APRA emblem - CiteSeerX

3 downloads 73 Views 112KB Size Report
General Manager, Finance, CSR Limited. 1 For the purposes of this paper, capital management refers to the process of determining the optimal capital structure ...
Risk and Capital Management in Non-Financial Companies 1. Introduction The recent past has seen the emergence of a number of trends in the financial markets: globalisation, deregulation, innovation, technological advancement, disintermediation and changes in the competitive structure of the financial sector. In turn, this has led to a re-assessment of the risk and capital management strategies of financial institutions and the role of financial regulation. These changes have also had a dramatic impact on the financial strategies of nonfinancial corporations. One of the most notable has been an expansion in the range of financial products available. In the area of risk management, an increasing number of risks can now be hedged, and for increasingly longer terms. A better understanding of derivative products and the processes and controls required for their application has made these risk management tools and techniques more accessible. Similarly, in the area of capital management1, the increasing range and volume of available financial instruments has facilitated the creation of more complex capital and ownership structures that are more attuned to the specific needs of individual companies. Increasingly, corporations are recognising the need to focus on delivering shareholder returns. This has prompted greater attention to be directed towards assessing how balance sheet and risk management contributes to enhanced shareholder returns. The growth in leveraged buy-outs (the ‘LBO movement’) has challenged conventional views about what constitutes optimal gearing strategy.2 The availability of share buy-backs has put more pressure on companies to more actively manage their balance sheets. The fundamental issue is how to select, from the choices available, capital and risk management strategies that contribute to the maximisation of shareholder value. The academic literature does not have a well-accepted consensus view on the relationship between risk management strategies, financial strategy and value. Observation and empirical evidence documents a wide range of practices adopted by companies, suggesting that there is no single correct answer. The objective of this paper is to provide insights into the financial strategies of non-financial companies in so far as these strategies relate to risk management and capital structure. Section 2 puts forward some reasons for why the approach to risk and capital management

Tony Carlton * 83 in non-financial companies differs from that in financial institutions. This is followed in Section 3 by an overview of the principal financial strategy issues faced by non-financial companies, especially in the context of shareholder wealth maximisation. Section 4 outlines the principles underlying the concept of shareholder value and explains how these principles relate to risk and capital management strategies. The type of factors that need to be taken into account when determining value maximising risk and capital management strategies, as well as the link between these strategies and management incentive systems, are also considered. The final sections consider some implications for the role of the finance function in a non-financial company. The fundamental assertion of this paper is that nonfinancial companies must develop and implement risk and capital management strategies that demonstrably contribute to shareholder wealth creation. In addition to meeting shareholder demand, this will help focus the direction and efforts of the finance function. The value added by risk and capital structure management depends on the individual circumstances of the company and, in particular, the company’s total risk profile, its tax profile, the specific risks and costs of financial distress, investment opportunities and the nature of company ownership. Hence, the optimum strategies are company specific – it is inappropriate to apply formulaic rules of thumb. Acceptance that total risk is important inevitably leads to the conclusion that risk should be managed on a company-wide basis. In financial institutions the assessment of risk and the evaluation of capital needs are closely related. For non-financial companies, however, the link is less clear. Traditionally, the risks within the company have been managed on a segmented basis in line with business or functional responsibilities. Developing strategies that recognise the company’s total risk requires a broad perspective on risk analysis that incorporates an understanding of the dynamics of each business. In addition, the management of risk needs to be more strategic in nature. Risk management adds value through the benefits of a more stable cash flow stream. A focus on short-term tactics and techniques does not necessarily enhance cash flow stability; strategic management of risk requires a longer-term perspective.

* General Manager, Finance, CSR Limited. 1 For the purposes of this paper, capital management refers to the process of determining the optimal capital structure of a non-financial company. There are, of course, a number of issues that relate to the optimal capital investment strategy that are not addressed here. 2 A leveraged buy-out (LBO) facilitates equity ownership of a company via a highly-geared transaction funded by a ‘venture capital group’.

Tony Carlton

84

To achieve such an approach, the finance function in a non-financial company must:

strategies and management incentive structures; and



place more emphasis on the process of risk management, especially the identification, understanding and measurement of exposures. Given that the solutions to many problems are now available through the use of derivative techniques, the focus should be on ensuring that the right problems are solved. This should involve not only the analysis of individual business and financial risks3, but management of risk on a company-wide basis;





direct greater effort to the area of performance measurement. The focus on risk management performance is a relatively recent one and follows from a number of developments including greater external reporting obligations, some high profile corporate derivative losses and an increased range of derivative products. Whatever method of performance measurement is chosen, it is important that the desired outcomes of risk management practices, and associated benchmarks and incentive systems, are aligned with the creation of shareholder value;

2. Why are Non-Financial Companies Different?





ensure that the company is adopting a pro-active, and sufficiently aggressive, approach to capital management; better understand the potential linkages between capital structure strategies, risk management

use risk measures that are appropriate for nonfinancial companies. While value-at-risk (VaR) techniques are becoming increasingly popular, such techniques are only appropriate for nonfinancial companies under limited circumstances. An approach to risk which focuses on the measurement of ‘cash flow shortfall’, or cash-flowat-risk, rather than the variance in market value, is probably more appropriate.

The distinction between financial institutions and nonfinancial companies is critical to acquiring an understanding of the differences in approach to risk and capital in the two types of organisation. Further, given the relatively advanced state of development of disclosure requirements in financial institutions, this distinction is also relevant when determining how corporations can best publicly disclose exposures and risk management practices. This is an issue that is still not well addressed by those who regulate corporate disclosure requirements. Figure 1 summarises the key differences between financial institutions and non-financial corporations. In financial institutions risk is part of the intermediation process itself; the role of the financial

Figure 1: Key Differences between Financial and Non-Financial Companies Financial Institutions

Non-Financial Companies

Regulatory

Protect payments system and systemic risk

Focus on corporate governance and disclosure

Nature of Assets

Tradeable, financial assets, market makers Highly diversified portfolio Cash flows largely contractual Diversification improves quality of the portfolio

Balance sheet comprises illiquid assets Risk concentration Underlying cash flows non-contractual Portfolio diversification creates negligible value

Role of Risk

Raison d’être to absorb and / or intermediate risk

Risk arises from natural physical characteristics of underlying business Lower focus, less skills in the process

Risk management is key focus and skill of management Aggregation and integration of company-wide risks Risk Measurement

3

Ability to statistically measure risk

Fragmented approach

Limited ability to measure most of the risks due to limited observations, linkages and causal relationships

Business risks are incurred as part of the strategic decision making process of the company as well as in the company’s day-to-day operations. Financial risks refer to the potential for changes in foreign exchange rates, interest rates or commodity prices to adversely impact on the cash flows of the company and consequently on that company’s value.

Risk and Capital Management in Non-Financial Companies

institution is to intermediate risk.4 By contrast, in nonfinancial companies risk is a by-product of the underlying activities of the business lines. As highlighted in the Figure, non-financial companies typically deal with risks that are difficult to quantify and/or hedge. Also, the nature of the risks is such that risk management is more often fragmented than is the case in financial institutions. This may partially explain why non-financial companies are often characterised by a greater diversity of strategies relative to financial institutions. An important characteristic of nonfinancial companies is that the financial exposures arising from potential shifts in market prices (ie foreign exchange rates, interest rates and commodity prices) cannot be separated from the underlying business. The factors that drive cash flows are complex, and financial variables are inter-twined with the cash flows generated by a particular business. As a consequence, decisions about which exposures to hedge, or not hedge, are complex ones. Consider, for example, an Australian commodity exporter selling produce to the US. The exporter has exposure to the AUD/USD exchange rate as well as to changes in commodity prices. Understanding the exact nature of the exposure would require an understanding of the relationship between foreign exchange rates and commodity prices. Does a

relationship exist and is it a causal one? Is the relationship stable over time or will it change as the structure of the global industry changes? If the commodity price and currency are perfectly negatively correlated then, in AUD terms, the exporter effectively has no exposure to the exchange rate. In this case, to hedge either the currency position or the commodity position would give rise to an exposure that previously did not exist. Another example is the ‘indirect economic exposures’ of a locally operating company. A company operating solely in the local market, and competing with importers, can have as much exchange rate exposure as an export firm. A stronger AUD means that imports will become relatively cheaper, putting pressure on either the pricing or market share of the local supplier. Finally, one issue that must be addressed by many importing companies is the need to determine the effective currency of the commodity. Although many commodities are denominated in USD, the effective currency will depend on the interaction of marginal supply and demand, substitute products etc. Figure 2 provides a simplified representation of the corporate view of the world and attempts to explain how risk management fits within the broader strategy of a corporation. The objective of value maximisation is achieved through the performance, investment and financial strategies of the corporation. Unlike in many

Figure 2: Performance, Investment and Financial Strategies of Non-Financial Companies The Real Assets Strategy "How do we create value?"

