Embed Size (px)
Citation preview
83
Risk and Capital Managementin Non-Financial Companies
Tony Carlton*
* General Manager, Finance, CSR Limited.1 For the purposes of this paper, capital management refers to the process of determining the optimal capital structure of a non-financial
company. There are, of course, a number of issues that relate to the optimal capital investment strategy that are not addressed here.2 A leveraged buy-out (LBO) facilitates equity ownership of a company via a highly-geared transaction funded by a ‘venture capital
group’.
1. IntroductionThe recent past has seen the emergence of a number oftrends in the financial markets: globalisation,deregulation, innovation, technological advancement,disintermediation and changes in the competitivestructure of the financial sector. In turn, this has led toa re-assessment of the risk and capital managementstrategies of financial institutions and the role offinancial regulation. These changes have also had adramatic impact on the financial strategies of non-financial corporations. One of the most notable hasbeen an expansion in the range of financial productsavailable. In the area of risk management, anincreasing number of risks can now be hedged, and forincreasingly longer terms. A better understanding ofderivative products and the processes and controlsrequired for their application has made these riskmanagement tools and techniques more accessible.Similarly, in the area of capital management1, theincreasing range and volume of available financialinstruments has facilitated the creation of morecomplex capital and ownership structures that aremore attuned to the specific needs of individualcompanies.
Increasingly, corporations are recognising the need to focus on delivering shareholder returns. This hasprompted greater attention to be directed towardsassessing how balance sheet and risk managementcontributes to enhanced shareholder returns. Thegrowth in leveraged buy-outs (the ‘LBO movement’)has challenged conventional views about whatconstitutes optimal gearing strategy.2 The availability of share buy-backs has put more pressure on companies to more actively manage their balance sheets. The fundamental issue is how to select, from the choicesavailable, capital and risk management strategies thatcontribute to the maximisation of shareholder value.The academic literature does not have a well-acceptedconsensus view on the relationship between riskmanagement strategies, financial strategy and value.Observation and empirical evidence documents a widerange of practices adopted by companies, suggestingthat there is no single correct answer.
The objective of this paper is to provide insights intothe financial strategies of non-financial companies in sofar as these strategies relate to risk management andcapital structure. Section 2 puts forward some reasonsfor why the approach to risk and capital management
in non-financial companies differs from that infinancial institutions. This is followed in Section 3 by anoverview of the principal financial strategy issues facedby non-financial companies, especially in the context ofshareholder wealth maximisation. Section 4 outlinesthe principles underlying the concept of shareholdervalue and explains how these principles relate to riskand capital management strategies. The type of factorsthat need to be taken into account when determiningvalue maximising risk and capital managementstrategies, as well as the link between these strategiesand management incentive systems, are alsoconsidered. The final sections consider someimplications for the role of the finance function in anon-financial company.
The fundamental assertion of this paper is that non-financial companies must develop and implement riskand capital management strategies that demonstrablycontribute to shareholder wealth creation. In additionto meeting shareholder demand, this will help focusthe direction and efforts of the finance function. Thevalue added by risk and capital structure managementdepends on the individual circumstances of thecompany and, in particular, the company’s total riskprofile, its tax profile, the specific risks and costs offinancial distress, investment opportunities and thenature of company ownership. Hence, the optimumstrategies are company specific – it is inappropriate toapply formulaic rules of thumb.
Acceptance that total risk is important inevitably leadsto the conclusion that risk should be managed on acompany-wide basis. In financial institutions theassessment of risk and the evaluation of capital needsare closely related. For non-financial companies,however, the link is less clear. Traditionally, the riskswithin the company have been managed on asegmented basis in line with business or functionalresponsibilities. Developing strategies that recognisethe company’s total risk requires a broad perspectiveon risk analysis that incorporates an understanding ofthe dynamics of each business. In addition, themanagement of risk needs to be more strategic innature. Risk management adds value through thebenefits of a more stable cash flow stream. A focus onshort-term tactics and techniques does not necessarilyenhance cash flow stability; strategic management ofrisk requires a longer-term perspective.
Tony Carlton
84
3 Business risks are incurred as part of the strategic decision making process of the company as well as in the company’s day-to-dayoperations. Financial risks refer to the potential for changes in foreign exchange rates, interest rates or commodity prices to adverselyimpact on the cash flows of the company and consequently on that company’s value.
