Risk Management Archives

Legal Risk — A Case Study

Overview :

Definition :

Legal risk is risk from uncertainty due to legal issues, impact of legislation, actions or uncertainty in the applicability or interpretation of laws and regulations that affect the organisation and its operations and activities. Such impact can arise due to contracts and contractual claims, third party obligations, torts and operation of law. Depending on the circumstances, legal risk may entail such issues as broadly listed out below.

Issues for consideration :

A number of issues that can give rise to risks that are external in nature are outlined below. The issues can be generally divided into two segments. One relating to contracts that constitute the basis for majority of interaction and activity in a civilised society. The other part relates to the different laws adopted by society for smooth functioning and their implications and impacts.

Contract formation :

What constitutes a legitimate contract ? Is an oral agreement sufficient, or must there be a legal document ? What documentation is required ?

Intra vires and ultra vires contracts :

Certain contracts are intra vires and others ultra vires. The latter can have serious unintended consequences for the contracting parties in terms of incomplete (in choate) contracts.

Capacity :

Does a counterparty have the capacity to enter into a transaction ? For example, in 1992, the United Kingdom’s House of Lords determined that the London Borough of Hammersmith and Fulham lacked capacity to transact in derivatives linked to interest rates. Not only were contracts dating back to the mid-1980s with that borough declared void, but contracts with over 130 other councils were effectively invalidated. A number of derivatives dealers suffered losses.

Legality of derivatives transactions :

In some jurisdictions there are issues relating to whether certain derivatives could be deemed gambling contracts and thus made unenforceable. This was a significant concern during the early days of OTC derivatives markets.

Perfection of an interest in collateral :

A claim is perfected if it is senior to any existing or future third-party claims in the event of bankruptcy. A perfected interest represents a lien on collateral. Requirements to perfect a claim can be complex and vary by both jurisdiction and the nature of the collateral.

Netting agreements :

Under what circumstances will a close-out netting agreement be enforceable ?

Incomplete contracts, quasi contracts, contract with minors and insane persons also give rise to legal risks.

Contract frustration :

Unforeseen circumstances may invalidate a contract. E.g., if a contract is linked to an index or currency which ceases to exist, the contract could become invalid.

Another dimension of legal risk :

Legal risk is the risk arising out of infraction of the law. If business and organisational activities and operations are tainted by illegality or result in a legal insult or impact that has legal consequences, this risk is attached.

In fact whenever information systems and Internet technology is used, this can attract emerging legislation like cyber laws which can give rise to legal risk for such activities.

Given the nature of legal risks and issues, this is an external high-level risk that is difficult to control. Dealing with legal risk is not an easy task and needs a proactive approach.

Legal risks can affect the functioning of a business and may even result in its closure in extreme circumstances. A procedural or lower level infraction of law can result in disruption and damage to business and reputation. These legal risks range from serious risks at one end of the spectrum to technical and procedural risks at the other. Thus legal issues that arise in serious risks are fundamental in nature, affecting the ownership, organisation, operations and continued existence & functioning of a business.

Technical aspects of legal risks would cover legal risks relating to compliance with regulatory requirements, formalities and business laws like Companies Act, Partnership Act, Taxation Laws, Labour laws and other legal requirements.

Procedural aspects of legal risks would involve legal risks relating to operations and procedures and functioning of the organisation and its day-to-day activities. e.g., when employing or terminating the services of an employee whether due process of law has been followed ?

Techniques for raising awareness of legal risk:

One of the most effective ways of dealing with legal risks is to raise awareness of the employees and staff. Here, we will focus on some practical ways in which the effective management of legal issues and disputes can create greater efficiencies in a company’s continuing business relations with its various stakeholders including customers, suppliers and joint venture partners.

The following are some of the important ‘hard’ and ‘soft’ elements of the legal dimension of risk and techniques of dispute management that are relevant for understanding and appreciating legal risks.

1) General awareness raising:

This involves presentations, workshops and ‘road shows’ to offices in the parent country and around the world, to as many employees, associates and business partners as possible, in order to raise awareness and increase familiarity with aspects of legal risk and the methods the company or organisation uses to minimise and avoid it. This should include clear identification and designation of a contact point (in the legal or compliance department) whom the employee can call, as a demonstration of commitment and back-up behind the communication programme.

2) ‘Legal Audits’ :

These help identify areas of strength and weakness, for example:

a review of current litigation,arbitration and/ or other conflict resolution techniques used to assess internal and external costs, likelihood of success, settlement options and likely outcomes.

a review of standard contracts to assess whether the dispute resolution mechanisms are the most appropriate for the type of activity covered by the contract.

a review of existing contractual relationships with suppliers, distributors, customers and joint venture partners to assess whether there are any ongoing disputes that can be avoided, or potential disputes that are likely to escalate into litigation, to tackle.

3) Training in ‘alternative’ dispute resolution skills (ADR):

In addition to building an awareness of the strengths and weaknesses of different types of more formal dispute resolution techniques (such as seminars on arbitration options), better awareness can be achieved by introducing a series of workshops on, for example, mediation and how the mediation process works. This will enhance core communication and negotiation skills if well presented.

Warning signs – things to consider avoiding, during negotiations and whilst the contract is being performed:

an unusual amount of time spent on negotiation of non-commercial terms

lawyers spending increasing time discussing non-commercial or non-core terms

business people not in control of the commercial elements of the negotiation

key commercial terms are not clearly set out, or there is delay in clarifying them

changes in the pattern of negotiation (e.g., from face to face, to more written exchanges, or vice versa)

after signature, there is a personnel change which breaks continuity in the relationship be-tween parties, or understanding of the commercial rationale for the contract and its intended implementation

poor preparation and planning before negotiations start, inadequate follow-up either internally or with the counterpart, so that lack of clarity as to the process exacerbates lack of clarity as to the content, and as to the eventual commercial objectives.

Warning signs – what to look for to avoid disputes developing

increasingly late payments

late response or non-response

move from verbal to written communication

tone of verbal/written communications – more fractious questioning or legalistic rhetoric

internal time spent on analysis of legal position

internal disagreements as to strategy and/ or approach (are there hidden agendas ?)

loss of product or service quality Ill. change of personnel

different messages reaching different layers of the organisation from the counterpart company

in a joint venture: misalignment of interests which are dealt with as minor differences, but which could conceal longer-term strategic differences, arguments over budgets, technical objectives, marketing campaigns, etc.

The impact of legal risks has a far-reaching effect on the constitution, organisation structure, function-ing and performance of organisations.

Normally it is the legal department or the secretarial department that deals with legal risks.

Apart from the classification suggested at the begin-ning of the article, legal risks can also be classified according to their severity, significance, area it affects or even its applicability ani pervasiveness.

Like most other external risks they pose a challenge and threat to business as well as present opportunities for growth in business and destabilise and/ or pose problems for others. They thus result in a shake out that results in changes to the playing field.

The example picked up for this month’s case study is that of a pharmaceutical company that is engaged in development, manufacture and sale of drugs, formulations and medicines.

Quick Care Ltd. is a pharma company operating in India for over twenty years now. It has developed formulations and drugs for skin infections, allergies and asthma. It is manufacturing and marketing these medicines under the name ‘Life Care’ and ‘Total Care’.

The company has registered its products both as brands and trademarks in India.

With the changes in intellectual property rights post-WTO regime the company has become conscious of the stricter legal regime that it faces.

As the risk manager of the company the CEO has asked you to examine the legal risks in the following areas as well as the organisation wide legal issues involved:

i) On a preliminary enquiry you discover that ‘Life Care’ is also a brand registered in Australia by another company, though in the field of healthcare and nursing.

ii) A company in the US named True Care has a logo that has the letters TC in it. The logo of the company ‘Total Care’ which also uses the letters TC look identical and have a close re-semblance to each other.

iii) On enquiries you find that your key employee who led the team that formulated the anti-allergy and asthma drug was earlier employed with an international pharma company and was working on similar research. It is likely that he had signed a non-disclosure/non-complete agreement before he left that company two years back.

iv) In respect of certain drug trials on monkeys and on human beings, a particular NGO has been writing articles about the issues involved and generally against such practices. The name of the company was also mentioned once in a television programme on this issue.

v) The company has recently acquired a small subsidiary making syringes and other medical devices. This company has certain pending labour disputes and tax cases that have not been fully resolved.

vi) The company had recently been awarded a contract to supply drugs to a rural hospital aided by the World Bank. The CEO is concerned whether any unfair means have been used, as this could result in the company being blacklisted.

You are required to make a brief report on the legal risks involved and how the same could be dealt with.

Solution to the case study:

1. In case of the Australian brand name, it poses a greater legal risk for the ‘Life Care’ brand registered in India if the Co. in Australia has signed the World Intellectual Property Organisation (WIPO) convention. The WIPO in Geneva administers these conventions. WIPO now has a ‘new’ convention, the Madrid Protocol (1989). Lifecare brand in India may be liable for trademark infringement or dilution – with potential risks of an injunction, disgorgement of profits, payment of damages, and more – for use of the name. H it hasn’t, Indian company should not delay in signing WIPO conventions. The company should also do trade-off analysis in justifying the fees to be paid for signing up or to change the brand name itself.

The company ‘Life Care’ may change its name to a similar name which will be more attractive and will gain customers’ attention. It may propagate or spread awareness among its customers about the change assuring them about the quality of the product. But before that they must also check whether there is any other company existing with the same name to avoid facing same circumstances again.

2. ‘True Care’ company in the US may sue the company in India for infringement of trademark by using identical and similar logo, though it may not have the same business and there is no competitive overlap. TRUE CARE company in the US may also be liable for trademark dilution by using the famous mark of another company in case the company is famous in the US and can claim huge compensation or a huge share in the profits of the company. Other way to tackle this issue is to make an attempt in resolving the dispute internally, whereby either of the companies will sign mutual agreement to not to interfere in each others’ business operations.

3. If the keyman has Signed a non-disclosure agreement with the company where he was previously employed, then the international pharma company may sue him as well as the company in which he is presently employed, as there is chance of using the same or similar formulae or strategy by him which would have been used in the previous company. The international pharma company may ask for certain percentage of their turnover or profit as compensation due to which the company may incur heavy loss or they may bring a stay on the experiment which formulated the anti-allergy and asthma drugs because of which the company may incur heavy losses.

4. In the event of the issue raised by an NGO for conducting tests on monkeys, the company must find another alternative for drug trials such as rats, guinea pigs, etc., as there is a risk that the name or goodwill of the company may go down as there will be more and more awareness, and more and more people may agitate for the same.

5. The company should resolve all the labour disputes as it may cause strikes in the company, the production may be at a stand still and hence there will be a shortage of goods in the company, the company should also resolve the tax cases as it may cause a heavy burden to the company.

6. For the World Bank developmental project, the CEO of the company must make sure that there is no unfair practice in obtaining the contract or in the actual execution of the contract, such as insufficient drugs supplied to the hospital or any adulteration in the drugs has taken place. As this would result in the company being blacklisted by the World Bank due to which none of the financial institutions in India as well as in foreign countries will grant loan to the company in case of financial crunch or will trade with the company as it is being blacklisted.

Other pre-emptive and protective solutions:

Risk management strategies not only serve their primary purpose, which is to layoff potential risks, but may also act as a vital business development tool.

1. When planning for a drug discovery, the following issues should be addressed:

The type of disease to be treated and the patient population;

How it should be delivered to the patient (delivery system);

In what form it should be made (capsule, pill, ointment, or liquid);

The route of administration (injection, oral, inhalation, or skin absorption);

How and where to do the research and formulation; and

Whether it is going to be outsourced or will be manufactured in-house.

Not only legal managers but also corporate counsels have an opportunity to contribute their ideas to issues pertaining to IP Rights, dispute management, identifying the business by plugging loop-holes and adding to operational and client assurance.

Rather than assigning a separate in-house legal team or appointing an external consultant, the CEO can create a mix team of both of them. Internal employees will give the consultants the correct picture at micro level, whereas consultants with their expertise and experience provide solutions at macro level.

Explain the drug development process to their patients in a subtle way;

The drug company or sponsor performs these tests to discover how the drug works and whether it is likely to be safe and works well in humans. Next, a series of tests is conducted among patients to determine whether the drug is safe when used to treat a disease and whether it provides a real health benefit. This will help address and neutralise adverse public opinion that may have been generated.

Apart from this the company will do well to identify and implement some of the strategies outlined below:

Identify essential development and pre-clinical requirements;

Identify requirements for characterisation of pharmaceutical products;

Assess and implement good manufacturing (GMP) and good laboratory (GLP) practices; and

Describe and formulate a regulatory submission.

The marketing authorisation application (NDA) can be submitted in two different formats: the traditional format, or the Common Technical Document (CTD) format.

These together will help the company to keep legal risks in control.

Nirav Shah

Management Risk — Case Study

Overview :

Management Risk arises from the activity of managing an organisation, be it a Company pursuing a profit — wealth maximisation motive or a non profit organisation pursuing social welfare and charitable objects. The risk that every organisation has is that of an ineffective, non-performing, underperforming or reckless management that destroys rather than build.

This is because management is in charge of governance. It is management that provides the vision, mission, direction and strategy which take the organisation forward in pursuit of its goals and objectives. A management that either for reasons of incompetency, ineffectiveness or self interest sacrifices and sabotages the entity’s objectives is detrimental to the interests of stakeholders. These give rise to ‘management risks’.

The definition of management risk provided in ‘Investopedia’ sums up the term very well.

‘Management risk refers to the chance that Company managers will put their own interests ahead of the interest of the Company and shareholders. Management risk also applies to investment managers, whose decisions and actions may divert from the investors’ wishes or reduce the value of an investment portfolio. The risk therefore is that either the management is ineffective, inefficient and/or incompetent, or fails to handle a situation, or has its own personal self interest which is conflicting with the objectives of the Company and its stakeholders. An additional risk is that of management turning against its own company by colluding with one of the interested groups and committing frauds and misappropriation to the detriment of the company and the larger body of stakeholders’. Examples of the above abound in the multitude of mega scams often described as management frauds or scams, worldwide. Some of the classic recent examples are of WorldCom and Enron abroad and Satyam and Maytas in India

In these cases, the management acted in a manner detrimental to the interests of the Company and destroyed shareholder wealth and confidence in the system and the economy.

The sub-prime crisis which shook the world’s financial market is a striking example of ‘self interest’ of financial managers. Hence, dealing with management risk requires a good management life cycle.

Some of the risk mitigating steps are :

selection of the CEO and members of his team based on professionalism and devoid of favouritism.

continuous monitoring of business performance.

periodic review of procedures to ensure transparency.

periodic review whether internal controls and ethical practices are being adhered to by the CEO and his team.

developing a succession plan for the CEO and his entire top management team.

remuneration and reward system. The need for this is highlighted; even G 20 is discussing the level of managerial remuneration in financial industry.

In addition to this there should exist in the top team a system of checks and balances against dictatorial tendencies.

The example of this month’s case study on management risk is that of a company operating in the food processing industry that manufactures and markets jams, fruit juices, fruit concentrates and pulp in India and overseas under the brand name ‘Madhur’, ‘Meetha’ and ‘Rasbhari.

The Company has its factory in Uttar Pradesh which is about 50 years old. The Company initially had operations restricted to the State of Uttar Pradesh. It has expanded over the last 10 years to cover the whole of India.

About two years back a new professional management team has been inducted who have been pushing for modernisation, expansion overseas, greater market penetration by appointing franchisees and having captive bottling/canning plants to service the growing market. The large resources required for this, are proposed to be raised through a public issue. The management team wishes to go in for financial reengineering in order to show the investors the golden future that awaits the company post modernisation and public issue.

The owner/promoter who wish to proceed with caution, as well as the existing bankers are wary of the plan, as they do not want to lose control of the situation and prefer continuing the entity as a private limited company.

The Company management is torn between two options and there are the old guard who want status quo and the new entrants who wish to go public and modernise.

Outline the management risks in the given situation and suggest an approach to the case.

Solution to the case study :

The Company owners and stakeholders have three options before them. The first is to continue the status quo. This may not be such a good option given that the factory is already over 50 years old and without modernisation and expansion the company as it stands will not be able to face competition and survive in the market. Competitors are bound to emerge who will fast overtake the company which will lose out even its home ground to them in the course of time.

The other choice is to modernise and expand the factory and business by raising public funds through an IPO and going in for a big bang expansion by appointing franchisees and using captive bottling units.

A third choice is also possible where the company will put in a place a modernisation program, which will be gradual and will be funded by internal accruals. This will ensure that control is retained by the existing promoters and management and at the same time enable the organisation to meet its objectives.

The first option which eventually involves doing nothing is potentially disastrous and has to be ruled out. The second option is risky in terms of losing control and also magnifying management risks. However, the rewards also will be substantial, if it goes through smoothly.

The third option is a viable via media if the existing management is not sure if it can manage and handle the higher level of management risks posed by going public.

To conclude, depending on the strengths of the existing promoter / owners and their ability to control and manage the professional management team on the parameters hereinabove enumerated, they should choose between the second option of going public and the third option of moderate expansion along with inducting strong management to oversee both in-house franchise operations.

Nirav Shah

Credit Rating Risk : Risk Management — Case study

Risk

A credit rating estimates the credit worthiness of an entity,
be it a corporation, company, individual, public corporation or a
non-governmental organisation or even a country!

Credit rating involves evaluation of the potential borrower’s
credit worthiness in terms of borrowing capacity and the ability to repay,
including the ability to service the debt in terms of repayment of interest and
principale.

