Risk Management – at crossroads

Home/Article/Risk Management – at crossroads

Risk Management – at crossroads

In the beginning

For long human beings have kept records of their past. One of the earliest records of scorekeeping by human race is found in the cave paintings in Europe –Lascaux, Altamira and Chauvet among Others1. These cave paintings have been dated about 40,000 years ago. They were of animals. One of the explanation provided for these paintings is to record the animals available and their seasonal movements. Since the concept of art in that age is not supported, they are seen as a recording of the food sources.

Of the same period, Dr.Karl Absolon in 1937, found a wolf bone with tally marks2. This thirtyfive thousand year old bone had fifty-five notches carved in it. These notches ware marked in groups of five each, indicating a deliberate record of counting. Hypothesizing on these tally marks, one view is that these marks represent the ‘kill’ of a hunter to keep a score of his accomplishments. Since then the practice of scorekeeping has evolved to more sophisticated and complex forms like the US GAAP accounting that require ‘experts’ to record and interpret them.

While the practice of scorekeeping served a very useful purpose of recording and summarizing the past to enable recall and analysis, its limitations are only too obvious when used for decision making. The future tantalizingly mirrors the past, but only for most parts, differing on some basic critical issues. These differences have rendered the past scorekeeping ineffective for future decision making.

What is required for decision making is not what happened in the past, but what will happen in the future. The desire to make better decisions has sustained the necessity to see the future, right through the three eras of human history– the agricultural age, the industrial age and the knowledge age.

Agriculture in the past, even as it is today, depends on the vagaries of nature. The factors that influence agricultural production was well know, but what was not known was how to influence them. Adverse natural conditions were seen as the price paid for sins committed. Hence, nature worship and sacrifice were the avenues to appease and influence the future favorably. A manifestation of this is described in the Old Testament, in the section LEVITICUS. In a ceremony described in the part titled ‘the scapegoat’, Aaron takes a live goat to the altar, puts both his hands on the goat’s head and confesses over it all the evils, sins, and rebellions of the people of Israel, and so transfer them to the goat’s head. Then the goat is to driven off into the desert by a man appointed to do it. The belief was that ‘the goat will carry all their sins away with him into some uninhabited landWas this an early form of risk management?


1 Watson, P., Ideas: A history from Fire to Freud, Widenfeld & Nicolson, London, 2005, p 35

2 Clawson, C C., The Mathematical Traveler, Viva Books Private Limited, 2004, p 33

3 Good news Bible, with Deuterocanonical books/ Apocrypha, Today’s English Version, p 117


The Industrial age

The advent of steam power, electricity and assembly line saw the birth and maturing of the industrial age, with its large scale operations. An important feature of this age was the need for large investments in plant and machinery that could only be recovered over a period of time.
Explaining how profits are earned in competitive markets, Frank Knight in his book, Risk, Uncertainty and Profit, one of the earliest books on risk published in 1921, wrote4

Thus competition for productive service is based upon anticipation. The price of productive services being the cost of production, changes in conditions give rise to profits by upsetting anticipations and producing a divergence between costs and selling price, which would otherwise be equalized by competition.

The aspect of anticipation, which in the agricultural era was common to all, in the industrial age became specific to individual businesses. It was around this time that planning or more specifically business planning evolved to tackle this uncertainty. The primary role of planners
was to outline the future to reduce uncertainty. Since business results were measured in financial statements – profit and loss account and balance sheet, business plans were also defined in terms of profitability budgets and asset positions. Twentieth century, except during the short world war years, saw continuous growth, a unique feature in the human history. In this setting, a good plan was an effective forecast. This is captured in the first of the thirteen aims of Scientific Management published by the Taylor Society, which read5

To gauge industrial tendencies and the market in order to thereby regularize operations in a manner which will serve the investment, sustain the enterprise as an employing agency, and assure continuous operations and employment.

