Kit and Caboodle

Russ Banham

Russ Banham is a contributing editor of CFO.

Understanding the skepticism about enterprise risk management.

PETER COX, CFO of United Grain Growers Ltd. (UGG), spent part of his early career as an accountant with Price Waterhouse in Paris. Born and reared in the United Kingdom, Cox says the experience taught him to understand the shortcomings of traditional accounting treatments in capturing a corporation’s real exposures.

Cox is determined that UGG, a Winnipeg, Manitoba-based agribusiness concern with $1.25 billion in 1998 revenues, confronts its diverse risks in a consistent, comprehensive way. “What we’re doing is building a structure and a process for managing all the corporation’s risks systematically,” the CFO says.

What Cox is after is called enterprise risk management. Whereas multiline insurance gathered property and casualty risks in one package, and integrated risk management combined insurance risks with financial risks, enterprise risk management goes even further. The goal is to identify, analyze, quantify, and compare all of a corporation’s exposures stemming from operational, financial, and strategic activities.

The exposures include traditional insurable risks such as product liability, as well as financial, commodity, legal, environmental, and other less-tangible exposures that endanger corporate earnings stability. The latter could include a trade embargo or a deteriorating brand image. “We believe there is monetary value to taking a comprehensive approach to our risks,” Cox says.

While many companies are intrigued by enterprise risk, integrated risk, and multiline strategies, some observers see no rush to fix something that isn’t broken. “We’ve studied these concepts, but we found nothing wrong with the way we’ve typically transferred our insurance and financial risks,” says Richard Heydinger, director of risk management at Hallmark Cards Inc., in Kansas City, Missouri, with $4 billion in revenues last year.

“Like most companies, we transfer our varied risks to separate specialists in the insurance industry and capital markets. That doesn’t mean I’m turned off by enterprise risk. Intuitively, it looks right and sounds right. We’re just not there yet.”

Treating all risks in the same way might not be cost effective, warns William J. Kelly, managing director at J.P. Morgan in New York “Although you have to look at risks strategically, that shouldn’t preclude looking at them tactically.”

Insurance that protects individual hazard risks is so inexpensive, Kelly says, that it makes little sense to go through the trouble of blending them or retaining large amounts of corporate risk. “If it costs two basis points to insure an $800 million building, how much of that risk do you really want to assume?” Kelly says.

“Sure you can save a couple thousand in premiums, but is it really worth it? Do you want to be the one who explains to the board that a $100 million loss could have been insured for $20,000? There has to be a level of common sense about all this”


Reflecting such skepticism, companies are not flocking to combine corporate risks under a single umbrella. UGG is one of only a handful of companies whose systematic approach breaks with convention. Armed with advice from its consultant, London-based insurance broker Willis Corroon Group Plc, Cox and his finance staff have identified 32 risks (outside of traditional insurable risks) confronting the company. “From these, we selected what we considered the 6 most important risks to transfer, and then combined them with the company’s traditional hazard risks in a single portfolio,” says Carl Groth, a Willis Corroon senior vice president and director of alternative risk transfer.

Neither UGG nor Groth would name the six risks, but they allowed that they might include environmental exposures, credit risks, counterparty risks, and commmodity exposures. In the grain business, weather is another unpredictable factor not ordinarily covered by standard insurance contracts.

This September, Willis Corroon will seek to transfer UGG’s risk portfolio to the capital markets and insurance markets, marking the first time so many diverse financial, strategic, operational, and traditional hazard exposures will have been transferred as a single block of risk.

Why all the hoop-jumping when there’s nothing wrong with the traditional way of transferring risk? “We could do that, of course, and have, but the fact is when you bundle these different kinds of risks in a portfolio, you offset one risk with another,” says Cox. “Your overall costs, then, are reduced.”

Cox is referring to the natural hedge gained by basketing risks that are either uncorrelated or negatively correlated to each other. For example, say a diversified chemical company with a subsidiary that produces a feedstock chemical is experiencing very soft pricing in the marketplace because of oversupply conditions. Sales, thus, are down. Meanwhile, the company has another subsidiary that uses the same feedstock chemical to manufacture a range of products. As a result of low prices, this subsidiary’s costs decline and its profits consequently increase. By combining these two different exposures in a portfolio, the company has a natural offsetting position.

In traditional corporate environments, where walls separate not only subsidiaries but departments, such natural hedges may not be so apparent. “All kinds of risks are uncorrelated and may offer a natural hedge when combined,” Groth says. “We have found that insurance, for example, is uncorrelated with the effects of some weather exposures, commodity prices, and financial risks like foreign exchange. But the way firms are structured to deal with those risks removes opportunities to explore the benefits of combining them.”

Enterprise risk management is the answer, Groth and Cox say, a way to create a framework for different functional areas so that natural hedges are obtained. UGG is not the only company intrigued by enterprise risk management. A few other companies are said by consultants to be midway through the enterprise risk process but are silent on the subject, concerned they will lose a competitive edge by broadcasting their intentions.