Credit rating primarily is of two types. The first is a
personal credit rating or the credit rating of an individual borrower.
Generally, the factors that influence this rating are: the ability of the
individual to repay the loan; the rate of interest; the relative use of credit
vis-à-vis his/her own capital; the saving and investment pattern; the purpose of
the loan; the spending pattern; background credit account enquiries; the
duration of credit history; activity and wealth; the nature and type of debt,
etc.

The other is corporate credit rating which is more of an
indicator to potential investors about the standard and rating of the entity
issuing the debt security.

The credit ratings of corporate entities take into account
the issuers’ credit worthiness, that is, the ability to repay the loan, interest
rate, credit scores depending on track record, profile, history, proposed usage,
capital structure, industry analysis and other factors.

Some of the prominent credit rating agencies abroad and in
India are: S & P (Standards and Poor), Moody’s, and Fitch Ratings
(International); and CRISIL and ICRA (in India), etc.

Generally credit rating agencies for corporate debt offerings
issue ratings like AAA+, AAA, BBB, CCC right down to D, E, F & S, etc. These
indicate ‘rating status’ indicating borrowing strength of the corporate. In the
case of individual borrowers, an assessment is done of the borrower’s ability to
repay. In case of corporates, the rating is at the request of the borrower; and
in case of individual borrowing, the rating is generally done at the instance of
the lender, though normally at the cost of the borrower.

The risk associated with credit rating is that of rating an
entity better than its real standing, resulting in an increased exposure of the
investor/lender. This is probably what led to the Global financial crisis.

Credit rating agencies have been under a cloud and their role
and relevance is being questioned. In India, the credit rating agencies had
failed to downgrade Satyam’s ratings and did so only when the scam was out in
the open — after the event!

The criticism of rating agencies stems from:

1. The nexus that they have with the market, analysts, the
market players and the corporate management.

2. Rating agencies are often wiser after the event.

3. Ratings affect interest rates and borrowing capacity

4. A premature negative rating can trigger corporate
failure.

5. Agencies go more by formulae and lack business acumen.

6. Agencies lack expertise in evaluating ‘green field’
projects.

Services of ‘rating agencies’ are critical in
evaluating risk where

(1) Companies that do not have a credit history or new
companies.

(3) Existing companies are undertaking diversification.

(4) Market risk – where commodities are
involved.

(5) Predicting specific business cycles.

Case study of the Month:

DuPont is a multinational which has a presence in the agro,
nutrition, energy utilities, consumer, government and healthcare sectors,
offering a bouquet of products like flooring materials, lubricants, coatings
like Teflon and a host of other products. Currently it has a net worth of around
7.2 billion US dollars, a long-term debt of 9.5 billion US dollars and a total
debt of 11 billion US dollars.

DuPont up to the 1960’s was known for its financial stability
and low debt to equity ratio and this protected the company from financial
constraints.

Competition increased post 1970, forcing the company to go in
for inorganic growth through acquisitions, and it had to deviate from a zero /
low debt company and start borrowing.

Debt financing resulted in dividend cuts, but with the use of
internal accruals for funding projects, the company managed to maintain a AAA
bond rating.

However, as time passed, the company stopped reducing debt
and went on borrowing, especially for M & A activity.

Increase in debt downgraded the rating to AA. The current
debt rating is lower, being A by Fitch, A2 by Moody’s and A by S & P. The
company is thus faced with a credit rating risk, with the outlook assessment of
all three rating companies being negative.

As a risk management consultant, you are asked for your
inputs and advice in this given situation.

Solution to the Case Study:

The risk manager’s advice is:

(1) Dupont should adopt a conservative capital structure for
the future which will help restore confidence and give the firm greater
financial freedom to fund research projects and diversification and pursue new
projects.

(2) In the interregnum raise the debt equity ratio to 2 to 1
by issue of convertible bonds for a period of 2 to 3 years – conversion at 10%
discount over market price on the date of conversion. This is suggested that the
increased leverage will adversely impact earnings before Tax and also PAT but it
will grant stability in cash flow.

(3) With consolidation and better performance PAT and PE will
increase over a period of 3 years. This is based on the Business plan and profit
projections given by the company and evaluated by the ‘risk manager’.

(4) In the current scenario a better option would be to move
to a higher leveraged position with more debt issued (the company easily can go
up to a debt equity ratio of 2.5 or 3:1. This way it can take advantage of the
tax shield and the revival phase of the economy and manage by issuing much
lesser debt at better rates to finance further activity.

(The case study and solution are not intended to be in the nature of
comments on the functioning or management of the companies but represent one of
the possible approaches selected by the author for demonstrating the concept
and issues of risk management)

Nirav Shah

Bhopal Gas Tragedy

Risk Management

This month’s case study is a
live case of an Industrial Disaster Risk. — the Bhopal Gas tragedy.

Since the early days of the
industrial revolution till date there have been many incidents, mishaps and
unfortunate accidents — both large and small in which many lives have been lost,
damage has occurred and financial loss has been suffered. Industrial activity
that harnesses technology has always been prone to the risk of disasters — be it
the Chernobyl nuclear incident or the Exxon Valdez oil spill. These have ranged
from explosions, crashes, fires, leaks causing massive loss of life to
contamination and environmental and financial damage.

Even with modern-day systems
and risk management and mitigation procedures in place and proactive steps
including effective disaster management mechanisms by governments and corporates
alike, this continues to be a key area of concern and the size, scale and scope
of disasters has not reduced significantly.

The Bhopal gas tragedy that
occurred in the early hours of December 3rd, 1984 — over 200 years after the
industrial revolution, was by far one of the biggest industrial disasters in the
modern times. It has been described as an endless nightmare for those who
suffered it.

Bhopal is once again in the
news with eight UCIL executives including former chairman Keshub Mahindra being
convicted of criminal negligence and sentenced to two years in jail on 7th June,
2010. The sentences are under appeal. On June 24, the Union Cabinet of the
Government of India approved a Rs.1265 cr aid package. It will be funded by the
Indian Government.

Twenty-five years have
elapsed since that night that witnessed a ‘dance of death’ in Bhopal,
which saw a cloud of deadly gases emerging out of a faulty tank in a pesticide
factory and silently spread into the homes of unsuspecting sleeping multitude.
Although no official count of casualties has ever been done, estimates based on
hospital and rehabilitation records show that about 20,000 people died and about
5 to 6 lakh suffered bodily damage, making it by far the world’s worst
industrial disaster ever. Disasters can strike at any time, at any place.
Disasters keep happening all the time, but the tragedy still remains, a
catastrophe with no parallel.

What really happened ?

In the early hours of
December 3, 1984, from the Union Carbide factory at Bhopal manufacturing the
pesticide ‘Carbaryl’, an estimated 43 tonnes of deadly Methyl Isocyante (MIC)
gas leaked out from the tank No. 610C and escaped into the atmosphere. The
sleeping city of Bhopal was converted into a gas chamber.

MIC as a gas has to be
stored in a liquid form. A potentially lethal practice since water reacts
exothermically with MIC releasing heat that can cause a violent explosion.

On the day of the disaster
water leaked into the tank No. 610C causing a build-up of pressure and
temperature. The management decided to release the gas into the atmosphere
rather than have the tank explode which could have caused a greater damage.

The release of gas into the
air was a contingency that was planned and known to the factory management and
accordingly safety systems existed, but they failed.

What was the setting ?

The Union Carbide plant was
set up in 1968. However the plant had no long-term permission for storage of
MIC. In December 1982 there was a massive gas leak of Chlorine. 16 workers were
affected. The issue of danger to Bhopal from a pesticide plant was raised in the
Legislative Assembly of the State. While the gas leaked, Union Carbide’s works
manager exhibited a rather chilling overconfidence. He stated “The gas leak
cannot be from my plant. The plant shuts down automatically”.

The Time Line of the
Disaster

— December 02/3, 1984 :

— 10.30 p.m. the
late-night shift at the plant starts.

— 12.00 a.m. (midnight)
the operator checks MIC tank No. 610C and finds that the rupture disc has
burst; the gas has started leaking into the atmosphere.

— 12.06 a.m. MIC vapors
leak into the atmosphere through the 33m high-flare tower
December 03, 1984 12.06 a.m. — 12.15 a.m.

— gas starts leaking
from MIC tank No. 610C safety systems collapse and efforts to ignite the gas
fail as the pilot flare system is inoperable.

— workers panic and
abandon all efforts to contain the leak.

— control room is
notified, and the rest is history.

Probable causes identified :

— Effect of MIC on
humans and the antidotal treatment was not known to the medical fraternity
and such knowledge if available was not disseminated to the emergency
services.

— Poor plant maintenance
practices.

— Economy measures,
overriding safety concerns.

— Densely populated
areas around the plant.

— Lack of effective
emergency medical facilities.

— People sleeping in
exposed areas, jhuggies, road-side, on pavements/ railway platforms.

— Administration
collapsed with key functionaries running for their lives instead of manning
key positions.

— Relief
operations became difficult as the disaster caused total confusion and
affected the ability and mental strength of those entrusted with
emergency relief.

Lessons learnt:

— knowledge of the chemicals that were being stored.

— Emergency — accident — management manual should exist.

— Emergency procedures should be rehearsed at pre-prescribed intervals.

— Maintenance procedures and schedules should be strictly followed.

— knowledge of nearest medical facilities

— System of contacting top factory management.

— Residents living in the vicinity should be aware of the risks and trained to respond to emergency services.

The
leak was a watershed in formulating environmental legislation the world
over. The laws also require civic bodies and local officials to plan on
how to address a potential disaster situation.

Hindsight and way ahead:

Sheila
Jasanoff in her book ‘Learning from Disaster?: Risk Management after
Bhopal’ has provided a deeper insight into what are the issues to be
really addressed and the lessons we need to learn from such disasters
that not only provide a wider perspective to risk management, but also
give us, as human beings, food for thought.

“Although ‘hard’
engineering played its part in precipitating the events, the plant’s
defective components — the leaking valve, the broken refrigeration
system, the malfunctioning warning signal, and the inadequate storage
tank — were themselves the symptoms of more deep-seated social problems.

These
included the dearth of medical and scientific knowledge about an
extremely hazardous technology, the imperfections of information
transfer across national boundaries, the lack of regulatory resources in
a still developing country, the absence of workable relief and
rehabilitation plans, and the profound imbalance of economic power and
legal and managerial expertise between nations of the North and the
South.

Many of these deficiencies became apparent only in the
aftermath of Bhopal. Corrective policies have to address not only the
design of artifacts, but also (indeed, perhaps even more so) the human
practices and presuppositions that determine their management and use.
Seen from this perspective, a serious technological mishap ceases to be
merely accidental, for it opens windows onto previously unsuspected
weaknesses in the social matrix surrounding the technology.

Stringent
environmental regulations in developed countries have driven ‘dirty’
technologies to developing countries, where they operate under
disaster-prone conditions. Disasters are particularly likely to happen
when there is a sharp disjunction between the social order that gives
birth to a technology and the one in which it is eventually deployed.”

The
recent ‘oil spill’ in the Gulf of Mexico has again highlighted the need
for availability and strict adherence to mitigation procedures as
non-availability of these impact the very existence of the entity.

Nirav Shah

Manufacturing Risk Management

Risk Management

We have covered strategic risks; we now begin with
operational risks. The first of the operational risks is ‘Manufacturing Risk.’
As we move from strategic risks to operational risks it becomes more hands on
and more of detailing. Thus while strategic risks are dealt with more at a
higher level, operational risks have to be tackled where, as they say, the
action is.

However in dealing with manufacturing risk, one has to deal
with it right from the design stage which is conceptual and hence this borders
on strategy.

Manufacturing process per se is a very complex
process, especially if it is technology-dependent, therefore it requires
effective risk management. There are six stages of ‘manufacturing’.

First : Concept stage — this is where a
product/tool is conceived, and is still an idea.

Second : Material solution stage — provides it
with a shape, size, form and matter — giving it a tangible form.

Third : Technology development — identifies the
components and systems needed for manufacture.

Fourth : Engineering and manufacturing development

Fifth : Production and deployment, and

Six : Operations and support.

In the present day scenario integrating risk management in
the production process is very important. It is necessary to do right
from the design and development stage itself. Yet a note of caution should be
extended here, for ‘risk management’ process to be successful, it should be
introduced in designing the process and then diligently managed throughout until
the product finally comes out. This risk management process can become extremely
crucial in some industries. For example, successful risk management is critical
to the design and development of safe and effective medical devices.

Hence, manufacturing risk covers a wide range of risks
ranging from concept design, choice of technology and equipment to minimise
tooling manufacturing defects, operational breakdowns, maintenance costs by
prescribing procedure and schedules. All this is to control the risk of
escalation in ‘manufacturing’ cost.

Manufacturing risks can be very substantial as mentioned
above, as it covers performance and product warranties/guarantees.

Even in case of tested products there are risks of changes in
materials, specification, regulatory standards and norms or even technology
obsolescence.

These risks vary according to the complexity involved in the
product and/or the process of manufacturing the product. The recent ‘Nano’
catching fire exemplifies ‘manufacturing risk’.

The case study for this month for manufacturing risks is that
of a car manufacturer.

Big Boss Motors is a leading car manufacturer operating in
the large and medium-sized passenger cars and goods vehicle segment. The company
has a relatively good track record and has earned a good name and reputation in
the market.

It plans to diversify operations and expand its market share
in the passenger car segment and has therefore launched a small people’s car
‘Beta’, that is very reasonably priced. The fortunes of the company are on the
rise, however the company has received sudden setbacks. The first is that the
tried and tested mid-size passenger car model ‘Gamma’ developed a sway at high
speeds and the entire batch/lot of cars produced in October, November and
December 2009 of over 60,000 vehicles had to be withdrawn from the market. The
new car ‘Beta’ though well appreciated has its own share of problems. In three
different cities newly delivered Beta cars suddenly burst into flames attracting
consumer ire and attention of authorities.

As a responsible car manufacturer, the CEO requests you as
the risk manager to outline possible course of action.

The risk adviser recommends :

1. Checking of cars of a particular make by its service stations/approved accredited service stations and replacement of even slightly defective parts — both checking and replacement — free of cost to the customer — though costly is an important PR function to retain the customer and build customer confidence.

2. R & D and quality control department to check all ‘outsourced’ parts — components which could have led to failure.

3. Identifying the vendor who has supplied the defective part component.

4. Increasing supervision at all vendors’ manufacturing facilities.

5. Review vendors’ agreements for assuring product warranty, guarantee and liability.

6. Review inspection procedures on receipt of outsourced parts — components.

7. Lastly, review in-house manufacturing and assembling processes.

The importance of timely root-cause analysis supported by
ongoing research, and effective customer communication addressing product issue
in managing manufacturing risks needs to be kept in mind.

As reported in The Economic Times dated 22-4-2010, Toyota
motors beset by huge safety recalls and host of lawsuits over deaths linked to
its cars, slipped down from 3 to 360th on the annual Forbes list of worlds’
leading companies. The damage could have been minimised by timely identification
of the defect and a service recall of the defective cars.

Let us not forget : ‘Good products build customers and
markets — defective products kill the market’. Hence effectively managing
manufacturing risk is key to success of an operation and acceptance of the
product.

The case study and solution are not intended to be in the
nature of comments on the functioning or management of the companies, but
represent one of the possible approaches selected by the author for
demonstrating the concept and issues of risk management.

levitra

Nirav Shah

RISK de jure

Risk Management

1. Introduction :

Risk — we have been using this word frequently these days (or
more precisely in the last decade) particularly after the corporate scandals in
the early 2000. The word has legion synonyms and is perhaps one of the few words
in English taxonomy to have so many twins. Call it uncertainty, randomness,
chaos, entropy, volatility, catastrophe, threat, complexity, vulnerability or
‘black swans’ (a word coined by Nicholas Taleb in his book Black Swan to refer
to the impact of highly improbable events); or simply call it risk, the list is
long. Interestingly its thesaurus list is just as long as is the list of its
definitions. The avalanche in the definitions of ‘risk’ and ‘risk management’,
by different theorists, epistemologists, institutes, text books and consultants
makes ‘risk’ and ‘risk management’ one of the most debated concepts of
management literature. Ironically, the confusion and differences in the
understanding of this subject also makes it a lucrative business option for
consultants to leverage upon.

The debate is not restricted to the management hemisphere.
Even the physicists are busy doing auto-psy of this term (albeit in different
context) for more than half a century to find the answers of origin of this
universe and thereby refining our Weltanschauung. The Heisenberg’s Uncertainty
Principle, which is frequently used by Einstein in explaining ‘General
Relativity’, has for decades created a similar anxiety among physicists as it
has among the management literates. Stephen Hawkings, a renowned physicists and
noble laureate, quotes the following words in his book ‘A Brief History of Time
: From Big Bang to Black Holes’ in explaining the ‘uncertainty’ principle :

“Quantum mechanics does not predict a single definite result
for an observation. Instead, it predicts a number of different possible outcomes
and tells us how likely each of these is. That is to say, if one made the same
measurement on a large number of similar systems, each of which started off in
the same way, one would find that the result of the measurement would be A in
certain number of cases, B in different number and so on. One could predict the
approximate number of times that the result would be A or B, but one could not
predict the specific result of an individual measurement. Quantum mechanics
therefore introduces an unavoidable element of unpredictability or randomness
into science. Einstein objected this very strongly, despite the important role
he had played in the development of these ideas. Einstein was awarded the Nobel
Prize for his contribution to quantum theory. Nevertheless, Einstein never
accepted that the universe was governed by chance; his feelings were summed up
in his famous statement — God does not play dice.”

