Understanding and managing risk

Introduction

In this course we explore the subject of financial risk management. The processes of risk identification, risk measurement and risk management are explored. The course then goes on to examine reputational risk and operational risk.

This OpenLearn course is an adapted extract from the Open University course BB841 Managing financial risk.

Learning outcomes

After studying this course, you should be able to:

• demonstrate knowledge of the range of financial and financial related risks facing organisations

• understand the approach to risk management through risk identification, risk measurement and risk management (or mitigation)

• understand reputational risk

• understand operational risk and how to manage it.

1 Risk and the financial crisis

In September 2011, the eurozone governments were grappling with the debt crisis in Greece and the risks this posed to the banking system – given many banks had invested in Greece and other troubled European economies including Portugal, Spain and Italy. In the midst of this crisis one European bank – the United Bank of Switzerland (UBS) – announced that it had uncovered a huge and unexpected financial loss amounting to $2.3 billion as a result of the alleged activities of a rogue trader, Kweku Adoboli, based at the London offices of UBS.

Adoboli had allegedly run up these losses through transactions in the global equity markets – but had concealed these losses by establishing other fictitious transactions which covered up the actual losses the real transactions had made. Following the discovery of these losses, Adoboli was arrested and charged with fraud. At the time of writing he is on remand in prison awaiting his trial.

However, this was not the only consequence of the risk management failings at UBS.

Shortly after the discovery of the losses, the Chief Executive of UBS, Oswald Grubel, resigned. The bank was also criticised for its risk management failures by some of its largest shareholders. UBS subsequently announced plans to reduce its trading operations in London with a consequent loss of jobs.

This episode is yet another case of failings in financial risk management – indeed the use of fictitious transactions to mask losses on real transactions was a feature of previous risk management calamities at other banks, notably at Allfirst Bank in the US in 2001. Similarly, Adoboli’s actions mirror those of rogue trader Nick Leeson, infamous for his activities that led to the collapse of Barings Bank in 1995. Clearly, the lessons of the past have still not been fully learned. If you want to learn more about how to avoid such financial calamities then read on!

1.1 Risk management

The objective of Managing financial risk is not only to investigate the nature of different financial risks – looking at how they arise and how their extent can be measured – but also to explore how these risks, along with non-financial risks, can be managed. In your working life you may not play a direct role in financial risk management, but it is virtually inevitable that:

• Your organisation will, through its routine operations, generate or expose itself to at least some of the risks we examine. Understanding these risks is therefore essential for those wishing to develop well-rounded managerial competence.
• Your internal dealings with staff may link you to those who do have direct risk management responsibilities and understanding the nature of financial risks will help when having discussions or negotiations with them.
• For at least part of your career, you may work within your organisation’s finance department which has risk management responsibilities across the organisation’s balance sheet. Alternatively, you may have responsibility for auditing the work of the treasury function.
• In your dealings with customers and clients, you need to be aware of financial risks that may arise from the sale of products and the provision of services.

Additionally, if you make it to a senior management position – and particularly if you are on the board of a company or the senior management committee (or equivalent) of a public sector organisation – you will have managerial responsibility for those in the front line of financial risk management. If you lack competence in financial risk management you will not be in a position to perform your executive responsibilities properly. Indeed, you may recall the global banking crisis in 2007 and 2008 when executive and non-executive directors manifestly did not understand the financial risks that their banks were running, or turned a deaf ear to internal whistle-blowers who had highlighted the risk management failures in their bank’s business activities.

In the future, you may want to pursue a career in risk management – with an organisation, an auditing company or perhaps a regulatory body. The risk management business has grown over the past three decades in reaction to the glaringly apparent risk management failings of organisations. Certainly, since the global banking crisis, risk management has become a major growth area for employment around the world.

The objective, then, is to teach you the skills you need:

• in general management for managing financial risks
• if you are a risk management practitioner.

The study of risk management also requires an understanding of the International Financial Reporting Standards (IFRS) that apply to how financial instruments are used by organisations to manage financial risks. The key standard in this regard is IFRS 7 which covers disclosures in financial statements in respect of financial instruments. While the disclosures relate to accounting matters, they are of key relevance to the subject of risk management. This is because investors and other stakeholders will examine the disclosures made under IFRS 7 to help ascertain how exposed an organisation is to financial risks. Additionally, the very fact that these disclosures have to be made places a requirement on the managers of organisations to consider how they are currently managing financial risks – and this requirement should focus their minds on whether they are managing these risks properly!

Benjamin Franklin said that nothing was certain except death and taxes; the economist and 1990 Nobel prize winner Merton Miller revised this in his work on capital structure to debt and taxes. I think they both left out one other certainty – risk – but at least we can sometimes do something about risk and not merely allow the inevitable to happen!

1.2 The financial crisis – the cost of risk management failures

At the time of writing (in 2013), the global economy is in the aftermath of the financial crisis – principally a banking crisis – that emerged so spectacularly in 2007 and 2008. The features of the crisis demonstrated truly chronic failings in financial risk management. We will explore these failings throughout this free course.

The summary features of the crisis are well known.

During the 1990s and the first decade of the 2000s, many banks used funds borrowed from the wholesale markets – basically money borrowed from other banks and other financial companies – to expand their investment activities. While economic conditions were benign, with inflation and interest rates low and with the major economies experiencing steady economic growth and low unemployment, the risks inherent in this business model – which involved many banks expanding the size of their balance sheets at a fast pace – were not really exposed.

Things changed from around 2005/2006 as higher interest rates in the US triggered a sharp increase in defaults among customers – many of them with low incomes – who had borrowed funds to finance home purchases. This was the so-called ‘sub-prime’ debt crisis, where the term ‘sub-prime’ relates to the poor credit standing of those who had borrowed money.

So the start of the financial crisis was a significant example of credit risk – the risk that the money you invest is not repaid.

Very quickly, though, a credit risk problem turned into a liquidity risk crisis. As knowledge of the credit losses spread, those lending money in the wholesale markets became increasingly reluctant to provide funds to those they believed to be exposed to the sub-prime credit losses. Additionally, they began to exercise more general caution about the credit quality of the organisations they lent to.

The consequences of this shift in sentiment by lenders were inevitable. The cost of borrowing wholesale funds started to rise sharply and the depth of funds available shrank.

Those banks most reliant on wholesale funds to support their business were immediately exposed by what had become a liquidity crisis. One of the first casualties of this environment was Northern Rock Bank in the UK. This bank only avoided insolvency by being rescued by the Bank of England in 2007.

The combined credit and liquidity crisis continued to place many banks under severe pressure until, in September 2008, the collapse of the US investment bank Lehman Brothers triggered a virtual collapse of the global banking system. Autumn 2008 saw the governments and central banks of many of the world’s major economies taking emergency action to rescue their banking systems. This typically involved providing funding to deal with the liquidity crisis and injecting capital into the banks to accommodate the credit losses that the banks were incurring in their lending.

This ‘bail-out’ (financial rescue) of the banks – although essential to stabilise the financial system – understandably still evokes anger from the public.

The financial crisis not only provides vivid examples of credit and liquidity risks, but also the interrelationships between different types of financial risk. Indeed, the financial crisis also triggered certain non-financial risks, particularly reputational risk for those organisations found to be most vulnerable. The months following the peak of the crisis saw the management of these organisations publicly ridiculed.

One further significant development was that it became evident that many of the risk management systems being employed by organisations were not programmed to accommodate the scale of the problems that arose. Models that had previously been viewed as robust and trustworthy became revealed as unfit for risk management during such a major financial crisis. We will examine such failings later.

While the focus of attention during the early days of the financial crisis was on the near systemic failure in the global banking system, there were many other risk management calamities at a regional and national level.

In the UK, many local authorities (municipalities) had built up cash balances, largely from the sale of certain assets – principally, their stocks of rental properties for the public (council houses). This resulted in the authorities having funds to invest in the financial markets. In the middle of the first decade of the new millenium, many started to place funds with the Icelandic banks that had built up a presence in London and who were raising funds to finance their global investment activities. The scale of growth of these banks meant that they collectively had a balance sheet size in excess of the entire Gross Domestic Product (GDP) of Iceland itself!

Figure 1

The 2008 global banking crisis saw three of these banks – Glitnir, Lansbanki and Kaupthing Bank – collapse and rapidly end up in receivership. This left UK local authorities with, collectively, £953 million of credit exposure to these failed banks. Local authority treasury departments had relied on the credit ratings for these banks, supplied by the leading rating agencies – Standard & Poor’s (S&P), Moody’s and Fitch. These agencies had all rated them as creditworthy, at least until close to the point of their collapse. The local authorities consequently witnessed credit losses that attracted huge headlines and a parliamentary investigation. The investigation that followed led to criticisms of the reliance of the local authorities on ratings agencies, without looking to other sources to form effective credit risk judgements on the Icelandic banks. The so-called ‘credit crunch’ and the global banking crisis that began in 2007 brought attention to the notion of ‘liquidity risk’ – in effect, where organisations run out of money.

The Icelandic banks episode points clearly to the fact that the business of risk management and the risk of failures in risk management are not just the preserve of banks or private sector companies. Organisations outside the private sector are also exposed to financial risks and need to manage them effectively.

We have focused in this section on certain of the risk management failings revealed by the financial crisis. Our case studies will, though, not be confined to this recent period of financial history. Certainly risk management failings were not born in 2007!

Audiovisual activity

Activity 1 Risk management in action

Timing: Allow 30 minutes for this activity.

Listen to the audio, Risk mapping and risk management, a discussion between:

• two treasurers of major companies – Paul Outridge of De La Rue and Neil Henfrey of Boots, now a brand for the international pharmacist Alliance Boots
• a banking risk management specialist – Hor Chan
• Head of the Department for Accounting and Finance at the Open University Business School – Martin Upton.

It examines the financial risks that organisations are exposed to and how they are addressed by management.

The audio contains some technical matters and terms that will probably be new to you. Do not worry about this, though. It is intended to give you a flavour of risk management in action and what risks organisations are concerned about.

You may be surprised, as I was to a degree, to see pension fund risk referred to in the audio as being a financial risk. Personally, I would see pension fund risk – the risk that organisational pension schemes fall into deficit – as arising from increasing longevity and the fall in returns on financial assets seen in recent decades. The former increases a pension fund’s liabilities due to the resultant need to pay out pensions for longer periods. The latter reduces a fund’s assets by reducing the returns on investments, which, in turn, may be re-invested.

However, increasing longevity is not a financial phenomenon and falling returns on assets are a result of adverse interest rate risk and equity price risk, both forms of market risk. So pension fund risk is really a form of market risk mixed with growing longevity. What do you think?

Download this audio clip.Audio player: Risk mapping and risk management

Show transcript|Hide transcript

Transcript: Risk mapping and risk management

Music – 00:16

Martin Upton:

Hello, and welcome to this audio programme on financial risk management. To help me explore these issues and, in particular to show how financial risks are managed in the business world, I’m delighted to be joined by Neil Henfry, the Group Treasurer of Boots, the United Kingdom’s leading health and beauty retailer and Paul Outridge, the Head of Treasury at De La Rue, the world’s largest commercial security printer and paper maker. Managing company risks involves an active relationship with the banking sector... and here to represent that sector I'm pleased to have Hor Chan. First, can I turn to you Neil – what are the financial risks that arise in the business at Boots?

Neil Henfry:

Thank you, Martin. We would say there are six main financial risks. First of all there would be liquidity risk. Secondly, there would be counter-party credit risk. This would be particularly with bank counter-parties, and also when we’ve got substantial amounts of funds to deposit. Thirdly, the currency risk; relatively small at Boots but it would be primarily around purchasing goods for Christmas from the Far East, which might be dollar related, and also sales in our Republic of Ireland stores, which would be euro related. Fourthly, interest rate risk; this arises from the debt we’ve got on the balance sheet – about £600 million – and also, at the current time, cash we’ve got on the balance sheet – about £700 million – and making sure there’s no interest rate mismatches between the two of them. Fifthly, like any corporate treasurer, there’d be operational treasury risk arising from having a small team and needing to ensure there’s segregation of duties, such that fraud can’t take place. And finally, a large risk for an organisation like Boots would be pensions risk.

