Scott Randall says, “Not everyone is convinced that application of a systematic process of risk management makes that much of a difference in sales, profits, quality, reputation, etc. Until we as risk managers can empirically make this link (not theoretically, nor in a sort of ex post way without proving causality) risk management will be relegated to a control function-somewhere between corporate audit and legal on the corporate totem pole.”

While I agree that we need to be somewhat cautious in predicting the future prospects of risk management, I think Scott is being a bit overly pessimistic. Being an inveterate cynic at heart, I am quite prepared to say that the two great motivators we see in business are greed and fear. Historically the balance has generally weighed on the side of greed, with fear only being dominant for brief intervals.

Being a pseudo-academic, I take the arguments for balancing risk and reward seriously. Indeed, I think the most important argument for sound risk management is that stock prices respond not only to the market’s expected rate of earnings growth but to the discount rate it applies to those expected earnings. That, in turn, is related to the volatility of earnings. This makes an unexpected drop in earnings doubly dangerous, since it can both lower expected future earnings growth and raise the market rate of discount applied to such earnings.

That said I am realistic enough to know that harsh experience trumps elegant theory every time. Starting in the mid-1980s, a string of major losses created recurring headlines and widespread embarrassment (as well as financial damage) to the senior mangers of many well established financial firms. This run of fairly frequent headline losses persisted into the mid-1990s. Such losses continue to happen but tend to be viewed as intermittent exceptions rather than continuation of a frequently recurring pattern.

I believe it was this pattern of large publicly visible losses that engendered the creation of internal risk management organizations as we know them today. One dark side of this history is that it tended to associate risk management with the risk police in many people’s minds. While that role is inevitably part of the mandate, and while some risk managers fail to see beyond that role, effective risk management is increasingly recognized as encompassing a much broader mandate.

One thing that will contribute to a significant increase in risk management’s importance and impact is the slow but steady progress toward more effective data consolidation within large financial enterprises. This consolidation is often driven by risk assessment considerations that recognize the crucial importance of portfolio context in accurate risk assessments. It also can serve broader purposes, however, such as customer profitability analysis and improved customer service. Providing relationship staff with consolidated customer information across products and locations is one of the essential tools for large institutions to compete more effectively by offering personalized customer contact similar to that available from smaller institutions.

Such data also can be crucial in designing business initiatives such as solicitation of new credit card holders. Leveraging centralized date for purposes of business strategy and execution, in addition to risk analysis, can strengthen the role of risk management and make it a more integral part of senor management decisions.

In brief, I hesitate to trumpet Beaumont Vance’s triumphalist projection of the importance of risk management. After all, the rise of the internet has been compared to the industrial revolution, and that is a pretty high standard of comparison! As Scott Randall says in concluding his comment, “The key is to first make the goal of risk management the achievement of sustained competitive advantage, then to use it to deliver.” I think there are forces promoting a broader role for risk management if those of us in the field will raise our sights and grasp the opportunities. If not, we will find that, “We have met the enemy and they are us.”

As much as I would love to believe Beaumont’s statement that we are “on the verge of a virtual explosion in the impact of risk management” and “risk management’s potential impact is comparable to that of the internet”, we need to be a bit cautious here not to hyperbolize (or fantasize!) Risk management is only valuable as it supports achievement of corporate metrics based on the established business disciplines of finance, marketing, management (and maybe) leadership.
Not everyone is convinced that application of a systematic process of risk management makes that much of a difference in sales, profits, quality, reputation, etc. Until we as risk managers can empirically make this link(not theoretically, nor in a sort of ex post way without proving causality), risk management will be relegated to a control function-somewhere between corporate audit and legal on the corporate totem pole. The key is to first make the goal of risk management the achievement of sustained competitive advantage, then to use it to deliver. Once I start to see signs of people taking this approach, then I will be ready to consider where we might be along the maturity spectrum as a business discipline.

I’d like to pick up on David’s comment about improved data consolidation. Once again, consumer markets (such as retail banking), can offer something to us in the wholesale, industrial sectors. In the 80’s, Porter spoke of using “information technology” as he defined it as the vehicle for achieving sustained competitive advantage. This is essentially what David is talking about when he talks about the data consolidation-customer relationship management link. However, I think there is a risk management element in between the data and customer, and it involves using data to secure a better chance (i.e. probability?) of meeting customer expectations i.e. (i.e. impact?). If we take this one step further, and expand it to the energy markets, we see that the “customers” are often not the end users of the product. After all, demand for gasoline is pretty inelastic within the price band we have seen over the past 10 years. No, “customers” for energy producers are their stakeholders, the people/groups who can actually make them lose or allow them to earn huge sums of money-regulators, NGOs, institutional investors, credit rating agencies, etc. This may seem a bit convoluted, but for the “energy merchant of the 21st century” more reliable market information means better risk management of the threats or opportunities around powerful stakeholder expectations. This in turn translates into either cost leadership or enhanced differentiation through either the actual achievement of stakeholder expectations or the assurance of future achievement of stakeholder expectations. If an energy market participant has a consistently superior market intelligence process, then they can attain a sustainable competitive advantage. The mechanics of how this is actually done in practice the thesis of a forthcoming book. But I’m wondering, does this stakeholder needs satisfaction approach ring true with you guys, or is it just me that is now fantacizing about the growing relevance of risk management?

Scott Randall’s focus on the importance of anticipating the demands of “stakeholders”, as they have become known, is interesting. It certainly is true that a company can be badly hurt both by government regulation and by a sudden shift in public sentiment. Most observers would agree that good corporate citizenship is important to long-term profitability.

A company that becomes widely regarded as a pariah will have difficulty on many fronts. In some cases a company has so much market power that it can ignore such pressure in the short run but it is set up for a fall as soon as alternatives arise. Even in the energy space, most communities have some alternative sources of supply and consumers can still vote with their feet. Aggregate demand is inelastic but that doesn’t mean that local demand is equally insensitive to price or to corporate reputation.

Clearly a process that assures early recognition of, and response to, emerging public issues is valuable. The recently growing public focus on sustainability is one example. That said, such issues are so broad and varied that it is hard to know where analysis of them should stop. Demands for corporations to make the world perfect are ultimately inexhaustible because, sad to say, the world falls so far short of perfection. Nevertheless, making early recognition of such demands a key goal of a company’s risk information infrastructure strikes me as a sensible priority.