According to me, ‘risk’ is more a subject of behavioural
science and psychology than a subject of organisational management. This is
because each individual has its own definition of risk and has its own approach
of practising risk. We all have different risk appetites or risk taking
abilities. And this in turn is the function of the manner in which we have
grown, the environment to which we have been exposed to and myriad events that
have shaped our lives. Our society, beliefs, perceptions, value system and
culture have an equal role to play. It is not only that the risk taking ability
differs from individual to individual, but for one individual also it keeps
varying from time to time. Risk is not a word that is discussed only at board
and executive level; we have been frequently using this word or its twin even in
our day-to-day life to refer to different events that shape our ‘risk appetite’.

Not mooting as to what constitutes precise definition of risk
and narrowing its application to the theory of business organisation, this
article tries to initiate a discourse and provoke thought process on the
following two aspects of risk management :

Integrated assessment of risk that considers interplay and interdependencies
of risks, and

Significance of behavioural and group dynamics in risk management process that
may dilute the likely benefits from risk management exercise.

2. Risk Management :

Committee of Sponsored Organisation (‘COSO’) of Treadway
Commission, published a technical paper on risk management titled ‘Enterprise
Risk Management — Integrated Framework’, wherein it has extensively detailed the
approach, methodology and framework for managing risk across the enterprise.
Ever since its publication, the framework has been incorporated into policy,
rule, and regulation, and used by thousands of enterprises to improvise their
governance and risk management processes. According to the paper, the threads of
risk management include — Internal environment, objective setting, event
identification, risk assessment, risk response, control activities, information
and communication and monitoring.

Amongst the above, one of the most difficult thread to
implement is ‘risk assessment’. The paper provides a different perspective and
also a technique, to assess risk, be it in quality or quantity terms. While
quantification of risk is still in its nascent stage, the enterprises have been
largely assessing risk in quality terms based on the parameters of impact and
likelihood. While quantification of risk in numbers has its own advantages, it
is against the management wisdom that says that one should manage ‘business’ and
not ‘numbers’. Further, quantification has its limitations as it is subject to
number of assumptions and hypothesis, which may again become a matter of debate.
Due to its simplicity and pragmatism and its advantage of providing better
perspective of risk, qualitative risk assessment is more favoured by risk
experts and business executives (sparing the banking and financial industry)
over quantitative risk assessment. The qualitative assessment score, when
plotted on 2 x 2 graph, assists in concocting risk response strategies.

Akin to any other decision-making activity, risk management is also a group and consensus seeking exercise, wherein the intelligence of many is preferred over wisdom of an individual. There are many social, behavioural and psychological factors that operate behind any such group exercise that can exacerbate it or invigorate it. The identification of risks and its assessments are culmination of ratings of different executives, divisional and functional managers (alias process owners or risk champions). As a corollary, the risk management exercise is also vulnerable to symptoms of behavioural decision-making, which in majority of cases in real world tends to dilute the real benefit that is purportedly expected from risk management exercise. This paper also discusses some of these symptoms, which a risk manager should be cautious of, for effective traction of benefits of risk management.

2.1 Risk Assessment: Measuring the Domino Effect of Risk:

In real world, risks seldom operate in isolation. A particular risk interacts with various other risks with varying intensities; these interactions further keep varying at different point of time and so does their intensities. The complexity, dynamism and frequency of change of the systems in real world, be it ecological system or financial system or economic system or company’s internal control system, contribute to these very characteristic, making accurate risk assessment an utopia.

This characteristic of risk is also colloquially referred to as domino effect of risk. The physicists also refer to it as the butterfly effect or chain effect and allusion of which is also reflected in Edward Lorenz Chaos Theory. The domino effect is a chain reaction that occurs when a small change causes a similar change nearby, either on linear trajectory or in skewed manner.

The integration of global financial and commodity markets, urge of world economies to adopt the capitalist framework, avalanche of cross-border acquisitions, spree of local companies to go global, emergence of black swan known to be cloud computing and information technology and various similar other black swans, increases the domino effect in an exponential manner, making the understanding of risk (in right spirit) similar to arranging of desks on a sinking Titanic. There can be myriad instances that can be quoted to exemplify the domino effect of risks:

The recent sub-prime crises and financial melt-down creating cues of the Great Depression of 1930’s.

The volcanic eruption in Iceland creating turbulence in network of flights.

Greece crises dimming the hope of economic recovery and depressing corporate revival strategies.

Threat of global warning compelling large corporate to re-engineer their strategies to make it more sustainable.

The snow-balling effects of corporate failures of early 2000 on the entire fraternity of economists, accountants and directors.

For a manufacturing operation increase in inflation adversely impacts cost of inputs and compels it to modify its marketing and pricing strategies to pass on additional cost to the customers; its inability to pass the burden of inflation to the customers, may force the companies to adopt lay-off and retrenchment strategies in order to sustain its survival — a phenomenon which we recently observed, particularly in west, before the recovery cues.

Sporadic interest rates triggering volatility in exchange rates, which in turn may lead company to hive off its foreign investments or postpone is global expansion plans or cease its import or export transactions.

A decision to enter a new line of business, with significant incentives tied to reported performance, can increase risks of error in application of accounting principles and of fraudulent reporting.

The combined effect of such interdependent risks, which although individually may be of low magnitude (low impact and low likelihood), may create apocalyptic massacre for a company. And rectifying such injury may either become impossible or would necessitate a complex surgery.

The following words of Nicholas Taleb from his book ‘The Black Swan — Impact of Highly Improbable Events’, are apt to exemplify the domino effect of risk, particularly in era of globalisation:

“Globalisation creates interlocking fragility, while reducing volatility and giving the appearance of stability. In other words, it creates devastating Black Swans. We have never lived before under the threat of a global collapse. Financial Institutions have been merging into a smaller number of very large banks. Almost all banks are interrelated. So the financial ecology is swelling into gigantic, incestuous, bureaucratic banks — when one fails, they all fall. The increased concentration among banks seems to have the effect of making financial crises less likely, but when they happen, they are more global in scale and hit us very hard. We have moved from a diversified ecology of small banks, with varied lending policies, to a more homogeneous framework of firms that all resemble one another. True, we now have fewer failures, but when they occur . . . . I shiver at the thought.

Banks hire dull people and train them to be even more dull. If they look conservative, it’s only because their loans go bust on rare, very rare occasions. But (. . .) bankers are not conservative at all. They are just phenomenally skilled at self-deception by burying the possibility of a large, devastating loss under the rug. The government-sponsored institution Fannie Mae, when I look at its risks, seems to be sitting on a barrel of dynamite, vulnerable to the slightest hiccup. But not to worry : their large staff of scientists deemed these events ‘unlikely’ ”.

The COSO framework categorically emphasises that looking at interrelationships of risk likelihood and impact is an important management responsibility, since it can significantly impact company’s perspective of risks. However, the framework does not explicitly discern the techniques to measure and assess the interplay of risk, as it does for assessment of individual risks. In practice, consideration of risk interplay becomes a paper exercise and is seldom implemented while performing risk assessments. Due to limited guidance on the measurement of risk interactions, risk assessments are often performed for individual risks only, which in all probability is likely to give deluding picture of risk, if not incorrect.

This domino effect can be measured using statistical tool viz. correlation coefficient (r). This would, of course, envisage the following additional threads in addition to those in existing COSO framework.

Identification of Risk Baskets :

Identifying interrelated risks (i.e., the risks that are interdependent on each other) and creating risk baskets or risk portfolios.

Measuring Risk Correlation

Measuring the correlation between the risks within a risk basket. For establishing such correlation, individual risk scores for reasonable period in the past would be necessitated. Using the historical individual risk scores and establishing the trend in their manoeuvrability, we can measure strength of nexus between risks in the risk baskets.

Assessment Matrix and Risk Response Strategy:

Plotting of consolidated scores of a risk basket and its correlation coefficient on a 2 x 2 matrix, provides better perspective of entity’s risk exposure and also assists in prioritising risks and strategising risk responses. Such prioritisation of risk baskets based on correlation coefficient can lead to different risk strategies, as against prioritisation of individual risks without measuring their interrelation.

Allusion is drawn to an article on risk management published by Wharton on the cloud (www.knowledge.wharton.upenn.edu)

“. . . . Risk management has no silver bullet. As a result, many companies need to develop a more integrated view of risk. ‘We have seen a tendency to separate risks into rigid silos — operational risk, market risk, credit risk and so on,’ says Wharton’s Herring. ‘But what we have found is that major shocks and problems do not come that way. For instance, in the financial world, you would see trading desks staffed with people who were experts in market risk, but they were trading instruments that were laden with credit risk. The skills you need to think about each of those kinds of risk are very distinctive, and unless you have an integrated view of risk, you could encounter major problems.’ . . .

. . . Historic data does not shape the future anymore, given how rapidly the world is changing. We usually look at the known issues and make a nice diagram with probability on one axis and impact on the other. That’s Risk Management 1.0. Risk Management 2.0 is (going) beyond the known issues to look at the links and interdependencies. You can no longer look at the risks independently of each other …”

2.2 Breaking the Abilene Paradox:
The Abilene anecdote goes something like this:

On a hot afternoon visiting in Coleman, Texas, the family is comfortably playing dominoes on a porch, until the father-in-law suggests that they take a trip to Abilene (53 miles north) for dinner. The wife says, ‘Sounds like a great idea.’ The husband, despite having reservations because the drive is long and hot, thinks that his preferences must be out-of-step with the group and says, ‘Sounds good to me. I just hope your mother wants to go.’ The mother-in-law then says, ‘Of course I want to go. I haven’t been to Abilene in a long time.’

The drive is hot, dusty, and long. When they arrive at the cafeteria, the food is as bad as the drive. They arrive back home four hours later, exhausted.

One of them dishonestly says, ‘It was a great trip, wasn’t it?’ The mother-in-law says that, actually, she would rather have stayed home, but went along since the other three were so enthusiastic. The husband says, ‘I wasn’t delighted to be doing what we were doing. I only went to satisfy the rest of you.’ The wife says, ‘I just went along to keep you happy. I would have had to be crazy to want to go out in the heat like that.’ The father-in-law then says that he only suggested it because he thought the others might be bored.

The group sits back, perplexed that they together decided to take a trip which none of them wanted. They each would have preferred to sit comfortably, but did not admit to it when they still had time to enjoy the afternoon …”

The Abilene paradox is a paradox in which a group of people collectively decide on a course of action that is counter to the preferences of any of the individuals in the group. It involves a common breakdown of group communication in which each member mistakenly believes that their own preferences are counter to the group’s and, therefore, does not raise objections. A common phrase relating to the Abilene paradox is a desire to not ‘rock the boat’.

This is what typically happens in any management meet, particularly when it is discussing intricate subject such as risk. A risk, which each individual process owners may perceive as high, may get rated as low or medium as each process owner may think that his/her risk perception is counter to that of the group. The paradox may also be contagious during risk identification and risk mitigation threads, rendering the exercise to be fragile. The snowballing effect of such Abilene’s assumption may significantly dilute the benefits of risk management exercise, keeping the board & executives under self-deluding folly of having effective risk management framework.

2.3 Handling Delphi carefully:
Qualitative risk assessment is essentially based on average score of risk ratings perceived by each process owner, within risk management team. The scores (be it in terms of 1 to 5 rating scale or in terms of high, medium or low) by selected process owners are consolidated and averaged out to derive singular risk rating.

This technique, which is theoretically termed as Delphi technique, is widely used in any group decision-making process. However, a major limitation of Delphi which can rob all its benefits is that it tacitly tends to avoid the extremes and mild the ratings of a risk, which purportedly was a black swan. The resultant risk score and big picture becomes distorted. It brings in a myopic and conservative sense of ‘All is well’, when in fact the company is boarding on sinking Titanic. It blinds the management from potential and actual black swans, satiating them with complacency syndrome. Delphi tends management to satisfy itself with non-existence of black swan and then landing them with surprise of ‘How did we, suddenly, landed in such complex situation?’, when potential black swan triggers.

While Delphi continues to gain favours of risk managers, it should be used with caution of its tendency to preclude traction of extremes.

2.4 Avoiding GroupThink syndrome:
GroupThink is yet another syndrome that carries with it the bacteria, similar to Abilene & Delphi and has potential to brittle risk management process. The term was first coined by Irvis Janis in early seventies and occurs when a group makes faulty decisions because group pressures lead to a deterioration of mental efficiency, reality testing, and moral judgment. Groups affected by GroupThink ignore alternatives and tend to take irrational actions. A group is especially vulnerable to groupthink when its members are similar in background, when the group is insulated from outside opinions, and when there are no clear rules for decision-making. The psychologist has prescribed following symptoms of GroupThink, which a risk manager must be aware of:

GroupThink occurs when groups are highly cohesive and when they are under considerable pressure to make a quality decision. When pressures for unanimity seem overwhelming, members are less motivated to realistically appraise the alternative courses of action available to them. This leads to carelessness and irrational thinking.

A risk group is also often diagnosed of the above GroupThink symptoms, which a risk manager and risk group should be careful about.

3. Conclusion:

Following cues can be drawn from the above:

It is imperative to realise that interdependencies of risks can be more jeopardising than individual risk/s. A couple of interrelated risks with medium rating can be together become a potential black swan and can be more jeopardising than an individual risk with high rating

There is need to have an integrated view of risk and measure the risk domino effect using the ‘r’ factor. The Board/CEO today can have only 5-10 key risks on tips of fingers, rather than have a plethora and long list of risks in their risk register, which lends them nowhere

A risk manager should be cautious and aware of behavioural & psychological factors that can paralyze any group & consensus seeking exercise like risk management. These factors alone can risk the risk management exercise, despite of having contemporary frameworks and models

A risk management team should comprise of members who can independently and emphatically put forth their opinions and assessments, without getting carried away by group opinions

A risk manager should be aware of limitation of Delphi and should not be oblivion of extremes that often gets buried under shelter of law of averages

It is desirable to have an independent and external perspective during risk management exercise who can constructively challenge the decisions, thinking and assumptions of risk management team and break their self-deluding complacency.

Risk management, like any other science of management, is function of intuition, imagination, pragmatism and leadership. There is greater need to change the organisation mindset and culture towards risk, rather than change systems and adopt new models and frameworks, which many times may be appealing and glittering but are seldom gold.

God not only plays dice, but He also sometimes throws the dice where they cannot be seen . . . . He still has few tricks up His sleeves.

— Professor Stephen W. Hawking

Nirav Shah

Managing Service Failure Risk

Risk Management

Service failure :

Failure of customer service is a phenomenon widely
encountered in today’s times. The business environment has become so complex and
the points of failure have grown so many, that ‘service failure’ is encountered
at a level much higher than in the past.

However it is important to note here that service failure is
not necessarily a disaster which spells ‘death knell’ for a company, but it
certainly damages ‘goodwill’. If the service recovery — the actions taken in
response to the failure — is handled well, then customer satisfaction, trust and
loyalty in effect actually increases.

What is a matter of greater concern is ‘facing’ a service
recovery failure. In short, failing to redress customer grievances in time and
address service failure is categorised as ‘service recovery failure’.

Dealing with service failure :

‘Service failure’ can be overcome with ‘good service’. Good
service response, in fact represents commitment and builds trust between the
company and the customer. This increases customer satisfaction and loyalty.
Customers are likely to talk positively about the company that redresses their
grievances. This enhances company’s image. Even though it may seem like a
paradox, the whole experience of ‘service failure’ can at times generate more
goodwill than if nothing had gone wrong in the first place.

In contrast, service recovery failure — even for a relatively
small issue — can increase customer dissatisfaction and frustration. This makes
the customer feel greater negativity about the company, damaging its image and
potentially turning other customers away.

Service recovery :

The proactive steps taken by a company to handle customer
complaints, service failure issues, and customer grievances go a long way in
building customer goodwill, and thereby retaining customers. This is the core of
service recovery that addresses service failure. This process rises above mere
complaint handling, which is reactive in nature. Service failure is addressed at
three levels. First by redressal — such as tendering an apology, refund or
product replacement. The second level is to make the recovery process work
smoothly without taxing the customer and repeat call. The third level is the
tone, tenor and manner of the interaction and communication with the customer.
This should neither be apologetic, nor patronising, but should treat the
customer as a valuable associate of the organisation.

Case study of the month :

The CEO of a well-known biscuit manufacturer is surprised to
receive a small envelope in his mail. The envelope contains a biscuit wrapped in
a letterhead. He opens the biscuit to find a piece of thread inside. Curious
about the incident he hands over the letter/packet to you as the risk manager of
the company, rather than to the sales department. You are asked to outline your
line of action and the probable reason of the letter being written to the CEO
for a relatively minor incident.

Solution to the case study :

The first step as a risk manager would be to understand the
scale and magnitude of the problem. It is evident that unless the customer had
felt severely wronged at the point of first contact, either the shopkeeper or
the dealer, he would not have taken the step of posting the biscuit with the
thread in it to the CEO of the company. This is reflective of the seething
discontent of the customer.

The ‘risk manager’ took upon himself to contact the customer
on telephone, apologised and thanked him for bringing the defect to the notice
of the CEO. He followed up the call by sending the customer six packets of
various products of the company.

On telephone he had also enquired about the :

the
date of purchase.

the
name of the store from which the product was purchased.

whether any complaint had been made to the store or the shopkeeper, and

their
response.

