Research as a Risk Management Tool
Last week, the Financial Times ran an article discussing the recent leaking of JP Morgan’s “doomsday scenario”. While the bank’s Chief Investment Officer was engaging the trades which led to the recent $2-billion loss, another division of the bank was developing a scenario that would play out the results of a $50-billion trading loss. In short, the bank would likely experience a run and collapse.
In its tone, the article appears to present the existence of such a doomsday plan as a curiosity; as though surprised that such planning would take place. Such a scenario should not be treated as an anomaly, or even as something to be concerned about. Simply put, it is smart risk management.
As Robert Kaplan and Anette Mikes suggest in the June 2012 issue of The Harvard Business Review, risk management can be broken down into three distinct categories: preventable risks, strategy risks, and external risks.
Preventable Risks arise from within the company and are controlled through careful development of mission, vision, values and strategic goals; along with carefully implemented internal controls and audit infrastructure.
Strategy Risks are those risks explicitly linked to the strategic choices and planning of an organization. They are not necessary a negative, but rather are inherent to the business – for example, the strategic risk of a bank which decides to lend money is the chance that the loans may not be repaid.
External Risks are completely outside the control of an organization, typically arising from major political, natural, or economic events. As companies cannot prevent or control these risks, management must be able to identify and plan for their eventuality.
But what do these mean for risk management, for JP Morgan’s case, and more importantly, for your business? Most organizations are able to develop plans to mitigate preventable risks, and most are aware of their strategy risks through planning processes. It’s the external risks that are the most dangerous. Kaplan and Mikes advise managers to address external risk through scenario planning, war-gaming, and stress testing – exactly what JP Morgan’s ‘doomsday scenario’ was designed to do.
However, these approaches all require information which goes beyond a typical external scan. To outline a scenario, organizations need to understand as much of their external environment as possible. Businesses are often able to calculate the impact of such potential events on their capital reserves and balance sheets, but what about the non-financial consequences: How will your customers react? How about your employees? Your Board? Would a disastrous event spark government to intervene and regulate your industry? What would the public’s reaction be?
These non-financial questions provide a critical backdrop to any type of organizational war-gaming or scenario planning. In a modern business environment where outlier events can arise more frequently and unexpectedly than ever, organizations would be wise to have a range of scenarios, including ‘doomsdays’ in their back pockets – and a strong research partner can add substance to the numbers.