Martin Upton:

Paul, is it the same at De La Rue?

Paul Outridge:

Martin yes that’s right. Certainly I’d agree with Neil on that the principal areas of financial risk that we also face at De La Rue, although I think the emphasis for us is slightly different. As a major UK exporter, foreign exchange risk is certainly the most significant risk that we face, and managing that is a key part of our treasury operational management. Following on from foreign exchange risk, simply would add that liquidity risk and counter-party and credit risk are also similarly important. Liquidity risk, ensuring that there’s sufficient cash available in the right currency at the right time and in the right place, is a key area for all treasuries. With regard to credit risk and counter-party risk, again we have a surplus of cash on the balance sheet – it’s in making sure that the institutions with which we deposit our cash have sufficient credit ratings to ensure they will be there tomorrow when we want to receive the cash back.

Martin Upton:

Well Hor, if I can turn to you – risk is the nature of banks’ business, so I suspect that your list will contain every financial risk in the financial dictionary.

Hor Chan:

Yes, Martin, I imagine that’s right. Our biggest risk, of course, as a bank is credit risk. If you look at the assets of any bank, the biggest category there is really the loan portfolio. So, when we lend money to people, of course, we have to be reasonably sure that they will be paying us back, and that’s where the credit risk comes in.

I think the second category which overlaps partly with Paul and Neil’s is market risk, what we would call market risk, but perhaps they’ve separated it out slightly into foreign exchange and interest rate, which of course it includes, but then we would also put in equity risk or commodity risk from our trading books, and so on.

The third category is operational risk, which is increasingly important nowadays with the new regulations coming in, Basel II and with the ratings agency focus on this nowadays. There’s much more emphasis on that.

Perhaps the fourth one I’ll mention is one again that overlaps with Paul and Neil, which is liquidity risk, and about being able to fund ourselves and have enough cash to meet our obligations.

And just to wrap up on a few other risks which we face, these would be legal risk, reputation risk and business risk.

We approach risk in a very different way to corporates. We’re really looking at risk as an opportunity, an opportunity which, as long as it generates the return which is adequate for the capital we’re using on this risk, then we probably should be taking it, provided of course it doesn’t impact our reputation. So yes, we are in the business of taking on risk, rather than necessarily getting rid of all the risk. And sometimes, indeed, we would even take on risk deliberately when we have a particular view of the markets, because we feel that’s an opportunity to speculate, if you like, and make a bit of extra money. Of course, it’s so difficult nowadays for banks to make money in the traditional lending business. We have to supplement it by taking, in a sense, a few more risks in different areas to try to increase our returns.

Neil Henfry:

I think there’s one other thing that Hor brought up there about banks take views of markets. It probably would be true to say, I think, in the corporate world these days that most corporates do not take any views on markets and therefore, you know, you don’t get into speculation. Speculation could be that you don’t hedge something, even though you’ve got the exposure. But we tend not to take views on markets and you tend to just hedge irrespective of whether you might personally think dollar/sterling is going to move in one direction. Personal feelings don’t come into it these days.

Martin Upton:

I guess, if you’re on the Board of Boots, you might find it understandable if you’ve taken a business decision to launch a product which ends up failing and losing money, but if you lose money on foreign exchange speculation, I think the Board members might find that inexplicable.

Neil Henfry:

That would be absolutely right, which is why most corporates don’t do it these days.

Martin Upton:

Thank you. I want to drill down now to what actually happens when you want to manage those risks. It’s one thing to say, “OK, I’ve got foreign exchange risk, I don’t like it, I want to get rid of it. I’ve got interest rate mismatch risk, I’m borrowing floating, I’m lending fixed. What do I do about it? What transactions do I do? And how might I use derivatives?” Neil, can I turn to you.

Neil Henfry:

I think the first one, on the funding liquidity is, what we do is make sure we’ve got access to a variety of funding mechanisms, so we have a Euro-MTN Shelf Program, to be able to issue public bonds off. We’ve got a credit rating from Standard and Poor’s, and Moody’s, again an investment grade credit rating, to be able to issue public bonds. But more importantly in many ways, is committed financing, so that’s having undrawn committed facilities from banks, so that you’ve got the ability at any time to be able to draw down funds on the same day basis in case something happens. And the key thing there, really, is to make sure you fund before you need the money, so that you’re not kind of held ransom to the markets. And, there’s quite an important example recently on that, where Philip Green made his phantom bid for Marks & Spencer’s – all of a sudden, not just Marks & Spencer’s, but many of the retailers in the UK had a lot of trouble accessing capital markets because of rumours about – could it happen to them as well? So, if you’d been wanting to go to market at those few months you wouldn’t have been able to. And so that’s why you always need your committed financing and things like that to stand behind it.

You asked me about derivatives. We do use them for currency so, when we are hedging our US dollar imports for Christmas trading, we use straightforward FX forwards and spot deals to hedge those, we’ve got some interest rate swaps to be able to convert the fixed rate bonds into effectively floating rates, which then the interest rate risk matches off against, with the cash that we’ve got.

Martin Upton:

Paul, what’s your experience?

Paul Outridge:

Our exposures and our risks are much more concentrated on the foreign exchange side, and our policy is fairly straightforward for those. We again use plain vanilla forward contracts to hedge our foreign exchange exposures. We do, within the treasury department, have the ability to use currency options, for example, should we choose. But, in practice, it’s something that we have not used in the last three or four years. So, they are there as an instrument that is available to the treasury department, if it so chooses, but in practice, straightforward forward contracts provide the level of cover that we need for the vast majority of our exposures.

Martin Upton:

Paul, I wanted to explore another matter with you, managing foreign exchange exposure. Before you need to use derivatives like foreign exchange swaps to manage that exposure, you should look at alternative, what we call internal techniques, to manage your currency risk. Now, does this go on in the real world? What’s the experience at De La Rue?

Paul Outridge:

Yes, most certainly it does. Natural hedging, as we call it, essentially matching currencies of payables and receivables, is a key first line in managing currency exposures because that can be done at no cost. It reduces your net exposure and, therefore, reduces the volatility that you need to manage as part of that risk.

Another key feature, because foreign exchange forward contracts are very much a short-term option for smoothing the flow in terms of volatility, what is also key is looking longer term in terms of more strategic ways of managing risk. And for us, particularly for currency risk, is, for example, where do we situate our manufacturing plants? A key area for us, and which is one in which we’ve recently implemented, is to move some of our manufacturing sites away from Europe into low-cost, dollar-denominated regions in the Far East. Now, not only does that help to reduce our cost base, it also helps to reduce our currency exposures as well, because many of our key markets for some of our machines are in the US, and we are, therefore, managing naturally to hedge our dollar exposures by sourcing products in a dollar-denominated region and selling, obviously, in North America. So, that provides a natural hedge to us, which reduces our net exposure, and therefore reduces the actual number of forward contracts and derivatives that we need to use.

Martin Upton:

Hor, it’s again slightly different from the banking perspective, isn’t it? Because companies like Boots and De La Rue, they could be your customers when it comes to hedging transactions, when it comes to the use of derivatives. How would you describe the relationship you would have at ABN with those types of customers, and how would you be using derivatives to manage your own risks?

Hor Chan:

Well, I think from the point of view of dealing with customers like Neil and with Paul, of course, we are suppliers of the financial hedging instruments and market makers in those, so of course if they wanted to use a swap or a forward they could call us and we would tell them at what price or at what rate we could provide that hedging instrument. And the point is that we are there to provide liquidity in the market, we provide both a bid price and an offer price, if they wanted to unwind their hedge as well.

But for us as a bank, I think the real change for us in terms of using derivatives in the last few years has really been the advent of credit derivatives, and that’s really helped us to manage our credit portfolio in a much more active way than we ever did, even five years ago. And, as I mentioned earlier, that really is the biggest credit risk that we have.

Paul Outridge:

Can I come in at this point? Because if I wasn’t happy with the credit worthiness of an issuer, I wouldn’t buy the bond in the first place. So why do I need to access the credit derivatives market to manage credit exposure, which perhaps I didn’t want in the first place?

Hor Chan:

I think that there are different ways of acquiring the assets in the first place. Sometimes we’re given the risk, in a sense, by a client who asks us for a price and then sells to us, of course, on the bid side hopefully some asset which has credit risk which we aren’t really happy with, so we may want to hedge that. But, more often, I think, where credit risk arises is where we deliberately take on the exposure. We would deliberately lend money to a client, or we may think that their bond which they’ve issued is a good investment. But, of course, circumstances change. The markets move, credit worthiness alters with business cycles and so on. So, something may happen which would mean that we’re less happy, perhaps, with the credit risk which we have, and we want to hedge that. And, of course, on occasion it’s very difficult, especially when you’ve given a loan. It’s very difficult to go back to the client and say – we’d like to pull your loan now; we’d like our money back please – because I’m sure Neil and Paul would not be very happy if I tried to do that. So, what we would do instead, of course, is merely hedge it using a credit derivative, and that’s the way we can get around having to go back to the borrower and saying, you know, we’re not so happy with you nowadays.

Martin Upton:

And the most common deriviatives in use are credit default swaps – is that the case?

Hor Chan:

That’s right.

Neil Henfry:

Can I come in, because corporates are not necessarily that thrilled about the development of the credit default swap market. It gives a very visible price on your bonds and your funding. So, if you’ve issued a five-year bond, you’ve now got a very visible price that’s very volatile. In the old days you used to issue bonds to investors and they used to sit on them and there was hardly any trading went on in them. Now there’s a credit default swap market, it’s a very visible traded market. It’s often got hedge funds acting in it, and so you can get some very volatile pricing in that market. And, of course, if you then try and issue new bonds into it the reference market is the credit default swap market, not how your bond is trading in the kind of real world. So to go back to that example of Philip Green with Marks and Spencer’s, all the retail of bonds, credit default swap markets went, may be up a hundred basis points or whatever within a day. And so it can make things very difficult.

Martin Upton:

Neil, can I ask you to talk about the problems which you think exist with pension funds and how they pose a significant additional risk for companies like yourselves?

Neil Henfry:

Yes, Martin. Boots, like many companies in the UK has got a defined benefit scheme. It’s fairly closed to new members but, nevertheless, it’s got liabilities of three and a half billion at the last count, which is broadly the same as the market capital of the company, and, therefore, it’s a very substantial size of liability there. Now, obviously there’s assets matching those liabilities to the extent they can, and Boots is in the very fortunate position of having broadly a fully-funded scheme. So, it’s got about three and a half billion of assets as well.

So, you might say, so what’s the problem? Well, the problem is that the size of the liabilities depends on things like long term discount rates, inflation rate, prospective salary increases and, probably most important of all, actuarial assessment of longevity, mortality of the people in the fund. And so, the size of those liabilities moves up and down with the markets, as discount rate moves, and every time actuaries decide that people live an extra five years it adds more to the liabilities.

Now, the assets themselves, of course, depending on what they are, might act in a very different way. Boots itself has got 85 per cent of its funds in bonds and 15 per cent of its funds in equities and properties. Now, obviously, they don’t necessarily move in the same way as the liabilities do, so what you find is that, when you measure both the assets and the liabilities on a market base, which is what you’re required to do for accounting purposes these days, you can quote very substantial volatility in the difference between the two. And, let’s imagine that you’ve got a deficit of two hundred million, how are you going to make that up, and how quickly are you going to make that up? And so you can find that all of a sudden that you’ve got a very quick demand from the trustees to make substantial additional contributions to the fund that you weren’t expecting. So, it eventually flows through to a funding liquidity issue.