4

Maximising long-term cash flows through • strategy • superior operating performance • capital investment/growth options • organisation design

Financial Strategy Portfolio strategy Ownership structure

Financial strategy to lower overall cost of capital • gearing • dividend • debt structure • financial risk management

Where "Who do we deal with?"

Product markets for goods and services, (where the cash flows are created)

Risks

• strategic • commercial • operating • technical

Commodities Currencies Interest rates

• default • refinancing risk • capital availability • cost of capital

Risk Management Strategy Options

• operating leverage • production location • volume/product mix strategies • project selection • diversification

Risk management processes

• gearing/debt structure • derivatives • insurance • self insurance

Equity market

Financial markets, where the cash flows are valued

Refer to the paper by Jenkins in this Volume for another perspective on the role of risk in financial institutions.

85

Tony Carlton

86

financial institutions, business strategies in non-financial companies, such as product diversification and location, are part of the risk management function itself. It is interesting to consider the range of ‘real’ or operational responses that are available to nonfinancial companies to manage their risks: •

operating leverage (the mix of fixed and variable costs) is one way of responding to volatile markets;



changing the location of production to a foreign country is a response to foreign exchange exposure posed by import competition;



adjustments to production volumes can be made in response to anticipated variations in market prices;



modifications to the business portfolio, through the screening of projects, abandonment of projects or divestment can be undertaken to impact directly on the risk profile of the company; and



a diversified portfolio can be assumed in order to absorb risk.

It is important to emphasise, however, that each of these risk management, or hedging, strategies will have its own economic costs and benefits in addition to those that may result from risk reduction. Nonetheless, the range of strategies at hand demonstrates that many of the risk management opportunities available to companies are deeply embedded within the individual businesses. It is also interesting to note from Figure 2 the interaction between real assets and financial markets; non-financial companies straddle the (real) product markets (where the value is created) and the financial markets (where cash flows are valued and traded). The performance of real assets is affected by events in the financial markets. The most obvious examples are the effects of exchange rate, interest rate and commodity prices on financial performance. However, just as potentially significant is the effect that financial strategies have on behaviour. For example, the gearing of a company can have a potentially significant impact on the behaviour of management and therefore the cash flows, and ultimately the value, of the business. This is best exemplified by the use of leveraged structures, such as LBO transactions, to facilitate the concentration of ownership. Strategies for achieving maximum value increasingly involve financial market tools, such as ‘leveraged recapitalisations’ and ‘spinoffs’, as a means of adjusting the business portfolio and

achieving improved incentive structures and corporate control mechanisms. While financial markets operate in terms of traded securities and readily observable values, businesses are focused on operating in the ‘real asset’ markets. This highlights a critical role for the finance function in a non-financial company, namely, to act as the link between financial markets and business units. By applying financial market products to real businesses, the function adds value. This value is created not by duplicating the trading skills of financial institutions, but by acquiring a comprehensive understanding of the non-financial company’s businesses and their operations, and by recognising when and how financial solutions can add value.

3. Risk and Capital Management in Non-Financial Companies – Some Issues and Challenges The financial strategies of non-financial companies have been significantly impacted both by trends in financial markets and by changes in the corporate environment. Major changes in recent years have included: •

changes in the regulatory environment. Amongst other developments, these changes have enabled the use of share buy-backs and allowed for greater access to offshore markets;



globalisation. Many companies now have access to a wide range of international markets. While this yields many benefits, it also means that companies are more quickly affected by changes in global financial markets and are increasingly subject to competitive pressures;



disintermediation. The disintermediation trend has fundamentally changed the role of traditional commercial banks, providing companies with direct access to end-investors. In addition, the role of corporate lending has also changed, transforming the way that counterparties deal with banking providers;



innovation. The development of new products has facilitated alternative risk transfer arrangements as well as more tailored capital structures;



competitive structure of the financial sector. Competition amongst financial institutions has given rise to

Risk and Capital Management in Non-Financial Companies

opportunities for end-customers to adopt reasonably aggressive approaches to supplier management and is also driving the process of innovation; and •

technology. Advancements in electronic technology have facilitated more efficient payment transfers. Also important are the dramatic improvements in computing technology that have allowed for more accurate analysis and pricing of derivative transactions.

The combined impact of these changes in the financial markets has been an expansion in the available supply of competitively priced financial products. The increased availability of tools for hedging a wide range of financial exposures, along with the lengthening terms of these contracts and the ability to incorporate option-type features, means that companies are better able to fine tune hedging activities to their requirements. Similarly in the area of capital management, deregulation in the US and changing attitudes in Australia have made capital markets more accessible. Moreover, the greater acceptance of a wider range of counterparty credit qualities, together with the development of a diverse set of financing instruments, has facilitated the tailoring of capital structures. Perhaps the most significant trend, however, has been the development of a more active market for corporate control, and the accompanying focus on shareholder wealth creation. This focus on shareholder wealth comes at a time when there is increasing competitive pressures on virtually all companies. Hence, non-financial companies must focus on addressing the question of how risk and capital management strategies add value. Clearly, the impact on shareholder value should be the benchmark against which all alternative strategies for risk and capital management are evaluated. Against this background, there are a variety of challenges facing those responsible for setting financial strategies. A number of these issues raise fundamental questions about the value added by financial strategies and activities.

Lack of Consensus as to How Risk Management Adds Value Despite the development of a wide range of tools for managing risk, an even more fundamental question must still be addressed, namely, how does risk management add value for shareholders? The

5 6

See Modigliani and Miller (1958). See Copeland and Joshi (1996).

relationship between risk management and shareholder value is difficult to determine. This is especially the case when considering capital structure and financial hedging strategies, eg interest rate and currency hedging. One source of guidance is given by Nobel Prize winners Modigliani and Miller who argued that financial strategies, such as capital structure and financial hedging, have no impact on value.5 Their fundamental premise is that, as long as the cash flows and investments of the firm are given, the capital structure of a company cannot affect the value of that company since investors can duplicate any financial strategy in their own portfolio. This is an interesting conclusion that casts doubt on the value added by many corporate finance activities within non-financial companies. While many might perceive Modigliani and Miller’s conclusion to be simply an abstract theoretical notion, there are numerous practical illustrations that suggest that financial hedging does not add value. For example, research by Copeland and Joshi questioned the economic benefits of currency hedging.6 Their study, based on an analysis of the foreign exchange hedging strategies of 200 large companies, found that even the most complex hedging strategies did not necessarily reduce cash flow volatility. Hence their conclusion was that, in many instances, hedging is ineffective. This particular result is understandable since, as indicated by most surveys, companies generally hedge transactional exposures out to only 12 months. It is doubtful that such a strategy could have much of an impact on reducing long-term volatility. Moreover, even if the finance function succeeded in hedging all the financial risks of the company (a practical impossibility), financial risks are only a subset of a company’s total exposure. Another commonly held view is that companies generally over-hedge their exposures. Again, this result is not surprising given that exposures are often separately managed within a company. As suggested earlier in the paper, there are also numerous examples where companies can, in fact, increase exposures through inappropriate hedging policies. Additionally, it is often felt that hedging offers only a short-term smoothing of reported profit and does not have a lasting impact on the company’s fundamental profitability. Finally, a number of companies have policies in place that either preclude hedging strategies altogether or else employ them only in limited circumstances.

87

Tony Carlton

88

Companies take this approach for any one of a number of reasons. For example, the company might be of the view that shareholders buy shares in the company in order to acquire the relevant exposure. In hedging that exposure, company management may be acting in a way that conflicts with shareholder objectives. Similarly, it may be assumed that investors are well-diversified. Hence, they cannot benefit from the hedging strategies of individual companies and do not need the company to create a layer of protection that could potentially be very costly. All of this suggests that it is perhaps inappropriate to assume that the finance function’s earnest endeavours at risk management are necessarily adding value for shareholders.

The Relationship Between Performance Measurement and Shareholder Value A growing emphasis on productivity has highlighted the need for all functions within a non-financial company to demonstrate the value being added. Yet, a recent survey by the Australian Society of Corporate Treasurers reported that only 53 per cent of companies measured treasury performance.7 Of these, one third were not happy with the performance measures used; the main reasons cited for this dissatisfaction were the simplicity of measures and the fact that measures were still underdeveloped. These results do not sit well with an activity that should be able to clearly demonstrate its contribution to shareholder value. The fundamental goal of any performance measurement system is to provide a basis for management decision making that produces the best balance of cost and risk, given the objectives, financial position and other constraints of the corporation. Performance measurement should encourage behaviour that reflects corporate objectives8, while at the same time providing feedback to facilitate improvements in decision making. Fundamental to this is the selection of a benchmark that reflects the risk management objectives of the company. Failure to specify clear performance objectives for the risk management function may undermine the function. In particular, it could lead to: a lack of accountability; a failure to create or, at a minimum, preserve value through misspecified targets; and the adoption of a reactive risk management strategy that is certain to fail. 7

Using the Right Risk Measure for NonFinancial Companies A number of papers in this Volume have made mention of VaR.9 While VaR is a key risk measurement tool in financial institutions, the application of this technique in non-financial corporations poses a number of conceptual and implementation issues. As mentioned in the Introduction, often the focus in corporations is on the exposures generated by the specific cash flow patterns of physical positions, rather than on the values of positions. Also, the most common application of VaR in financial institutions is on traded financial instruments that are held over short time horizons and thus are assumed to be reasonably liquid. By contrast, non-financial companies hold few traded positions; positions are typically illiquid and of a much longer term. Despite these issues, the relative simplicity of VaR and the manner by which it encapsulates risk into a single number make it a seductive measure to use. Implementation of this type of technique by a non-financial company would require the company to address problems such as illiquidity, non-linear exposures, extreme observations and non-stationarity (especially for exposures measured over longer terms). Of course, financial institutions are faced with many of these problems also. Unless non-financial companies can develop an alternative risk measurement framework that is sufficiently rigorous they will be forced to rely on VaR techniques.