The first step of making a telephone call ensured customer
loyalty.

He also carried out a survey of the complaints received by
the sales department regarding ‘product quality’, ‘product delivery’ and
‘product availability’. His survey yielded that there were very few product
quality complaints and those that were received were virtually not attended to.

His suggestions to the CEO were :

(1) to establish a system where ‘product quality’
complaints on a regular basis were reported to the Sales Director along with
redressal measures.

(2) placards at retail level giving toll-free telephone
number where the customer could complain about ‘product availability’ and
‘product quality’.

(3) create a system of quick response to the customer’s
complaint.

His suggestions were accepted and over a period of 6 months
the sales improved as the steps communicated to the customer/consumer the
company’s concern for his (consumer’s) satisfaction.

levitra

Nirav Shah

Capital Inadequacy Risk : Risk Management Case Study

Risk Management

Capital is one of the four
factors of production. The other three are Land (infrastructure), Labour
(workforce), and Enterprise (business acumen, activity and spirit). Capital is a
very critical input to ensure success of any commercial business venture.

Capital can be divided into
two parts. Equity or ‘own capital’ that is risk bearing and Debt or ‘External
Funds that bear a relatively lower level of risk.

Traditionally debt or
external funds are secured by a charge on the assets of the enterprise and also
enjoy a priority in repayment in case of failure of business or similar
unforeseen eventualities.

Equity capital on the other
hand is the capital that is ‘risk bearing’, but is also entitled to
participate in the returns (profits) of a venture to a greater extent than other
forms of capital.

The essential basis of
capital adequacy and the risk arises from the fact that if an entity uses its
own capital to the exclusion of all other forms of external debt (funding), the
return on its business and
assets would directly determine its return on equity/capital.

After the emergence of joint
stock companies and the separation of ownership and management, professional
managers started tapping external debt/ borrowings as a source of capital as it
was available at a fixed lower rate interest cost than the return on the
business/assets. This enabled these companies to enjoy a high financial leverage
and enjoy a very high rate of return on equity. However the risk lies in a
reverse scenario happening. If the return on assets falls below the cost of
external borrowing, then the multiplier leverage acts in reverse and the equity
capital will have a negative/much lower return than the actual return. It is
essentially this risk/return trade-off that decides the extent of ‘own capital’
and how much leverage a firm/entity should select for its operations.

For business entities,
capital adequacy is decided/ judged by using the debt-equity ratio which is
2 : 1, i.e., for every Rupee of equity of own capital, the debt to be
raised is generally Two Rupees or twice the equity capital.

In case of banks, the Basel
norms prescribe capital adequacy norms. However, these are based on the
risk-weighted assets value and are generally considered at 10% of the value of
such assets.

The capital adequacy ratio	=	Core Capital
The capital adequacy ratio	=	Assets

	=	Tier one + Tier two capital
	=	Risk-weighted assets
		10%

In the past we had the
office of the Controller of Capital Issues that decided the capital structure of
listed/public companies.

In the present liberalised
deregulated globalised scenario, these decisions are best left to the entities
themselves and market forces. The fact remains that for every entity, depending
on the type of the activity, size, scope and scale of the operations and its
risk profile and the asset/business/investment/ portfolio, there is a minimum
capitalisation level that has to be met. Leverage gives higher returns and
improves financial efficiency, but it needs to be balanced with stability and
risk in order to ensure safety.

Capital adequacy norms for
banks were first introduced in 1989 by the BASEL Accord. It has been over twenty
years yet we had a number of crises after that — the South Asian crisis and
thereafter the major financial meltdown faced the world over.

To answer the question of
why did institutions fail despite capital adequacy norms, one has to look at
three things/areas which still remain substantially uncovered :

1. The norms though
well-accepted in banking have not been adopted for NBFCs and other business
entities.

2. The quality of assets, existence of sub-prime assets, risks associated with off balance sheet exposure, especially derivative instruments is not effectively captured in the capital adequacy norms.
3. The entire approach because of the formula-based working gets reduced to a mechanical exercise and coupled with VAR (Value at Risk) approach gives a feeling of preciseness to an analysis that is at best judgmental. It is essential to keep in our mind that decision-making starts where formulae end, and it is never more true than for issues like capital adequacy.

Business/Industry practices?:

Capital adequacy and capital structure also depends upon industry/business norms and practices. Thus those businesses that are high risk, e.g., construction industry, film and entertainment industry often reveal a paradoxical situation where minimal funding is out of own or structured capital and maximum funding is from private external sources.

One explanation for this phenomenon could be that the owners themselves as well as the formal sources of finance find these ventures too risky. Hence, as a fallout these businesses have to raise external funds at a very high cost even up to 3% per month (36% per annum) to meet and balance the risk return trade-off.

The less risky, more stable and efficient the venture, the lower would be the need for expected return and higher the borrowing capacity.

Case study of the month?:

Tata Motors one of the flagship Indian Corporate multinational companies of the Tata Group was adequately funded, had a good capital adequacy and was generally successful in all its ventures. The business of Tata Motors continues to thrive even today with the success of the Nano and the Manza.

However, a very significant event happened in June 2008 when Tata Motors acquired Jaguar and Land Rover from the US-based Ford Motors for approx. USD $ 2.3 billion. Tata Motors planned to raise Rs. 72 billion through rights issues which did not meet much success as the share market fell on weak global cues and they were available in the market at prices much lower than the offer price. On tak-ing the bridge loan the debt-equity ratio increased to 1.21 from the previous debt-equity ratio of 0.53 in March 2006 and 0.8 in March 2008. The dilemma which an entrepreneur always faces is balancing ‘risk’ and ‘progress’.

During the economic recession the price of its equity share from the high of Rs.750 to Rs.800 per share in January 2008 came down to a level of around Rs.150 in December 2008 and Rs.130 in February 2009. The right issue was priced at Rs.340 per share which naturally found few takers.

Other option to fund the acquisition like divesting stake in group companies or an international GDR/ADR issue were also abandoned due to adverse markets.

The third and final effort of the company was to raise funds by way of private deposits to refund the bridge loan due by June 2009. Even this effort met with limit-ed success and despite repayment of USD 1 billion till 2008, the bridge loan had to be rolled over in part.

As a risk manager, identify the issues and outline additional strategies that could have been attempted in the given scenario.

Solution to the case study?:

The issues are primarily those that deal with the basis of capital budgeting, fund management and planning the capital structure?:

1. The acquisition of JLR was an effort by Tata Motors to stay ahead of the competitors using inorganic growth.
2. The global meltdown and recession in the world economy adversely affected the market putting the company into a tight spot.

3. The availability of funds in the Indian markets shrank due to the meltdown, credit squeeze, withdrawal of FIIs and adverse market sentiment.

The causative factor primarily was the fact that in the heat of the moment and rush of the deal the short-term sources of funds were used for a long-term use of funds — namely, capital acquisition.

As Warren Buffet the legendary investor says, “It is always easier to think clearer and comment in hindsight.”

The way out and that is what Tata Motors tried is to?:

   i) Diversify into different segments including small cars
   ii) Improve profitability
   iii) Raise resources including by way of deposits for company products from customers.

And ultimately wait and watch for the right time to raise long-term funds to replace the short-term sources tapped for the long-term uses and bring back stability to the financial structure of the company.

Ultimately, if the company had maintained capital adequacy throughout the deal and not jumped in using bridge finance, probably the outcome would have been different.

Postscript?: Now, because of the steps taken the price is back to Rs.842 in January 2010 and around Rs.750 in March 2010. Crisil upgraded Tata Motors’ short-term debt to A+ as reported in March 2010. Hence capital adequacy impacts risk ratings and borrowing capacity in the market.

(The case study and solution are not intended to be in the nature of comments on the functioning or management of the companies but represent one of the possible approaches selected by the author for demonstrating the concept and issues of risk management.)

Nirav Shah

Event Risks — Case Study

Preamble:
Case studies have been an excellent teaching and learning tool, especially in a live setting. Thus, even though formal academic training relies primarily on texts, lectures and tests, in a less formal setting, especially for continuing education, the case study method is preferred.

In fact the tales of the Pancliatanira and Hitopadesha are excellent examples of how this method can transform people, making them smart, intelligent, successful, wise and knowledgeable.

I personally prefer case studies, as a case study cannot and does not have one right answer. In fact no answer given with enough understanding and application of mind can ever be wrong.

The case gives a situation, often a problem and seeks responses from the reader. The approach is to study the case, develop the situation, fill in the facts and suggest a solution.

Depending on the approach and perspective the solutions will differ but they all lead to a likely feasible solution. Ideally a case study is left to the imagination of the reader, as the possibilities are Immense.

Readers’ inputs and solutions on the case are invited and will be shared with others in the next issue. A suggested solution from the author’s personal viewpoint has also been provided for guidance.

Overview:
Event risk is a contingent risk as it depends on and materialises on the happening of an external event that is often calamitous having far reaching consequences. It being an external risk on which the organisation has little/minimal control it is a high-level risk that is difficult to predict, prepare for and handle.

Such events generally create a shakeout and destabilise / change the business, economic, social and cultural environment. Examples of such events in the recent past range from the tsunami, which was caused by nature, to man made events like the terrorist attack on 26/11 in Mumbai.

Event risks can also be classified in different ways as can be seen from the figure below:

External events by their impact on different dimensions and functional areas of the business pose a threat as well as present opportunities for growth of business and development of new lines of business. Post-tsunami, agencies involved in disaster management and relief work and those connected with insurance got a substantial boost.

Similarly, post 26/11, businesses dealing with security — physical, information security, etc. as well as those providing security cover and selling security devices and equipments are also witnessing a substantial boost.

In terms of stock market analysis, event risk can be described as a risk that comes from unexpected and unpredictable events such as a negative industry report, a competitor reporting unexpected poor financial results, or a ratings downgrade by an analyst or by a rating agency. (reference www.yourdictionary.com/event-risk).

Event risk can then be summarised as risks due to unforeseen events partaken by or associated with the company. These are extreme portfolio risks marked by substantial changes in market price. The example picked up for this month’s case study is that of a company employed in conducting corporate training programmes.

Capable Corporate Trainers Limited has been in the business of corporate training for over fifteen years now. It operates in major metros — Mumbai, Kolkata, Delhi and Chennai as well as in Bangalore and Pune.

The business model of the company consists of identifying training needs, developing programmes tailored to suit existing as well as emerging topics and delivering these through own (in-house) and outsourced faculty. Currently the company has two in-house trainers. All others are taken on contract basis as and when required.

The company has managed to hold its own against growing competition due to its good marketing, strong faculty, winning programmes, training ideas, etc.

The recent series of events and incidents have however, adversely affected the company.

1. The terrorist attack incident in Mumbai in November, has depressed the training market in Mumbai, the commercial capital.

2. The economic slowdown, meltdown and downturn, coupled with the stock market crash have been severe events with far reaching impact on the economy as a whole and on the training space in particular.

3. Changed policy of hotels regarding bookings and security measures in light of the fallout of the terrorist attacks on 26/11 have also been affecting the programmes.

Thus although currently the training calendar is set for the months of January to March 2009, sustaining the programme schedules and numbers of participants may prove difficult with cancellations and dropouts being the order of the day.

The top management has decided to have a Board meeting to sort out these issues and address the event risk faced by the company. The consultant to the company has compiled and furnished following further information for our reference.

The likelihood of another terrorist attack in any of the metros, larger cities and sensitive states is quite high. According to analysts, the financial downturn, economic meltdown and stock market crash are likely to adversely affect business till the end of 2009 and depress corporate training demand.

These various aspects and issues reflect a strong event-risk in operation.

As a risk manager, you are expected to identify and analyse these risks and advise the company on the best course of action, and come up with a ‘contingency plan’.

The Solution: The suggested strategy is outlined and implemented as below:

After identifying the risks, the company must put in place safeguards to eliminate or minimise the associated risks to the company based on the level of the risk.

For example, terrorist attacks pose a dual risk to the company. Firstly there is an inherent risk from where the buildings that the company is operating may be at risk of terrorist attack. The company must look at their insurance plan to see that it covers such risks. Secondly, the company must consider alternative storage for critical documents, training records, etc. The other risk is that of the possibility of harm to the faculty of the organisation while traveling to corporate clients’ offices to conduct training programmes. This can be addressed by a specific insurance plan for the faculty, which will not only take care of any company liability but also reassure the faculty with regards to the financial safety of their families. In addition to this, the company must also consider commencing security awareness and training programmes, particularly aimed at the staff of hotels and corporate offices. The demand for such programmes will naturally be high, given civic concerns.

The economic slowdown is the single biggest risk to the company’s business. With this in mind, the company must concentrate on those training programmes and clients which are the most profitable. The company may consider offering benefits in the form of discounts to loyal clients who generate a minimum guaranteed amount of business in a particular year. The company may also start looking at the business of training videos in CDs (DVDs), computer based programs, etc. This will reduce the risk to the company’s faculty and the cost to the client, while at the same time generating a new source of revenue.

Changes in hotel policies and booking arrangements can be addressed by tying up with chain of hotels (to be identified via enquiries through travel agents) that will reduce the formalities for bookings by identifying standardised documents, and other procedures to be followed. Further, the company may consider asking local clients to arrange for the booking themselves to be paid for by either the client or the company itself.

The risk of subsequent terrorist attacks may be minimised by considering online interactive training programmes at a subsidised cost, that will not only mini mise travel inconveniences and risks, but also the associated costs for the company.

To meet the dual risk of economic slow down (cost) and another attack (safety) the risk advisor also suggested:

Change of venue from star hotels to other comparable facilities available in the town.

Many of these suggestions may require investment by the company in technology, particularly information technology. However, sound marketing of these new training measures coupled with judicious use of money and other company resources may lead to sustenance and higher profits in the long term.

Nirav Shah

Group Risk Management

Overview :

‘Group Risk’ refers to risks that arise to an organisation either internally or externally as part of a ‘group’. The group consists of entities and organisations (mostly companies) under the same management.

Generally, especially in India, businesses were started and developed by families that are often referred to as ‘Groups’. These companies are under the same management, operating under the same umbrella. They often share the same ideology, may have similar style of management and functioning and may share some common facilities and may even have shared/common employees and consultants. In such a case, risk that affects any one company can spread to others within the group and also to the entire group due to ‘contagion effect’. This risk may pertain to issues like failure of controls and occurrence of fraud, which will result in tainting of the entire group.

How, to what extent and why the risk will spread within the group and affect it, will depend on the type of risk, the nature and functioning of the group.

There are certain risks that are self-limiting that will not spread out and affect beyond certain limit, whereas others, especially non physical ones where emotions and sentiments are at play may even spread across the entire group.

Thus physical risks like flood or fire may affect only those units in the group that share common facilities or infrastructure or physical space and are inter-connected in that sense. Certain non physical risks like image risk may spread easily across the group with a common management.

The example selected for this month’s case study is that of a group led by a flagship company that makes rubber products and has other companies dealing in construction and real estate, software, consumer goods, travel and tourism, advertising and printing within the group.

Supreme Rubber Products Ltd. is the flagship company of the Biju group of companies. Biju group was founded and came into prominence during the lifetime of Biju Sirkar, who set up number of units and became a well-known successful first generation entrepreneur about 50 years back, in the post independence era. The group consists of about 20 companies with interests in rubber products, construction, real estate, software, consumer goods, travel and tourism, advertising and printing.

Some of these companies are listed, others are subsidiaries or closely held, but all of them are under the same management and share a common logo. These companies operate from three main centers in Kolkata, Bhubaneshwar and Hyderabad. They share a common brand and group logo, and organisational and management practices including HR and training facilities.

Biju is now advanced in age and although the Chairman of the flagship company, is looking for a successor.

Out of the companies, the flagship company and the consumer goods company are doing extremely well. The travel and tourism, printing, real estate and the construction company are facing difficulties due to economic downturn. The software company however belying expectations and market trends, is doing quite well.

Biju being advanced in age the pressure of work and handling of diverse businesses is telling on him. His health is a cause of concern as he had a heart problem that was detected a few months back hence he quickly needs to find a successor. There are two major factions in the group. The elder son of Biju — Gopal and the other his nephew Randhir are power centres and each has been running a company. Gopal manages real estate and construction and Randhir the software company. Both have aspiration to head and control the group.

Although well respected in the market the group has an autocratic style of functioning and relies on discipline and loyalty rather than on professional managers, systems processes, procedures, controls and governance.

It is rumored that Randhir has aligned himself with the opposition in the state, and the ruling party at the centre has not taken it well.

There is some anxiety among the employees about Biju’s health. They are concerned as to what will happen to the companies in Biju’s absense. This has unsettled them.

The real estate and construction company had received a notice of enquiry regarding excess utilisation of FSI and charging that the higher floors in its latest high rise are unauthorised. The media which was generally appreciative of the group had shown some signs of discomfort in the tone of their reporting of this incident.

There are unrelated developments, for example :

the auditor of the advertising company which had come out with a public issue last year has resigned citing personal reasons.

the consumer goods company that had the largest number of employees in the group is facing worker unrest, as they wanted a raise to gain parity with pay scales of other group companies.

the flagship rubber products company has received a show cause notice from the pollution control board in respect of effluent discharged from its factory near Bhubaneshwar.

The above various aspects and issues involve potential risk to the group as a whole apart from the companies that are involved.

As a risk manager for the group you are expected to deal with the risk and present an action plan at the ensuing group meeting that is even otherwise expected to be stormy due to the power struggle within the group.