However, even despite that, during the whole process of this – because it’s a market valuation, it’s now on balance sheet, banks look at the deficit, investors look at the deficit, rating agencies look at the deficit and treat the deficit as being debt-like; and so it can impact you quite substantially in your credit rating, your share price and your relationships with banks, if you’ve got substantial deficits, which many companies do have.

Paul Outridge:

Adding to what Neil said, I think, one important area that is now coming through is how treasury departments can help the trustees to manage that deficit and in terms of derivatives, which we’re talking about. The problem is the mismatch in the funding gaps. For example, the assets may well be in bonds, but the maturity of the bonds won’t necessarily match the profile of the maturity for the pensioners or prospective pensioners in the scheme. And this is one area in which, for example, interest rate swaps are certainly being talked about as one mechanism in which you can help to smooth the difference the exposure between the assets and liabilities.

Martin Upton:

We know that with the introduction of international financial reporting standards, IFRS, the position in respect of pension fund liabilities has to be reported, but also I understand, Paul, that IFRS, as we know it, has had an impact on other areas of your risk management business.

Paul Outridge:

Certainly for us at De La Rue, yes, that’s right. IS32 and 39, for example, which deal with financial derivatives and financial instruments have a significant effect on us in term of not necessarily the way in which we manage our exposures, but certainly the way in which we’re required to report them and also to the level of documentation that we have to provide. The key element of IS39 simply relates to how you can match your forward contracts or your financial derivatives that you’ve taken out to hedge your underlying currency exposure. Traditionally, providing the level of forward contacts you had in place matched your level of exposure, then that was sufficient within the accounting rules in order to effectively to be able to combine the two and simply effectively, when the forward contracts matured, you would then be able to match those off against your sales or your purchases within the profit and loss account.

What has happened now is that, in order to achieve the same treatment under IFRS, there’s a whole new regime called ‘Hedge Accounting’ that has become now part of this exposure document. And, as result of that, to achieve Hedge Accounting there are very strict rules that you have to manage in order to be able to achieve the same result, and effectively put all your forward contract revaluations which now have to be marked to market on a monthly basis, to your reserves rather than taking them to P & L every month. The level of documentation required is quite onerous and, certainly for major international groups, it’s a key decision in terms of managing your exposure, whether you want to manage that volatility to your P & L or not. For De La Rue the decision was made that we do need to manage that, because the potential volatility exposure, sudden changes in exchange rates, is such that it could produce a significant effect in our reported results which, not as a result of our actual economic hedging that we’ve undertaken, but simply as a result of an accounting standard, has created this volatility. And that, to us, was unacceptable.

Martin Upton:

So, in effect, you’re saying that changes to accounting standards are, in a sense, leading to certain business inefficiencies when it comes to your hedging and business activities in treasury?

Paul Outridge:

Um… certainly in the sense that we have, as a policy, decided we did not want to change the business rationale for hedging. We still have underlying exposures in currencies, we still wanted to maintain that level of hedging on an economic basis. What it has impinged on, certainly, is the level of administration that now goes into maintaining the level of exposure management that we do currently. And that has put a considerable onus, not just on treasury departments, but also on the subsidiaries throughout the group in order to comply with these, the new accounting standards.

Martin Upton:

What impact have all these high-profile, treasury-related disasters had on the way in which large banks undertake business?

Hor Chan:

I think it’s, for the bank itself, I think it’s made us improve our own control systems and made us focus much more on operational risk than perhaps we had previously. When you think that the Allfirst debacle, for example, was really about loss of controls, about a single person who managed to run up large positions which seemed to be undetected for some time. But within the bank, what it’s really meant is that we’ve undertaken a huge exercise really to identify all our operational risks and also try to construct a database, really, of where we’ve had operational risks in the past within the bank itself. But, in fact, not just the actual losses, but we also need, of course, to try to capture the near misses also, which has been more difficult because people don’t’ really like to admit that they almost made a loss.

So, that’s one area, certainly it’s made us focus much more on operational risks I think, and that’s been a great impact. The impact of Enron, for example, one of the impacts certainly is Sarbanes-Oxley, which has actually created a lot more work for us. Paul’s mentioned the onerous tasks that have to be undertaken for IS39, well Sarbanes-Oxley is also hugely onerous on our control systems, on our auditing, on the reports we have to produce internally to make sure we’re complying with it. So I think what’s really happened, in a sense, with these disasters is much more regulation and essentially much more work for us on keeping records and showing that we’re doing the right thing.

Martin Upton:

Paul and Neil, has that been the experience in the corporate world?

Neil Henfry:

At Boots we’ve been very lucky that we’ve not had to deal with Sarbanes-Oxley because we’re not US listed. However, even in the UK the introduction of the Operational Financial Review and forward-looking risk statements in the annual report and prospectus and things like that means that we’ve had to introduce a far more formal risk management process across, not just treasury, but the whole of the business operations. And that’s been introduced over the last couple of years. So, there’s a much more rigorous, holistic risk of process nowadays of which treasury is actually a very small part, because many of our risks are quite mitigated away, whereas your core business risks you can’t mitigate away, and they’re the ones that you actually need to understand on the Board more than many of the treasury risks which we’ve got rid of.

Paul Outridge:

That’s right, and I think, certainly now, part of the annual accounts require formal statements on policy in terms of how you address the risk, as we’ve said, Neil’s said, not just financial risk but also insurance risk, etc, business operational risk; and certainly the whole corporate governance has moved. Even De La Rue does not have to, I’m pleased to say, report under Sarbanes-Oxley either. But the whole level of reporting under corporate governance is now filling quite a few pages now of everybody’s annual reports. And it’s an area that, as Hor said, I think more and more, there will be additional requirements in which we need to comply in future, as we go forward, as more accounting standards and, potentially, more disasters happen, in which everybody, if you like, needs to make sure and demonstrate that they have the systems in place to mitigate those risks.

Martin Upton:

But this is also setting a serious educational challenge for executive and non-executive directors who don’t necessarily come from a financial background. How are companies dealing with this?

Paul Outridge:

Well, certainly from our side, and we do have formal training courses for directors when they’re appointed. They now actually have a series of lectures and informal discussions, so they are actually made fully aware of just what the risk of being a company director for a public quoted company is. Because in circumstances they are liable along with the company, and therefore it is a personal liability as well as a corporate liability.

Neil Henfry:

We would have a similar kind of thing at Boots.

Hor Chan:

Well, I think one of the things I can say from the difficulties perhaps that some of the corporates are facing is actually this is a good opportunity for banks, of course. It’s a chance for us to move in, perhaps, and help advise on some of the regulations that are required, or to advise on how to manage your hedging systems, so it’s more efficient and you comply with IS39 or, indeed as Neil mentioned, on the pensions funding side, of course, we are suppliers of the financial instruments that he mentioned, inflation links, swaps and assets for investment and so on, of course.

Martin Upton:

I’d like to finish by focussing on one curious but particular foreign exchange-related risk which I was discussing with Paul just before the making of this programme. Now De La Rue prints banknotes and recently we’ve seen the emergence of the euro and the eurozone in recent years, and who knows, in the future many more countries may be joining the eurozone. And, as a printer of banknotes, I just wondered whether this development in the forex market was good business news or bad business news.

Paul Outridge:

Well, in the sense of certainly the spread of the euro market, to a certain extent it is, from a treasury perspective, it is actually quite good because obviously it helps to mitigate the risks in the foreign exchange market. From a business perspective there are both opportunities and, perhaps, disadvantages. With regard to principal western European countries, most countries print their own banknotes. As the largest private printer of banknotes we have about approximately 50 per cent of the private market, but 90 per cent of the banknote market is actually printed by state governments. So, therefore, particularly for the eurozone, most countries will actually print their own notes, and, therefore, there isn’t an opportunity in that particular area necessarily for us. Although, together with the change, obviously, in the changeover in currency, it means that there needs to be new machines both for handling and counting notes, and that is an area of opportunity for us in which, obviously, we make sure we’re well placed.

Martin Upton:

And would you be well placed when Britain goes into the euro?

Paul Outridge:

Yes, I think there’s sufficient lead time on that to allow everybody, I think to be able to manage that transition.

Martin Upton:

I suspect there’s a very long lead time on that. OK, and with that, can I thank Hor Chan, Neil Henfry and Paul Outridge for the insights they have provided into the realities of risk mapping and risk management in the business world. Financial risks are pervasive but at least we know that there are means of managing them effectively.

Music – dur: 00:05

End transcript: Risk mapping and risk management

Download

Risk mapping and risk management

Interactive feature not available in single page view (see it in standard view).

The audio was recorded in 2006, but its contents are still very relevant for our understanding of contemporary risk management issues.

Case study

2 A helicopter overview of risk

2.1 Defining risk

Having looked at the general context of ‘risk’, we can now define more clearly what we mean by it and then categorise it into its main forms. We can then consider how we might analyse and manage both financial and non-financial risk for an organisation through risk assessment and risk mapping.

How do we define risk? You may have already met a couple of empirical definitions that cover the concept of the variability of stock prices (measured either by the standard deviation, or the beta of the returns of the stock or portfolio) as the definition of risk in the context of portfolio theory.

We now extend this into a more comprehensive definition.

The word ‘risk’ is thought to derive either from the Arabic word rizq or the Latin word risicum (Kedar, 1969, pp. 255-9). The two possibilities quite neatly combine to give us the meaning for the English term in our context. The Latin word originally referred to the challenge presented to seafarers by a barrier reef and so implied a possible negative outcome. The Arabic word, on the other hand, implies ‘anything that has been given to you (by God) and from which you draw profit’ and has connotations of a potential beneficial outcome.

A twelfth-century Greek derivative of the Arabic rizq related to chance outcomes in general with no positive or negative implications (Kedar, 1970). We can combine the above definitions to derive our concept of risk as being ‘an uncertain future outcome that will improve or worsen our position’.

There are two implied elements about this definition that should be noted:

1. It is probabilistic – the likely outcome can be assessed, but is not known with certainty.
2. The outcome may be favourable or unfavourable.

It should be noted that the definition does not necessarily imply ‘symmetry’, where the ‘upside’ and ‘downside’ are of an exact equivalent magnitude. Indeed in many risk situations the outcomes are skewed – for example, more ‘downside’ than ‘upside’ risk. For many financial matters, however, which are our main concern here, risk is more or less symmetrical or is assumed to be so. However, there can be dangers in this assumption – we will discuss these in more detail later on.

The term ‘risk’ as it is used in finance differs from the way it is commonly used in everyday life in that it can be quantified in terms of probabilities. In a situation where there are many potential outcomes, both negative and positive, and their probability cannot be quantified, the financial term to describe it is ‘uncertainty’, to differentiate it from risk (Russell-Jones and Day, 2005). Though outside the scope of this course, it is important to know that we can still assess and manage uncertainty through techniques such as ‘worst case scenario analysis’ (Crouhy et al., 2005).

2.2 The risk management process

An organisation’s attitude towards the various forms of risk to which it is exposed should be a direct interpretation of its business strategy. This has implications both ways: the strategy itself must address the appetite and capacity for risk within the business and the systems and actions of the organisation regarding risk should seek to attain the goals envisaged by the strategy. This process of linking risk exposure and risk appetite to an organisation’s policy is known as risk mapping and is a key part of the risk management process. It can be divided into sequential stages, as outlined in Figure 2.

(Source: adapted from Crouhy et al., 2005, p. 2)

Figure 2 The risk management process

Show description|Hide description

Figure 2 shows the risk management process. The individual stages of the process are shown in boxes and arrows are used to depict the flow of the process from stage to stage. The process commences with the identification of risk exposures. This then leads to the measurement of these exposures and an estimation of their potential effects. At the same time as doing this the means and methods for mitigating these risk exposures are identified. Subsequently the risk mitigation strategy can be formulated and implemented. The final stage is the evaluation of the performance of the strategy. This then informs whether changes need to be made to the strategy going forward.