External Reporting Framework for Financial Risks The disclosure regime imposed on non-financial corporations poses particular difficulties when risk is managed on an economic basis. Specifically, the external reporting of risk management activities can have a distorting effect. This point is well summarised by Kaplan and Leftwich: “why information about a subset of a firm’s assets (derivatives) warrants such attention reflects politics, not economics”.10 (This comment would seem to be supported by the results of a 1995 Chase/Wharton survey of US companies, which found that the biggest concern of companies in relation to the use of derivatives was the potential accounting treatment of positions.11) External accounting rules are certainly tending towards requiring all derivative positions to be valued on a mark-to-market basis. These rules also allow the risk

Australian Society of Corporate Treasurers (1998). Refer to the paper by Moss in this Volume for further discussion of performance structures. 9 See, for example, the papers by Matten, Moss and Funke Kupper in this Volume. 10 Kaplan and Leftwich (1998). 11 Bodnar, Hayt, Marston and Smithson (1995). 8

Risk and Capital Management in Non-Financial Companies

associated with derivative exposures to be quantified using statistical techniques such as VaR. While such approaches are certainly legitimate, requiring nonfinancial companies to comply with measurement rules that are appropriate for financial institutions perhaps reflects a lack of understanding regarding the differences between the two types of organisation. Failure to appreciate this distinction has resulted in a disclosure regime for non-financial companies that focuses on the value of the derivative position rather than the net hedged position. In requiring derivatives to be marked-to-market, but prohibiting marking-tomarket of the underlying exposure, the accounting rules are imposing an approach which identifies gains (losses) in the derivative position yet ignores the associated losses (gains) on the underlying exposure. Similarly, the application of VaR to only the derivative position ignores the exposure associated with the overall position.

Pressure for More Pro-active Capital Structure Management Historically, the financial policies of non-financial companies have been largely passive, reflecting the accumulated impact of a series of decisions ‘at the margin’. Today, however, the increasing pressure created by the developments outlined earlier in this Section have forced companies to be more pro-active in managing their capital structure. On the demand side, the focus on shareholder value has meant that companies simply cannot afford to have inefficient capital structures. On the supply side, innovation and deregulation, especially the legalisation of share buy-backs, have enabled

companies to dramatically change their capital structures over a relatively short period of time. Figure 3 lists some of the tools that non-financial companies can use to adjust financial structures in light of changed market conditions or company circumstances. The main message is a simple one. Finance functions must continuously monitor the efficiency of the capital structure against the current requirements of the business units and against developments in financial markets. Even more fundamental than a freer regulatory environment are the challenges to more traditional (and conservative) approaches to setting capital structure targets posed by the LBO approach to financial structure.12 The key elements of this approach are the aggressive use of debt and concentration of ownership. It is argued that companies that generate surplus cash (generally those in mature or low-growth industries) will tend to reinvest such cash in negative NPV projects (and management perquisites) rather than return significant funds to shareholders. These companies thus destroy value for shareholders. Such behaviour is also more likely to occur in conglomerates where funds from profitable businesses are at a higher risk of being invested in those divisions that are not performing as strongly. One way of overcoming this profligate use of cash is to inject a high level of debt into the business. The resulting repayment obligations effectively precommit a large proportion of future cash flows. High debt levels also allow a greater concentration of equity ownership, particularly management equity, allowing significantly leveraged returns.

Figure 3: Capital Structure Management Debt Determine overall financial strategy

Equitylinked debt Equity

• increase gearing through share buy-backs etc • reduce gearing through equity issues

12

Determine desired structure of each class of funding

• change equity structure through ‘carve-outs’

Select type of funding instrument

• repay debt through debt buy-backs, repayment defeasance

Issuing strategy and tactics

Interest rate risk management

• use flexible debt facilities to tap markets opportunistically

On-going adjustments

• significantly change interest rate exposure, without repaying debt, through swaps

Refer to the Appendix for an illustrative application of the traditional approach to determining capital structure.

89

Tony Carlton

90

While this type of argument is partly behind the LBO movement, it has also driven the use of other aggressive financial strategies by non-financial companies. One example is leveraged recapitalisation. Under this strategy, a company funds a major share buyback through the use of large-scale debt funding, often resulting in a capital structure very similar to an LBO company. While there have been a number of examples of these strategies in the US, there do not appear to be any Australian companies adopting such approaches at present. Moreover, the limited numbers of buy-backs that have been undertaken by non-financial companies in Australia have generally been motivated by a desire to return divestment proceeds to shareholders. Proponents of the aggressive use of debt cite the failure of internal control systems to appropriately constrain the ‘business risks’ arising in those companies that are subject to the ‘surplus cash flow problem’. There is a wide range of companies subject to this risk, including many industrial companies operating in markets that are traditionally

characterised by surplus capacity. The LBO approach can essentially be viewed as one that outsources the process that drives corporate performance. One alternative approach is the adoption of economic value added/shareholder value added performance measurement systems.13

4. Risk, Capital Management and Shareholder Value The previous Section identified a number of issues facing non-financial companies, thereby highlighting the difficulties in demonstrating value added. In order to determine risk and capital management strategies in a non-financial corporation, it is necessary to explore those factors that underpin the valuation of the firm. The purpose of this Section is to review recent theory and empirical research to determine whether there are guidelines available for selecting value maximising strategies.

Figure 4: Key Drivers of Company Value Business Unit Specific Value Drivers (examples) • market size • market share • volume/price • • • • •

raw material prices staffing levels wage rates production efficiency operational improvement

• corporate tax rate • franking credits • tax effective structures • receivables • payables • inventory

High-level Value Drivers

Revenue Growth Options Operating costs

Working capital

Capital expenditure

• • • •

Project/cost of capital

• sustainable cash flow after year 10 • duration and growth • cost of capital

13

Cash flows from operations (years 1-10)

Taxes

• plant life • replacement policy • maintenance cost of equity for business cost of debt gearing effective tax rate

Cash profit

Investment required to support operations

Discount rate

Terminal value (year 10)

Refer to the paper by Funke Kupper in this Volume for further discussion of economic value added techniques.

X

Business unit value

Risk and Capital Management in Non-Financial Companies

The most commonly accepted model of shareholder value has as its foundation the notion that value is determined by expectations of long-term cash flows, discounted at the risk-adjusted cost of capital. Figure 4 describes the framework for a typical financial model based on this approach. The Figure highlights that a wide range of variables, some of which are under the control of management, and others which are external to the company, impact on value. A model that incorporates key operating variables will provide longterm cash flow forecasts and the appropriate setting for the determination of long-term financial goals. This model raises two questions in relation to risk and value: how should those risks confronting the business be measured and how does the choice of risk measurement technique impact on the perceived value of the business?

4.1. Measuring Risk Without doubt, all companies face a wide variety of risks, including strategic, operational, financial, environmental and technological risks. Figure 5 summarises one way of classifying some of the risk factors faced by corporations into broad risk classes. The total risk of a company is a measure of the combined impact of these risk factors on the cash flows generated by each of the business streams, after taking into account hedging and other risk mitigation

techniques. Traditionally, the risks within the company have been managed on a segmented basis in line with business or functional responsibilities. The identification of risk in non-financial companies is a difficult task and there exists no consensus about how best to tackle it. The task of quantifying these risks is even more difficult. The ideal approach would quantify each risk on the basis of its likelihood of occurrence and potential impact on the cash flows of the business. Forecasting and simulation models are useful tools if such a methodology is to be adopted. The difficulty is in incorporating the totality of risks into the approach. Consequently, in practice any quantitative approach needs to be supported by a rigorous, qualitative evaluation of risks, to allow an overall assessment of exposure to be made. The objective of the risk management function, therefore, is to monitor and manage the actual occurrence of each risk. In a qualitative sense, new and existing risks can be represented on a ‘risk grid’ or ‘map’.14 For a number of risks, hedging may not be possible and so significant reliance is placed on management processes for screening and monitoring risks. Some of the mechanisms for effective screening of business risks include the use of the strategic planning process and the use of a number of metrics to assess historical and prospective performance. Such a process requires that management understand the

Figure 5: A Taxonomy of Business Risks Strategic

Financial

Operational

Commercial

Technical

Risks of plans failing

Risks of financial controls failing

Risks of human error or omission

Risks of business interruption

Risks of physical assets failing or being damaged

• business cycle • poor marketing strategy • poor acquisitions strategy • changes in consumer behaviour • political/ regulatory change

• treasury risks • lack of counterparty/ credit assessment • sophisticated fraud systems failure • poor stock/ receivables reconciliation

• design mistakes • unsafe behaviour • employee practices risks • sabotage

• loss of key executive • supplier failure • lack of legal compliance

Source: PricewaterhouseCoopers (1997).