The solution:

The suggested strategy is outlined and implemented as below:

Any risk analysis requires that we first identify the nature of the risk and the level to which it may affect the company or its operations. Since all risks identified here (with the exception of the pollution incident) are man-made and internally focussed, the solutions need to be internally directed. The pollution incident is a man-made external event.

The first and foremost risk, in our opinion, is the power struggle within the group that may end up splitting the group. The group has to firstly formulate a succession plan, that would involve identifying the successor. This could be achieved by identifying fixed production/profit targets that need to be achieved (through honorable means) within an agreed timeframe. This would ensure an open and impartial evaluation as to who is best placed to lead the group into the future and would eliminate the need for internal conflicts.

The immediate problem is the incident of pollution control, that too involving the flagship company. It is not only an environment risk, but may also result in the closing down of the company due to legislative controls. The Company has to consider:

taking immediate cleaning efforts to mitigate the effects of the pollution.

training and sensitisation Company’s management and staff with the environmental regulations.

taking steps to implement safe good manufacturing practices And put in place environmental controls.

The other immediate problem is that of labour unrest. The group needs to:

identify the differences in salaries and other benefits between companies within the group, and between companies in the same industry.

control the labour unrest that would affect productivity.

take corrective action which would help retain the top talent by rationalising salary and pay scales.

develop cogent and common HRD practices.

develop a system of inter-changing medium level personnel within functions and group companies.

The next risk is to the group’s name/reputation that may result from the malpractices that have been reported in the press regarding the construction company, the labor unrest, and environment issues.

The steps suggested are:

the construction company must forthwith undergo a serious examination of all current and past projects to identify questionable practices and take corrective action, if any, required. The group needs to identify a system of internal control that will ensure that transgression of law are avoided.

to identify laws which need to be complied by all group companies.

to identify laws, rules and regulations to distinctly identifiable business.

to put in place processes to ensure compliance with laws.

This exercise may even highlight suspect practices indulged in by the two contenders who wish to head the group.

The group should also have an effective media policy nad have a media manager and public relations expert to project the company viewpoint to the various stakeholders and the public.

Lastly, the company must identify and address the concerns of the employees regarding the failing health of the group’s patron and the future of the group. This will not only fortify the group’s already failing morale but also help stem the tide of senior personnel who are apparently leaving for personal reasons. Further, as a long term plan the group should consider succession plans for all key personnel within the organisation, to help ensure transparency, a future road map for prospects for promotion, career development and growth for the employees. Such a plan will also ensure continuity of operations for the companies within the group.

The solution is indicative and illustrative in nature and represents the author’s views. The actual solution will vary, as there cannot be a single right or feasible solution or otherwise.

Nirav Shah

Human Resources Risk Management — Case study

Human Resources :

1. Success of an organistation depends on its people – they make or mar an organisation. ‘Human resources’ is a term used to refer to how people are managed by organisations. The field has moved from a traditionally administrative function to a strategic one that recognises the link between talented and engaged people and organisational success. The field draws upon concepts developed in Industrial/Organisational Psychology and System Theory. Human resources have, at least two related interpretations depending on context. The original usage was in economics, where it was traditionally called labour, one of four factors of production viz., land, labour, capital and enterprise. This perspective is changing because of ongoing research into more strategic approaches to HR. Today ‘human resources development’, goes beyond just organisations and national economies, and encompasses global developments. However, the traditional meaning of HR — Human resources management within corporations and businesses refers to the individuals — department — within an organisation that deals with recruiting, training, retaining and removing — in short, managing people.

Human Resources and Risks :

HRD has a role in risk management — for example :

People per se are a source of risk, e.g., shortage of employees, people doing sloppy work, people frequently committing mistakes, individuals refusing to take on additional responsibility or people leaving within a short time after completion of a one-year training programme and above all, key persons leaving the organisation.

People are important for handling risk, e.g., using their ingenuity and being proactive in solving unexpected problems and unforeseen situations, employees going the extra mile for the good of the organisation, a key employee redesigning his/her own job to improve performance, or an employee persuading a talented friend to apply for a position in the organisation.

HRD contributes to the synergy of the organisation, where the sum of the whole is greater than the sum of the parts.

2. The risks are :

attrition at a rate more than industry average.

lack of commitment to the job exhibited by sloppy work.

people committing or repeating the same mistake.

people shunning responsibility.

people not completing assignment within the prescribed time frame.

trainees leaving within a short period of completing their training.

HR covers people working at all levels. In short, HRD’s activities would cover from ‘president to peon’.

3.1 The function of the HRD is to ensure congenial working environment in an organisation and thereby extracting the best out of everyone for the benefit of the organisation. This is achieved by :

clear job description.

adequate training.

selecting right people — by checking background, education and experience of the candidate.

reasonable clarity about growth prospects within an organisation.

motivating individuals to do more than expected to ensure individual growth.

motivating — encouraging people to innovate in performing their assignments.

avoiding shocks by having a clear succession plan for key functions — that is — developing leaders.

dialogue with key personal at regular intervals to understand issues and the dialogue should be both at the individual and group levels.

timely ‘performance appraisal’ and ensuring timely encouragement to avoid dissatisfaction and attrition.

quick reprimand and punishment for failures.

establishing clear lines of communication with labour leaders.

3.2 The organisation needs to periodically evaluate and review its :

HR strategy, policy design and processes

Employee compensation, equity plans

Retirement and benefit plans

Executive and labour contracts

Employment and labour law compliance

Executive and management structure

Cultural compatibility/change readiness assessment

Communications audit

Development of transition plan — key tasks/activities

Regular monitoring of these issues will ensure that HR risks are kept within manageable levels.

4. Extended scope of Human Resources :

Human resources include more than regular full-time employees. They include: all management and labour personnel, family and non-family members, full-time and part-time people, and or seasonal and year-around employees. In fact with the advent of concept of outsourcing, external contractors, and consultants and contract employees are also a part of the review of HRD.

5. Managing Human Resource Risk :

Risk specialists have traditionally focussed mostly on important causes of risk, such as weather, disease and natural calamities, and ways to deal with these risks. Risk management has paid little attention to human resources and human calamities, such as divorce, chronic illness, accidental death or the impact of interpersonal relations on businesses and families. Including human resources in risk management reflects the fact that people are fundamental to accomplishing organisational goals. Human resources affect operations such as : production, financial and marketing decisions. People can help in or obstruct accomplishing what managers have planned. Smaller family businesses do not escape the impact of people. In these businesses as in larger businesses, people are a source of risk and are important to the business’ ultimate success or failure. Overdependence on family members to manage HR can at times negatively affect family business effectiveness and efficiency because of over-powering character of a family member.

6. Implementation of Risk Management :

Effective HR activities are necessary to keep human resources in harmony with the risk management tools adopted by the management team. Risk management decisions are carried out by people. Having the ‘right’ people in place, trained, motivated and rewarded are essential to success in risk management.

7. This month’s case study is on Human Resources Risk Management :

Corporate Consultants Private Limited are a leading consultancy company in the field of media and entertainment. The company is one of the top ten firms in the industry and has some of the leading companies in the region as its clients. The company also has some of the best names in media, advertisement and entertainment on its advisory board, among its consultants and full-time staff.

Of late, retaining key personnel especially at senior management level has become an issue. The Chairman of the company is concerned at the growing instances of employees leaving at short notice and few instances of complaints of insubordination and also of victimisation.

Hence, the company seems to be facing some HR problems which could have serious consequences on client relationship, retention and on the operations of the company.

The Chairman has approached you as an HR consultant to diagnose the malaise and devise a strategy.

8.1 The plan devised is to :

have a detailed discussion with the :

Chairman himself to understand from him his perception of the organisation and the reasons for the problem.

the existing key personnel on one-to-one basis.

some of the middle-level executives.

some of the members of the staff including helpers in the organisation.

meet the key people in the clients organisation who were being serviced by individuals who have left the organisation during the last six months.

compile and study compensation plan in the industry and the organisation.

if possible meet some of the executives who have left the organisation during the last six months.

The plan was discussed with the chairman who approved of the same and assisted in identifying the clients and executives — who had left the organisations for inputs.

The HR consulted in the absence of detailed employee records first studied the data available on the existing executives and those who had left the organisation during the last six months. He especially concentrated on identifying the status of their family relationships and problems.

8.2 The HR consultant and his team after two months of going through records and holding several meetings identified the following :

Mr. A — the so-called right-hand man of the Chairman — had created a coterie of about four midlevel executives and was abrasive and authoritative with his peers thus alienating his colleagues and others in the office — resulting in those juniors working with him ignored even the other seniors in the office, resulting in insubordinate behaviour.

lack of availability of family data of senior and midlevel executives.

lack of system of annual appraisal and discussion with the concerned executive.

lack of a plan identifying growth prospects following the good old saying ‘either you are moving up or moving out’.

9. The HR consultant recommended :

immediate removal of Mr. A and at least two of his colleagues out of four, who were supposed to be very close to him.

introduction, maintance and annual updating of employee family data.

introducing a system of annual appraisal of the entire staff by the department head and discussion with the appraisee.

introducing a system of annual appraisal of the senior and mid-level executives by the managing director along with the HR consultant followed by a discussion with the appraisee.

?a ballot appraisal of the managing director by senior and midlevel executives.

holding of an annual office get-together including everyone from the ‘president to the peon’.

holding bi-annual gathering of senior and mid level executives with spouses.

holding of quarterly meeting with the senior and midlevel executives to review company operations and plans including financial targets.

having a succession policy as it is a family controlled operation.

identifying a successor for every key assignment in every department to avoid shocks on sudden attrition.

development of job specification.

developing a recruitment policy after considering business growth plans.

10. The first recommendation was immediately accepted and acted upon — which acted as shock therapy. This gave visible results by improving discipline in the office and client service.

The managing director personally called on some of the key clients and deputed senior executives to others. This improved client relationship thus avoided loss of clients. This was the damage control strategy suggested by the HR consultant.

11. The HR consultant got the assignment to look into other recommendations and identify a midlevel executive from the organisation to assist him and take over the function of HR executive probably in addition to his executive assignment — thus opening an opportunity for a deserving individual for improving his prospects.

Nirav Shah

Disaster Risk : Risk Management — Case study

Risk

Disasters can be broadly classified as ‘Natural’ and
‘Man-made’. The following are a few examples:

Natural Disasters:
earthquakes, cyclones, tsunamis, hurricanes, famines, floods and droughts, etc.

Man-made Disasters –
wars, riots and terrorist attacks (it is not known when and where a terrorist
strike will take place), etc.

According to a United Nation study, the annual economic loss
associated with natural disasters averaged US $75.5 billion in the sixties, US
$18.4 billion in seventies, US $213.9 billion in the eighties and US $659.9
billion in the nineties. Most of these losses were incurred by developed
countries. The study also points out that:

The severest impact is on the people in the low
income groups, and

85% of the people exposed to natural disasters
live in less or underdeveloped communities/countries.

Disaster Risk Reduction
– DRR – is a term adopted by the United Nations for developing an international
strategy on promoting disaster risk reduction, as it is shown to be
cost-effective. Initiatives that are focused on disaster risk reduction will
either seek to reduce the likelihood of a disaster occurring (flood protection
work by way of construction of dykes, levees and stopbanks, for example) or
enhance the community’s ability to respond to an emergency (ensuring three days
food and water). Initiatives also include increasing knowledge and creating
legal and policy frameworks. Disaster results in people being homeless, becoming
economically weak, education coming to a standstill, infrastructure being
damaged and normal everyday activity being virtually paralysed. The 2001
earthquake in Gujarat is an example of what disaster entails.

A living example of man-made or industrial disaster is the
Bhopal Gas Leak tragedy that resulted in widespread death and has left many
surviving victims still suffering without resolution of the social or legal
issues and reparation of the damages suffered, even after more than two decades!
The anniversary of the tragedy is still observed in Bhopal and religiously
reported by the media, but little action is taken, it seems, beyond paying lip
service to the cause. Hence, businesses operating in hazardous areas or
involving hazardous materials should look at their own risk exposure and
vulnerabilities, and consider appropriate ways of reducing their risks through
appropriate actions and investments in hazard monitoring and risk mitigation,
and by creating resilience. Many governments and international NGOs have begun
to look more carefully at DRR as an important part of sustainable human
development.

Businesses planning for resilience, through financial and
operational risk mitigation measures, also contribute to the resilience of the
local economic environment. This can be achieved by supporting appropriate
regulations and building social capital, as employers and employees are a part
of the community living in the area where the business operates.

Let us not forget that a disaster, wherever it may occur,
impacts both the social and economic environment of the people living in the
affected area, and also the society at large.

Disaster risk and business

Disaster at micro level adversely impacts the businesses
operating in the area where disaster happens. At the macro level it adversely
affects insurance companies. The hospitality industry in Mumbai, especially the
hotels attacked by terrorists in 2008, have still not fully restored the damage
caused to the infrastructure. The economic loss has been shared by the
shareholders in terms of their expected and actual returns, the government in
terms of loss of tax revenue and costs incurred, and the insurance companies in
terms of the compensations and losses, not to forget the trauma suffered by the
public, especially the inhabitants of South Mumbai. On the other hand, the
businesses of security agencies, suppliers of security personnel and insurance
companies, post 26/11, have increased. The Government of Maharashtra, in
collaboration with the Government of India, is, therefore, adopting DRR
measures.

Case study of the month: A beverage company

Coolsip Ltd. is a beverage company that produces and
distributes the Coolcan range of beverages like juices, soft drinks and colas in
Mumbai and across several locations in India and across the Middle East.

The CEO of the company recently attended a seminar on
“Dealing with Disasters” and is wondering whether in the event of a disaster
like a major fire, earthquake or flood or even a man-made one like a terror
strike, the company’s facilities, supply chain, distribution facilities are
well-protected and secured; and whether the company will be able to withstand a
major disaster, especially in view of what happened to the plant in Mumbai
during the 2006 floods.

He consults the CFO on the matter, who is of the opinion that
disasters are practically insurmountable and too large for a company to cope
with and are best left to the government and authorities. The other argument he
put forth was that since its inception 25 years ago, the company or its
facilities have not been affected by any major disaster except once during the
Mumbai 2006 floods, when operations were resumed within two days and losses were
covered by the insurance company. Also, if disaster strikes, with the
authorities and everyone acting swiftly, the situation normalizes in a few days.
In his opinion, the loss to physical assets is insured and, therefore, the
actual loss would work out to be much lesser compared to the elaborate costs of
being prepared for disasters. Therefore, he advised status quo.

The CEO approaches you, an external consultant, for your
views. Give your comments.

The risk management advisor’s first suggestion was that he
should be allowed to:

1. Initially visit at least two facilities including the
one in Mumbai which was affected by the 2006 flood;

2. Talk to the people at the selected two plants to
understand risks involved;

3. Discuss and determine the risks involved with a few key
executives at the corporate office in Mumbai.

After assessment work spread over three weeks, the Risk Management Consultant suggested the following ‘Disaster Risk Reduction’ – DRR measures:

1. Initially, to create a water drainage facility next to the plant in Mumbai to reduce water clogging;

2. Raising the plinth level of the area in which critical machines were installed to reduce the risk of damage;

3. Acquire on rent a godown/storage facility outside the plant premises in Mumbai for storing enough finished goods to meet at least 3 days’ demand, in order to ensure continuity of supply to customers. The plant was already carrying four days inventory of finished goods. The additional cost involved was only rent and cost of a few persons. He suggested that HRD be consulted whether some existing persons could be shifted to reduce additional cost. This was to minimize loss of revenue and retain customer loyalty.

4. The other facility he visited was at Chiplun, a city close to Koyna, an earthquake sensitive area. The suggestion was to consult an architect and ascertain how to strengthen the construction and enable it to withstand earthquake shocks, as mild tremors continue to occur. Even in January of 2010, mild tremors originating in Koyna were felt in Mumbai.

5. He also suggested a detailed review of electrical installations at both the plants to assess the likely impact of floods and/or earthquakes on them, as damage to the power receiving and/or generating facilities could affect production.

6. To insure against ‘loss of profit’ by making a ‘loss of profit’ insurance policy.

7. To consider the possibility of insuring people and property against acts of terrorism.

The CEO and even the CFO who was initially sceptical of the exercise, appreciated and implemented the suggestions. The Risk Management Consultant was also commissioned to carry out a detailed review and suggest DRR measures.

Nirav Shah

Competition risk — Case study

Overview :

Inherent in business is the ‘risk of competition’, which can be local, regional, national and transnational. Surf faced it from Nirma and both are facing it from Ghadi and other regional brands. Despite the ‘risk of competition’, competition is the ‘breath and blood’ of business. Competition motivates managements to innovate. It creates entrepreneurs. Competition and competitiveness are necessary to meet the challenges of tomorrow. It improves both the cost and quality of the product. It would not be wrong to say that competition even changes the taste of the customer.

However, it is also necessary at this stage to see the impact of absence of competition. Its absence results in monopoly, deterioration in quality, increase in prices and consumer being short-charged. The automobile industry is an outstanding example of what absence and existence of competition has done in India. Padmini and Ambassador were both bad in quality and delivery. It used to be said that :

the only thing that works is the horn, and

one needs to book a car when a child is born.

Look at the market today. Competition has led not only to increased availability, but also improved quality and variety of models and makes. Cars at every price point are now available. ‘Nano’ the innovative product from Tata’s is changing the market. Many international car manufacturers are making India as the hub for producing small car. Again care for environment is internationally increasing competition for introducing hybrids. GM is working on a hybrid electric car which will give 230 miles per gallon. Daimler’s smart car will give 300 miles per gallon and Nissan’s product is expected to give 367 miles per gallon — Time 31 Aug. 2009.