Figure 2 The risk management process

Stage 1: Identify risk exposures

There is no single or definitive way to subdivide risk. The key point, however, is to ensure that the categorisation chosen covers each type of risk and is understood by all those using the results. The process should be tailored to the size of the organisation and the complexity of the environment it faces. A small organisation may only consider a small number of risks and deal with them in a much more informal way than a company like Unilever. For the time being, let us consider the full range of risks – including financial and other risks – which an organisation could face in running its business. One possible way of subdividing risk categories is depicted in Figure 3.

(Source: Crouhy et al., 2005, p. 26)

Figure 3 Typology of risks

Show description|Hide description

Figure 3 shows the various financial and non-financial risks that organisations may face. Each risk is shown in a box. The risks include market risk, credit risk, liquidity risk, operational risk, legal and regulatory risk, business risk, strategic risk and reputation risk.

Figure 3 Typology of risks

Legal and regulatory risk

The second major category of non-financial risk arises from legal and regulatory forces which may cause financial losses to your organisation. It is of tremendous importance to certain sectors, such as banking, but much less important to some other industries. One example might be the recent changes in British tax laws that introduced a £2 billion windfall tax on oil companies: see Box 2.

Box 2 Statoil halts North Sea oil development over windfall tax

Figure 4

George Osborne is preparing to fend off a rebellion by the North Sea oil industry over his plan to impose a £2 billion tax on the sector.

The chancellor told the Treasury select committee that officials would contact Norwegian oil company Statoil, which has suspended development work on the new Mariner and Bressay fields to the south-east of Shetland while it studies the implications of the chancellor’s tax on the profitability of its operations.

Osborne’s £2 billion windfall tax on oil companies was a surprise measure in last week’s budget and will be used to offset a cut in fuel duty.

The North Sea oil industry is claiming that thousands of jobs are at risk and Statoil, which planned to operate from Aberdeen, said it would ‘pause and reflect’ before deciding whether to continue developing the fields which are due to come on stream from 2016/17.

Industry body Oil and Gas UK warned that the tax risked thousands of North Sea jobs. It called for immediate talks with the Treasury and an urgent meeting of Pilot, the government-sponsored oil and gas industry forum.

But Osborne defended the windfall tax to the MPs as ‘perfectly reasonable’ and insisted that Statoil had not yet cancelled any proposed investments. ‘They just want to talk to us about their investment plans,’ he said.

The chancellor, who came under fire from Labour MP John Mann for not knowing the exact amount of duty levied on a litre of petrol, insisted investment would increase despite the tax because of the surge in oil price.

The member companies of Oil and Gas UK – which include Shell and BP – met to discuss the new tax. Malcolm Webb, its chief executive, said the announcement had damaged trust in the government. It was now rerunning its survey of its members' investment and exploration plans. ‘The unexpected tax hike announced by the chancellor in last week’s budget looks to have been constructed hurriedly without rigorous analysis of its implications and has damaged investors' confidence in the UK as a stable destination for their capital,’ he said.

The Mariner and Bressay fields have estimated reserves of 640 million barrels. Bard Glad Pedersen, a Statoil spokesman, said the tax would have a ‘significant impact’ on the Mariner project. ‘We have to pause and reflect to evaluate what impact this will have and consider how to proceed after this. This is a project about to be developed. With this tax increase, there is a substantial impact.’

Peter Buchanan, chief executive of the Woking-based Valiant Petroleum, which specialises in smaller, marginal North Sea fields, said it would damage investment in the costlier fields, so North Sea production would decline faster.

‘The UK will import more oil and gas from parts of the world that contribute nothing to the Treasury. So increasing North Sea costs will have unintended adverse effects – it will reduce investment, put further pressure on oil and gas supply in the UK and ultimately could drive oil prices up further.’

The controversy is presenting significant political problems for the Liberal Democrats (Lib Dems) in the [UK] coalition government with reports that the party’s Members of Parliament in Scotland are planning to attack the proposal to protect their local party from a backlash by voters. The party is also struggling to defend seats around Aberdeen, the oil industry’s capital, against heavy pressure from the Scottish National party and Labour in campaigning for the 5 May Scottish parliamentary election. The latest opinion polls show the Liberal Democrats in Scotland are being very badly damaged by their links to the UK government, with their poll ratings 50 per cent down.

The city’s Press and Journal newspaper reports that two influential Lib Dem backbench MPs, Sir Robert Smith and Scottish party president Malcolm Bruce, are preparing to publicly criticise the plan. It has been defended by Michael Moore, the Lib Dem MP and Scottish secretary in the coalition cabinet, as the ‘right and fair thing to do’.

The Scottish National Party’s Treasury spokesperson at Westminster, Stewart Hosie, intensified the pressure by pressing Osborne to reconsider the tax during a Treasury select committee hearing in the Commons on Tuesday. Speaking after the meeting, Hosie said: ‘The tax changes announced by the Chancellor are totally ill-thought through and run the risk of diverting investment away from the North Sea. Statoil have already announced withdrawal from fields south of Shetland.

‘George Osborne must reconsider his plan before it endangers Scottish jobs further.’

(Source: Carrell, 2011)

Box 3 provides another example of legal risk, the recent fine of $308,000 that China imposed on Unilever for warning it might increase prices on some of its products.

Box 3 Unilever fined by China for price rise warning

Unilever and its rivals have been warning that higher commodity costs mean prices will have to rise

China has fined the consumer products giant Unilever $308,000 (£188,000) for warning it might increase prices on some of its products.

The National Development and Reform Commission (NDRC) said that comments by Unilever about possible price rises had created ‘market disorder’.

Both China and Unilever are struggling with higher commodity prices, including higher energy and food costs.

Unilever said it would abide by the agency’s decision.

The company told Chinese media some months ago that prices would have to rise, but Chinese officials said this had provoked panic buying.

The NDRC also said the warning had ‘intensified inflationary expectations among consumers’.

China, like other national governments, is battling to contain inflation, which is at a three-year high in the country.

Unilever, which sells a vast range of brands, including Cif cleaning products, PG Tips tea and Hellman’s mayonnaise, has been warning that it cannot keep absorbing higher raw material costs and will have to raise selling prices.

Its rivals, including Proctor & Gamble and Kraft, have also warned on prices.

All of them are increasingly looking to emerging markets, such as China, for growth.

(Source: BBC, 2011)

While the amount of this fine is insignificant given Unilever’s size, the fact that it will not be allowed to raise prices in the huge Chinese market could have a substantial financial impact on the company.

Stage 2: Measure and estimate risk exposures

Having identified the categorisations appropriate to the organisation, using this typology or another one that better suits the major risks the organisation faces, the next task is to measure the assorted risks.

There are two main ways of thinking about the possible results of risk exposure. Either you can focus on the ‘expected return’ or on ‘possible outcome versus return’. The expected return method is usually easier to use in a quantitative or comparative way. For example, assume you are faced with choosing between action A and action B, each with the same level of risk. If it is possible to calculate the expected return of the alternatives then it is usually sensible to opt for whichever offers the better expected return.

How do you calculate expected return? This is the sum of the values of the return of each possible outcome multiplied by its probability of occurrence. The formula for this is represented as

where

E(R) = expected return

R_i = value of outcome i

P_i = probability of outcome i

This is the same definition as that for the mean return in statistics since ‘expected return’ and ‘mean return’ are the same thing.

The expected return method is very much applicable and useful in finance – for instance, in your study of portfolio theory.

An important use for expected return is when considering avoidable risk: that is, risk to which the organisation can choose whether or not to be exposed. The simplest form of the rule is: ‘only take on avoidable risk if the expected return is positive’. Similarly, if you have to decide between choices, the rule should be: ‘choose the option with the highest expected return’.

You should immediately realise that either form of this rule is not yet complete as it does not address the balance between level of risk and level of return. Strictly speaking, satisfying the rule as so far stated is a necessary, but not a sufficient, condition for accepting avoidable risk. Please accept this for the moment as it avoids judgements about ‘acceptable’ return for taking on risk: the simplification will allow us to investigate, in Box 6, another aspect of deciding on exposure to risk.

This idea of ‘avoiding catastrophic outcomes’ leads to the second factor we need to include when assessing risk: namely, ‘possible outcome versus return’. This does not contradict the ‘risk versus return’ as epitomised by portfolio theory and the capital asset pricing model (CAPM), but adds to it. ‘Risk versus return’ looks at the situation as a whole and judges whether on average the risk is worth accepting. This new criterion says that for some sorts of risk it is necessary to consider whether some possible outcomes are so insupportable as to outweigh almost any level of average return.

The standard deviation is a way of condensing into a single number information about the average amount of scatter around the mean of a distribution. Since this represents uncertainty about the return received in any particular period, it is truly a measure of risk as we have defined it. For some types of risk, however, it is not practical to calculate a proper statistical measure such as the standard deviation. Additionally, historic measures based on past returns may not capture ‘discontinuities’ that generate insupportable outcomes. For example, stock market declines, such as during 2001–03, may be seen as included in, and allowed for, by standard deviation analysis, but crashes that happen in the space of a few days, such as in 1929, 1987 and, arguably, 2008, reflect such radical and unusual changes as to preclude capture of such a measure.

In either situation, including a ‘catastrophe avoidance’ criterion is not a rival to the standard deviation, but an adjustment to it. Figure 5 illustrates the idea, perhaps rather crudely.

(Source: The Open University, 2010, p. 18)

Figure 5 ‘Expected return’ and ‘possible catastrophe’

Show description|Hide description

Figure 5 shows two line graphs for scenarios A and B. The vertical axis is ‘project value’ the horizontal axis is ‘range of outcomes’. Each shows the estimated average value of the project. Scenario A depicts a more predictable project value, but a lower average value, than Scenario B.

Figure 5 ‘Expected return’ and ‘possible catastrophe’

Scenario A shows the value of a project for the whole range of possible outcomes: it is not a true ‘distribution’ in the proper statistical sense, but is meant to represent qualitatively the same sort of idea. The project is more likely than not to end up with a positive value, as implied by E(R) > 0. Furthermore, all the possibilities give relatively modest values, some positive, some negative, none extreme.

Scenario B, on the other hand, is expected to give a higher value than Scenario A, but there is a small chance of it ending up horribly negative – a catastrophic outcome. While the expected return is better, we should also include in our consideration such an unpleasant possibility.

It is worth noting that the expected return system can encompass the possible outcome versus return method. If you look at each of the terms in the E(R) summation, as well as the final result, then you can analyse the individual outcomes as required for this second method of assessing risk. Here you consider each potential outcome and what would be the profit or loss should it actually occur. If one or more outcomes have an unacceptably large negative return, that is, a catastrophic result, then this information should be taken into account.

A benefit of this ‘summing over outcomes method’ is that it forces us to think through the consequences of each possibility. Sometimes this is more important than calculating expected value. Also, it is much easier to apply this system where the assessment must be essentially qualitative, either in respect of the values or of the probabilities. However, this method has one significant disadvantage: if it does not result in comparable measures, it makes assessing between options much more difficult, or, at the very least, less precise.

Risk mapping

Risk mapping needs to show key areas of risk for the organisation in terms of danger and size of exposure. The aim is to provide the organisation’s policymakers with data to enable informed strategic decision making about the allocation of the organisation’s risk capacity. Where possible, the mapping might include benchmarks for some types of risk. This is likely to be feasible for market-oriented risks (for example, foreign currency, interest rate, commodity price and so on) as there is more chance of there being a published benchmark.

Box 7 shows the operational-research technique of decision-tree analysis, which can be useful for showing the links between choices and the risk implications of making those choices. Even if you do not go through the whole process of estimation and ‘roll back’, just drawing the tree will often clarify cause and effect.

Box 7 The concept of a decision tree

The principle in this operational-research technique is to draw a graph of decision points and outcomes for a project or process, which forms the ‘tree’ and its branches. In the full method, a monetary value and probability are assigned to each outcome and then the tree is ‘rolled back’ to work out the pathway through the project that offers the highest ‘expected monetary value’ (EMV). An example is shown in Figure 6 for a television company deciding whether to produce a new series.