The practice of planning to manage the vagaries of future continues with some minor changes. Scenario planning, popularized by the Royal Dutch/Shell in 1960s was a significant development. Adapting the Hollywood practice of outlining the ‘scenario’ of a new script by giving particular situations, Royal Dutch/Shell asked the questions ‘Is their life for our company after Oil?’ The result was Year 2000 study that led to diversification by Royal Dutch/Shell. However, scenario planning was only a variant of the planning process; but elsewhere by then risk management had taken birth.


4 Knight, F H., Risk, Uncertainty and Profit, Boston MA, Hart, Schaffner & Marx; Houghton Mifflin and Company, 1921, part III, Chapter VII page 2

5 Scientific Management in American Industry, by H S Person, ed. Copyright 1929 by Taylor Society and H S Person, quoted in Organizational Behavior: the management of Individual and Organizational Performance, David J Cherrington, Allyn and Bacon, 1989, p 48


Anatomy of risk

In common parlance risk is often used as a synonym for loss, danger, uncertainty, hazard, peril, threat, and chance among others. The word risk has its root in the Italian word risicare, which means to dare. Considering the root, risk has the closest meaning to chance: a chance for reward if successful, and a failure resulting in a loss. But in common usage, risk is more associated with the cost of failure. Risk and reward go hand in hand. Not only do they go hand in hand, the magnitude of one determines the size of the other.

The risk matrix given below, boxes the risks considering the time element. Horizontally listed is the causal event mapped onto the three time zones –past, present and future. On the vertical side is mapped the occurrence of loss in the three time zones. Sequentially, the causal event precedes the occurrence of loss. Hence the boxes, casual event in the present or future causing loss in the past is a logical fallacy. Same is the case with causal event in the future causing a loss in the present.

The Risk matrix

Causal event Occurrence of loss
Past Present Future
Past History Reporting risk Contingent liability
Present Logically not feasible Operations risk Market risk
Future Logically not feasible Logically not feasible Strategic risk

Reporting risks are a potential failure to report a loss, either to the internal stakeholders or the external stakeholders. Operating risks are the ‘slip between the cup and the lip’. Market risks are the potential loss arising due to change in either price of assets or liquidity of counterparties. Strategic risks include change in the business charter or business models.

The birth of Risk Management

One of the earliest conceptual models for risk management was outlined in 1956 by Russel Gallagher. Writing for the 1956 Harvard Business Review, his article, ‘Risk Management: A new phase of cost control’, was prompted by the increasing cost due to worker accidents, resulting in higher compensation payments, and the higher risks associated with the use of commercial nuclear-power. In this article he divided risk management into its three elements– risk analysis, risk abatement, and risk coverage.

Discovering through inspection and research the full extent of the possible losses were the activities outlined under Risk analysis. Loss here was defined to exclude business loss, i.e. loss arising from economic forces or managerial decisions. This left loss that could arise from natural, accidental, negligent, dishonest or criminal acts to be ‘discovered’.

Risk abatement covered actions that could be taken by the company to avoid these losses. The action included – personnel training, safety engineering, plant protection, construction planning, quality control, plant location and educating executive attitudes. This was seen as the most critical aspect of risk management. The last section of risk coverage dealt with the potential residue losses that could not be abated. Three methods of dealing with this were outlined –assuming the risk, self-insuring and commercially insuring the risk.

In the fifty years since this article was published, only the form of risk management has changed with more detailing, while its content has remained the same. It is interesting to see that even after the five decades voluntary adoption of risk management by businesses is quite limited. Had it not been for the statutes that mandated risk management, cost containment through risk management would be virtually non-existent.

Classification of risk management activities

Risk Management in 1950s COSO Framework for the 21st century
Risk Analysis Internal environment
Risk Abatement Objective setting
Risk Coverage Event identification
Risk assessment
Risk response
Control activities
Information & communication Monitoring

The birth of formal risk management practice can be traced back to 1974 when Bankhaus Herstatt, the West German commercial bank failed. This resulted in huge losses to banks from other countries on foreign exchange contracts in which Bankhaus Herstatt was the counterparty. While the Deutsche Mark, the first leg of the foreign exchange transaction with Herstatt bank was completed, the second leg of US dollar delivery in New York was not honored. The Central bank in West Germany had shut the bank down after the close of banking hours in Germany but before the New York banks opened for business. The banks from different countries which suffered loss on this count, got together to set up the Committee on Banking Regulation and Supervision in 1975, with the Central banks of the Group of Ten countries as members. This committee is now known as the Basel Committee on Banking Supervision, the fountainhead of risk management in