Financial Institutions Non-Financial Companies
Regulatory Protect payments system and systemic risk Focus on corporate governance and disclosure
Nature of Tradeable, financial assets, market makers Balance sheet comprises illiquid assetsAssets Highly diversified portfolio Risk concentration
Cash flows largely contractual Underlying cash flows non-contractualDiversification improves quality of the portfolio Portfolio diversification creates negligible value
Role of Risk Raison d’être to absorb and / or intermediate risk Risk arises from natural physical characteristics of underlying business
Risk management is key focus and skill of Lower focus, less skills in the processmanagementAggregation and integration of company-wide Fragmented approachrisks
Risk Ability to statistically measure risk Limited ability to measure most of the risks due Measurement to limited observations, linkages and causal
relationships
Figure 1: Key Differences between Financial and Non-Financial Companies
To achieve such an approach, the finance function in anon-financial company must:
• place more emphasis on the process of riskmanagement, especially the identification,understanding and measurement of exposures.Given that the solutions to many problems are nowavailable through the use of derivative techniques,the focus should be on ensuring that the rightproblems are solved. This should involve not only theanalysis of individual business and financial risks3,but management of risk on a company-wide basis;
• direct greater effort to the area of performancemeasurement. The focus on risk managementperformance is a relatively recent one and followsfrom a number of developments including greaterexternal reporting obligations, some high profilecorporate derivative losses and an increased rangeof derivative products. Whatever method ofperformance measurement is chosen, it isimportant that the desired outcomes of riskmanagement practices, and associated benchmarksand incentive systems, are aligned with the creationof shareholder value;
• ensure that the company is adopting a pro-active,and sufficiently aggressive, approach to capitalmanagement;
• better understand the potential linkages betweencapital structure strategies, risk management
strategies and management incentive structures;and
• use risk measures that are appropriate for non-financial companies. While value-at-risk (VaR)techniques are becoming increasingly popular,such techniques are only appropriate for non-financial companies under limited circumstances.An approach to risk which focuses on themeasurement of ‘cash flow shortfall’, or cash-flow-at-risk, rather than the variance in market value, isprobably more appropriate.
2. Why are Non-FinancialCompanies Different?
The distinction between financial institutions and non-financial companies is critical to acquiring anunderstanding of the differences in approach to riskand capital in the two types of organisation. Further,given the relatively advanced state of development ofdisclosure requirements in financial institutions, thisdistinction is also relevant when determining howcorporations can best publicly disclose exposures andrisk management practices. This is an issue that is stillnot well addressed by those who regulate corporatedisclosure requirements.
Figure 1 summarises the key differences betweenfinancial institutions and non-financial corporations.In financial institutions risk is part of theintermediation process itself; the role of the financial
85institution is to intermediate risk.4 By contrast, in non-financial companies risk is a by-product of theunderlying activities of the business lines.
As highlighted in the Figure, non-financial companiestypically deal with risks that are difficult to quantifyand/or hedge. Also, the nature of the risks is such thatrisk management is more often fragmented than is thecase in financial institutions. This may partially explainwhy non-financial companies are often characterised bya greater diversity of strategies relative to financialinstitutions. An important characteristic of non-financial companies is that the financial exposuresarising from potential shifts in market prices (ie foreignexchange rates, interest rates and commodity prices)cannot be separated from the underlying business. Thefactors that drive cash flows are complex, and financialvariables are inter-twined with the cash flows generatedby a particular business. As a consequence, decisionsabout which exposures to hedge, or not hedge, arecomplex ones.
Consider, for example, an Australian commodityexporter selling produce to the US. The exporter hasexposure to the AUD/USD exchange rate as well as to changes in commodity prices. Understanding theexact nature of the exposure would require anunderstanding of the relationship between foreignexchange rates and commodity prices. Does a
relationship exist and is it a causal one? Is the relationshipstable over time or will it change as the structure of theglobal industry changes? If the commodity price andcurrency are perfectly negatively correlated then, in AUDterms, the exporter effectively has no exposure to theexchange rate. In this case, to hedge either the currencyposition or the commodity position would give rise to anexposure that previously did not exist.
Another example is the ‘indirect economic exposures’of a locally operating company. A company operatingsolely in the local market, and competing withimporters, can have as much exchange rate exposure asan export firm. A stronger AUD means that imports willbecome relatively cheaper, putting pressure on eitherthe pricing or market share of the local supplier.Finally, one issue that must be addressed by manyimporting companies is the need to determine theeffective currency of the commodity. Although manycommodities are denominated in USD, the effectivecurrency will depend on the interaction of marginalsupply and demand, substitute products etc.