Often, just going through the process of drawing the tree is useful in itself. In particular, it helps clarify where our choices branch away from each other: in other words, if we choose to do X we have ‘burned our boats’ (meaning that there is no chance to go back and change or reverse an earlier decision – the phrase relates to the action taken by Julius Caesar’s Roman army which, in 49 BC, burned its boats having crossed the River Rubicon in pursuit of the enemy) with respect to choices W, Y and Z. Clearly, the points at which we cut ourselves off from possible courses of action are significant when thinking about the risks of a project. At times, this graphical approach can be a direct help in itself by showing us where, for example, re-ordering of the project could serve to delay irreversible decisions – often an immediate aid to risk reduction. Adding in the values and probabilities is, in effect, providing the input for the calculation of an expected return, but in a way which also takes into account the chronological sequence of events. Sometimes this adds little to our decision making, but often with more complicated projects (or strategic plans, if considering a whole organisation) it does improve the manager’s knowledge to a worthwhile degree – and that ought, on average, to lead to better choices being made.

(Source: The Open University, 2010, p.19)

Figure 6 An example of a decision tree

Show description|Hide description

Figure 2.3 shows two line graphs for scenarios A and B. The vertical axis is ‘project value’ the horizontal axis is ‘range of outcomes’. Each shows the estimated average value of the project. Scenario A depicts a more predictable project value, but a lower average value, than Scenario B.

Figure 6 An example of a decision tree

So what should be the output from this second stage of the risk management process? Against each category chosen in Stage 1 there should be an analysis, probably containing both numeric and qualitative information, assessed in whatever way is appropriate for the particular type of risk. During this stage instruments that can be used to shift or trade risks are also identified. The next step is to assess the effects of exposures.

Stage 3: Assess effects of exposures

In this stage, a further analysis of the effects of the various risks identified takes place and certain questions are answered:

1. Why be exposed? Is the exposure unavoidable? The analysis may show how certain risks can be avoided, or at least minimised, if different choices are made.
2. Size of exposure. This certainly needs to be assessed on a relative basis (that is, what proportion of the total risk does this element represent?), but if an absolute value can be placed on it, so much the better. It is often as useful to senior management to use a rating scale (for example, highest = 1, next highest = 2, etc.), as opposed to specific numbers, for measuring relative risk exposures provided the scale is understandable and can be sufficiently discriminating.
3. Warnings. The analysis should flag any potential catastrophic outcomes arising from a particular risk element. Where feasible, it is helpful if the analysis shows what is currently done to avoid or reduce a risk. Alternatively, suggestions for future action can be included.
4. Cost of risk. If the risk is avoidable, or can be reduced, what would be the cost of avoidance or reduction? What is the potential benefit?
5. Correlation of risk. Many types of risk are interrelated. For key risk elements that are correlated, it is useful to make plain the linkage where this is material. This correlation of risk is clearly akin to portfolio theory. However, because here we are considering a much broader range of risks it is not possible to be as mathematically precise as in portfolio theory – but the idea is the same.

The overall goal for the mapping should be kept in mind: that is, to provide risk information to the organisation’s policymakers. As always, the objective is to end up with a succinct report to give the senior management the input needed for them to produce an appropriate definition of corporate strategy.

It is a good idea, where possible, to rank the risk factors within the groups, but how possible this is depends on the measures used. If the expected value and standard deviation method is predominant, then ordering is feasible. Most financial risks are amenable to this way of measuring risk/return, but whether the same is true of operational, business and strategic risks is less certain. Ranking may also be possible with a scaled system, but this will often depend on the degree of discrimination the chosen scale allows. In general, the ordering aims to put at the top of each group’s list the factors with the best risk/return profile, and the worst at the bottom.

If two factors, A and B, have the same risk assessment, perhaps measured by standard deviation, but A offers a better expected return, then the ordering is straightforward. It is less easy to be precise if A is also riskier. At this point the organisation’s particular attitude to risk becomes important. A very conservative business will require more return per unit of additional risk than will a more adventurous one, assuming the terms ‘conservative’ and ‘adventurous’ refer to the degree of risk aversion of the respective organisations. The rankings must reflect this attitude to risk.

Another way of partitioning within the groups is to treat linked risks together. For example, if there is a set of risks all associated with operating in a particular country, report them together, on the premise that strategic-level management may only be able to act on them as a group anyway. This form of partitioning can be used as well as, rather than instead of, the ranking procedure. It may add more complication than illumination to senior management’s interpretation, however, and can only be decided upon on a case-by-case basis.

By now you should have a sizeable report on the organisation’s overall risk profile – and hopefully a better understanding of that profile. It is time for decision making to take over from analysis.

Stage 4: Form a risk mitigation strategy

A risk mitigation strategy involves choosing among four major alternatives for dealing with the identified risks:

1. avoid
2. transfer
3. mitigate
4. keep.

We will discuss in more detail the ways in which financial risks can be transferred or mitigated. It is important to understand, though, that decisions must also be made as to whether risks should be avoided or kept: a process that is known as ‘allocating risk capacity’.

A first step in allocating risk is to rank the risks previously identified. A useful way to do this is to separate them into the following groups:

1. risk unavoidable except by ceasing core activity
2. avoidable risk, core activities
3. avoidable risk, non-core activities
4. selectable risk.

The intention is to help management by giving a sequence for consideration: that is, Group 1 ‘uses up’ some of the risk capacity before you can consider Groups 2 to 4, and so on.

Group 1 relates to risks that have to be run if an organisation wishes to conduct a core activity.

Group 2 relates to risks that can be avoided, if desired, in respect of an organisation’s core business activities.

Group 3 relates to risks that can be avoided, if desired, in respect of an organisation’s non-core business activities.

Group 4 relates to risks that an organisation can run (with a view to making money) if it chooses or can avoid without any impact on its core or non-core business.

Group 4 needs some further clarification. It is the set for types of risk where the degree of risk can be adjusted more or less voluntarily without changing the operations of the business. The classic example would be financial gearing – where the management can, at least in the medium term, choose the debt/equity ratio without altering the company’s activities.

Some risk elements can appear in both Group 4 and elsewhere. For example, it may be necessary to accept some foreign currency risk as a concomitant to doing business (Group 2). But the organisation could also take on foreign currency risk that was essentially speculative – that part would be Group 4. In effect, Group 4 can be regarded as a ‘balancing item’ between the total risk represented by the main business and the capacity for risk decided upon as acceptable by the management.

Stage 5: Evaluate performance

Risk management is but one input to policy making in an organisation. It is usually an important element, but can only be useful when put in context with other strategic requirements. In practice, risk is also a consequence of other policy decisions, and so should be seen in this context rather than in isolation.

It is reasonable to believe that an organisation has an intrinsic capacity for absorbing risk, dependent on such factors as its size, its access to capital, its economic and/or social role, the attitude of the owners and so on.

Unfortunately, it is seldom easy to put a figure on that capacity for any particular organisation, though there is often a consensus about the estimated area for the total. For example, most people would expect to see a biotechnology company accepting more risk than, say, a charity providing housing for disadvantaged people. Deciding which of two UK charities, for example, the British Heart Foundation or Macmillan Cancer Relief, has more risk capacity, however, would be a much more difficult, if not impossible, task.

In the corporate world – especially for exchange-listed companies – although determining what is the risk capacity for a business is still fraught with difficulty, the market will be very clear if it thinks a company has got it wrong. Too much risk and the share price declines or even collapses; too little (that is, excessive unused capacity) and a take-over bid may appear – nowadays, often a highly leveraged bid, using the excess risk capacity on offer.

Let us assume that the board of an organisation has, by some process – which will necessarily include evaluation of other strategic decisions already made – decided on an acceptable level of total risk. How should they go about formulating policy to allocate their risk?

It is important that risk allocation is seen as a constraint on the system, not a driver. By this we mean that it is the other inputs to strategy – corporate goals, market opportunities, core industry and so on – that should be promoting the direction of the organisation. The risk mapping and risk-capacity calculations should be used to assess that the organisation is functioning within its limits. However, the effect of different parts of a business acting like a portfolio may mean that simply adding up the risks of individual aspects of the organisation may overstate the net risk. This can be allowed for in the mapping process (with some difficulty) or it may be accommodated in a less precise way by senior management taking an optimistic view of the total risk capacity of the business – that is, an overestimate of risk capacity compensating for an overestimate of the net risk.

In practice, the information made available by the risk management process can help do more than just ensure that the business does not step over the risk cliff into the chasm of destruction. It can assist in the choice of path so that the direction taken heads most swiftly towards the organisation’s goals, without smashing on the rocks or meandering inefficiently. By clarifying what dangers the business faces, risk management better enables management to avoid them without having to leave an excessive margin for error. The likelihood of optimising the risk-to-return equation is, therefore, maximised.

With these factors in mind, it is vital that organisations regularly and systematically evaluate the overall performance of their risk management system and analyse whether it continues to best support organisational goals and is in line with the organisation’s capacity for absorbing risk. It is important to realise that both these factors will change over time.

Summary

So far, we have been concerned with defining risk and with answering two questions: what types of risk and how much risk is an organisation exposed to?

In this context, risk can be described as an uncertain future outcome that will improve or worsen the organisation’s position. Risk can be expressed in probabilities of an upside or a downside outcome.

Risk management is the process whereby an organisation assesses the types and degrees of risk to which the business is exposed, the effects of those exposures and then formulates a risk mitigation strategy. The process as we have described it can be broken down into five stages:

• Stage 1: Identify risk exposures
• Stage 2: Measure and estimate risk exposures
• Stage 3: Assess effects of exposures
• Stage 4: Form a risk mitigation strategy
• Stage 5: Evaluate performance.

The major risk categories include market, credit, liquidity, operational, legal and regulatory, business, strategic and reputational.

There are two main ways of thinking about the possible results of risk exposure: either by focusing on the expected return method or upon possible outcome versus return. Expected return can be calculated by estimating the total of every outcome multiplied by its probability. This then allows the organisation to accept avoidable risk only if the expected return is positive. It also allows the organisation to choose the option with the highest expected return and to avoid, where possible, catastrophic outcomes.

This expected return analysis leads to the collection of data on:

• why the organisation is exposed and whether the risk is avoidable
• the size of the risk – graded perhaps from 1 to 10 (an exercise that is admittedly difficult if you are solely relying on qualitative assessments)
• the warnings of possible catastrophic outcomes
• the costs of accepting or avoiding risks
• the identification of links to other risks.

The allocation of risk capacity can then be done by ranking risks as follows:

1. risk unavoidable except by ceasing non-core activity
2. avoidable risk, core activities
3. avoidable risk, non-core activities
4. selectable risk.

We now turn to examine in some detail one of the risks faced by all organisations – operational risk.

3 Operational risk

3.1 The implications of operational risk

As described above, operational risk – often shortened to ‘op. risk’ by practitioners – is a major type of non-financial risk that almost every organisation should consider and manage. In fact, for many smaller organisations with less formal risk management systems it might be the only non-financial risk taken into account. In these cases it is often defined quite broadly to encompass all the other non-financial risks.

The term ‘operational risk’ extends to the breakdown of controls and procedures within organisations – in effect, the processes intended to avoid the adverse consequences of all those other risks we have looked at in this free course. As we will discuss, carefully considered management controls must be applied by organisations to manage financial and non-financial risks, such as those arising from interest-rate and foreign-exchange changes and credit risk, that comprise the core of the content here. If, however, these controls are not observed – either deliberately through fraudulent activity or simply as a result of incompetence – then an organisation is potentially exposed to financial risks for which it has either no capacity or appetite.

As described in Boxes 8 and 9, the Sainsbury and Lufthansa examples both demonstrate that op. risk can have major adverse financial consequences.