14

Refer to Bennett’s response to this paper for further discussion of qualitative approaches to managing risk.

• equipment breakdown • infrastructure failure • fire • explosion • pollution • drought and other natural perils • poor technology

91

Tony Carlton

92

nature of the risks, the types of potential outcomes, the company’s capacity to absorb risk, and strategies to mitigate risk, such as training, enhanced risk screening of new projects etc.

4.2. The Relationship Between Risk and Shareholder Value The cost of capital approach to valuation implies that changes in the risk profile of the company will only affect that company’s valuation through the impact on cash flow or the discount rate. This gives rise to the question of how risk is factored into the valuation model. The most common application of the cost of capital approach is through the use of the capital asset pricing model, which differentiates between ‘systematic risk’ and ‘non-systematic risk’.15 The measurement of each of these risks has implications for determining the appropriate cost of equity.

risks can be eliminated if the investor holds a welldiversified portfolio or, under the assumptions of the model, if the investor can duplicate a financial strategy. Since financial strategies only influence diversifiable risk, there is no change to the required discount rate. If risk management and capital structure decisions are to add value, therefore, it must be through their effect on cash flows, and it is here where most academic effort has been placed.

How Can Risk Management Add Value? The conclusion to be drawn is that risk management can add value in certain circumstances. This is demonstrated by considering the assumptions on which the Modigliani and Miller proposition (that financial strategies do not add value) is based. The key assumptions are: •

no taxes;

Systematic risk cannot be diversified away. It reflects the influence of general economic activity on the volatility of returns and is measured by the well-known beta factor. Investors demand compensation in exchange for assuming systematic risk and hence this type of risk must be incorporated into the cost of capital calculation. By contrast, non-systematic risk is particular to each company. A basic premise of modern valuation theory is that for well-diversified investors the non-systematic risks associated with particular projects will cancel out. As a consequence, such risks do not require additional compensatory return. Hence, the most appropriate way to incorporate these risks into the valuation process is to include them in the calculation of expected cash flows, not via an adjustment to the discount rate.



no costs of bankruptcy;



that operating and investment cash flows are given; and



that management acts to maximise shareholder value.



taxation. The asymmetric treatment of tax losses means that the smoothing of cash flows improves the values of those cash flows. This arises because positive taxes must be paid as earned whereas the benefit of tax losses is only realised when future taxable income accrues. This factor may be especially relevant in Australia where the focus of companies is on servicing franked dividends;

While the above discussion does give some insight into the value consequences of business risks on corporate value, it is less clear about the capital structure and hedging strategies associated with financial risks. As noted earlier, the original Modigliani and Miller propositions argued that financial strategies, such as capital structure and financial hedging, have no impact on value. Their fundamental argument is that, as long as cash flows and investments are given, financial strategies cannot affect value as well-diversified investors can duplicate these strategies themselves. This is behind their well-known propositions that capital structure does not matter. Similarly, well-diversified investors do not benefit from company specific hedging actions as these



financial distress. In addition to bankruptcy, financial distress includes the costs to the company of actions by suppliers, customers and employees who may be concerned about the financial status of an organisation well before it becomes bankrupt. Clearly, companies with potentially high costs of financial distress, ie those with high switching costs or with a high service or reputation content in their product offering, will benefit from the lower risk of financial distress occasioned by a risk management program; and



under-investment. It could be argued that firms make decisions in line with long-run shareholder value when cash flows are available to meet investment

15

See, for example, Ross, Westerfield and Jordan (1995).

Relaxing these assumptions highlights how financial strategies can, in fact, add value:

Risk and Capital Management in Non-Financial Companies

requirements. Shortfalls in cash flows lead companies to approach external markets to fund new projects. In turn, the costs of external financing may result in the cancellation of value creating expenditures (such as expenditures on research and development), thus reducing the long-run value of the company. Companies with significant opportunities for growth, but limited access to funding, will benefit from a well-designed and executed risk management program that seeks to avoid cash flow shortfalls. The implication of these sorts of analyses is that in some situations ‘risk does matter’ and, hence, risk management can add value. Whether this is the case depends on the situation of each company (eg tax, financial risk, growth options, competitor behaviour), the size and nature of the company’s risks, and the company’s own risk tolerance. It should be emphasised, however, that all of the situations mentioned above relate to the impact of shortfalls in cash flow, rather than cash flow volatility. The implication of this is that risk management in non-financial companies only adds value if the cash flows of the business can be enhanced (by adjusting the lower tail of the profit and loss probability distribution). Thus, the objective of corporate risk management should be to eliminate costly lower-tail outcomes.16 As mentioned at various points throughout this paper, the relevant risk measure is the probability of cash flow shortfalls, rather than a measure of potential changes in the value of the position. To determine the risk profile of the company, a simulation-based approach can be used to analyse various worst-case scenarios and assess the impact of these on the cash flows of the firm. The above discussion implies that the optimal risk management strategy is company specific – a conclusion consistent with the observation that there is a wide diversity in the risk management practices of companies. A number of companies do not use derivative products and, for those that do, there is a wide range of uses adopted. For example, larger companies tend to hedge more than smaller companies. While this result appears to be somewhat inconsistent with the argument that says larger firms should be more immune from risk, it most probably reflects the economies of scale required to establish comprehensive risk management programs. Additionally, companies with greater growth opportunities, including higher research and

16

See Stulz (1996) for further discussion of this objective.

development expenditures, also tend to have higher levels of hedging, as do companies with more financial risk. All of this is in line with the earlier discussion that concluded that the ‘most appropriate’ risk management solutions for an individual company are peculiar to that company. The above arguments point to a number of factors that explain how risk management can add value. There is also interesting empirical evidence suggesting a strong relationship between management incentives and risk management behaviour. For example, Tufano (1996) analyses risk management strategies in the US gold mining industry, and observes that the main determinants of hedging decisions are the level of management ownership and the nature of management compensation contracts. Lower levels of hedging are associated with lower levels of management ownership. This does not imply a relationship between shareholder value and risk management, however, it does suggest that risk management performance benchmarks need to be aligned with shareholder objectives. This conclusion has implications for the selection of performance benchmarks and for the management of multiple risks within companies. The core of any effective performance measurement system is the selection of a benchmark. The analysis implies that the appropriate benchmark is most properly determined by the circumstances of the company – two companies with similar exposures can legitimately have different benchmarks and follow different risk management strategies. One possible approach is to compare performance against a ‘benchmark strategy’. That is, rather than compare performance against a fixed outcome, such as a certain return or cost of funds, actual performance is compared against the results of a pre-agreed risk management strategy that yields an acceptable risk-return profile (expressed as a probability distribution of future cash flows). The benchmark strategy reflects informed judgements about issues such as debt capacity, funding for growth and dividends, and franking-credit policy. The approach must also take into account the risk tolerance of the company (ie what the company regards as an acceptable decline in cash flow) as well as external factors such as expected market volatility. CSR has adopted a risk management framework for financial risks that allows each exposure in each

93

Tony Carlton

Figure 6: CSR’s Risk Management Approach

94

• selective hedging for individual exposures

• no speculative transactions to be undertaken

• each Business Unit responsible for managing their own exposure

• transactions must comply with approved risk management process

• Board not involved in detailed strategic or tactical decisions but does have assurance in proper management processes

Approved benchmark Approved hedging limits Approved instruments

• credit limits not to be exceeded

Conditions of use of each instrument

• required development of benchmark and defined limits for each exposure

• delegated authorities for individual transactions

• reporting requirements specified

• treasury provides expertise, dealing, systems

under-investment. The problem of underinvestment is also regarded as a significant determinant of capital structure strategy. Firms with valuable growth options have a higher risk of following a sub-optimal investment strategy when debt levels are excessive – hence the debt levels of such firms are expected to be lower;



benefits of debt in controlling over-investment. One additional dimension, which is unique to the capital structure decision, relates to the benefits that higher levels of debt can bring to situations where a company has considerable surplus cash flow. This issue was raised in the discussion of capital structure management in Section 3. Of course, the benefits of higher leverage need to be balanced against the associated increase in risk.