Figure 2 provides a simplified representation of thecorporate view of the world and attempts to explain howrisk management fits within the broader strategy of acorporation. The objective of value maximisation isachieved through the performance, investment andfinancial strategies of the corporation. Unlike in many
Risk and Capital Management in Non-Financial Companies
4 Refer to the paper by Jenkins in this Volume for another perspective on the role of risk in financial institutions.
The Real Assets Financial Strategy
Strategy Maximising long-term cash flows Financial strategy to lower overall "How do we through cost of capitalcreate value?" • strategy • gearing
• superior operating performance • dividend• capital investment/growth options • debt structure • organisation design • financial risk management
Where Product markets for goods and Financial markets, where the "Who do we services, (where the cash flows cash flows are valueddeal with?" are created)
Risks • strategic • default• commercial • refinancing risk• operating • capital availability• technical • cost of capital
Risk • operating leverage • gearing/debt structure Management • production location • derivatives Strategy • volume/product mix strategies • insuranceOptions • project selection • self insurance
• diversification
Portfoliostrategy
Ownershipstructure
Equitymarket
CommoditiesCurrencies
Interest rates
Riskmanagement
processes
Figure 2: Performance, Investment and Financial Strategies of Non-Financial Companies
Tony Carlton
86 financial institutions, business strategies in non-financialcompanies, such as product diversification and location,are part of the risk management function itself.
It is interesting to consider the range of ‘real’ oroperational responses that are available to non-financial companies to manage their risks:
• operating leverage (the mix of fixed and variablecosts) is one way of responding to volatile markets;
• changing the location of production to a foreigncountry is a response to foreign exchange exposureposed by import competition;
• adjustments to production volumes can be made inresponse to anticipated variations in market prices;
• modifications to the business portfolio, through thescreening of projects, abandonment of projects ordivestment can be undertaken to impact directly onthe risk profile of the company; and
• a diversified portfolio can be assumed in order toabsorb risk.
It is important to emphasise, however, that each of theserisk management, or hedging, strategies will have its owneconomic costs and benefits in addition to those thatmay result from risk reduction. Nonetheless, the rangeof strategies at hand demonstrates that many of the riskmanagement opportunities available to companies aredeeply embedded within the individual businesses. It isalso interesting to note from Figure 2 the interactionbetween real assets and financial markets; non-financialcompanies straddle the (real) product markets (wherethe value is created) and the financial markets (wherecash flows are valued and traded).
The performance of real assets is affected by events inthe financial markets. The most obvious examples arethe effects of exchange rate, interest rate andcommodity prices on financial performance. However,just as potentially significant is the effect that financialstrategies have on behaviour. For example, the gearingof a company can have a potentially significant impacton the behaviour of management and therefore thecash flows, and ultimately the value, of the business.This is best exemplified by the use of leveragedstructures, such as LBO transactions, to facilitate theconcentration of ownership. Strategies for achievingmaximum value increasingly involve financial markettools, such as ‘leveraged recapitalisations’ and ‘spin-offs’, as a means of adjusting the business portfolio and
achieving improved incentive structures and corporatecontrol mechanisms.
While financial markets operate in terms of tradedsecurities and readily observable values, businesses arefocused on operating in the ‘real asset’ markets. Thishighlights a critical role for the finance function in anon-financial company, namely, to act as the linkbetween financial markets and business units. Byapplying financial market products to real businesses,the function adds value. This value is created not byduplicating the trading skills of financial institutions, but by acquiring a comprehensive understanding of the non-financial company’s businesses and theiroperations, and by recognising when and how financialsolutions can add value.
3. Risk and Capital Management inNon-Financial Companies – SomeIssues and Challenges
The financial strategies of non-financial companieshave been significantly impacted both by trends infinancial markets and by changes in the corporateenvironment. Major changes in recent years haveincluded:
• changes in the regulatory environment. Amongst otherdevelopments, these changes have enabled the useof share buy-backs and allowed for greater access tooffshore markets;
• globalisation. Many companies now have access to a wide range of international markets. While thisyields many benefits, it also means that companiesare more quickly affected by changes in globalfinancial markets and are increasingly subject tocompetitive pressures;
• disintermediation. The disintermediation trend hasfundamentally changed the role of traditionalcommercial banks, providing companies with directaccess to end-investors. In addition, the role ofcorporate lending has also changed, transformingthe way that counterparties deal with bankingproviders;
• innovation. The development of new products hasfacilitated alternative risk transfer arrangements aswell as more tailored capital structures;
• competitive structure of the financial sector. Competitionamongst financial institutions has given rise to
87
Risk and Capital Management in Non-Financial Companies
5 See Modigliani and Miller (1958).6 See Copeland and Joshi (1996).
opportunities for end-customers to adopt reasonablyaggressive approaches to supplier management and isalso driving the process of innovation; and
• technology. Advancements in electronic technologyhave facilitated more efficient payment transfers.Also important are the dramatic improvements incomputing technology that have allowed for moreaccurate analysis and pricing of derivativetransactions.