Another outstanding example of what competition can do is our ‘telecom’ sector. It is the only product where cost to customer has reduced since the advent of mobile phone about a decade and half back. Today the customer pays not per minute of use but per second of use.

Nations fight for markets. That is what Doha is all about. Opening of services is expected to improve the quality of services. Even during the recent and current financial crises the impacted markets were inherently against taking protective measures as that would lead to lack of competition and result in a closed market which is against the interest of the consumer.

There are a number of factors that attract competition in a given business and industry. The primary factor of course is the prospect of earnings, and growth potential in term of revenues, profits, value addition, market share and customer base and loyalty. Hence, the challenges are :

A. The first real challenge is knowing your competitors, in being able to judge (i) the market segments that are exposed to the risk, (ii) the level and resources of the threat which they pose, (iii) the source of competition risk in respect of the particular competitors in terms of the 4ps of marketing, (iv) their relative strengths and weakness.

B. The second real challenge is in knowing what makes your products and services click in the market in the teeth of competition and why and how you are able to score over the competitors. These two aspects generally enable us to judge the extent of competition and its impact on our business.

C. The third aspect of competition risk pertains to potential and future competition. This is given by the attractiveness of the market, controlled by the extent and difficulty of entry barriers and the competition regulations and trade practices.

Competition encompasses not just the marketing and sales dimension of the organisation covering advertising, brand building and publicity, but affects the entire life cycle of the product and the organisation right from infrastructure planning, supply chain and sourcing, production, human resource to distribution, selling, after-sales service and even research and development.

The demand-supply equation, the entry barriers, the customer preferences, industry size, local, regional and global position all these determine the type and extent of competition an organisation is likely to face.

However ‘competition risk’ is not merely about the risk that your competitors will overtake you and make your product obsolete and your service look much poorer in comparison to theirs, or that they will beat you in the price or in reaching and occupying the market place and the hearts and minds of the consumers. ‘Competition risk’ could be both local and global. Apart from the 4ps of product, price, promotion and place which is the traditional sparring battle ground for competition, competition may also arise and manifest itself in location, policies, product mix, branding, recruitment and even reward and incentive schemes to staff as well as to customers.

‘Competition risk’ often goes much beyond into the realm of opportunities, possibilities, chance, market segments and niches that an organisation fails to spot and cash in on and the competitors are able to capitalise on. In fact creativity, innovative thinking and out-of-the-box approach often are the only offence and defense for dealing with competition.

Effectively dealing with the external risk of competition requires :

A thorough understanding of the market

An analysis of the environment, political, social, economic and cultural.

An understanding of selective strengths and weaknesses of the organisation and its products and services vis-à-vis the competition.

An understanding of potential competitors and the entry and exit barriers.

A strategic and operational knowledge of competitor activity and customer expectations.

Thus, as can be seen from the above, it is indeed a very complex and daunting task, but it is nevertheless essential as without this, one cannot survive the competition.

The example for this month’s case study on competition risk is that of a company operating holiday tours and travel packages.

‘Sweet Memories’ is a tour company that was started about 15 years back in Mumbai. This company initially catered to the middle and lower middle-class segment and according to the budgets and the general trends in these times, arranged tours – and holiday packages to places of interest and cultural themes. It initially arranged tours to the West and South. This was followed by covering Rajasthan and the North.

Around four to five years back it started operating tours overseas to destinations in South-East Asia, Far East, Australia, New Zealand and is now arranging tours even to Europe and U.S.A. The customers are still essentially budget travellers belonging to the ” middle-class segment.

Of late the owners who have been casual in their approach and relying on word-of-mouth publicity ‘ and offering value for money to customers as their mainstay to survive in the market have found business difficult with the new entrants and bigger travel companies coming in with innovative concepts like theme tours, budget tours, action packed tours, exotic destinations and even sports-based tourism like the IPL South Africa tours.

Revenues of Sweet Memories have fallen and the management is at a loss as to how to deal with this” threat of sudden onslaught of competition with high-end tours, large publicity budgets, beautiful travel brochures, exotic destinations and innovative ideas.

They therefore approach you as a professional risk manager and consultant to identify and analyse competition risks and advise the tour company on the next course of action and develop an immediate plan to stop customers from migrating to competition. ‘

Suggested solution for competition risk:

Competition risk analysis needs to be done of the, potential tour market based on :

Identifying existing and future risk for Sweet Memories:

An analysis of the situation reveals the following major issues:

Challenges and risks encountered from competition:

1. Judging the high-end tourist market segments’ needs and expectations.

2. Identifying strategies of new entrants – e.g., price.

3. Developing a positioning strategy and organised approach from the existing casual unorganised approach.

4. Expanding own share in the pie and expanding the pie itself.

5. Review existing marketing plan: Product, pricing, promotion and locational access.

Strategies for overcoming existing competition risk:

1. SWOT analysis:

a. First step is to evaluate internal capabilities and identify areas which require improvement.

b. Determine the scope of improvement.

c. Making small modifications to eliminate un-productive activities. This process requires ‘persistence’.

d. Conducting ABC analysis of revenue generating tourists and repeat tourists.

e. Identifying opportunities – that is – creating new untapped space in the market. e.g., International business exhibition tours, grooming and training with leisure tours for corporate executives, etc.

2. Study regional and international top 5 tour operators:

a. Complete package of offerings

b. Value added features like pickup and escorting services.

c. Customised onboard meal: Veg, Non-Veg. [ain, etc.

d. Event based tours: Brazil Carnival, New Year in Australia

e. Theme based tours: African safari, Buddhist circle, gaming, Dassera in Mysore and Christmas in Jeurusalem.

f. Promotion and Branding strategies

g. Hospitality training to their guides, cooks, other professionals

3. Strong Brand Building and positioning activities will lead towards reaching the customer’s Evoked Set (Unconscious Mind) and help in discriminating customer preferences and choice.

a. Providing a travel kit with most common and essential items with a logo mark.

b. Attractive and innovative brochures with graphics and a colorful appeal.

c. Positioning themselves as High-end quality of service with cost benefit.

d. Creating jingles, slogans, a cartoon character, modified colorfullogo, uniform dressing style for their professionals, etc.

4. Keeping a track of environmental happenings and events directly or indirectly influencing the industry: Social, Legal, Economical, Political, Technological and Cultural environments.

a) Assigning a representative in major interna-tionallocations will help in identifying key events and happening, which are not captured by major media agents.

b) Preparing a calendar with notes of future happening events and subsequently designing tour packages around those happenings – for example, Olympics in China and forthcoming Commonwealth games in Delhi.

6. Optimising Entry and Exit Barriers

a. Creating a niche in the market which becomes a trademark and difficult to imitate by other competitors

b. Besides risk of existing competition, organisation should also open up their vision for other threats like:

1. Bargaining power of customers

2. Bargaining power of suppliers

3. Threat from new entrants

4. Threat from substitute products

Porter’s 5 forces for an organisation’s risk:

– Risk of customer consistently demanding better quality product at reduced price.

– Suppliers demand higher volumes with sufficient margins and shorter payment cycle.

– New entrants possess more features with enhanced strengths like distribution power, innovative promotion, etc.

– Substitute product like jewellery or watches; amusement parks and resorts for tour operators; Nano car for two-wheelers’ market, etc. threatens the ability to cover large market share.

7. Adopting combination of marketing competition warfare strategies:

Sweet Memories depending on the market conditions and result of market study and analysis can adopt a combination of one or more of the following strategies to ward off competition risk.

a. Offensive marketing warfare strategies – are used to secure competitive advantages; market leaders, runner-ups or struggling competitors are usually attacked.

b. Defensive marketing warfare strategies – are used to defend competitive advantages; lessen risk of being attacked, decrease effects of attacks, strengthen position.

c. Flanking marketing warfare strategies – Operate in areas of little importance to the competitor.

d. Guerrilla marketing warfare strategies – Attack, retreat, hide, then do it again, and again, until the competitor moves on to other markets.

e. Deterrence strategies – Deterrence is a battle won in the mind of the enemy. You convince the competitor that it would be prudent to keep out of your markets.

f. Pre-emptive strike – Attack before you are attacked.

g. Frontal attack – A direct head-on confrontation.

h. Flanking attack – Attack the competitor’s flank.

i. Sequential strategies – A strategy that consists of a series of sub-strategies that must all be sue” – cessfully carried out in the right order.

j. Alliance strategies – The use of alliances and partnerships to build strength and stabilise situations.

k. Position defence – The erection of fortifications.

l. Mobile defence – Constantly changing positions.

m. Encirclement strategy – Envelop the opponent’s position.

n. Cumulative strategies – A collection of seemingly random operations that, when complete, obtain your objective.

o. Counter-offensive – When you are under attack, launch a counter-offensive at the attacker’s weak point.

p. Strategic withdrawal – Retreat and regroup so you can live to fight another day.

q. Flank positioning – Strengthen your flank.

r. Leapfrog strategy – Avoid confrontation by bypassing enemy or competitive forces.

To summarise, once competition risk has been identified, it has to be dealt with using a combination of strategies and tackled at all levels to keep competition out of the way. The selection of the strategy, techniques, tools will depend on your own financial and marketing strength, the competitor’s strength and the existing and expected market conditions.

Initially, the ‘risk advisor’ advised Sweet Memories to:

– renegotiate terms with suppliers

– add features to its tours, e.g., air conditioned buses

– develop advertising material in the form of brochures

– employ strategy of distributing brochures through newspaper vendors

– hold low-cost customer meetings prior to the departure of a tour

– distribute travel kits at such meetings

– give specific information on places covered by the tour – e.g.,famous temples, churches, historic buildings, museums, gardens, etc. This information is normally available in local brochures.

The above low-cost strategy has worked in increasing the inflow of customers and the efforts of the ‘risk adviser’ were appreciated. It however needs to ‘- be noted that ‘competition risk’ is an always existing risk and the management has to be vigilant and pro-active at all times.

Nirav Shah

Risk Management Case Study

Risk

Preamble :

Case studies have been an excellent teaching and learning tool especially in a live setting. Thus, even though formal academic training relies primarily on texts, lectures and tests, in a less formal setting, especially for continuing education, the case study method is preferred.

In fact the tales of the Panchatantra and Hitopadesha are excellent examples of how this method can transform people making them smart, intelligent, successful, wise and knowledgeable.

I personally prefer case studies, as a case study cannot and does not have one right answer. In fact no answer given with enough understanding and application of mind can ever be wrong.

The case gives a situation, often a problem and seeks responses from the reader. The approach is to study the case, develop the situation, fill in the facts and suggest a solution.

Depending on the approach and perspective the solutions will differ but they all lead to a likely feasible solution. Ideally a case study is left to the imagination of the reader, as the possibilities are immense.

Strategic and Business Environment Risks :

Managing a business in modern times is an exercise in maximising shareholder value. Economic Value Added — EVA — and shareholder wealth maximisation are looked upon as key metrics in achieving this success.

In this context the entire business focus from setting vision, mission, goals and objectives leading to formulation of strategy for managing business processes, human resources, technology, environment and even down to operational level details is for providing value through mitigating and managing risks — that is — uncertainty. Hence, organisations
that expect to successfully meet stakeholder expectations whilst operating in a regulated civil society environment, need to have a ‘risk-based’ approach to business.

This and the following set of articles in the series aim to consider different risks that are faced by businesses at several levels of operation — viz. — the strategic, middle-management and operational level. We will cover in some detail diverse risks ranging from ‘difficult-to-control,’ ‘high-level’, ‘environmental’ and also internally controllable risks also in this series.

Each article will begin with a brief write-up and provide a case study covering each type of risk.

Overview of Strategic and Business Environment Risks : Strategy formulation requires understanding and dealing with the external-macro, as well as internal-micro environment, which is depicted in Figs. 1 and 2 below.

Macro environment of business :

A look at the business environment depicted above throws up a number of such examples of organisations formulating strategy and dealing sometimes successfully and at other times unsuccessfully with macro and micro environment changes and risk.

An example of this strategy is that of commercial banks. In India, commercial banks moved to having a greater emphasis on retail banking using Internet technology on the one hand and got into investment banking and portfolio management space for high net worth individuals on the other.

In the USA we saw the strategy of pushing complex financial products based on mortgages that ultimately turned out to be worth less/suspect floundering, and causing economic devastation not only in the USA but also in the entire economic world.

Strategy formulation and tackling changes in business environment need vision, foresight and an open mind. An organisation especially its top management needs to be focussed, alert, responsive and open to adopting changes to be successful. Many big organisations have been overcome and fallen by the wayside having been humbled by modern-day ‘Davids’.

The case study for this month’s study is a company selling ice-creams and milk products that turned itself around and is now on the threshold of taking off.

Koolkat Icecreams Ltd. has been in the business of dairy products especially ice-creams for the last 40 years with a factory in the interior of Karnataka. It has been pulling along and has maintained some name in the market despite having a good product.

Over the years it has seen itself being overtaken by the better known, well advertised brands and seen itself being edged off the shelf in most big cities. Even in its hometown and towns it does not have a significant presence.

What has helped Koolkat survive are the canteen sales through rate contract with many Government offices and departments and also contracts for supplying ice-creams in milk booths and kiosks operated by the Karnataka state dairy, that does not itself make ice-cream.

Hence, though having a good product, it has lost market share and not even attempted to seriously compete in the restaurant or even the low-end street vendor segment. In fact if one were to visit even the restaurants in small towns close to the factory, the company’s products are conspicuous by their absence. However, the factory operates at about 70% to 80% capacity and is doing reasonably well.

The young amongst the owners — that is — the top management have realised the changing market conditions and have decided to formulate strategy to deal with the various issues and risks.

Understanding the Environment :

Prior to the meeting that was called to formulate the strategy an analysis of the environment was made.

Political : Likely change expected in the ruling political party at the state level. Exit polls have indicated a 5% swing in favour of the opposition. New administration may be unfriendly leading to loss of assured government business.

Social/Cultural: The prevailing market conditions favour high-end and high-visibility products. The increasing middle class seems to be moving to international ‘and or high-end brands in ice-creams and dairy products. A recent market survey by a leading publication has shown a 20% shift in consumer preferences among the middle class towards high-end products.

Economic: The economic conditions with low level of liquidity, increasing borrowing costs and stringent market conditions indicate difficult times ahead.

Technological : Better infrastructure, transportation, communication and food preservation/manufacturing technology have lowered entry barriers. The distinction between international brands and smalltime manufactures in terms of both cost and quality is getting blurred.

The Company is currently dependent for its marketing effort on its dealer network and distributors/ agents who are being given incentives as per company scheme based on their performance. The entire marketing expenses and advertisements are locally incurred and fragmented. There is no centralised advertisement and marketing activity. The benefits from the schemes is mostly retained and used up by distributors and it does not contribute to building the brand. The complex duty structure and differential rates for products from outside the state are proving to be a problem, as the entire output supplied throughout India comes from the factory in Karnataka. The cost and quality of packing material is also posing issues due to rising costs. Finally, street vendors and local small-scale manufacturers are also giving the company a tough time due to low cost and better reach.

These aspects have strategic and environmental risks that need to be addressed.

These factors independently and in conjunction with other factors like internal conflicts may result in business risk. As a ‘risk manager/adviser’ you are expected to identify and analyse these risks and advise the company on strategy formulation, and come up with an implementable road map.

The Solution :

The suggested strategy is outlined and implemented as below:

Strategic Options :

Marketing Thrust and Image Makeover:

The current marketing is entirely relying on dealer network and sub-distributors with very little central effort and advertisement support. Sales effort is scheme based with distributors enjoying benefit of schemes against offtake of products.

The proposed strategy is :

(1) to increase spend on marketing and advertising and launch the existing product itself in a new ‘avatar’ and consider manufacturing at multiple locations.

(2) to rationalise incentive schemes, especially those schemes that are bleeding the company.

(3) to consider phasing out schemes which are not yielding results.

(4) to utilise money saved to increase high-end visibility – that is – increase initially local advertising rather than newspaper or magazine advertising.

(5) use local language TV channels which are cheaper than national TV channels.

Production through licences, franchises and tieup units:

Considering the nature of the product, transportation/logistic requirements and taxation structure, it is beneficial for foodstuffs to be manufactured and sold locally. The company should formulate a plan to increase production through tie-ups to at least 10 locations across different states initially and expand to 14 by year end and to 24 by end of year 2.

Ancillary activities:

Consider – investigate setting up facility for making plastic cups, spoons to reduce costs and ensure supply of quality packing material. This would also control counterfeiting. In the alternative seek a dedicated small-scale manufacturer – that is – a sole supplier – who would produce under company’s supervision to ensure quality.

Low-end Penetration:

To consider employing strategy of de-risking its operations by lowering costs of production, cutting frills and targeting low-end consumers by introducing another brand through street vendors. The strategy advised and adopted was:

* change in packaging of the established brand – that is – for the existing product.

* introduce a low-end product under a new brand name with different packaging.

Note:

The company successfully implemented this strategy over a period of 12 months. This increased its market share in both low-end and high-end products. It today competes with local low-end brands and high-end brands like Kwality and Baskins and Robins.