Not surprisingly, the same factors that provide the risk management process with an opportunity to add value also influence a company’s optimal capital structure. Specifically, the benefits of debt are achieved through: taxation. The existence of tax benefits on interest, relative to dividends, creates a tax-induced motive to borrow funds (as opposed to raising equity). The significance of this factor may also depend on the debt tax shield available to the entity; financial distress. Given excessive leverage, the tax benefit described above will eventually be counteracted by the increased risk of financial distress and the many costs that are associated with it, such as those relating to bankruptcy and the actions taken by customers, suppliers and employees in response to a perceived deterioration in financial quality. The trade-off between these two factors will, in theory at least, lead to an optimal capital structure. Companies will have different optimal capital structures depending on their taxable income capacity and the costs of financial distress;

CSR Credit Limits Policy



How Can Capital Management Add Value?



Approved strategy

• approval for new instruments for specific application

business to be managed individually at the business unit level (see Figure 6). Such an approach ensures that the responsibility for risk management is delegated to the business units. Decentralisation also ensures that individual business units are accountable for their own performance. The framework specifies for the company as a whole a range of controls, responsibilities and reporting obligations that each business must follow when managing its exposures.



Approved exposure

A significant amount of empirical research into what drives a company’s capital structure decisions has been undertaken. As with risk management, the conclusions drawn from this research are wide ranging. Some of the main findings are: •

there is significant divergence in the choice of capital structures between firms;



there is some evidence, albeit weak, of a relationship between a company’s tax position and its use of debt; and



the most consistent variable that appears to explain differences in gearing is the extent of growth opportunities available to companies. As expected, companies with more opportunities appear to have lower debt ratios.

As with risk management, the conclusion is that capital

Risk and Capital Management in Non-Financial Companies

Figure 7: An Integrated Approach to Risk and Capital Management Sources of Risk

Risk Profile minimum acceptable cash flow

• operational • technical • commercial

Cash flow ($)

• strategic

• financial • financial markets

Time

structures can affect value. The optimal capital structure is dependent on the circumstances of the company.

5. Towards an Integrated Approach to Risk and Capital Management Many of the developments highlighted throughout the paper are suggestive of a broader trend towards integrated risk management. In particular: •

theoretical models imply a need to focus on the company’s total risk capacity, by analysing the combined impact of business and financial risk from all sources and comparing this impact against the company’s overall risk tolerance level;



practical concerns suggest that the potential links between commodity and currency prices, and between prices and quantities, should be taken into account when assessing the effective exposure to be hedged; and



measurement approaches such as VaR and simulation techniques tend towards the measurement of total cash flows across the company.

All of this highlights the importance of having a risk management strategy that has as its foundation a comprehensive understanding of the dynamics and economics underlying each of the businesses. This approach also gives rise to the issue of how to link risk and capital structure management such that each approach complements the other. As noted earlier, in financial institutions the two approaches are closely tied while in non-financial companies the link is less distinct. For companies that are highly geared, the risk management approach adopted might involve a higher level of hedging, to counter the higher risk of default.

17 18

Refer to the papers by Funke Kupper and Morony in this Volume. Bernstein (1996).

Alternative Hedging Strategies • operational • financial – derivatives – insurance • financial structure – gearing – debt structure • self-insurance

Evaluating Hedging Options • • • • • • •

cost effectiveness liquidity flexibility term risk management resources

For companies with lower gearing ratios, hedging may not be a useful tool. That said, if such companies chose to undertake a buy-back funded by increased leverage, hedging techniques may be of use in maintaining a constant risk profile while allowing the company to benefit from the advantages of higher debt (most notably the tax benefit, but possibly the benefits of concentrated ownership facilitated by the debt-funded repurchase of equity). Generally, an integrated approach to risk and capital structure management makes good sense in that it offers a number of benefits. Most importantly, it will ensure that companies give explicit consideration to the overall risk position of the company. An integrated risk management approach will, in turn, allow for enhanced comparability of key risks across the company as well as appropriate management responses. In addition, the adoption of a ‘portfolio approach’ to the management of the overall exposure across the company means that risk management should become more efficient. Figure 7 provides a schematic of this type of approach, demonstrating the potential for trade-offs between the range of risk mitigation strategies. Unfortunately, moving down the path towards an integrated approach to risk and capital management also raises a number of dilemmas. In particular, such an approach can potentially result in an excessive reliance on quantitative measures of risk. Many of the papers in this Volume have discussed situations where events have not occurred in line with historical data; it is usually when financial markets have experienced some sort of shock or increase in pressure that historical statistical relationships break down.17 This idea is appropriately captured in an article by Peter Bernstein.18 Bernstein distinguishes between

95

Tony Carlton

96

three occurrences that may arise when too much emphasis is placed on quantitative measures of risk, namely: exposure to discontinuity; the arrogance of quantifying the unquantifiable; and the threat of increasing risk instead of managing it. He concludes, somewhat emotionally, that: “whenever we allow ourselves to ignore that truth [computers exist to answer questions, not to ask them], the computer becomes the ally rather than the enemy of conceptual errors. Those who live by the numbers may find that the mathematically inspired techniques of modernism have sown the seeds of a destructive technology in which computers have become mere replacements for the snake dances, the bloodlettings, the genuflections, and the visits to the oracles and witches that characterised risk management and decision making in days of yore”. A second dilemma arises for companies involved in numerous businesses. That is, will an integrated framework outweigh the benefits of a decentralised approach to managing the risk across businesses? This is especially an issue in non-financial companies where risk (its identification and management) is so interconnected with the other fundamentals of the business (both economically and behaviourally) that the removal of responsibility for risk management could have an adverse effect on business results. The final problem is the issue of determining the risk tolerance of the company, which is necessarily a subjective task. While this is a difficult problem to address, an understanding of what makes financial strategies potentially valuable at least provides an indication of the kind of factors that must be considered in determining a company’s risk tolerance.

6. The Way Forward In attempting to manage risk on a total portfolio basis, a non-financial company is faced with a number of options. For example, the company can adjust the actual operations of the business, utilise financial risk management techniques, adopt self-insurance strategies or alter the overall financial structure of the firm. While most non-financial companies have established functional responsibilities for managing individual risks, it is likely that many are unaware of the complete realm of risks with which they are confronted, and the implications of these risks for shareholder value.

It is probably fair to say that the management of financial risk has attracted an inordinate amount of attention. Perhaps this is because of the availability of techniques and the well-publicised misuse of derivative products by a small number of companies. In any case, non-financial companies are beginning to develop a much improved understanding of how risk management can add value, as well as what may constitute an adequate process for the assessment and on-going management of risk. Similarly, there is better recognition of the potential for financial strategies to add value, largely through the more aggressive use of debt to minimise the agency costs of ‘free’ cash flows. In any non-financial company, the role of a financial strategy is to support the extraction of maximum value from the company’s operating businesses. Sound financial and risk management strategies can only be developed in light of the risks and characteristics of each of the underlying business streams. Thus there is a need for risk managers to understand the dynamics of each business as well as the potential risks. Although many of these risks may be unhedgable, there is a range of operational strategies available to mitigate such risks. In addition, techniques to quantify risk are an important input into the determination of the most appropriate risk management approach. So where should non-financial companies go from here? As a first stage, non-financial companies need to place more effort into the risk management process, that is, the identification and quantification of the risks they face. Since risk management is a skill that is not especially well developed in many companies, the onus is on the finance function to advance this process via the provision of analytical techniques, the facilitation of skills, and financial and business analysis support. Companies must build on the benefits of qualitative approaches and enhanced corporate processes, including reporting mechanisms to ensure compliance and measure performance. The use of sophisticated techniques to quantify risk in non-financial companies is not widespread. More sophisticated measures of risk will undoubtedly emerge, with many such techniques being borrowed from financial institutions. Failure to understand the differences between financial and non-financial companies could lead to the inappropriate

Risk and Capital Management in Non-Financial Companies

application of these risk measures. This paper has argued that a measure of long-term cash-flow-at-risk is a suitable approach for non-financial companies. Also important are improvements in risk management evaluation and the need to demonstrate the effectiveness of the risk management effort. An understanding of how risk management can add value is helpful in determining the appropriate risk tolerance level for the company, and the performance benchmarks that reflect that tolerance. As nonfinancial companies move towards integrated approaches to risk management, individual businesses must continue to be accountable for performance. In this regard, the issue of how financial structure and incentives can be used to drive management performance is most important. For companies or businesses characterised by cash flows in excess of those required to fund growth opportunities, the use of leverage to both precommit cash flows and concentrate ownership can serve as a very powerful incentive. Hence, the increase in financial risk needs to be evaluated against the potential to enhance cash flows and the possible use of risk management strategies to help mitigate financial risk. Should non-financial companies be learning more from financial institutions? It is clear that, by the very nature of their operations, the focus of risk management in a non-financial company is different to that in a financial institution in many respects. That said, there is a good deal to be acquired from financial institutions in terms of the ‘technology’ of risk management and financial strategy. Much learning has already taken place and will continue, with the possible adoption of VaR-type techniques and the application of increasingly sophisticated hedging products and risk management processes. Bearing in mind the differences between non-financial companies and financial institutions, one of the main barriers to more widespread use of risk management techniques in non-financial companies is the information cost imposed by external reporting requirements. In particular, disclosure requirements that do not reflect underlying exposures will undermine improvements in risk management. In the area of capital management, it is clear that nonfinancial companies are less aggressive than financial institutions in managing equity, with much more limited use of share buy-backs for example. However,

the LBO approach to the financing of mature businesses demonstrates that a number of businesses are beginning to use leverage in a more pro-active manner.