Arguably, the cost to Sainsbury’s of the IT failures outlined in Box 8 was more than the financial write-offs detailed. The retailer’s competitors, particularly Tesco, were not standing still during this period of Sainsbury’s difficulties. Unsurprisingly, therefore, this period of operational difficulties saw Sainsbury’s lose market share to its rivals – and also saw a radical shake-up in the management of the company.

Box 9 Lufthansa cancels flights after computer failure

Figure 7

Lufthansa had to cancel about sixty European flights and its services around the world were delayed following a computer fault in its check-in system on 24 September 2004.

The company’s Star Alliance partners (Britain’s bmi, Poland’s LOT and Austrian Airlines) were also affected by the problem.

The flight cancellations affected about 6,000 passengers, while short-haul and long-haul departures were delayed by up to two hours. Some freight normally carried by plane had to be moved by truck.

At Berlin’s Tegel airport there were long queues as clerks had to write tickets by hand and tell passengers there was no assigned seating.

A Lufthansa clerk said the problem was not caused by a virus, but by the launch of a new computer program overnight, which brought the system down.

Unisys said it deeply regretted the failure of its check-in system, which went down following a planned outage.

‘After being rebooted, the operating system and hardware ran smoothly for approximately ninety minutes until a software problem brought the check-in system application down,’ Unisys said.

The company had to install new software to fix it.

The financial markets reacted to this operational failure, with shares in Lufthansa falling 1.8% to 9.32 euros.

(Source: USA Today, 2004)

It is consequently no surprise, particularly in the financial services sector, that greater scrutiny is being given to the operational risk being run by organisations. Indeed, the collapse of Barings in 1995, and the high-profile losses arising at the Allied Irish Bank’s US subsidiary Allfirst in 2001, were both classic examples of the financial mayhem that can arise through the existence of inadequate operational controls or a breach of the pre-set control procedures. Let us look more closely at the Barings episode in Box 10.

Box 10 Barings – a very simple (but costly) operational failure

As related earlier in this free course, the United Kingdom merchant bank Barings collapsed in February 1995 as a result of losses amounting to nearly £800m arising from derivatives trading by its Singapore subsidiary.

Figure 8

Derivatives are financial instruments whose prices are dependent upon or derived from one or more underlying assets. Derivative transactions are contracts between two – and sometimes more – counterparts. The value of derivative contracts is determined by movements in the prices of underlying assets.

Much of the media coverage focused on the complex nature of derivatives trading – although in the case of Barings the transactions on which money was lost were mostly simple bets on equity prices that went wrong.

It was not, then, the arcane nature of derivatives that caused the collapse of Barings – rather the lack of some basic operational controls. With limited staffing in its Singapore subsidiary, Barings failed to ensure the effective segregation between its trading activities and the recording and accounting of those trades. One trader, Nick Leeson, executed the transactions, took it upon himself to record the financial outcomes of certain of these trades (in a secret account coded 88888) and also managed the movements of funds to support them. This enabled him to start concealing loss-making transactions and their financial consequences for the bank for several months.

Eventually the adverse cash-flow consequences of the bets that had gone wrong had to surface as counterparties to the transactions sought their ‘winnings’. Barings collapsed at a spectacular speed and Nick Leeson, after fleeing, was apprehended at Frankfurt airport and returned to Singapore to serve time in prison for his fraudulent activities.

The collapse could so easily have been averted by applying a simple operational control. If Nick Leeson had not been able to record his own transactions and move funds to support his trading positions – that is, if the trading activities had been properly segregated from the settlements and accounting function in Singapore – then the loss-making trades would have been identified and reported by other staff at an early stage. This would have prevented the losses from escalating. Barings might have taken a financial loss as it unwound these trading positions, but it would have survived.

Ironically, the number eight is, according to the Chinese, supposed to bring luck. Clearly it failed to do so for Nick Leeson and Barings Bank!

3.2 Operational risk management

Operational risks are very wide ranging since they effectively can arise from any potential weaknesses in an organisation arising from its processes and staff.

Managing these risks is therefore a process that envelops all parts of an organisation. The list of practices that can be adopted to contain operational risk is therefore huge and, to a large degree, will be specific to the nature of the organisation. Certain generic rules, though, do apply. Let us look at these.

3.3 IFRS and operational risk

Whilst International Financial Reporting Standards (IFRS) apply significant disclosure requirements for financial risks, they are less prescriptive when it comes to operational risk. In explaining its decision to limit required disclosure on operational risk, the International Accounting Standards Board (IASB) states that ‘the definition and measurement of operational risk are in their infancy’ and decided to ‘defer this issue to its research project on management commentary’ (IASB 2010, p. B534). While operational risk may be in its infancy in general, for certain industries such as banking, it is much more advanced and disclosure is typically required by regulators in the notes to the financial reports.

Summary

Operational (or op.) risk is not a core financial risk as such. Its linkages, however, to the ability of organisations to manage those core risks that we examine later make it imperative that we understand the subject. Indeed, many financial risk failings experienced by organisations – and particularly the most calamitous ones – have their source in organisational risk failures.

Audiovisual resource

Activity 6 BP oil spill

Timing: Allow 30 minutes for this activity.

Watch the videos BP Oil Spill – Tony Hayward’s Testimony Part 1 (2010–7), about the catastrophic BP oil spillage in the Gulf of Mexico in 2010. BP’s reputation and that of its executives were enormously damaged by this operational failure, particularly in the US.

Download this video clip.Video player: BP Oil Spill – Part 1

Show transcript|Hide transcript

Transcript: BP Oil Spill – Part 1

Rep Bart Stupak:

Committee will come back to order. When we left off we, Mr Hayward had finished his opening statement. We’ll begin with questions. I’ll begin.

Mr Hayward, when I heard about the explosion in the Gulf, the immediate company that popped in my brain was BP. And that’s because of the last number of years from Texas City where people died and 170 people were injured, the North Slope, the problems we’ve had there. And BP’s own 2007 report on the Management Accountability Project in which it stated there was a culture that evolved over the years that seemed to ignore risk, tolerate non-compliance and accept incompetence.

So I wasn’t surprised when we heard about the explosion in the Gulf and BP was part of it. Since then, this Committee, the Oversight and Investigations Committee of the Energy and Commerce Committee, we have methodically looked at this issue. And I know you have, and your company has also.

On May 12^th we had a hearing, which we looked at a number of things that went wrong. On May 25^th our Committee, Chairman Waxman and myself put out a memo. It was based on BP’s preliminary report. And I’m sure you’re familiar with that report, are you not sir?

Tony Hayward:

I am.

Rep Bart Stupak:

And then on June 14^th Chairman Waxman and I sent you a letter, 14 pages where we talk about the crazy well and the nightmare well.

Quite frankly BP blew it. You’ve cut corners to save money and time. And as the Chief Executive Officer of BP, as I state in my opening, you called for a leader decision-making process. You called for fewer people in the decision making process. You stated individuals need to be accountable for risk and to manage risk. Therefore, BP’s leadership managed the risk in this well. Did you manage the risk properly?

Tony Hayward:

Since I’ve been the CEO of this company I have focused on safe, reliable operations. I’ve set the tone from the top by making it very clear to everyone in BP that safe, reliable operations are our number one priority. But of course it’s about much more than words. Safety is about three things. Its about plant, it’s about people and it’s about process. In the last three years we’ve invested more than 14 billion dollars in plant integrity.

Rep Bart Stupak:

But then what happened here? I mean the June 14^th letter we put out the other day, we went through five major areas. The head of the CEOs of the oil companies before this Committee Tuesday all said, you did it wrong. They never would have done a well this way. You made decisions, whether to a casing or the string with the tie-back, which everyone said the tie-back would have been safer. The lock-down sleeve, centralisers instead of doing 21 as recommended, you only do six. That defies this safety emphasis, does it not?

Tony Hayward:

We’ve launched an investigation, which we’ve shared with yourself Mr Chairman and all of your members, which has identified seven areas. It’s identified areas around cement, casing, integrity- pressure measurement, well control procedures and three areas around the blowout preventer which failed to operate.

Rep Bart Stupak:

Sure.

Tony Hayward:

That investigation is ongoing, it’s not complete.

Rep Bart Stupak:

You’re the CEO of this company. You said you were here to answer the questions of the American people. You were an exploration manager, exploration manager with BP. You were the director of BP’s exploration. You are Vice-President of BP’s exploration and production. You hold a PhD from the University of Edinburgh. Based on the May 12^th hearing, the May 25^th memo, our June 14^th letter to you, based on all those facts, are you trying to tell me you have not reached a conclusion that BP really cut corners here?

Tony Hayward:

I think it’s too early to reach conclusions with respect, Mr Chairman. The investigations are ongoing. They’ve identified seven key areas and when they’re complete ...

Rep Bart Stupak:

Every one of those seven key areas, sir, dealt with saving time and saving money and accepting the risk. So if we use your own words, if you’re going to hold BP accountable, then we have to manage the risk. Should leadership at BP be held accountable here?

Tony Hayward:

There is no doubt that I’ve focused on safe reliable operations. We’ve made major changes in everything we do over the last three years. We’ve changed people.

Rep Bart Stupak:

What changes have you made since April 20^th when the BP Deepwater Horizon exploded? What changes were made then?

Tony Hayward:

Based on what we know so far, we have made changes with respect to the testing and evaluation of blowout preventers. We’ve made changes, with respect, to ensuring that people who are likely to be dealing with well control are up-to-date and fully validated for well control procedures. And as we learn more about what happened here we will continue to make changes.

Rep Bart Stupak:

My time is just about up, and I’m trying to hold members quickly to a time because we want to get through at least one more round. Let me just ask you this.

Last five years, I’ve been up here. Your safety record, you have 26 people dead, more than 170 injured. You have the largest spill ever in Alaska. You now have the largest environmental disaster to hit the United States with no end in sight with this disaster. Do you believe the US government should continue to allow companies that have poor safety records, poor environmental records to explore minerals or oil exploration in our country? Should there be a ban on companies that have miserable safety and environmental records?

Tony Hayward:

In the three years that I’ve been CEO I’ve focused on improving dramatically our safety and environmental performance. A price of this accident that is, has indeed been the case. And that is why, amongst all the other reasons, I am so devastated by this accident.

Rep Bart Stupak:

I agree, and under your tenure you said, you had the 2007 report that was scathing of BP’s culture. You, we still have the problems with Alaska. You said you were going to hold people accountable. Who are we going to hold accountable here?

Tony Hayward:

We’ve engaged in a systematic change at BP over the last three years. We have begun to change the culture. I’m not denying that there isn’t more to do, but we have made dramatic changes in the people we have in our organisation, the skills and capabilities they have. We’ve invested heavily into that. We’ve changed significantly the processes that we use to manage our operations, and most importantly perhaps we’ve made safe, reliable operations at the core of the company. It is the thing that I talk about every time I talk internally and every time I talk externally about BP.

Rep Bart Stupak:

Sure, let’s play games … In your opening statement you said as long as you were CEO of BP, CEO of BP these things would occur. Do you expect to be CEO of BP much longer?

Tony Hayward:

I’m, at the moment I’m focused on the response. I think everyone here believes that the highest priority is to stop the leak, contain the oil on the surface and clean it up. And that is what my focus is.

Rep Bart Stupak:

Mr Burgess, your questions.

Rep Michael Burgess:

Thank you, Mr Chairman. The highest priority is stopping the leak. Let me just ask Mr Hayward, is your presence here today in any way interfering with that number one task of stopping the leak?

Tony Hayward:

It is not.

Rep Michael Burgess:

Thank you. Let me ask you another, let me just make a statement for clarification. I am not going to apologise to you. It was, after all, BP executives who were on that rig, BP executives who ultimately could have made the call to stop operations when things became unsafe. And ultimately you are the person at the top, and you are responsible. We lost 11 men on that rig, Transocean and other companies lost 11 men on that rig. I don’t feel that apologies are in order. But Mr Chairman, I do have serious questions about the set up of this fund that we heard about from the Whitehouse yesterday. And I hope this Committee will stay engaged in the oversight of that activity as well. It’s still disturbing to me that we have not had anyone from the Federal regulatory side. We’ve brought a ton of other people in here and questioned them, but really we need Mr Salazar here. We need whoever the minerals and management people were who approved that exploration plan that BP submitted that was woefully inadequate. Shame on you, Mr Hayward, for submitting it, but shame on us for accepting it with just simply a rubber stamp.