Nirav Shah

Regulatory Risk – Case Study

Overview:

It is the duty of every government of a civilised society to regulate economic activity. The function of regulation is to encourage economic activity with ethics which benefits society. However, our (Indian) experience has been that of having ‘over-regulation’ leading to corruption and unethical practices. Reversal of ‘over-regulation’ in the past two decades has changed the environment to an extent, but over regulation and desire to increase the same continues to manifest itself. Let us not forget that too many and that too, complex laws convert ordinary honest citizens into criminals – e.g. – everyone who drinks in areas where prohibition prevails becomes converted from an ordinary citizen into a criminal in the eyes of law. Today there exist many laws which impact normal economic activity. In addition to laws which are common to all businesses – there are industry-specific laws, e.g. – pharma, food, health, chemicals, refineries etc. Compliance with the applicable laws, rules and regulation is an integral part of running a business.

Hence, business runs the risk of non-compliance with laws, rules and regulations resulting at times even in the suspension or closure of business in addition to the levy of penalties, legal action by customers, bureaucratic hassles and corruption.

Non-compliance also at times entails prosecution and imprisonment.

Regulatory Risk is the risk that a change in laws and regulations will materially impact a business, industry and activity, an organisation or an entity. However there is another dimension to regulatory risk. This is the risk of government agencies exercising control over the functioning of commercial and other activities of various entities.

Thus on the one hand a change in laws and regulations can disturb a level playing field; it can give skewed advantage to certain entities, organisations and companies. These regulations can be those pertaining to taxes, duties, licences, other regulations and procedures or relating to human operations.

On the other hand regulatory authorities at the behest of the government, the public or even on its own may step in to regulate, control and guide business or other activity by way of certain norms, rules and regulations which have to be followed and involve a cost, compliance load, and impact the operations, returns and profitability of enterprises. e.g. Drug price control order and the rules there-under is a case in point. The website – ‘Investopedia’ has given the well known example of utility companies like electricity companies to explain regulatory risk. The government through legislation and administrative orders introduces a significant amount of regulation in the way they operate, set their tariffs and even the quality of infra-structure and the controls on the system. Regulations also affect investment market and investment activity which means that any change in these (for example margin requirements) can affect prices, returns and valuations.

The first significant characteristic of regulatory risk is that it is an additional source of risk due to the wide variation in regulations across countries, regions, industries and even regulators. The second significant characteristic is that due to the diversity of cause and effect, the nature of regulatory risks is difficult to understand, perceive, capture and communicate. As a result such risk is not well understood and consequently at times difficult to quantify, estimate, measure and manage.

Also many times this type of risk materialises without any warning or indication and takes most of us by surprise. Thus on the one hand a change in laws and regulations can disturb a level playing field; it can give skewed advantage to certain entities, organisations and companies. These regulations can be those pertaining to taxes, duties, licences, other regulations and procedures or relating to human operations.

The first step for mitigating the risk of violation is to identify applicable laws and put in place, compliance procedures. To ensure compliance there should also exist means of ensuring that the pre-scribed procedures are followed. This is normally achieved by having an effective internal audit or periodic review of functioning of ‘internal controls’.

The regulatory risk can be captured as under:

Regulatory risk

Risk of changes in legislation and its impact.

Risk of changes in rules and regulations and its impact

Risk emanating from government agencies exercising controls by way of regulations and compliances on business.

Risk of corrective controls and palliative measures that can affect businesses and organisations.

A formal analysis of this risk is difficult because it is an external risk that is affected by the frequency of changes in the several laws applicable to a business. The risk also depends directly on the duration of regulation, nature of regulation, whether involving strategy, operations or procedures and finally the extent of discretion exercised by the regulatory agencies. In fact business and industry would do well to study and understand regulatory preferences, styles, policies and trends. To summarise, regulatory risk even in the least regulated free environment is inevitable. The magnitude of risk is inversely proportional to the credibility, accountability and- stability, of the regulators.

The example for this month is the case study of a company engaged in conducting coaching classes for students in the context of regulatory risk. Expert Coaching Classes Ltd is one of the leading coach-ing classes for the 10th SSC and ICSE examinations, the 11th & 12th HSC, CBSE and for entrance exami-nations of lIT like JEE and Engineering and Medi-cal CET and others.

Expert Coaching Classes began as a small venture in the living room of Sri Prakash – a retired senior teacher from Vidya Mandir School about twenty years back with three students. Today it has over 50 in house faculty, 25 visiting faculty, 5000 + students and over 10 branches in two metro cities. In the good old days students were charged Rs.SO per month, today the fees for a year is in lakhs. The business model comprises holding awareness and introductory lectures that are attended by students and their parents. This is followed by a rigorous program for students using in-house well developed material and question bank. The course is inter-spersed with tests, the results of which are periodically communicated to the parents directly apart from communicating the same to the students. Intensive coaching takes place and students’ doubts are cleared. Expert coaching classes thus imparts quality education by limiting the number of students in a batch. Discussions are also held with parents of non-performing students.

There is some turnover in staff and faculty, and at times the advent of new classes means losing a few existing and potential students. Of late on the heels of the use of ‘Right to Information Act’ to uncover overcharging of fees by schools and the ever increasing pressure on the education system following issues have emerged:

i) There is a growing awareness of the need for quality education with adequate facilities, infrastructure and good faculty at school among students and their parents.

ii) After regulating functioning of schools, their admission procedures and fees, there is now a demand to regulate coaching classes.

iii) There is a move to mandate registration for coaching classes which is fast gaining ground.

At present ‘coaching classes’ are fairly independent of the regulatory system except obtaining some municipal licenses. Hence, coaching classes do not face any serious regulation. The risk is that some serious regulation is likely to be put in place. If this happens it is bound to affect the infrastructure needs, working, and functioning of the classes substantially in as much as the fees charged per student are likely to be also regulated. This change will affect both the top and bottom line. Further with conflicting reports emerging about scrapping of CETs, it is not clear if students would continue to patronise these coaching classes. It is in this context that the CEO of the classes has invited you, as the risk manager, to prepare a note identifying, estimating and measuring risks likely to be faced and advise the possible course of action to prevent, protect and mitigate the identified risks and come up with an action plan.

Regulatory Risk Analysis & Solution:

An analysis of the case reveals the following issues:

Well drafted regulations when fairly implemented help in the smooth functioning of business. Hence fair monitoring of certain sets of activities is necessary for implementation of law. However experience tells us clear language is rare and the absence of clear language leads to chaos and corruption. This has a bad impact on both the business and the organisation. It is because of this aspect that business advocates free market with minimum regulation and giving a free hand to the market forces. The following challenges and their impact have been identified:

changes in law and regulations will impact size, fees and profitability.

cost of compliance will increase.

possible increase in unhealthy practice by unregistered, flyby night, small operators.

possible increase in working school teachers conducting private tuitions.

lower profitability.

lower profitability could lead to lower standards

cost cutting measures could lead to increase in faculty turnover – impacting quality.

reduction in visiting faculty to reduce cost – impacting quality.

reduction in investment in infrastructure – impacting quality.

reduction in the number of students because of the above and proposed abolition of Std. X exams – impacting profitability.

Solutions for Expert Coaching Classes (ECC) :

The possible solution to deal with this risk is out-lined in the steps given below:

1. Preparing a sensitivity analysis and assessing its impact on revenue and faculty related concerns.

2. Channelise existing cash flow into higher savings to meet unforeseen contingencies.

3. Centralise operations to reduce costs.

4. Preparing online version of coaching sessions whereby it gives flexibility of time to students, reduces dependence on faculty and investment in infrastructure and reduces operating costs. – encourage e-learning.

5. Identifying areas of diversification – e.g. – corporate training, starting hobby classes, starting health education classes.

6. Initiate a network of coaching classes and form a trade association to take on unfair regulations.

Anticipating risk and taking planned and persistent steps are today essential elements of running a successful business. Suggestions made by the risk adviser have been appreciated by the management. The management has initiated steps in line with the suggestions made.

Nirav Shah

Risk Management

Article

Introduction :

1.1 Over the years, risk and its management have been the
focus of human activity. Risk coexists with change, and it has been a facet of
human life whether it is culture, race, religion, personal life, political,
economic or social activities . . . . risk is an inseparable part of all human
endeavour.

1.2 However, depending on the prevailing attitudes and the
ground situation, in terms of the environment, setting, context and background,
risk has had a lesser or greater importance depending on the role it had to
play. In times of prosperity, growth and wellbeing, risk was and still often is
the farthest from human thought. That it applies equally to the modern world is
evidenced by the severe turbulence and swings and the consequent losses
witnessed in the stock market in the recent past when risk was not top of the
mind for the players in the financial market.

1.3 The current heightened interest and importance of risk
assessment is due to the unique situation that the world is in. Unlike in the
past, in times of the industrial revolution, which had its fair share of risks,
the modern world in the era of Information and Communication technology is a
globalised and networked world where the forces of disintermediation,
virtualisation, convergence, knowledge management and empowerment are at play.
The scope, scale and speed of operations in modern times are far beyond what was
even thought of in the past, the shortened fuse wire of decisions and the
worldwide impact of local actions and reactions are extremely difficult to
predict.

1.4 This transformation has on the one hand magnified
rewards, but on the other hand, has also enhanced risk. Enhanced risk is the
price we pay in this modern globalised world.

Concept of risk :

2.1 The concept of risk has been attempted to be captured in
many ways, but the basic definition still is relevant.

2.2 Webster’s defines risk as — possibility of loss
or injury (peril), someone or something that creates
or suggests a hazard, the chance of loss or the perils of the subject matter of
an insurance contract, the chance that an investment will lose value.

2.3 The word entered the English Language circa 1661 from the
French word ‘risqué’ and the Italian word ‘risco’.

2.4 Risk is imbedded when there is an event with more than
one possible outcome, that is, resulting in either desirable or undesirable
consequences. Each outcome has a probability of occurrence depending on the
circumstances. It is thus a potential event and not the loss itself.

2.5 In fact what may be perfectly normal and beneficial to
one in a given set of circumstances may be fraught with danger and risk to
another in the same or different setting. Thus we have the probability of early
bird catching the worm, and the possibility of early worm getting caught, but
the decision whether to be early or late depends on whether you are the ‘bird’
or the ‘worm’.

Attitude to risk :

2.6 Risk, hence, is a word of many meanings. It means
different things to different people. This perception of risk as a source of
‘threat or peril’, or as a ‘challenge and an opportunity’, depends on one’s
attitude to life and risk — that of a ‘risk averter’ or a ‘risk taker’. Risk
comes in all sizes and shapes from getting caught in rain without an umbrella
and catching pneumonia, — sickness- facing life-threatening situations like
natural calamities and of course normal and abnormal business risks involving
loss of money and reputation.

Types of risk :

3.1 An organisation faces many types of risks. These risks
range from strategy and directional risks at the one end to risks in day-to-day
operations at the other.

3.2 If one were to look at the enterprise as a whole, one is
faced with strategic risks that cover strategic issues, business
decisions and the business environment. Macro issues like political, economic,
social situation and competitor activity often affect and influence these risks.
Operational risks deal with operational issues including manufacturing
and service provision, execution, people issues, administration, communications,
etc. At a different level there are other external risks that exist in
the business environment that relate to markets, availability of finance and
changing value of money – forex. A chart showing an overview of these risks is
given in Appendix 1.

3.3 There are thus many ways of classifying risks — according
to their type or even as Systematic Risk and Unsystematic Risk.

3.4 Systematic risk covers interest rate, reinvestment rate,
purchasing power, market exchange rate and political risk, whereas unsystematic
risk covers business, financial, default, credit, liquidity and event risks.

3.5 Apart from these, risk can be physical, psychological,
social/economic, legal and even risk involving confidentiality.

4. Risk — its importance :

Risk has been with us since the beginning of time. Why is it that addressing, comprehending, analysing and managing it has become so important today? The most important reason for the increased importance of risk is that we have started appreciating the fact that uncertainty and its resultant negative impact on business is increasing with globalisation. Risk is becoming more important than ever before, because changes are rapid and all pervasive that it requires preparedness and quick reflexes to launch pre-emptive moves to counter emerging, altered, scenarios. At the same time both stakes and expectations are increasing. A time has’ come when Gandhiji’s words of wisdom, “there is enough for every man’s need, but not for every man’s greed” are palpable today.

Contributing factors – Some examples:

5.1 Legislation is becoming tougher:

Legislation is now more extensive – from compensation to environmental laws, third-party liability to PIL’s, and laws granting compensation for corporate wrongs are becoming stricter.

Legislation is more stringent – Corporate Governance – clause 49 of the listing agreement and SEBI rules are continuously reviewed and often amended. In the U.S.A. it is the Sarbanes-Oxley Act.

Labour Laws :

Risk assessment is necessary to avert legal liability – esp. in areas of health and safety.

5.2 Insurance is more expensive and difficult to obtain:

Insurance is no longer cheaply available.

Open-ended cover is not widely available.

Insurance companies expect and require clients to manage risks on their own and do not offer a blanket cover.

Insurer does not compensate full loss even if the claim is accepted.

Insurance payouts are slow and difficult to obtain.

Many risks are not covered, such as intangibles like loss of goodwill, reputation and brand equity.

Insurance ultimately is reactive and not a proactive way of mitigating risk.

5.3 Customer – Attitudes:

Clients want to pass on risks to suppliers and service providers and want to de-risk their own business.

Business is more aware of consumer awareness and this has led to claims and litigation.

Shareholders are more aware of risks – affecting business value and therefore increased risk reflects in lower stock values.

5.4 Public awareness:

People and the society at large expect higher standards of probity in corporate behaviour, which means that companies have to manage ‘corruption risk’.

6. Response Management’s attitude:

Professional and pro active managements promote risk management.

Managements are wiser, from past incidents and want risk management practices in place.

With the advent of Global Corporation, risk has become internationalised. Corporations face global concerns and short fuse wire of decisions have a greater impact on corporate bottom lines.

Privatisation – high-risk infrastructure sectors are also now in the private domain leading to greater understanding and provisioning for related business risks.

The source of risk:

7.1 Risk arises due to imperfect knowledge stemming from lack of complete or perfect information about certain facts and events on the one hand and the uncertainty and unpredictability of results of specific inputs and actions, on the other. Risk is contextual and its impact varies depending on the underlying situation and ground realities obtaining in a given situation. It also increases if you are dealing with third-party assets.

7.2 Risk is also determined by actions and moves of the associate and/or adversary, for example, in a zero sum or similar game. The well-known game Prisoner’s Dilemma is an example.

Prisoners’ dilemma:

The game known as the Prisoner’s Dilemma got its name from the following hypothetical situation : imagine two criminals arrested under the suspicion of having committed a crime together. However, the police do not have sufficient proof in order to have them convicted. The two prisoners are isolated from each other, and the police visit each of them and offer a deal: the one who offers’ evidence against the other one will be freed. If none of them accepts the offer, they are in fact cooperating against the police, and both of them will get only a small punishment because of lack of proof. They both gain. However, if one of them betrays the other one by confessing to the police, the defector will gain more since he is freed; the one who remained silent, on the other hand, will receive the full punishment, since he did not help the police, and there is sufficient proof. If both betray, both will be punished, but less severely than if they had refused to talk. The dilemma resides in the fact that each prisoner has a choice between only two options, but cannot make a good decision without knowing what the other one will do. The problem with the prisoner’s dilemma is that if both decision-makers were purely rational, they would never cooperate. Indeed, rational decision-making means that you make the decision which is best for you whatever the other actor chooses. Suppose the other one would defect, then it is rational to defect yourself: you won’t gain anything, but if you do not defect you will be stuck with a loss by way of being punished when the other goes scot-free. Suppose the other one would cooperate, then you will gain anyway, but you will gain more if you do not cooperate, so here too the rational choice is to defect. The problem is that if both . actors are rational, both will decide to defect, and none of them will gain anything. However, if both would ‘irrationally’ decide to cooperate, both would gain by being let off with minimum penalty. Thus this well-known game representing the Prisoner’s Dilemma – “If both prisoners cooperate (do not blame each other) they both benefit each being let off. However if one blames the other and the other cooperates (does not blame the first), then the blamer is let off and the one who cooperates gets arrested for a long term and vice versa. If both blame each other, both suffer a sentence but for a shorter term. Though logically it is best to cooperate, since the prisoner is not sure if the other one willget greedy, they settle blaming the other, just to be on the safe side and minimise potential risk/loss.

7.3 While risk arising from deficient information can be mitigated and reduced by gaining more information albeit at a cost, the risk arising from uncertain outcomes can only be controlled to some extent either by developing better mechanism at predicting the outcomes or better still by controlling the outcomes as much as possible.

7.4 Risk as we have seen, originates from vulnerabilities and threats and results in an adverse impact when it occurs. It is a function of threats, vulnerabilities and their impact. Vulnerabilities produce weaknesses that increase risk. Threats are external adverse factors that have a chance of occurrence. The Greater the threat, the greater the risk. The impact is adverse consequences and damages that can flow from the materialising of the threat. The greater the impact, the higher the risk. Thus minimising the chance of the threat materialising, reducing vulnerabilities and minimising the damage or impact helps to mitigate risks.

7.5 If one addresses risk with preconceived notions about its probable causes, it can lead to disastrous results as the real threat often lies else-where. What is required is clear perspective, correct approach and quick response.

7.6 Both predictive and responsive courses of action have an associated cost. The manager has to develop a strategy that ensures that the returns always exceed the cost of risk mitigation. The right way to tackle, deal with and manage risk is to adopt strategic risk management. In the absence of satisfactory definition of Risk Management …. for practical purposes, the emphasis of risk management tends to be on risk awareness, assessment and mitigation. However, strategic risk management involves :

The process by which executive management, under board supervision, identifies the risk arising from the business and establishes the priorities for control The Cadbury Report, 1992.