7. References Australian Society of Corporate Treasurers (1998), ‘1998 Corporate Treasury Survey’. Bernstein, P. (1996), ‘The Religion of Risk Management’, Harvard Business Review, March-April. Bodnar G., G. Hayt, R. Marston and C. Smithson (1995), Survey of Derivatives Usage Among U.S. Non-Financial Firms, Wharton/Chase, March. Copeland, T.E. and Y. Joshi (1996), ‘Why Derivatives Don’t Reduce FX Risk’, The McKinsey Quarterly, Number 1. Kaplan, S.N. and R. Leftwich (1998), ‘Value-at-Risk and Hedging: Pitfalls for the Unwary’, Mastering Finance, First Edition, Pitman Publishing. Modigliani and Miller (1958), ‘The Cost of Capital, Corporation Finance and the Theory of Investment’, American Economic Review, Volume 48, Number 3. PricewaterhouseCoopers (1997), CFO: Architect of the Corporation’s Future, John Wiley & Sons. Ross, S.A., R.W. Westerfield and B.D. Jordan (1995), Fundamentals of Corporate Finance, Third Edition, Irwin. Standard & Poor’s Ratings Services (1997), Credit Analysis Reference Disk, July. Standard & Poor’s Ratings Services (1998), Credit Analysis Reference Disk, September. Stulz, R. (1996), ‘Rethinking Risk Management’, Journal of Applied Corporate Finance, Volume 9, Number 3, Fall. Tufano, P. (1996), ‘Who Manages Risk? An Empirical Examination of the Risk Management Practices of the Gold Mining Industry’, Journal of Finance, September.

Appendix Estimating the Optimal Capital Structure As in many financial and non-financial companies, the optimal rating for the debt component of the balance sheet drives the approach to capital structure. In turn, the company’s optimal rating is a function of the sensitivity of the cost of equity and debt (ie the weighted average cost of capital or WACC) to different rating levels. The aim is to maintain financial settings in line with the assessed rating. The behaviour of the cost of capital under different rating

97

Tony Carlton

levels is depicted in Figure 8. The main conclusion drawn from the chart is that the optimal rating for a typical large Australian company is about single-A (‘A’); beyond this rating the cost of capital climbs quite sharply. The results of similar analyses for equivalent US companies suggest an optimal rating of triple-B (‘BBB’). Figures 9 and 10 show the Standard &

Poor’s debt ratings of 79 Australian corporations and 477 US corporations. Clearly, the results regarding optimal ratings for Australian and US companies are in line with the actual rating levels achieved by nonfinancial companies, with A and BBB being by far the most common.

Figure 8: Typical Cost of Capital for an Australian Company

12.5%

12.5%

12.0%

12.0%

11.5%

11.5%

WACC (incl. franking)

11.0%

11.0%

10.5%

10.5%

10.0%

10.0%

9.5%

9.5%

9.0%

9.0% WACC (classical)

8.5%

8.5%

8.0%

8.0% AAA

AA

A

BBB

BB

Figure 9: Australian Industrial and Commercial Corporations

Figure 10: US Industrial and Commercial Corporations

Standard & Poor’s Debt Rating

Standard & Poor’s Debt Rating

(Number of Companies)

(Number of Companies)

8

80

80

6

6

60

60

4

4

40

40

2

2

20

20

0

0

0

Source: Standard & Poor’s Ratings Service (1998).

D

8

CCC

100

B

100

BB

10

BBB-

10

BBB

120

BBB+

120

A-

12

A

12

A+

140

AA-

140

AA

14

AA+

14

AAA

98

0 AAA

AA

A

BBB

BB

Source: Standard & Poor’s Ratings Service (1997).

B

CCC

Discussion 1. Fiona Bennett * Companies must take risks in order to stay in business and to gain competitive advantage. This idea was well canvassed in Tony Carlton’s paper. As the paper observed, the issue is one of managing the risks efficiently and effectively to enhance shareholder value. Of course, the phrase ‘risk management’ can mean different things to different corporations. Carlton primarily applied the term to the use of derivatives and other financial instruments to hedge financial risks, however, it can also refer to the insurance of risks, the management of safety hazards, the management of operational risks, and so on. The Economist Intelligence Unit defines business risk as “the threat that an event or action will adversely affect an organisation’s ability to achieve its business objectives and execute its strategies successfully”.1 This discussion focuses on a qualitative mechanism for managing the potential impact of business risks on a non-financial organisation. The management of business risks is clearly an important component of effective corporate governance. In recent years there has been an increasing focus on governance by regulators, investors and governments throughout the world. This increase has been precipitated by the major corporate collapses of the late 1980s and early 1990s. In Canada, for example, the failure of two major banks in 1984 led to the Estey Royal Commission, whilst in the United States the Treadway Commission was set up by a group which included the Financial Executives Institute, Certified Public Accountants and the Institute of Internal Auditors. The objective of the Treadway Commission was to investigate the savings and loans crisis, which resulted in the failure of dozens of financial institutions. The Commission recommended the development of formal guidelines on internal control procedures which, in turn, led to the formation of the Committee of Sponsoring Organisations (COSO). In the United Kingdom, the Cadbury Commission was established to study the failure of several prominent companies. At the same time, further collapses of financial institutions in Canada induced the Canadian Institute of Chartered Accountants to establish the Criteria of Control Committee (CoCo) to provide guidance on designing, assessing and reporting on the control systems of organisations.

* Vice President, BHP Risk Management and Audit. 1 Economist Intelligence Unit (1995). 2 Australian Stock Exchange (1997).

99 Many of the risk and control models in place internationally and in Australia are based on Cadbury, CoCo or COSO, or a combination of all three models. These frameworks aim to set standards for internal controls and corporate governance. In Australia, legislative requirements are becoming more complex, broadening in scope and resulting in increased director liability. Institutional investors are also expecting increased accountability by Boards and are, increasingly, exercising ownership rights. For example, since July 1996 the Australian Stock Exchange (ASX) has required listed companies to include in their annual report “a statement of the main corporate governance practices that the entity had in place during the reporting period”. 2 The ASX provides an indicative list of corporate governance matters that an entity might consider when putting together the above statement. The list includes a description of “the governing body’s approach to identifying areas of significant business risk and to putting arrangements in place to manage them”. The ASX approach is not prescriptive in its requirements at present, although there are indications from Federal Government and the Courts that this may not always be the case.

Key Features of the Risk Assessment Process Underlying the COSO and CoCo models is the recognition that the identification and measurement of risk is the first step in assessing the effectiveness of a risk control framework. Traditionally, the control systems of companies have been biased towards financial controls and have been based on the assumption that the more controls in place the better the system will be. This approach has two key weaknesses. First, an over-controlled system will divert resources from other more value-added activities. Second, risks and controls in other facets of the operation may be either ignored, or addressed and managed in an ad hoc manner. Ultimately, what is required is a structured approach to risk management that integrates key aspects of business risk identification and management. While the Board’s role in risk management should be at the strategic level, directors and senior management need to be fully informed about the key risks facing each part of

Discussion

100

the business. Hence, the objective should be to create a risk profile of the organisation that raises understanding of business risk issues and assists management in allocating resources appropriately.

Figure 1: Facets of Business Risk

Market

In 1995, Standards Australia and Standards New Zealand jointly published a Risk Management Standard that provides guidance on the adoption of such an approach to managing risk.3 Coupled with an effective control framework, a structured approach can result in a number of company-wide benefits including: •

an increased focus on key commercial and operational risks;



greater understanding and open discussion of risk;



more comprehensive documentation of risks;



a basis for assigning accountability;



the identification of areas for concentration of effort (time and money);



the analysis of risks and rewards;



improved management information;



sharing of best practice and experience across the company;



an enhanced position in negotiations with insurers; and



improved business efficiency and effectiveness, resulting from a value-added internal audit function that works with business managers to redesign the control structure.