All the companies are captivated by the promise of enterprise risk management–that a better understanding of risk can be achieved by breaking down the “silo” structure of risk management. In conventional risk management, the insurance manager manages insurance risk, the treasurer manages cash flow and financial price risk, the credit manager manages credit risk, commodity traders manage commodity risks, and so on. These functional areas rarely, if ever, coordinate their efforts or explore opportunities to work together to manage the entire risk of the organization.

By removing these barriers, risk can be viewed as it naturally occurs in the business environment–a portfolio of interrelated risks acting upon the organization. An understanding of risk in this context arguably creates better information for decision making and, ultimately, improves risk management, earnings stability, and shareholder value.

The CEO takes on greater responsibility in an enterprise risk management world. Four discrete areas of risk management–hazard risk, financial risk, operational risk, and strategic risk–would be managed in a centralized fashion by the CFO to obtain greater capital efficiency. This is achieved by identifying and quantifying all exposures facing the corporation, and managing risk-oriented capital in such a way that it produces optimal results and earnings stability. Says Groth, “Risk management and capital management are synonymous.”

In other words, CFOs must begin thinking about allocating risk-bearing capacity much as they allocate capital for investments. Each company has a finite amount of risk-bearing capacity. An objective of enterprise risk management, then, is to determine what that is and how it can be optimized.


The first step in an enterprise risk management process is the identification and quantification of all corporate exposures. UGG and other companies are relying on consultants–a wide mix of firms, including insurance brokers, Big Six accounting firms, risk management consultants, investment banks, and such insurers and reinsurers as American International Group Inc. and the Swiss Re Group–to lead them in this process.

The quantification element derives from “value-at-risk” techniques used principally by banks to quantify financial risk. Willis Corroon uses proprietary software it developed with Align Risk Analysis, in Chicago, to perform value-at-risk analyses. This entails sophisticated computer modeling to calculate the amount of risk in each area to which a company is exposed. Each of a company’s risks is translated into a common denominator (called a unit of risk) to permit easy comparison. By modeling the risks alone and in various combinations, a company can assemble the most advantageous portfolio of risk to take to market.

“For example, say a company has a foreign exchange risk in which it can either make $10 million or lose $10 million,” Groth says. “If the $10 million loss was at the 95th percentile–in other words, the company knows it will do no worse than a $10 million loss 95 percent of the time–that is the value-at-risk. We set up a model so the when we manage the risk, we know what the downside is 95 percent of the time. With UGG, we did a value-at-risk analysis for each of its six most important noninsurance risks and all its insurance risks. We explored various combinations to determine what the program design ultimately should look like.”

Once corporate risks are identified, quantified, and selected for risk transfer, they are packaged and sent to market. An insurance company or reinsurance company, such as AIG, Swiss Re, or Zurich Insurance Group, may take the entire basket of risk. An investment bank might absorb the risk by creating an insurance securitization bond. The risk also could be broken into layers, with an insurer (or several insurers and reinsurers) taking one or more layers and the capital markets taking the rest.

The payoff comes in the form of reduced costs, as well as tempered earnings volatility and potentially higher shareholder value. “We expect to save money and gain an edge on our competition, says UGG’s treasurer, George Prosk. “For example, we’ve learned we can keep more risk internally instead of transferring it to insurers or capital markets.”

Sounds great, but why now? “Business is becoming increasingly vulnerable to global events, financial price risks, and climactic changes,” Cox replies. “Organizations are subject to greater regulatory changes, competition, rapidly changing technology, public opinion, and consumer tastes. These and other factors increase the importance of effective risk management to reduce earnings volatility.”


Enterprise risk management is the latest example of the trend toward combining different risks to reap offsetting positions, administrative efficiency, and lower costs. The first phase in this evolutionary development began about four years ago. A few insurers, including AIG, Swiss Re, and Bermuda-based XL Insurance Co., developed multiline insurance programs that packaged together various corporate property and casualty exposures that would be covered by a single insurance policy.

Union Carbide, a Danbury, Connecticut-based diversified chemical company with $6 billion in 1998 revenues, was among the first to buy multiline policies. The company purchased a three-year multiline program that expired this past July. Union Carbide was so pleased with the program that it extended it for another two years–at a 30 percent savings over the cost of its previous multiline package. “We had a credit arrangement in which if we had good loss experience in our first three years, we would build up premium credits to reduce our costs if we extended the program,” says John K. Wulff, Union Carbide CFO and corporate vice president.


The next phase in the evolution of enterprise risk management–integrated risk management–involves the incorporation of financial exposures into a multiline policy. The integrated risk model has received tremendous interest and scrutiny, but only one buyer to date–Honeywell Inc.

In mid-1997, Honeywell, a Minneapolis-based global controls company with $8.4 billion in 1998 revenues, earned the distinction of being the first company to transfer foreign currency translation risk to an insurance company, AIG. The currency risks were integrated into what was essentially a standard multiline insurance program, brokered by J&H Marsh & McLennan in New York. “Our objective was to significantly reduce our overall cost of risk, as well as our administrative costs,” says Larry Stranghoener; Honeywell CFO and vice president.