Now I’ve got some questions that I do need to ask. BP unfortunately, it’s not the first time you’ve been in front of our Committee. And in 2006, although you were not CEO, in September of that year I pulled the transcript last night and, and looked through it again. There was a big oil spill in Alaska, that had to do with not proper maintenance on the pipelines. And when you came in you said you were going to focus like a laser beam on safety. And certainly that had to be welcome news after Texas City, after the North Slope accident. So what safety briefings do you get as your office of Chief Executive Officer, and who provides them to you?

Tony Hayward:

The basis of our management of safety performance is through something that we call our Group Operating Risk Committee. It’s a Committee that I set up, I Chair. It involves the heads of all of the business streams. And ...

Rep Michael Burgess:

So it’s, so ...

Tony Hayward:

And we meet, we meet on a bi-monthly basis to review the safety performance across the company. That process is mirrored down through the company.

Rep Michael Burgess:

And what type of safety directives then, what type of directives do you issue in terms of safety as a result of those meetings? And perhaps, would you be willing to share some of that information with the Committee as we go forward?

Tony Hayward:

We can certainly share that information with the Committee. They range from changes to procedures, to requirements of, to have people where there are issues with safety to come and present to us.

Rep Michael Burgess:

But somebody records minutes during those meetings, and then your directives they come as a consequence of those briefings are written down and delivered to the appropriate managers on the ground?

Tony Hayward:

There are minutes of those meetings.

Rep Michael Burgess:

I beg your pardon?

Tony Hayward:

There are minutes of those meetings.

End transcript: BP Oil Spill – Part 1

Download

BP Oil Spill – Part 1

Interactive feature not available in single page view (see it in standard view).

Download this video clip.Video player: BP Oil Spill – Part 2

Show transcript|Hide transcript

Transcript: BP Oil Spill – Part 2

BP Oil Spill – Part 2

Rep Donna Christensen:

You state also in your testimony that, you state in your testimony that the events of 420 were not foreseen by you. But in light of the several areas of concern that have been raised, shouldn’t someone have foreseen and be able to prevent the explosion? For example, I understand that there was supposed to be a policy where any one person on a rig can shut it down if they perceive a problem. Is this a real policy that’s enforced and reinforced in training? Or is it something just on paper because that didn’t seem to happen in this instance, even though some Transocean, some Halliburton, and even BP employees reportedly had serious concerns.

Tony Hayward:

It is a policy that is real. And if anyone at any time believes that what they’re doing is unsafe, they have both the right and the obligation to stop the task.

Rep Donna Christensen:

Are you surprised that no-one, given what we are hearing, and I know the investigation is not complete, that no-one made that decision to shut the rig down?

Tony Hayward:

I think in the light of what we now know, it is of course surprising that someone didn’t say that they were concerned. And I think that is to the heart of the investigation to understand exactly what the events were, and why there was not a, different decisions taken with respect to the events, particularly in the last five or six hours on the day of the incident.

Rep Donna Christensen:

There was a company, I think it’s, that was supposed to do the, Schlumberger, that was on the rig at the time and left. Now when we were in New Orleans, we were told in the hearing that they left because of concern for safety. But other reports said that they left because they were told they weren’t needed. What in your knowledge is the correct reason?

Tony Hayward:

I believe that the, I believe that it’s clear that they left the rig because they had completed the task. Or the task that they had anticipated to do was not required.

Rep Donna Christensen:

OK. So as far as you know it was not that they felt unsafe as we were told in New Orleans?

Tony Hayward:

It was nothing to do, I don’t believe, on the basis of anything that I have seen that it was anything to do with safety.

Rep Donna Christensen:

OK. My last question. In your testimony you say, and I’m quoting, “BP is a responsible party under the Oil Pollution Act”, and you distinguished that terminology for many implication of legal liability which is still being investigated.

You say a) do you think that you’re the sole responsible party, or might there be others and if so who?

Tony Hayward:

The government has named four responsible parties. They are BP, Transocean, Mitsui and Anadarko. They have all been named as responsible parties in this incident.

Rep Donna Christensen:

The last two were?

Tony Hayward:

Mitsui, Anadarko, Transocean and BP.

Rep Donna Christensen:

Thank you. Thank you, Mr Chairman.

Rep Bart Stupak:

Thank you, Ms Christiansen. The next for questions would be Mr Roche. He’s not here. The next would be Mr Green, for questions please.

Rep Gene Green:

Thank you Mr Chairman. Mr Hayward, yesterday Mr Tillerson from, the day before yesterday, Exxon Mobil testified Tuesday that in the aftermath of the Exxon Valdez accident, Exxon Mobil launched a full-scale, top to bottom review of their operations in implementing far-reaching actions that today guide every operating decision they make on a daily basis. Have there been any specific reforms that BP’s implemented following the Alaska pipeline accident and the Texas City refinery disaster?

Tony Hayward:

We implemented major, major change following the incidents in 2006 and 2007. We’ve implemented changes to our people, in terms of the skills and capabilities we have. We’ve implemented changes to the training that they get and the expertise that they develop. And we’ve implemented significant changes to all of our operating practices, including the implementation of an operating management system that covers all of the company’s operations. It has been a root and branch review from top to bottom.

Rep Gene Green:

I guess my concern is having followed both the Alaskan pipeline and the Texas City refinery disaster, those reforms haven’t worked. What will be done differently this time in the last almost 60 days? Has there been some discussion on why the reform from the Texas City and the pipeline, the Alaskan pipeline hasn’t worked. And again, you know the information our Committee has, you received the letter two days ago on some of the decisions were made literally on the rig by BP’s representative. What, going forward from here will we know five years from now that we won’t have to repeat what we’re doing this time?

Tony Hayward:

That is why I am so determined to get to the bottom of this incident, such that we can learn from it and make changes to ensure that it doesn’t happen again.

Rep Gene Green:

What’s happened with your drilling procedures internationally? I know there are different standards for different companies. Our Committee heard testimony from the executive a few days ago that typically Norway in the Scandinavian countries have the toughest offshore drilling. I know BP’s active in Norway. Is there a significant difference on what you do in the Gulf of Mexico, as compared to what you do off the coast of Norway, or even off the coast at Edinburgh, off the coast of Great Britain?

Tony Hayward:

We operate to the same standards globally. And the truth is that the rules and regulations, as I understand it, in the Gulf of Mexico are higher than they are, for example, in the North Sea and the UK sector, in terms of the requirements. So we will continue to learn from this incident and make changes to ensure that it cannot happen again, and it will be global.

Rep Gene Green:

Thank you Mr Chairman.

Rep Bart Stupak:

Thank you Mr Green, you yield back?

Rep Gene Green:

Yes.

Rep Bart Stupak:

Mr Green yields back, and next we turn to Mr Barton, ranking member for questions please.

Rep Joe Barton:

Thank you, Chairman Stupak. I appreciate the opportunity to ask some questions. Mr Hayward, yesterday when we had a hearing in a different subcommittee of this full Committee, we had four CEOs of other oil companies. I think, to a person, and I could be wrong about this, but I think they all indicated that they either would not have drilled this well, or at least would not have drilled it the way BP drilled it. What’s your response to that?

Tony Hayward:

I want to understand exactly what happened through our investigation. To compare it with other practices to determine what is the truth. And I can’t comment today on that.

Rep Joe Barton:

All right. I have had off camera discussions with a number of experts in the drilling processes for the deep Gulf of Mexico, and they all say that BP has a different culture. That there is, for example, in most of the other companies that operate in the deep Gulf, there are a number of individuals on site that have what is called Stop Order Authority. In other words, if they see something that’s going on that comprises safety or integrity, they have the ability to stop production. But I’m told that BP doesn’t give that authority, that it is further up the chain of command. Is that correct? And if so, is that something that BP may consider changing given what’s happened?

Tony Hayward:

On a drilling operation such as this anyone can stop it. The BP men, the Transocean driller, the Transocean tool pusher, the IEM or the BP well site leader. It requires everyone to agree to continue. And if there is one person who does not agree then they do not continue.

Rep Joe Barton:

So when I’m told that the BP culture in terms of this authority is different I’ve been told incorrectly?

Tony Hayward:

I believe that’s so, Congressman.

Rep Joe Barton:

In terms of the two relief wells that are currently being drilled, are they being drilled using the same procedures as this well, or are they being drilled differently? In other words, some of the things that weren’t used on this well, the double casing, things of this sort are those relief wells going to use these enhanced safety procedures?

Tony Hayward:

There are clearly some areas of concern, as we have identified in our investigation – cement casing and the relief wells are being drilled with all of those issues absolutely foremost in the procedure. Now clearly, the relief wells are rather different because of what they have to do. But all of the things that we have learnt to date from our investigation have absolutely been incorporated into the activity that is taking place with respect to the relief wells.

Rep Joe Barton:

Have you either read, or been at least given a summary of, the letter that Chairman Waxman and Chairman Stupak said earlier in the week that lists the five or six outstanding or what they consider, what the staff consider to be the anomalies in this well, and the safety concerns. Are you familiar with that?

Tony Hayward:

I am familiar with that letter.

Rep Joe Barton:

OK. Do you agree in general with the concerns that are raised there about the lack of a, for the lack of a better term, of a safety collar being employed, the number of devices that could have stopped the oil and gas venting and escaping up the well. It was recommended, somebody recommended, I think, 21 or 22, and BP made a decision to only use six. Do you, now that you know what’s happened, do you share some of the concerns that that letter raises?

Tony Hayward:

I think I share the concern about there are a number of contributory factors that may have, that have created this incident. They’re focused on the cement, on the casing, on the integrity test, on the well control procedures, and on the complete failure of the blowout preventer. And they are all areas that I believe we all need to understand fully before we draw conclusions about how this accident occurred.

End transcript: BP Oil Spill – Part 2

Download

BP Oil Spill – Part 2

Interactive feature not available in single page view (see it in standard view).

Download this video clip.Video player: BP Oil Spill – Part 3

Show transcript|Hide transcript

Transcript: BP Oil Spill – Part 3

BP Oil Spill – Part 3

Rep Lois Capps:

Mr Hayward, your 20 billion dollars of compensation fund is a good first step. But it’s just the beginning. You’re going to have to fully compensate everyone who has been affected by this disaster.

This week BP announced the first instalment of a 25 million dollar fund within a broader 500 million dollar commitment to the Gulf of Mexico Research Initiative. Is BP still committed to putting the full 500 million, not just the 25 instalment, but the full 500 million towards this initiative?

Tony Hayward:

We are. It’s an initiative that will take place we believe over 10 years.

Rep Lois Capps:

When will we see the details of this entire programme?

Tony Hayward:

It’s being worked by the experts currently. We think it’s important to have a programme that has firm scientific foundation ...

Rep Lois Capps:

Are, are these your experts sir?

Tony Hayward:

No, these are not our experts. These are independent scientists drawn across the United States, from some of the ...

Rep Lois Capps:

I would request that you would submit to the Committee the list of experts that you have that are developing this programme. I would appreciate that.

Tony Hayward:

We’d be very happy to do that.

Rep Lois Capps:

Will there be further scientific investments that you will make available to the research community, significant, further investments of dollars?

Tony Hayward:

Well we’ve set up a 500 million dollar initial fund, and I think we need to see what the scientists determine.

Rep Lois Capps:

All right. I just mentioned this because your commitment pales into comparison to the one billion dollar Exxon spent on the Valdez spill 20 years ago, which was in quite a bit more remote location and fewer people apparently were impacted by that one.