The other key aspect of the risk management framework is integration. The framework should integrate key aspects of business risk identification and management to create a risk profile of the organisation that raises understanding of business risk issues. In this regard, directors and senior management need to be fully informed of the key risks facing each part of the business. An integrated process allows the management of the corporation to understand the relativity of risk issues between different parts of the business; to prioritise risks objectively; and to allocate resources to those areas of most importance and need. Figure 1 shows the many components of business risk. In most non-financial companies, individual departments are generally responsible for individual aspects of risk. A further step is needed to take these individual risk assessments and link them together with all other risk sources to create a complete picture of the risks within a company.

3

Legal External affairs

Country

Operations

Strategy planning & fit

Engineering Business Risk

Treasury Project delivery Human resources

Environment

Technology

Safety

The Workshop Approach to Managing Risk A useful process for identifying and assessing business risks is a workshop-based approach. This approach, based on the principles set out in the Risk Management Standard referred to above, is an effective process for identifying and assessing business risks. By identifying business risks, assessing the controls over those risks and formulating action plans to mitigate each risk, an organisation can build a comprehensive profile of the risks to which it is exposed. The workshop approach, illustrated in Figure 2, consists of five separate stages: i.

the initial stage is the preparation for each workshop. This includes interviewing stakeholders to define the business model, determining the risk consequence parameters and preparing an initial list of key risks;

ii. the first workshop comprises all members of the management team, including functional and industry specialists as appropriate. Key business risks are defined, with the causes of risk documented, the potential likelihood of occurrence and the severity of consequences assessed, and an overall risk rating determined; iii. in the period between the first and second workshops the controls over the identified risks are documented and assessed;

Standards Australia and Standards New Zealand (1995). Author’s note: Standards Australia and Standards New Zealand have since released a revised Standard (see Standards Australia and Standards New Zealand (1999)). The process described in this discussion is equally applicable under the new Standard.

Risk and Capital Management in Non-Financial Companies

iv. the second workshop reviews the findings of iii and reassesses the risks in light of the controls in place. During the workshop, action plans are designed and prioritised, accountability clearly assigned, and dates by which action is required are set; and v. after the second workshop, management reports the risk profile to the stakeholders, including the Board of Directors. Progress against action plans is then monitored regularly, say, at monthly management meetings. In a changing business environment, regular reviews of the business risk profile of the company should be undertaken. If there are no obvious changes to the business environment, an annual update of the profile is highly desirable. A workshop approach to managing risk gives rise to many potential benefits. In providing an avenue for

forthright discussion of potential hazards within and across business units, the management team is able to gain a common understanding of the business risks throughout the organisation. Moreover, based on the information acquired from the discussion, accountability and responsibility can be clearly assigned, risks can be prioritised and scarce resources can be allocated across the company.

Qualitative Assessment of the Consequences of Each Business Risk Ultimately, most business risks have a financial impact of some kind. This financial impact, however, is often difficult to quantify. Some risks may have an effect on an organisation’s reputation and, in turn, this may have a short-term, or even a long-term, effect on the organisation’s share price. It is extremely difficult to quantify such effects, given all the other market forces that might need to be considered.

Figure 2: The Risk Profiling Process Describe current external environment considerations

Preparation

Determine current internal environment

Positives Negatives

Consider relevant risk issues

Determine current control effectiveness

Satisfactory Some weaknesses Weak

Identify key business risks

Challenge/revise/agree pre-work

Determine consequence parameters

Workshop 2

Identify responsibility and agree broad risk category

Determine possible causes

Determine possible consequences

Determine current likelihood

Determine risk rating

Insignificant Minor Moderate Major Catastrophic Rare Unlikely Moderate Likely Almost certain Low Moderate Significant High

Review/revise likelihood rating

Review/revise risk rating

Risk management action plans

Post workshop

Workshop 1

Preparation

Define business model

Report to stakeholders

Monitor action plans

Rare Unlikely Moderate Likely Almost certain Low Moderate Significant High

101

Discussion

Figure 3: Qualitative Assessment of Consequence

102 Consequence Category

Insignificant

Minor

Moderate

Major

Catastrophic

Financials

< $ x reduction in profit

$ x – y reduction in profit

$ y – z reduction in profit

$ z – zz reduction in profit

> $ zz reduction in profit

Safety

Minor injury

Significant injury

Serious injury

Fatality

Multiple fatality

Environment

Minor pollution

Significant pollution

Serious pollution

Major environmental event

Catastrophic event

Reputation/ outrage

Issues of individual significance

Issues of company significance

Issues of local area significance

Issues of nationwide significance

Issues of international significance

Management effort

An event, the impact of which can be absorbed through normal activity

An event, the consequences of which can be absorbed, but management effort is required to minimise the impact

A significant event which can be managed under normal circumstances

A critical event which with proper management can be endured

A disaster with potential to lead to collapse of the business

Consequence Factors

Source: Standards Australia and Standards New Zealand (1995).

For this reason, it is often more appropriate to assess the potential consequences of a particular business risk using some combination of qualitative parameters, such as those outlined in Figure 3. The ‘consequence categories’, ranging from insignificant through to catastrophic, are taken from the Risk Management Standard.

Figure 4: Qualitative Assessment of Likelihood External Environment • political • regulatory • economic

• community expectations • competition • markets

Almost Certain

Likely

Moderate

Qualitative Assessment of the Likelihood of Occurrence of Each Business Risk In assessing the likelihood of occurrence of a business risk, it is necessary to consider external factors in the business environment as well as factors that are internal to the organisation. Figure 4 lists some of the factors that might be considered in an assessment. In determining the effectiveness of the control environment, it is useful to use a framework such as that developed by the Canadian Institute of Chartered Accountants. The CoCo framework explores the underlying reasons for a potential breakdown in controls and addresses issues such as training, attitude, commitment, capability and continuous improvement. After considering all the potential internal and external factors, the workshop arrives at an assessment of the likelihood of occurrence of each risk factor.

Internal Control Environment • management systems • information flows • processes

• • • •

skills culture leadership performance feedback

Unlikely

Rare

The Risk Management Standard sets out qualitative measures of the likelihood of risk occurrence, ranging from ‘rare’ to ‘almost certain’.

The Qualitative Assesment of Liklihood Management consensus concerning the consequence category and the likelihood of risk culminate in a qualitative assessment of total risk. Figure 5, also taken from the Risk Management Standard, shows the different combinations of consequence and likelihood that will result in ratings ranging from ‘low’ through to ‘moderate’, ‘significant’ and ‘high’.

Risk and Capital Management in Non-Financial Companies

Improving the Control Framework Risk Record

Risk Profile

The preliminary output from the workshop approach is the detailed risk record prepared for each individual business risk (a hypothetical risk record is shown in Figure 6). The risk record can be used as a means of monitoring the actions taken to mitigate risks.

103

The risk profile in Figure 7 (over the page) is a hypothetical illustration of how risk records may be summarised for management and Board reporting purposes. Consequence is charted against likelihood to highlight the areas of greatest risk – namely, those in the top right-hand corner of the diagram. The risks in the top left-hand corner, although unlikely to occur, could have catastrophic consequences if they did occur; hence the risks in this region must be closely monitored. The

Figure 5: Qualitative Risk Assessment Matrix Consequence

Insignificant

Minor

Moderate

Major

Catastrophic

Almost Certain

Significant

Significant

High

High

High

Likely

Moderate

Significant

Significant

High

High

Moderate

Low

Moderate

Significant

High

High

Unlikely

Low

Low

Moderate

Significant

High

Rare

Low

Low

Moderate

Significant

Significant

Likelihood

Figure 6: A Risk Record Risk Issue: Failure to Manage Performance of Contractors Process: Commercial

Broad Risk Category: Supply

Possible Causes: • lack of attention to contract preparation • lack of contract management skills • inadequate procedures • poor contractor selection Consequence: Moderate

Risk ID: XX

Responsibility: Management team

Possible Consequences: • increased costs and decreased production • potential litigation • safety and environmental issues • ‘out of spec’ product and services Likelihood: Moderate

Risk Rating: Significant

Control Environment Overview Current External Environment Considerations: • proposed government bill on outsourced contract obligations • litigation current between ABC company and XYZ contractor • move to outsource functions has been strongly and publicly criticised by Industry Council Current Internal Control Environment Considerations: Positives: Negatives: • involvement at early stage of contract preparation • lack of understanding of contract scope of work by legal specialists (in contracts) • weekly performance meeting with contractors • contractor culture may not be aligned with recently commenced company culture • contract payment not tied to contract performance indicators Control Effectiveness Assessment: Weak Revised Consequence: Moderate

Revised Likelihood: Likely

Revised Risk Rating: Significant

Action Plans: • formalise open tender process • legal review to assure performance benchmarks linked to payment levels

Responsibility: • contract manager • legal counsel

To be completed by: • xx/00/99 • xx/00/99

Discussion

104

risks in the bottom left-hand corner are not of great concern, but should be monitored to ensure that they remain a low priority, whilst those in the bottom right are relatively insignificant.