The combined impact of these changes in the financialmarkets has been an expansion in the available supplyof competitively priced financial products. Theincreased availability of tools for hedging a wide rangeof financial exposures, along with the lengtheningterms of these contracts and the ability to incorporateoption-type features, means that companies are better able to fine tune hedging activities to their requirements. Similarly in the area of capitalmanagement, deregulation in the US and changingattitudes in Australia have made capital markets moreaccessible. Moreover, the greater acceptance of a wider range of counterparty credit qualities, togetherwith the development of a diverse set of financinginstruments, has facilitated the tailoring of capitalstructures.
Perhaps the most significant trend, however, has beenthe development of a more active market for corporatecontrol, and the accompanying focus on shareholderwealth creation. This focus on shareholder wealth comesat a time when there is increasing competitive pressureson virtually all companies. Hence, non-financialcompanies must focus on addressing the question ofhow risk and capital management strategies add value.Clearly, the impact on shareholder value should be thebenchmark against which all alternative strategies forrisk and capital management are evaluated.
Against this background, there are a variety of challengesfacing those responsible for setting financial strategies. Anumber of these issues raise fundamental questions aboutthe value added by financial strategies and activities.
Lack of Consensus as to How RiskManagement Adds ValueDespite the development of a wide range of tools formanaging risk, an even more fundamental questionmust still be addressed, namely, how does riskmanagement add value for shareholders? The
relationship between risk management andshareholder value is difficult to determine. This isespecially the case when considering capital structureand financial hedging strategies, eg interest rate andcurrency hedging. One source of guidance is given byNobel Prize winners Modigliani and Miller who arguedthat financial strategies, such as capital structure andfinancial hedging, have no impact on value.5 Theirfundamental premise is that, as long as the cash flowsand investments of the firm are given, the capitalstructure of a company cannot affect the value of thatcompany since investors can duplicate any financialstrategy in their own portfolio.
This is an interesting conclusion that casts doubt on thevalue added by many corporate finance activities withinnon-financial companies. While many might perceiveModigliani and Miller’s conclusion to be simply anabstract theoretical notion, there are numerouspractical illustrations that suggest that financialhedging does not add value. For example, research byCopeland and Joshi questioned the economic benefitsof currency hedging.6 Their study, based on an analysisof the foreign exchange hedging strategies of 200 largecompanies, found that even the most complex hedgingstrategies did not necessarily reduce cash flow volatility.Hence their conclusion was that, in many instances,hedging is ineffective. This particular result isunderstandable since, as indicated by most surveys,companies generally hedge transactional exposures outto only 12 months. It is doubtful that such a strategycould have much of an impact on reducing long-termvolatility. Moreover, even if the finance functionsucceeded in hedging all the financial risks of thecompany (a practical impossibility), financial risks areonly a subset of a company’s total exposure.
Another commonly held view is that companies generallyover-hedge their exposures. Again, this result is notsurprising given that exposures are often separatelymanaged within a company. As suggested earlier in thepaper, there are also numerous examples wherecompanies can, in fact, increase exposures throughinappropriate hedging policies. Additionally, it is oftenfelt that hedging offers only a short-term smoothing ofreported profit and does not have a lasting impact on thecompany’s fundamental profitability.
Finally, a number of companies have policies in placethat either preclude hedging strategies altogether orelse employ them only in limited circumstances.
Tony Carlton
88
7 Australian Society of Corporate Treasurers (1998).8 Refer to the paper by Moss in this Volume for further discussion of performance structures.9 See, for example, the papers by Matten, Moss and Funke Kupper in this Volume.10 Kaplan and Leftwich (1998).11 Bodnar, Hayt, Marston and Smithson (1995).
Companies take this approach for any one of a numberof reasons. For example, the company might be of theview that shareholders buy shares in the company inorder to acquire the relevant exposure. In hedging thatexposure, company management may be acting in away that conflicts with shareholder objectives. Similarly,it may be assumed that investors are well-diversified.Hence, they cannot benefit from the hedging strategiesof individual companies and do not need the companyto create a layer of protection that could potentially bevery costly.