The company is past the midway point on its two-and-a-ha half-year policy term, but it is already looking to expand the policy’s parameters. “We’re thinking about incorporating other nontraditional risks, such as interest-rate risk and weather risks, into the package,” Stranghoener says. “We’re also examining adding foreign currency transaction risks. We think these are logical extensions of what we’re already doing.”

Will Honeywell engage in full enterprise risk management? “We’re moving in that direction,” the CEO says. “We believe it makes sense from a risk management standpoint to evaluate our total risk profile, not just hazard and financial risks, but also our operational and strategic risks. Once we do that, the next logical step is to find a comprehensive way of mitigating those risks. It’s still too early to say if we will go this way, but I think we already have the reputation for being aggressive and innovative in this area.”

H. Felix Kloman, a former risk management consultant with Tillinghast-Towers Perrin, sounds skeptical. “I don’t understand why Honeywell would want to use an insurance company [instead of a bank] as a risk-financing counter-party, given insurers’ extraordinarily high expense ratios and their economic fragility,” says Kloman, currently the editor of the newsletter Risk Management Reports. “I understand we’re talking AIG here, but even they have expense ratios that are nowhere near the level of financial institutions.”


Union Carbide, on the other hand, is a little closer to taking the plunge. “We have an insurance subsidiary that we’re thinking about in broader terms, exploring the possibility of having it handle not just traditional insurance risks, but our commodity, foreign exchange, and credit risks as well,” says Union Carbide assistant treasurer Richard Inserra.

“The idea is to get people looking at these things more consistently,” he continues. “The subsidiary would provide that centralized function.”

Microsoft Corp. also envisions its insurance subsidiary, MS Risk Co., managing a broad scope of risks. “Our original intention was for MS Risk to house under its umbrella all these different risk activities, says Jean-Francois Heitz, Microsoft treasurer in its Redmond, Washington headquarters. “We’re still not there yet, but we’re making significant headway.”

Microsoft is also interested in enterprise risk management, and has identified roughly 144 risks that threaten earnings predictability–a wide mix including civil unrest, brand image, the Y2K problem, and pricing wars. Analyzing and quantifying these risks are several internal teams drawn from a broad range of business units–“senior enough to be taken seriously, but not so high- ranking that they won’t have time to participate,” Heitz says.

“We’re building layer after layer, starting with a few multidisciplinary teams,” says Microsoft chief financial officer Greg Maffei. “Five years from now, we might put together a full, companywide team that will approach different risks in a consistent way. We may not be able to quantify all of them in the same way, but we should certainly be able to quantify most of them and establish some fundamental priorities.”

Like UGG and Union Carbide, Microsoft wants to manage its risks holistically. “Ultimately, we may package together our disparate risks and take it to market, if that makes the most sense for us,” says Richard Sadler, Microsoft’s senior risk manager. “It’s still too early to make that decision.”

UGG, however, is poised at the gate, waiting to make history as one of the first companies with a bona fide enterprise risk transfer program. “We’re convinced this is the future happening for us right now,” says CEO Cox. “I don’t think anyone 10 years ago imagined you could transfer all these different risks to a single portfolio.”

This autumn, the capital and insurance markets will tell their side of the story.

A Broad Umbrella


1. Adverse commodity price fluctuations

2. Failure of a company’s electronic data processing system

3. Lapses in communications links with customer markets and suppliers

4. Disruptions caused by political upheaval

5. Obstacles to timely strategic planning

6. Regulatory changes that disrupt the business environment

7. Changes in technology that hamper strategic goals

8. Lapses in due diligence relating to mergers and acquisitions

9. Counterparty reliability in financial hedges

10. Spoilage or crop disease causing damage to the quantity, quality, or marketability of grain supplies

Source: Willis Corroon Group Plc

COPYRIGHT 1999 CFO Publishing Corp.

COPYRIGHT 2000 Gale Group

You May Also Like

Magazine for Senior Financial Executives: Second acts: after bankruptcy, companies often teeter between encore and final curtain call

Second acts: after bankruptcy, companies often teeter between encore and final curtain call – Bankruptcy 2003 Alix Nyderg JUST AYEA…

Magazine for Senior Financial Executives: Tuning in to cash flow: clarify cash flow from operations and you’ll find reason for optimism about America’s blue chips

Tuning in to cash flow: clarify cash flow from operations and you’ll find reason for optimism about America’s blue chips – Cover Story Ron…

Booking trips the old-fashioned way

Booking trips the old-fashioned way Laura DeMars NOT LONG AGO, Randy Royer, the treasurer of Mesirow Financial Holdings, got caught…

Magazine for Senior Financial Executives: One step behind

One step behind – Letters to the Editor IT SEEMS TO ME that the practice of processing invoices–be they paper or electronic–is one step…