So you are going to make all the data from this research available to the public?

Tony Hayward:

It will be fully open and transparent. It won’t be BP’s data, it’ll be the data of the scientists involved.

Rep Lois Capps:

All right, with their names attached?

Tony Hayward:

Absolutely.

Rep Lois Capps:

I want to switch topics now. The federal government has developed training classes to provide the necessary training for workers and volunteers who are cleaning up the oil from your spills. But we continue to see reports that BP is not following the training guidelines, endangering further the health of these workers now and long into the future. Why are we still hearing these kinds of reports from the people who are out on the water and on the shoreline?

Tony Hayward:

We’re doing everything we can to train everyone involved in this, as well and as clearly and as properly as we can.

Rep Lois Capps:

Are you using the federal developed courses?

Tony Hayward:

we’re using OSHA Guidelines to establish what is the appropriate training.

Rep Lois Capps:

Finally, I want to ask you about BP’s Response Plan, which was clearly inadequate. This Committee learned this week that the other major oil companies relied on the same Response Plans that are practically identical to your own. The same contractors seem to have written your plan and their plans. They hired the same contractors apparently as you did. And you all appeared to have the same technical experts and the very same response commitment.

Now if this spill had happened to a different oil company do you have any reason to think that they would have responded more effectively than BP has?

Tony Hayward:

I can’t really comment on that. All I can say is that we have initiated the biggest spill response in the history, not only of America, but of the world. It involves thousands of vessels, 35,000 people. It is the largest activity of its kind ever conducted.

Rep Lois Capps:

I appreciate that. The federal government of this country has also initiated the largest response that we have ever initiated on behalf of any kind of natural disaster or man-made disaster in the history of this country as well.

But finally, back to my original question on that topic. Rex Tillerson, the CEO of Exxon Mobil, was asked the same question that I just asked you. He said that Exxon, his own company, is not prepared to deal with a large spill if it happens to them. He also said that the response capability to prevent the impacts of a spill doesn’t exist.

Now bear in mind, this is the same response training manual, response manual that your company has in, with respect to his own, he says the impacts of a spill the capability does not exist, and probably never will.

My question to you, do you agree with Mr Tillerson about this?

Tony Hayward:

Well, I agree that it’s, there aren’t many missings in our ability to respond to an incident of this type. And there will be many learnings to be had from this incident, and how we can build better response capability in the future.

And, as I said, we are doing an extraordinary spill response, and I regret that it hasn’t been more successful so far than any of us would want.

Rep Lois Capps:

I yield back, Mr Chairman.

Chairman:

Thank you, Ms Capps. Mr Gonzalez, your questions please.

Rep Charles Gonzalez:

Thank you very much, Mr Chairman. Mr Hayward, let me ask you, there’s a six month moratorium on deep water drilling. Do you think that’s reasonable under the circumstances?

Tony Hayward:

I think it’s important that the lessons from this are learnt, and clearly that’s a decision for the authorities to take, not for me. But it’s clearly important that ...

Rep Charles Gonzalez:

On no, I’m not asking you to make the decision, I’m just asking your own opinion based on your expertise and your position. I would assume you would have an opinion of whether that’s a prudent thing to be doing?

Tony Hayward:

I believe it is prudent for the industry to take stock of what has happened here before it moves forwards.

Rep Charles Gonzalez:

Well, you know, there are calls to move expeditiously to lift that ban after accomplishing whatever is supposed to be accomplished in order to give people peace of mind, that is, we drill we’re not going to have a recurrence. So when do you think it would be appropriate to consider lifting the moratorium?

Tony Hayward:

I don’t think I can make a judgement on that today. I,I think ...

Rep Charles Gonzalez:

What would common sense tell you?

Tony Hayward:

I think when we understood clearly what had happened and understood clearly what better response is required in the event that something like this ever happened again.

Rep Charles Gonzalez:

I think, I’m hoping everybody is going to be on that same page because it’s fundamentally sound. Now we’ve had other members that made reference to the hearing we had a couple of days ago, and I’m sure you’ve already spoken to Mr McCain and such, but Shell, Exxon, Chevron, ConocoPhillips, they all said.

Now I will tell you this though when I asked them if they could me a 100 per cent assurance that nothing like this would happen when they’re drilling in deep water they wouldn’t give me it. What they would say is, we do it safely, we do it safely. Human experience is that there are no 100 per cent assurances about any activity. And all I was trying to get is, let’s be honest with the American people, that there’s risk. There’s risk. There’s risk. And it’s calculated risk. And if we can provide enough assurances that it’s a risk worth taking, then we’ll be out there won’t we.

Well they wouldn’t do that, believe it or not, and I’m hoping that you won’t play that same game. But what they did say is, it would never have happened because their manner and fashion of drilling is different than what you were doing.

I don’t want to start a big war among you guys, but do you really believe that the way they explore and drill in deep water is substantially different than what you were doing out there?

Tony Hayward:

Not to my knowledge.

Rep Charles Gonzalez:

I tend to agree with you. So let’s talk about planning. And I think Ms Capps pointed out something that’s really important as far as with Exxon. What he actually said was, we couldn’t deal with it if something like that happened. Which is an incredible statement to make, isn’t it, the fact that you’re willing to expose that kind of risk, and if a worse case scenario did develop you wouldn’t know what to do?

So let’s go back to 2003. The Society of Petroleum Engineers and the International Association of Drilling Contractors reported, quote “No blow-out has yet occurred in ultra deep water, water depths of 5,000 feet or greater. But statistics show it is likely to happen. Are we ready to handle it?” Well, we know the answer is no, but at that time they said it was likely to happen. Have you ever read anything like that in all these years that it was likely to happen?

Tony Hayward:

I haven’t read that article I’m afraid.

Rep Charles Gonzalez:

Did you believe it was likely to happen?

Tony Hayward:

I did not believe it was likely to happen. It was a risk that was identified as the highest risk by BP across the Corporation. It was a risk that was identified by, as the highest risk by our Exploration and Production Unit. And we believed that the risk mitigant was the so called failsafe mechanism of the blow-out preventer.

End transcript: BP Oil Spill – Part 3

Download

BP Oil Spill – Part 3

Interactive feature not available in single page view (see it in standard view).

What do you think were the immediate and long-term financial consequences to BP of this episode? You may want to note down and save your thoughts in the note box provided below.

To use this interactive functionality a free OU account is required. Sign in or register.

Interactive feature not available in single page view (see it in standard view).

Answer

The direct costs to BP of the oil spill in 2010 relate to the repair work and the cleaning up of the Gulf of Mexico. Additionally, BP faced fines for the spillage and claims for compensation from organisations – particularly marine organisations – whose business was adversely affected by the disaster. How far BP will be able to offset these direct costs, estimated as being of the order of $40 billion to $60 billion, by sharing the financial burden with its contractors or insurers is currently unclear.

Read more in this news story.

One immediate impact was a fall in BP’s share price from 650 pence in March 2010 to 300 pence in June 2010 – although subsequently the share price has recovered and stands (in January 2012) at 476 pence. Clearly this means that raising finance through equity issues would be more costly to BP now than in early 2010, before the spillage. Additionally, the cut in BP’s credit rating by the credit rating agency Standard & Poor’s would have slightly increased the cost of borrowing money from the financial markets.

Over the longer term it will be interesting to see the impact of the reputational damage to BP on its business – particularly in the US and especially in its retailing operations (i.e. petrol stations). As consumers become increasingly environmentally conscious, BP may suffer over the medium-term in the same way that the oil company Exxon did after its oil spill in Alaska in 1989.

Conclusion

In this free course we have:

• Explored the range of risks that organisations may be exposed to. We have not only introduced ourselves to the main financial risks but also to the other risks which may indirectly impact on the finances of organisations – such as operational, reputational and legal and regulatory risk.
• Examined how the process of risk management should be implemented within organisations – thereby providing the structure for examining each type of financial risk in detail.

The free course provides an overview of the risk management process which should be embedded in the operations and governance of every organisation. There is, however, no ‘one size fits all’ way of implementing risk management. Instead the process must be tailored to fit the size, complexity, industry competition and environmental uncertainty facing the organisation. For a small organisation the process may be very informal, while for a company like BP or Unilever it must be much more formalised, documented and provided with dedicated resources in the form of staff and budget.

It is important that the individual risks are not looked at entirely in isolation from each other. Doing so is what is known as a silo approach to risk management. Instead, managers must develop a holistic view of risk. Organisations may have small exposures to the individual risks, but when these are aggregated they may have, in total, substantial financial and non-financial risks that require careful management.

What we do certainly know – given the recent catalogue of high-profile financial calamities – is that the failure to manage risks can have devastating and, on occasion, terminal outcomes for organisations.

Glossary

beta

The beta of a share is a measure of its risk relative to the market as a whole (or its covariance with the market). The beta risk of a share is just one element of a share’s total risk or standard deviation. The other element is the risk specific to the share which can be diversified away. The capital asset pricing model shows how investors should only be rewarded for the beta risk of their investments. Beta is often abbreviated to b.

capital asset pricing model (CAPM)

A model which relates the expected return on a security to the expected return on the market as a whole and to its risk. The capital asset pricing model allows a company’s equity cost of capital to be estimated and provides performance benchmarks for equity investors.

debt/equity ratio

In financial risk analysis, this is a way to determine a company’s leverage. To calculate debt/equity ratio, a company’s long-term debt is divided by the value of its common stock.

derivatives

A future, forward or option contract. These are short term securities which establish their value (or potential exposure to risk) making reference to prices set up in another market (i.e. the market for the underlying asset).

financial risk management

Managing a risk arising from a financial based activity (e.g. foreign exchange transactions).

gearing

A measure of the amount of debt in the capital structure, typically the debt/ equity ratio which is debt as a percentage of debt plus equity capital. Gearing is a UK term, the US equivalent is leverage.

Gross Domestic Product (GDP)

The value of the economic output of an economy.

International Accounting Standards Board (IASB)

The accounting board that sets international financial reporting standards (see International Financial Reporting Standards).

International Financial Reporting Standards (IFRS)

The reporting standards for accounting standards set by the International Accounting Standards Board (IASB) (see International Accounting Standards Board).

leverage

A measure of the amount of debt in the capital structure, typically the debt/ equity ratio which is debt as a percentage of debt plus equity capital. Leverage is a US term; the UK equivalent is gearing.

mean of a distribution

The statistical average of a series of numbers or observations.

net present value (NPV)

The discounted present value of future cash flows (of, say, a project or investment) net of the cost.

portfolio theory

A model of the risk and return of a portfolio of shares.

standard deviation

A measure of volatility which is the square root of the sum of the squares of the differences between actual outcomes and the mean outcome.

wholesale funds

Funds raised from institutions via the financial markets.

References

Acknowledgements

This free course was written by Martin Upton

Except for third party materials and otherwise stated (see terms and conditions), this content is made available under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Licence.

The material acknowledged below is Proprietary and used under licence (not subject to Creative Commons Licence). Grateful acknowledgement is made to the following sources for permission to reproduce material in this free course:

Cover image CGP Grey in Flickr made available under Creative Commons Attribution 2.0 Licence.

Every effort has been made to contact copyright owners. If any have been inadvertently overlooked, the publishers will be pleased to make the necessary arrangements at the first opportunity.

Text

Activity 6 (answer): BP's Gulf oil spill bill 'could hit $60bn', The Daily Telegraph, by Rowena Mason, Wednesday, April 20, 2011 © of Telegraph Media Limited.

Figures

Figure 4: © Michael St Maur Shell/Corbis

Figure 7: © http://www.joiseyshowaa.com/

Figure 8: © PATRICK LIM/AP/Press Association Images

Audio-Visual

Oil Spill video: © C-SPAN®

Don't miss out

If reading this text has inspired you to learn more, you may be interested in joining the millions of people who discover our free learning resources and qualifications by visiting The Open University – www.open.edu/ openlearn/ free-courses.