Prioritisation of Action Another way to analyse the data obtained from the risk workshops is to plot risk ratings against the effectiveness of controls (see Figure 8). This approach highlights those areas where controls are weak yet the risk rating is high so that resources can be allocated to these areas for ‘priority action’. Conversely, some lowrisk areas that are well controlled may, in fact, be overcontrolled, implying that there are resources that are going to waste and so need to be redirected.

It is important to note that the risk profile in the Figure represents a snapshot of risks at a particular time. Risks will almost certainly change over time, becoming more, or less, important as both the internal and external business environments change. Hence there is a need for on-going monitoring of the risk profile to ensure that risk management strategies remain efficient and effective.

Figure 7: Hypothetical Risk Profile Consequence Loss of licence

Catastrophic

Moderate

Minor

High Impact of commodity prices

Inappropriate management of capital

Failure to provide safe working environment

Major

Noncompliance with year 2000

Failure to manage & safeguard physical assets

Business interruption due to industrial action

Loss of key people from business

Lack of cohesion between operating groups

Failure to maximise returns

Recruitment of inappropriate personnel

Low Manage native title issues Noncompliance employment related legislation

Failure to protect IT intellectual property

Insignificant Rare

Significant Moderate

Unlikely

Moderate

Likely

Almost certain Likelihood

Figure 8: Hypothetical Prioritisation of Action Plans Risk rating

High

High Priority

Health and safety

Significant

Medium Priority Low Priority

Project delivery

Year 2000

Commodity prices

Recruitment & succession policies

Exchange rates

Moderate

Industrial relations

Native title

Intellectual property

Low

Satisfactory

Some weaknesses

Weak Control effectiveness

Risk and Capital Management in Non-Financial Companies

Summary As Carlton’s paper acknowledged, the identification and measurement of risk in non-financial companies is a difficult task. The workshop approach to business risk identification and management is one simple yet effective technique that enables a more informed assessment of the risks faced by a corporation. Most importantly, the workshop process allows the risk management function to be integrated into key management decisions. This, in turn, helps to ensure that risk management is supported by management at the business unit level and is commensurate with company systems and objectives such as those relating to planning, budgeting and capital expenditure. The approach not only helps company management to more effectively and efficiently conduct their businesses, but will also enhance corporate governance and ultimately lead to strengthened shareholder returns.

References Australian Stock Exchange Limited (1997), ASX Listing Rules.

BHP (1996), ‘Risk Management – Guidelines for BHP’. Canadian Institute of Chartered Accountants (1995), Guidance for Directors – Governance Processes for Control. Canadian Institute of Chartered Accountants (1995), Guidance on Control. Economist Intelligence Unit (1995), ‘Managing Business Risks’. KPMG (1996), ‘Toolkit for the Company Director – Australia’. Malcolm Baldrige National Quality Award (1996), ‘1996 Award Criteria’. MCS Control Training and Design Inc. (1996), ‘Mastering Control – An International Perspective’. Standards Australia and Standards New Zealand (1995), ‘Risk Management’, Australian/New Zealand Standard AS/NZS 4360:1995. Standards Australia and Standards New Zealand (1999), ‘Risk Management’, Australian/New Zealand Standard AS/NZS 4360:1999. Stoner, J.A.F and F.M Werner (1995), Internal Audit and Innovation, Financial Executives Research Foundation.

2. General Discussion Discussion revolved around the role of risk management in non-financial companies and the difficulties involved in determining an appropriate level of diversification. Particular emphasis was given to comparisons between the risk and capital management approaches adopted by financial institutions and other types of corporation. Participants were interested in exploring the qualitative approach to assessing risk implemented by BHP. The question was raised of how such an approach focuses management attention on very rare, yet catastrophic, events given the low probability that such events will be experienced during a manager’s career. Under BHP’s workshop approach, most, and ideally all, exposures are elicited during the workshop even if those risks will occur rarely, or never, during a particular manager’s lifetime. Further, an important element of the approach is the ‘crisis exercises’ involving each of the businesses. The objective of these exercises is to evaluate the responses of the relevant businesses in the event of a crisis. The responses evaluated range from broad considerations such as how the crisis is managed, to

more specific aspects such as communications to the affected site, the release of media statements and the safety of staff and the community. In addition to improving response procedures, these exercises serve to maintain management attention on the potential for ‘tail events’. A problem faced by financial institutions and nonfinancial companies alike is how best to summarise risks, particularly business and operational risks, in a single measure. BHP’s methodology utilises, instead, a matrix approach to risk quantification. ANZ recently adopted a similar likelihood-based framework to evaluating risk, but took the further step of attempting to quantify risk into a single number. There were varying opinions as to whether risk, especially operational risk, can be measured in any meaningful way. Moreover, some participants were of the view that operational risk, once quantified, could not realistically be added to market and credit risk measures to determine an overall risk exposure for the company. There was broad agreement that a difficulty confronting all organisations is how to combine all the

105

Discussion

106

risks to which a large company is exposed when communication between some areas of that company may be limited or non-existent. There was some discussion of the problems experienced when establishing an effective risk management framework. At the outset, it is important that companies are fully aware of why a risk management function is required and what the objective of that function should be. For example, a commodity producer, exposed to fluctuations in foreign exchange, commodity prices and, more generally, the state of the global economy, might decide to implement a risk management operation with the objective of producing consistent earnings results and, ultimately, of adding shareholder value. As part of the decision making process, companies naturally question whether investors are actively seeking exposure to particular markets, in which case hedging some of the risk would be taking away from investors what they had intended to acquire. Further, as earlier discussed, the development of a comprehensive risk management framework may involve implementation of a methodology to quantify financial risk. Participants were interested in the extent to which value-at-risk (VaR) type concepts are being applied in non-financial companies. The point was made that VaR is based essentially on the notion of value, a concept related to on- and off-balance sheet exposures. For many non-financial companies, the balance sheet is fairly stable from year to year, with risk impacting on earnings. This suggests that the focus of the framework should in fact be earnings-at-risk or cash-flow-at-risk. Of course, many corporate treasuries that are also trading treasuries use VaR in the same way as financial institutions. The difficulties in establishing an integrated risk management function were also canvassed. In particular, there were concerns that centralisation of the risk management function abstracted accountability from individual business units; participants were of the view that responsibility for risk management should ultimately lie with individual business units. There was broad acceptance that the objective of centralisation should be to co-ordinate risk management strategies and educate business units. Businesses should remain responsible for managing exposures since it is their actions that can affect the nature of a company’s risks.

The typical objective of an investor is to maintain a welldiversified portfolio. To achieve this objective, the portfolio would ideally be comprised of sensibly enterprising companies that act in such a way as to manage those events that could potentially obstruct the ability of the company to achieve its business targets. Some participants were of the view that, increasingly, executive remuneration schemes that inordinately concentrate the potential wealth of management in the one company are an impediment to shareholder value creation. Other participants argued that incentive structures such as option plans potentially offer a number of advantages, provided that they are appropriately structured. While there was overwhelming support for aligning management incentive structures with shareholder objectives, participants acknowledged that management behaviour is extremely sensitive to the framework chosen. Participants were interested in determining the point at which diversification begins to encroach on the sensibly enterprising company that investors expect. Diversification, in the context of the discussion, refers to the adoption of risk management strategies, or a range of business activities, to reduce earnings volatility. It was thought that a certain level of diversification is necessary to protect core business activities and maintain earnings stability. Participants agreed that volatility in financial performance is heavily penalised by the market, inducing management to manage shorter-term accounting results. That said, it was argued that the use of strategies to smooth cash flows might give rise to significant costs. Most participants agreed that there exists a fine line between that level of diversification that is appropriate and that which is excessive. In some cases, the difficulties involved in managing a diverse range of activities (markets, products etc) outweigh the benefits that diversification might bring. There was some discussion of the cost of capital measure and its application within performance measurement frameworks. Essentially, the cost of capital is regarded as a charge or hurdle rate that must be exceeded before businesses are deemed to be adding value. To assess financial performance, a principal measure used by many companies, including ANZ and CSR, is economic value added (EVA). This measure attempts to quantify an economic return for each business and to remove some of the accounting

Risk and Capital Management in Non-Financial Companies

distortions on reported profitability. While the calculation of EVA is reasonably straightforward, determining a measure of year-on-year performance is more difficult. Some company’s have the view that EVA must improve each year and thus define performance as the change in EVA. More commonly, however, the absolute value of the measure is used. Such an approach gives rise to a number of problems. For example, requiring a business with very high profitability, significantly in excess of the cost of capital, to simply out-perform the cost of capital may lower the expectations of the business so dramatically as to be a

disincentive. It was thought that one way to overcome this problem might be to estimate the market values of each of the business units on the basis of projected cash flows. If these estimates are reasonable, the cash flow forecasts and the EVAs implicit in those forecasts, can be used as the performance targets for the business units. This type of approach runs into difficulty when profitable businesses, with very high targets, experience lower returns in a particular year and so are not rewarded, while other businesses earn negative EVAs yet achieve better than target and are rewarded accordingly.

107