surfacing as early as December 2008, and those in the U.S. that culminated in the massive recalls. The error in Europe was corrected, starting with the Aygo hatchback in August 2009, and those models were not included in the latest global recalls.

Making the exact same product again and again – what’s known as “quality control” in manufacturing – isn’t the same thing at all as ensuring safety, according to Steven McNeely, who oversees safety management systems at Jet Solutions, a Richardson, Texas-based carrier.  “Management’s attention and oversight was focused on the business bottom line, and those metrics were quality measures. Management was not focused on safety risk assessment or risk management,” he wrote in his essay, “Lessons Learned From Toyota.”  Others say rigorous testing, managerial foresight and valuing customers are critical to the true Toyota Way, and the company has derailed from that path.

The greater size and complexity of today’s corporations demand a new way of managing.  If you agree, visit to learn more.