Berkshire Hathaway Chairman and CEO Warren Buffett recently made very clear where he believes the responsibility for risk management lies: with the chief executive officer. "If Berkshire ever gets in trouble, it will be my fault. It will not be because of misjudgments made by a risk committee or chief risk officer," he wrote in his annual letter to Berkshire shareholders.
Buffett acknowledged the difficulty of completely corralling risk, even for executives who strive to minimize their risk-taking. "At Berkshire," he wrote, "we will stick with businesses whose profit picture for decades to come seems reasonably predictable. Even then, we will make plenty of mistakes."
Signs indicate that CEOs will be taking greater notice of risk in the wake of the economic crisis. According to PricewaterhouseCoopers' latest annual CEO survey (conducted in the fourth quarter of 2009), fully 84% of respondents reported they anticipate making changes to the way they approach managing risk, with 41% indicating that those changes will be major ones. Boards of directors will become more engaged in the process as well, data show. For example, 71% of the survey respondents reported their boards of directors will become more engaged in assessing strategic risks, with 20% becoming "significantly more engaged."
"That one in five say their board of directors is 'significantly more engaged' in assessing strategic risk indicates that for many, approaches to risk are moving beyond controls-based risk management to corporate strategy and financial management," note the authors of the PricewaterhouseCoopers report detailing the survey results.
Different strategies to address risk are likely to emerge as companies investigate where their greatest risks lie. That said, several organizations recently have proffered their advice:
Categorize your risk. The U.S. leader of consulting firm Deloitte's governance and risk management practice suggests dividing risks into four categories for ease of management and oversight. Those categories are strategic risks, big-picture operational risks, financial risks and compliance risks. "You don't have to throw all your resources at these areas, but you do need to examine what is most critical in each of them," wrote Henry Ristuccia, also a partner at Deloitte & Touche, in a February commentary.
Assume greater uncertainty. Unlike in the past, corporations today must amend their strategy planning process to accommodate a greater level of uncertainty, states "Global Risk 2010," a report prepared by the Global Risk Network of the World Economic Forum. The authors note that "relatively few companies effectively apply tools, such as scenario analysis, or effectively integrate risk data into long-term strategic planning." That needs to change. "Strategy setting must be viewed as the optimization of a portfolio of decisions based on a set of scenarios that reflect uncertainty," the report says.
Mitigate credit risk. When it comes to extending credit, know your buyer, says Kerstin Braun, executive vice president of trade receivables management firm Coface North America. It's good advice at any time but may prove particularly relevant if President Barack Obama is successful in his goal to double U.S. exports in the next five years. New markets of opportunity likely will introduce potential new customers. Braun advises manufacturers not only to learn all they can about a new customer, but also to continue to update and verify that knowledge throughout their interactions with that customer. Circumstances of a previously good payer can change, she notes. "Even if your buyer was good yesterday, he might not be tomorrow. Don't trust too much," Braun says. "That's the biggest risk once you have a positive experience. You get more loose in your credit terms because he pays on time, and that's just when you'll experience your payment default."