Do bankers know how to manage risk? Did the boards of Lehman Brothers or AIG recognize that a financial crisis was impending? Did they ensure their companies were strong and could preserve shareholder’s equity when the crisis occurred? If that’s the objective against which you judge their risk management performance, then the answer for them, and those that failed with them, must be no.
Boards manage risk. It’s their only job. The measures used to judge their performance are the strength of the company and the value of their stock. So what happened? Part of the reason for failure was their approach to managing risk.
Computers don’t manage risk—People manage risk
Banks rely on computers to “manage risk.” So do many others. But computers can only use an algorithm to massage data, compare the results to a benchmark, and report whether the data deviates from the benchmark. When the characteristics of the situation extend beyond the assumptions of the algorithm, then the data is worthless and worse, misleading. You experienced the result. Computer programs don’t manage risk. Humans manage risk.
Managing risk is a forward-looking, intuitive process done by a human brain on the basis of its knowledge, imagination, capacity for solving complex problems, tolerance for ambiguity, ability to see ourselves in the world around us, paranoia, and previous experience. And the deeper the paranoia, and more painful the experience, the better. Managing risk takes place against a set of objectives. It looks in all directions. It takes time. It becomes suspicious when, “everyone is doing it,” or “it looks too good to be true.” It isn’t loyal to old friends for loyalty sake. It’s best done in a group where the experience is diverse (but relevant) and where the members can freely discuss their views, and challenge the views of each other. Some call this kind of group a Board of Directors.
The directors of Enron failed in their duty to shareholders. Kurt Eichenwald’s book, Conspiracy of Fools: A True Story, told the tale. The stories of what happened at Bear Sterns, AIG, Fanny Mae, Freddie Mac, and Washington Mutual have yet to be written. Will those stories reveal that their directors failed as well?
Let’s stop right there. It’s not my intent to criticize. I don’t know that the boards of Enron, Lehman Brothers, or AIG were the fat cats and uncaring people that some have portrayed them to be. I doubt they were. What I do know is that the expectations placed on directors changed dramatically with the demise of Enron and the introduction of Sarbanes-Oxley. And the challenge for boards ever since has been to find a means to effectively meet those expectations.
How can they do that?
They can start by recognizing that boards are risk mangers, and that risk management is their only job.
1. Risk management is an organized process in which Directors (not computers) routinely examine major risks critical to the business. Those risks are simple and straight forward. Moreover, most everyone knows them. The just don’t take the time to execute them well; the risk in the CEO and the CEO’s management of the business, the risk in the strategic plan at time of formulation and execution, the risk in the senior management team, the risk in the composition of the board, and the risk in the creation and presentation of financial information. Boards are the last stop in the risk management process, the endpoint in the company’s Enterprise Risk Management program.
2. Make risk management a proactive process in which Directors, like smoke detectors, are always sampling the air and checking for bad smells. They never go off the air. They are always listening, watching, and analyzing the results for events or situations of that could stop or deter their company from reaching its objectives. That’s the definition of risk, “An event or situation of that could stop or deter the company from reaching its objectives.”
3. Engage the company’s internal auditor to be the board’s eyes, ears, (and nose,) reporting directly to the board; operating with the board’s direction. The job is simply too big for ten, drop-in-directors, to do the investigation themselves.
4. Change the relationship between the Board, the internal Auditor, and the CEO. The preservation of the corporation and shareholder’s equity requires a team effort. There is no room for egos or petty jealousies.
1 comment:
Excellent points. I have found that boards aren't always systematic about the ways they select, delelop, and assess individual and team -including committee performance.
Post a Comment