Basically altering in a desirable manner where something missing in the system may cause a probable damage or manage its conse-quences.

7.7 The road map to risk management can be summarised as :

Risk awareness – Management must be aware of the hazards and their impact on the business, and how they could be avoided, prevented and reduced.
Risk analysis and assessment.
Assessment – Monitor threats, assess vulnerabilities, and estimate impact.
Prioritisation – Analysis into acceptable, unacceptable and tolerable – Middle of the road risks.
Planning for the future.
Prevention of occurrence.
Strengthening the system against vulnerabilities.
Minimising damage.

7.8 Requirements for successful risk management?

Availability of appropriate facilities and equipment.
Availability of appropriate systems and procedures, including monitoring and auditing performance.
Availability of appropriate organisation, existence of sufficient level of competence, with suitable communication and training arrangements.
Availability of appropriate arrangements for detecting and handling emergency situations.
Availability of a system of active and continuous system of review of risk throughout the organisation.

7.9 Tools used for effective risk management, are:

Control
Insurance
Loss prevention
Technological innovation
Learning, information, distribution
Robustness.

8. The Mantra for success in risk management thus seems to be to ‘bear, share and insure’. Bear what you can yourself, given your risk appetite. Share risk within the industry by creating risk sharing, using averting mechanisms and finally insure what cannot be controlled and pass on the risk to insurers. Lastly, ‘monitoring and planning’ for the future involves a continuous process to adopt a ‘Plan, Do, Check and Act cycle’, in order to de-risk your business to the extent possible.

9.1 Managing risks the proactive way thus involves:

Having strategy that is : creating and putting in place proper ownership structure, carrying on your business on sound premises based on risk policies which minimise exposure to uncertainties.

Managing people is another way of managing risk. This involves:

» Setting standards from the top

» Quick adaptation to change

» Balance and experience – multitasking employees, and

» Allocate responsibility for risk management.

Manage processes: this is the nuts and bolts of risk management and involves developing and putting in place sound policies, best practices, adequate procedures, easy to implement guidelines, sufficient documentation, drills, safer solutions, isolation of threats and active protection of assets.

Spreading the risk by: outsouring processes, sharing risk, using hedging option, swaps and derivatives. Risk can also be spread by insuring for loss of profit.

Finally having a disaster recovery plan and business continuity plan to minimise the effects of the damage caused due to the adverse impact of threats materialising into reality – for example – strikes, lock-outs and natural calamities.

9.2 In short, Continuous Risk Management (CRM) is a structured plan. CRM provides a disciplined environment for proactive decision making to:

Assess continually what could go wrong (risks)
Determine which risks are most important to deal with
Implement strategies to deal with those risks
Measure and assure effectiveness of the implemented strategies.

9.3 For CRM refer Appendix 2

The effective use and implementation of CRM results in a paradigm shift in the way businesses plan, implement and operate.

Risk and the Accountant:

10.1 We have examined risks and risk management as applicable to business and industry in general. Let us now consider the risks that accountants face at the professional, strategic, operational as well as at micro level. Risk has been with the profession since its advent, because accountants certify either ‘correctness’ or ‘true and fair’ state of affairs.

10.2 The accounting profession has passed through turbulent times post Enron and World – Com abroad and our own GTBs and cooperative banking seams in India, and has reached a stage of crossroads. The message is loud and clear, the profession has to improve if the financial system and trust and faith in the profession are to survive. All concerned stakeholders – the government, the key players, the profession itself has moved with alacrity to rectify the situation. New accounting and audit standards have been adopted, the world is moving towards one set of uniform financial reporting standards. A lot has been done; a lot needs to be done. It is in this context we need to look at risk from the perspective of accountants and auditors.

10.3 Accountants play the role of score keeping and reporting. Reporting involves providing information to managements for decision making and to other stakeholders for investment, rewards, taxes, etc. From an accountant’s perspective risk is closely associated with governance, compliance and performance. Every organisation in its attempt to achieve its business objectives needs governance, compliance with laws and measurement of performance – that is profit.

10.4 The issue we will examine is : what is the role and relevance of accounting and the accounting professional, whether as an accountant or as an auditor, in the context of risk and what are the risks an accountant faces.

10.5 The accounting professional’s role in risk is on one side as the person in charge of the accounting and reporting process – the chief financial officer (CFO), and on the other side as a professional, independent auditor or internal auditor who expresses opinion on the financial statements and internal controls, etc. respectively. This is brought out in Fg.1 below.

10.6 The CFO, post SOX in the US and clause 49 and other corporate governance initiatives in India, is responsible for maintaining proper records and accounting for transactions, selection and application of proper accounting standards, computation and extraction of financial statements, true and fair reporting of the profit/loss and the state of affairs and also ensuring safeguarding of assets, control over operations and vouching for the verification and veracity of records. The CFO has thus become ‘owner’ responsible for accounting and reporting function. His liability is thus now two-fold. One of due care to the best of his skill and ability to his employer, and the second of proper service (that is not deficient) to the stakeholders. Failure to do his job using due care, diligence and professional expertise would attract action and liability.

11. Risk as Score Keeper:

The accountant as a score keeper maintains records of financial transactions. Books of accounts and accounting and financial records provide the basis for all decision making within the organisation. It is an analysis of this data using various tools and techniques that helps organisations take decisions. Decisions that are strategic like export or not, expand or shut down, diversify or continue, decisions that are operational like working in the second shift, increasing the work force, double the productions, hold stocks, as well as day-to-day decisions like accept an order, increase the price in the local market, etc.

The information provided by the CFO has to be correct, accurate, timely and relevant. In this role as a management accountant providing inputs he is part of the decision-making team.

Risk as reporter:

12.1 Financial statements provide key information to stakeholders. It is the business scorecard that gives vital information about net worth, assets and liabilities, profitability, growth, stability, liquidity, solvency, gearing and turnover.

12.2 The information provided by the accountant – CFO – who is a critical member of the management team is expected to be independent (unbiased), transparent, true and fair – that fairly represents the position of the business from the stakeholders’ perspective. In this role, the accountant faces the risk of application of wrong principles and standards, wrong accounting estimates, errors, mistakes and frauds, inaccurate particulars, window dressing and creative accounting – that is – unfair presentation, off-balance sheet items, unaccounted transactions, unprovided liabilities,watered capital, issues of capital versus revenue, deferment of revenue expenses, under-provisioning or over provisioning for expenses and liabilities, the list is endless.

12.3 Any lapse in the discharge of this responsibility can involve civil, criminal and professional action.

Risk in Audit and Assurance:

13.1 The risk in this role is twofold. The first as an internal auditor having organisational independence and the other as the independent external/ statutory auditor.

Internal Auditor:

13.2 As an internal auditor, the accountant deals with reporting on: existence and effectiveness of controls, adherence to policies and procedures, safeguarding of assets, compliance with laws and regulations, existence of appropriate and adequate documentation and MIS, fraud and error, deviations from established and prescribed procedures and at times on proper utilisation of physical and human resources.

13.3 The risks faced by the accountant as internal auditor arise from the sheer volume and complexity of transactions and are:

failure to detect lapses and weak in procedures
failure to identify areas of fraud
failure to detect frauds
maintain his independence whilst being an employee of, the company.

External Auditor:

13.4 As an external auditor the professional accountant deals with financial statement reporting, fair presentation of the position of its assets and liabilities, and true and fair reporting of its profit and loss for the period. This involves verifying the books of accounts, with supporting evidence, proper application of accounting principles and standards, verifying existence and efficacy of controls and following the set of professional audit and assurance standards developed over the years. All this enables him to express an opinion on the financial statements prepared and submitted by the management.

13.5 The external auditor can do precious little to address risks inherent in a business activity. He is not an insurer of results, but what he can and must do to the best of his professional ability is to address the risk of detection of misreporting.

He needs to display independence and professional competence, use the concepts of materiality, prudence and professional skepticism, whilst dealing with error and fraud to provide sufficient assurance to the users of financial statements that the financial statements are ‘true and fair’.

13.6 The days of the Kingston Cotton Mills’ case where the auditor was not responsible for reporting frauds and other delinquent acts of managements are gone.

13.7 A professional accountant owes a duty of care to the person who has engaged him for the work of auditing and reporting, arising out of the contract and terms of engagement and the governing laws and regulation.

13.8 The liabilities of professionals especially ‘auditors’ who do not discharge their responsibilities are broadly divided into four types. These are:

civil liability for negligence,
statutory liabilities under the Companies Act, 1956 and other statutes,
liability under the Indian Penal Code
liability for professional misconduct under the Chartered Accountants Act, 1949.

14. Auditors were not considered to owe a duty of care to third parties or individuals belonging to a group in the absence of a direct contractual relationship even if these third parties had relied on his report. The decision in the cases of De Savory vis Holden Howard & Co, (TLR) 11-1-60 and Candler vIs Crane Christmas & Co Court of Appeal, 1951 Z. K. B. 164, absolved the auditor from such responsibility. However, the dissenting judgment of Lord Denning in Candler vis Crane Christmas & Co is worth perusing. He observes :

“The accountant, who certifies the accounts of his client, is always called upon to express his personal opinion whether the accounts exhibit true and correct view of his client’s affairs, and he is required to do this not so much for the satisfaction of his own client, but more for the guidance of shareholders, investors, revenue authorities and others who may have to rely on the accounts in serious matters of business. If we should decide this case in favour of the accountants, there will be no reason why accountants should ever verify the word of the one man in a one-man company because there will be no one to complain about it. The one man who gives them wrong information willnot complain if they do not verify it. He wants their backing for the misleading information he gives them and he can only get it if they accept his word without verification. It is just what he wants so as to gain his own ends. And the persons who are misled cannot complain because the accountants owe no duty to them. If such be the law, I think it is to be regretted for it means that the Accountants’ Certificate, which should be a safeguard, becomes a snare for those who rely on it. I do not myself think that it is the law. In my opinion, accountants owe a duty of care not only to their clients, but also to all those whom they know will rely on their accounts in the transactions for which these accounts are prepared.”

This liability of owing a duty to third parties was established by the decision of Hedley Byrne and Co Ltd. vis Heller and Partners. (1964) Act 465.

15. I would refer to two Indian cases:

1. The decision of the Bombay High Court in Trisure’s case No. 1377 of 1978, dated 211 24 October 1985 re-emphasised that an auditor need not proceed with suspicions unless the circumstances are such as to arouse suspicions in a professional man of reasonable competence. The judgment also upholds the use of sampling for testing internal controls and use of sampling to complete the audit where controls are found satisfactory .

2. The observation of Justice P. T. Raman Nair in the decision in the case of “The Official Liquidator, Palai Central Bank Ltd. vis Joseph and Other, (App. No. 247 of 1963 in BCP No. 11 of 1960) are relevant:

“So far as the 8th respondent, the auditor for 1946 onwards is concerned, very lengthy arguments have been addressed regarding the duties of a familiar bloodhound as opposed to watchdog lines. But this much I suppose one would not deny and counsel for the 8th respondent has not been disposed to deny it namely, that even the tamest of watch-dog has duty not to connive with the thief.

16.1 Let us consider the present situation in which chartered accountants and auditors are viewed by the public and stakeholders as service providers. Service provided includes accounting, audit & assurance, taxation, consultancy, investment advisory, valuation and/or many other services including at times opinions and management consultancy. The issue is: Is there any exposure under the consumer protection laws for other similarly-placed professional service providers – for example – doctors and lawyers who have been recently exposed? The decision of the National Consumer Disputes Redressal Commission and later the Supreme Court of India in the case of Indian Medical Association v. V.P. Shantha, (AIR 1996 SC 550) has held that the services rendered by the medical practitioner is included and covered under the definition of ‘services’ in S. 2(1)(0) of the Consumer Protection Act, 1986. This covers not only the treating doctors but also the consultants.

This reflects the view that the watchdog bodies of the profession are not perceived to be adequate to provide justice to consumers. In its judgment dated August 6, 2007, in the case of D. K. Gandhi v. M. Mathias, the National Consumer Redressal Commission made it clear that all professionals, including lawyers, should come under the ambit of the Consumer Protection Act. If doctors can come under the fold of the Act, lawyers and all other providers of services like chartered accountants, architects and property dealers will come under the Consumer Protection Act too. This case marks a departure from the established law that professionals can be penalised only by the established Discipline procedures under the law governing the profession. Thus in the changed environment claims for deficient services will not be restricted to be dealt with by the disciplinary committee or an in-house forum of the Institute, but could be agitated before and decided upon in other fora like the consumer forum and Civil and Criminal Courts.

16.2 The accounting is changing and facing challenges like fair value accounting, inflation, intangibles, growing dependence on information systems, ERP, and last but not the least, convergence with International Financial Reporting Standards – IFRS. All these challenges are areas of risk.

The current financial crisis :

17.1 The current financial crisis beginning with the sub-prime crises in US, followed by economic meltdown, reckless investment and products, right up to the recent string of bankruptcies, near-collapse situation in the United States and the last minute bail-out has brought to fore immense risks in the world of finance.

17.2 What has caused this current crisis? Is it bad economics? Bad mathematics? Bad logic? Poor judgment? Is it a failure of rating agencies, failure of merchant bankers, investment analysts and consultants, failure of banks and financial institutions in their due diligence and homework and failure of auditors in expressing their opinion ? Failure of monitoring and regulatory bodies and government agencies, failure of Boards in their oversight? Failure in record keeping and reporting . . .. probably it is all of this in some measure. I suspect all have failed.

17.3 What would be the fallout and impact of the ongoing crises like the turbulence in the forex market and where derivative products have been sold by leading banks to mature corporates and investors with neither displaying the maturity, the seriousness, the understanding and the capacity of going through such transactions? Can this be called ‘risk’ management? The conclusion is in the negative.

18. A person can always be wiser in hindsight. But one fact that comes out glaringly out of this is that every situation, every strategy, every move, every operation, every action, every transaction, every receipt and payment, every contract, every assurance, every deal, every agreement, every statement, every acceptance …. has a financial footprint that the accountant captures, records and reports and the auditor verifies, vets, vouches, audits, comments and expresses an opinion on. Does that mean that all this is too onerous and that accountants should hide behind disclaimers, subject tos, not withstandings, ifs and buts, and the law as it stands? Professional accountants, be they CFOs, accountants or auditors, need to understand the situation and the task before them, and equip themselves to go forth and discharge their role. To quote William Shedd

“A ship in harbour is safe, but that is not what ships are built for.”

This is the challenge.

19. I repeat the way forward for accountants to counter this risk is to equip themselves with knowledge through continuing professional education, improve assurance function supported by peer review, and above all maintain independence coupled with professional skepticism and adherence to ethical standards. The need of the hour then is to convert vulnerabilities and weakness into strengths and threats into opportunities to manage change. Let us accept the challenges of change.

Appendix 1

Overview of different types of risks faced by an Enterprise :

(A) Strategic risks:

Strategy and business environment risk
Event risk, group risk, legal risk
Regulatory risk, competition risk
Management risk, organisation risk
Human resources management risk
Capital inadequacy risk
Disaster risk/Force majeure
External credit rating

(B) Operational risks: Manufacturing/Service Risks

Manufacturing failure
Service failure
Project management risk
Compliance risk
Accounting/Taxation risk

Risks in Operations

Audit compliance risk
Booking error
Business process design
Customer relationship management
Counter party failure
Confidentiality risk
Distribution channel
Documentation risk
Execution risk
Information communication risk
Information security risk
Methodology error
Model error
Money laundering
Product complexity
Settlement error
Security risks
Training gaps
Volume risks

Risks in Human Resources

Fraud
Keyman
Human error
Training gaps
Negligence

Risks in Communications

Communication interface risk
Connectivity failure
System customisation risk
Telecom failure
Third-party/vendor failure for non-IT outsourcing

(C) Market Risks:

Commodity risk
Country risk
Equity position risk
Limits risk
Price volatility

(D) Credit Risks:

Counter party risk
Credit appraisal
Credit investigation
Exposure risk
Monitoring gaps
Recovery risk
Sector downturns
Security realisation risk

(E) Finance Risks

Liquidity Risk

Funding risk
Market conditions
Time risk

Interest Rate Risk

Basis risk
Prepayment risk
Re-pricing risk
Yield curve risk

Forex Risk

FX rate
Gap risk
Settlement risk

Appendix 2

Continuous Risk Management (CRM)

1. CRM requires formulation of :

Develop Risk Management Plan
Perform risk assessment during systems analysis sub-process
Establish an initial set of risks (simplest technique is brainstorming)
RM plan and risk profile evaluated and base-lined in evaluation sub-process.

2. Implementation of CRM plan requires:

Implement risk management process defined in the plan
Implement risk tracking system
Use risk management continuously to control and mitigate risks
Use risk assessment to identify and analyse risks.

Nirav Shah

Journal

Resources

About

Reach Us

Audio Version

Category: Risk Management

Legal Risk — A Case Study

Management Risk — Case Study

Credit Rating Risk : Risk Management — Case study

Bhopal Gas Tragedy

Manufacturing Risk Management

RISK de jure

Managing Service Failure Risk

Capital Inadequacy Risk : Risk Management Case Study

Event Risks — Case Study

Group Risk Management

Human Resources Risk Management — Case study

Disaster Risk : Risk Management — Case study

Competition risk — Case study

Risk Management Case Study

Regulatory Risk – Case Study

Risk Management