Last week I had the opportunity to moderate a round table discussion with CFOs of mid-size firms in the Houston area.
The topics that were top of mind to this group were the strategy creation for an age of flux and the effectiveness of risk management. These topics were curated by CFOs and were meant to provide food for thought and action for the same group. How do we ensure that risk management becomes an integral part of an organization’s strategy at one end and how do we take risk management programs to penetrate all levels of the organization?
Risk Management at a Time of Global Uncertainty (Harvard Business Review Analytic Services (2011) reports that in 2011, 42% of firms with 10,000 or more employees had a chief risk officer compared to 11% in 2006-08. A survey by CFO.com in 2012 reports that 72% of the companies surveyed had devoted more time and resources to risk management since 2010. Yet, a more recent survey by CFO.com reports that risk scores for the top 10 risk issues (regulatory changes, volatility in global financial markets, sustaining customer loyalty, economic conditions, to name a few issues) were higher this year compared to 2016.
What have we learnt in the last decade about new sources of risk?
If we turn back the clock to 2007, an executive sitting in their office planning risk management strategy for the coming decade would hardly have anticipated the financial crisis that ensued. Over time and despite increasingly sophisticated quantitative tools to manage risk, our range of risks continues to expand. Today we live in an intricately connected world where the number of connected devices (over 26 billion) is shy of four times the number of people on the planet (about 7.3 billion). Every one of these connected devices provides a degree of convenience we are delighted to enjoy, yet every device needs to be cyber protected.
Another dimension to risk that is growing in importance, thanks again to technology is the massive disruption in industry structures. Take retail for example — As of April 2017, 46 million square feet of retail space has been shut down in the U.S. This is the total square feet of shut downs for 2016. Assuming that the typical department store has a footprint of 130,000 square feet, we are about 353 department stores fewer and the year is not over. No industry is immune to these changes. It is not unreasonable to assume that a third of the core skillsets needed for jobs as they are defined today will be replaced in the next five years — Health care and finance, education and law are all set to see regime shifts in terms of skills needed.
In Houston the events of the last month and a half have unfortunately given us a unique perspective on risk – Harvey has created learning opportunities that we would be foolish to ignore. As Harvey unfolded, I recall thinking of Taleb’s analogy – the black swan. Black swans are highly improbable events that, should they occur, can cause significant damage. Looking at the data however, suggests a slightly different description. Per data from Munich Re, storms and floods account for almost three-quarters of weather-related disasters. On a global scale such events have grown three times in the last 36 years from 200 in 1980 to over 600 in 2016. In 2010, three times as many people lived in houses threatened by hurricanes as in 1970. Closer to home in Harris County we built more than 8,600 buildings inside the 100-year floodplains. Data from the Federal Emergency Management Agency (FEMA) shows that houses that repeatedly flood account for 1% of the National Flood Insurance Program (NFIP) properties but account for 25-30% of total claims. Texas is among five states in the nation where the number of these homes exceeds 10,000 and is growing by around 5,000 a year. So was this truly a risk that was unanticipated? The descriptor term is not black swan but gray rhino (a term coined by Michele Wucker). Google rhinos and you will see them described as black or white rhinos. In reality, most rhinos are neither black nor white, they are gray – we see rhinos and realize they are gray but call them black or white. Gray rhinos hence, are events that are likely, but ignored, that are likely preventable but absent planning for prevention, become catastrophe events – the Takata airbag scandal comes to mind.
Finally and perhaps thanks to technology, our ability to differentiate truth from fiction has been compromised. A recent report from the Innovation Center of U.S. Dairy points out that about 7% of American adults or 16 million adults, believe that chocolate milk comes from brown cows. A gray rhino risk we are staring at has to do with our ability to separate truth from untruths, facts from alternative facts – the costs of not addressing this are significant. Accurate information is key to how we manage and get on the other side of risk and it starts with learning how to differentiate facts from alternative truths.
The discussion highlighted tactical and strategic risks – clearly the finance function is being tasked with more, and CFOs are rising to the challenge. Their ‘outside the operations’ perspective imbues a credibility that helps drive strategic conversations. Cyber risks, risks associated with growth and operations, macro uncertainties arising from changes to the tax code, the labor markets and technology in general, are top of mind. Risk mitigation was discussed as much a culture issue as it was a tactical challenge. Getting objectivity into conversations and speaking up about risks is critical. To be effective, risk management strategies must drive the culture of the organization.