Financial markets amplify results – profits multiply and losses grow exponentially. Time horizons of the real world to grow profits are shrunk dramatically in this markets using financial leverage. The period of 80s and 90s saw some of the most spectacular blow-outs. October 1987 saw global stock markets collapse by a third, led by the US markets. This was followed in quick succession by the Mexican crisis, Asian crisis and the Russian default, severely denting the foreign exchange and interest rate markets. The nadir was in the failure of Long Term Capital Management, a leveraged hedge fund that had two noble laureates and an ex-Federal Reserve Board Vicechairman
at its helm. A $3.7 billion restructuring package was required to contain this blow-out. All this contributed to risk management becoming a core aspect of financial services and banking business. But the story in the corporate world is quite different.

Corporate Risk Management

The initial efforts to bring risk management into the corporate world were primarily triggered by fraudulent financial reporting in the United States in the 1970s. A committee appointed under the chairmanship of Cohen identified the gap between the auditors’ responsibility and the expectations of the users of financial statements in their report titled The Commission on Auditors responsibility: Reports, Conclusions and Recommendations in 1978.

In the next decade, the National Commission on Fraudulent Financial Reporting issued in October 1987, a report titled Report on the National Commission on Fraudulent Financial Reporting. This report more popularly known as the Treadway Commission, studied more actors involved in financial reporting and identified forty-nine recommendations. These recommendations covered the role of board of directors, top management, auditors, accounting professionals, regulators and academic community. One of the critical factors identified by the commission to prevent fraudulent reporting was in prevention and early detection. This resulted in the COSO’s 1992 Report –Internal Control –Integrated Framework. This report detailed a framework of internal control and highlighted its importance in preventing fraudulent financial report. In addition the report also described components of internal control and prescribed methods to assess the internal control systems. It also identified the responsibility of establishing effective internal control systems to the board of directors.

In the same year, in 1992, the Cadbury Committee in United Kingdom also came out with its recommendations. This committee was set up in response to the corporate scandals in United Kingdom. In addition to emphasizing the role of audit committee and internal control systems, the report also entrusted the board of directors with the job of setting a financial risk policy.

In 1999, the Committee of Sponsoring Organizations of the Treadway commission studied two hundred of the three hundred reported cases of fraudulent financial reporting in the period 1987-1997 in United States. One of the most significant outcomes of this study was the COSO
Enterprise Risk Management Framework. This framework built on the COSO’s Internal Control – Integrated Framework in a bid to enhance the quality of financial reports and prevent fraudulent financial reporting.

Perhaps, the lukewarm response to risk management seen in the corporate world may be a reflection of the US led approach taken to promoting enterprise risk management to prevent corporate frauds. The experience of the twenty-first century American corporate scandals has clearly vindicated the corporate response.

Risk management at crossroads

Today, Enterprise risk management is at crossroads. For corporate risk management to gain wide spread acceptance it can either wait for a big corporate scandal of the magnitude of Long Term Capital Management seen in financial sector or it can pursue the business case made out for risk management by Russel Gallagher.

Fortunately, India has stipulated Risk management reporting as a part of its corporate governance reporting requirements for companies listed in the stock exchanges. There is a strong case for the risk management professionals to push their case on the strength of business contribution, rather than fall back on mandate to achieve acceptance of risk management practices. For this the company management and the board of directors must lend a willing ear to hear potential bad news; for bad news is good news, only when it comes in early.

Companies that voluntarily adopt risk management will find as Russel Gallagher identified decades ago, cost savings. Risk management is like a heating process, which evaporates costs. More effective the process, more of the cost is vaporized.






By | 2019-01-16T15:43:28+00:00 January 16th, 2019|Article|0 Comments

About the Author:

Leave A Comment

Schedule a demoGo to CAIRRSubscribe to Newsletter