A smart approach to board-level risk management | submitted by Derrick Van Mell and Gregory Monday

As the economy recovers, companies that cut costs or deferred spending at the bottom of the recession are now looking to reinvest: in hiring, new debt, facilities or equipment, or business acquisitions. All these decisions entail risk and, for private companies, that risk may extend to the owners personally. By now, by taking a smarter approach to risk management, companies and their owners can reduce their risks and increase the value of these investments.


Eyes wide shut: Examining all the categories of internal and external risk

A simple way to categorize risk is by the six basic management disciplines; these are the internal risks:

  1. Business structure: Sale/exit, M&A, facility project
  2. Market: Product or service launch, new territory
  3. Operations: Equipment use, operational method
  4. Information: Internet initiatives
  5. Personnel: Key hires, succession plan
  6. Financial: Refinancing debt or equity

Businesses also face external and usually uncontrollable risks in the trends in their industry, economy, and society:

  1. Demographics: Market population trends
  2. Macroeconomics: International trade, inflation, interest
  3. Regulation: Taxation, compliance
  4. Technology: Data, production, distribution
  5. Management innovation: Models and practices
  6. Acts of God: Weather, accident, war


Assessing risks: Meteors and death

Very risk-averse people will freeze if there's any risk at all; their daredevil cousins will charge ahead regardless. But the probability and consequence for each risk should be considered. We don't insure against meteor strikes, because the probability is infinitesimally low. We do insure against fire because even though the probability is very low, the consequence is enormous.

Risk managers of large financial portfolios actually quantify probability and consequences in all manner of permutations. If your calculus is rusty, simply noting each probability and each consequence as High, Medium, or Low will be helpful; risks that rate "High/High" are worth special attention.

AS IS: The four ways to minimize risk

Insurance isn't the answer to everything, nor are thick legal documents that can stall or block a negotiation. There are really four ways to deal with risk, corresponding to the acronym "AS IS":

Accept: Managers take risks every day and shouldn't be paralyzed by them. Having good managers, cash in the bank, and goodwill allows businesses to keep moving in the face of uncertainty. This isn't to say one can ignore risks or not take time in the planning cycle to think about them systematically. A key idea here is that with careful assessment of risk – in each transaction and cumulatively – business owners can reasonably negotiate compensation for accepting a risk. For example, a new employee with little experience will be paid less than a new employee with a more complete resume. The lower payroll cost compensates the company for the risk of hiring an unproven commodity.

Shed: Some risks can be passed on to others, such as contractors, joint venture partners, and investors. There are many types of agreements and elements of agreements that can accomplish this. For example, if a company buys a parcel of real estate, the company can shed the risk of specific types of liability by requiring the seller to deposit a portion of the purchase price in escrow for payment of future claims. Risks can also be shed through hedging and diversification. For example, a manufacturer that has three vendors for a particular type of material has less risk of a shortage than a manufacturer that has only one.

Insure: Some insurance coverage is required by law or contract or common sense. But contractual language can limit liability and, therefore, insurance ratings and, therefore, premiums, some of which can be substantial annual expenses. Taking a few hours a year as recommended below can have a substantial payback. For example, for a financial services firm, the risk of liability arising out of a data theft may be a much more important risk to insure against than the risk of a flood swamping some office equipment.

Share: Risk-sharing is often a central point of a negotiation. If both parties haven't done the hard work of honestly assessing their risks, negotiations will go in circles, wasting time and legal fees. Of course, spotting differences in the risks the other party faces – or perceives – is often the key to success. Again, there are many different documents that can share risks, even as they change over time. For example, when joint venture partners jointly and severally guarantee debt of the venture, they are sharing the risk of default.

Eyes wide open: Risk summit and seamless negotiating

Before engaging in a major transaction or project, think carefully about the risks associated with the undertaking. It isn't a topic just for your insurance agent, but for your senior managers, accountant, banker, or financial advisor as well as your attorney. A board of directors should demand this kind of risk assessment.

Be sure to answer these three questions:

  1. What are all the meaningful risks involved in the transaction or project?
  2. What are their probability and consequences?
  3. What's the best way to mitigate those risks?

Further, why not spend two hours a year thinking carefully about all the risks your organization faces? In these sessions, participants should complete the table below by answering the questions above for each category.

In preparation, the owners and manager should have answered these questions:

  1. What are our organization's big goals? What are we here for?
  2. What are the owners' risk preferences today?
  3. What were some of the best and worst risks we've taken before?

If your advisors know your attitude toward risk and reward, they'll be better negotiating partners, knowing when to speak up and when to let things unfold. While professionals can get stuck in their area of specialty and are often not themselves risk-takers, they can contribute their analytical skills and experiences to help businesspeople round out their ideas as the ones having to make hard decisions.

Stop and think

Managers vary widely in how they think about risk: what they are, how to deal with them and, most important, which ones are worth taking. The role of the manager within the organization matters to how they approach risk: entrepreneurs, directors, managers, and family business members can range from completely risk-averse to reckless. Mistakes get made and opportunities missed. Whatever one's attitude about risk, the riskiest thing is not thinking about it.

Derrick Van Mell is principal of Van Mell Associates, providing question-based business planning and board-level project planning. Greg Monday is a partner in the Madison office of Foley & Lardner LLP, and specializes in counseling companies and their owners on governance, operations, and ownership issues, including entity formation/organization, raising capital, securities laws, asset protection, business growth and expansion, leadership/ownership succession, acquisition, and exit planning.

Sign up for the free IB Update – your weekly resource for local business news, analysis, voices, and the names you need to know. Click here.