All of this suggests that it is perhaps inappropriate toassume that the finance function’s earnest endeavoursat risk management are necessarily adding value forshareholders.
The Relationship Between PerformanceMeasurement and Shareholder ValueA growing emphasis on productivity has highlighted theneed for all functions within a non-financial company todemonstrate the value being added. Yet, a recent surveyby the Australian Society of Corporate Treasurersreported that only 53 per cent of companies measuredtreasury performance.7 Of these, one third were nothappy with the performance measures used; the mainreasons cited for this dissatisfaction were the simplicityof measures and the fact that measures were still under-developed. These results do not sit well with an activitythat should be able to clearly demonstrate itscontribution to shareholder value.
The fundamental goal of any performancemeasurement system is to provide a basis formanagement decision making that produces the bestbalance of cost and risk, given the objectives, financialposition and other constraints of the corporation.Performance measurement should encouragebehaviour that reflects corporate objectives8, while atthe same time providing feedback to facilitateimprovements in decision making. Fundamental to thisis the selection of a benchmark that reflects the riskmanagement objectives of the company. Failure tospecify clear performance objectives for the riskmanagement function may undermine the function. Inparticular, it could lead to: a lack of accountability; afailure to create or, at a minimum, preserve valuethrough misspecified targets; and the adoption of areactive risk management strategy that is certain to fail.
Using the Right Risk Measure for Non-Financial CompaniesA number of papers in this Volume have made mentionof VaR.9 While VaR is a key risk measurement tool infinancial institutions, the application of this technique innon-financial corporations poses a number of conceptualand implementation issues. As mentioned in theIntroduction, often the focus in corporations is on theexposures generated by the specific cash flow patterns ofphysical positions, rather than on the values of positions.Also, the most common application of VaR in financialinstitutions is on traded financial instruments that areheld over short time horizons and thus are assumed to bereasonably liquid. By contrast, non-financial companieshold few traded positions; positions are typically illiquidand of a much longer term. Despite these issues, therelative simplicity of VaR and the manner by which itencapsulates risk into a single number make it a seductivemeasure to use. Implementation of this type of techniqueby a non-financial company would require the companyto address problems such as illiquidity, non-linearexposures, extreme observations and non-stationarity(especially for exposures measured over longer terms).Of course, financial institutions are faced with many ofthese problems also. Unless non-financial companies candevelop an alternative risk measurement framework thatis sufficiently rigorous they will be forced to rely on VaRtechniques.
External Reporting Framework forFinancial RisksThe disclosure regime imposed on non-financialcorporations poses particular difficulties when risk ismanaged on an economic basis. Specifically, theexternal reporting of risk management activities canhave a distorting effect. This point is well summarisedby Kaplan and Leftwich: “why information about asubset of a firm’s assets (derivatives) warrants suchattention reflects politics, not economics”.10 (Thiscomment would seem to be supported by the results ofa 1995 Chase/Wharton survey of US companies, whichfound that the biggest concern of companies inrelation to the use of derivatives was the potentialaccounting treatment of positions.11)
External accounting rules are certainly tending towardsrequiring all derivative positions to be valued on amark-to-market basis. These rules also allow the risk
89
Risk and Capital Management in Non-Financial Companies
Determineoverall
financialstrategy
Debt
Equity-linkeddebt
Equity
Determinedesired
structureof eachclass offunding
Selecttype offunding
instrument
Issuingstrategy
andtactics
Interest raterisk
management
On-goingadjustments
• increase gearing through share buy-backs etc
• reduce gearing through equity issues
• change equitystructure through‘carve-outs’
• repay debtthrough debtbuy-backs,repaymentdefeasance
• use flexible debt facilities to tap marketsopportunistically
• significantlychange interestrate exposure,without repayingdebt, throughswaps
Figure 3: Capital Structure Management
associated with derivative exposures to be quantifiedusing statistical techniques such as VaR. While suchapproaches are certainly legitimate, requiring non-financial companies to comply with measurement rulesthat are appropriate for financial institutions perhapsreflects a lack of understanding regarding thedifferences between the two types of organisation.Failure to appreciate this distinction has resulted in adisclosure regime for non-financial companies thatfocuses on the value of the derivative position ratherthan the net hedged position. In requiring derivatives tobe marked-to-market, but prohibiting marking-to-market of the underlying exposure, the accounting rulesare imposing an approach which identifies gains (losses)in the derivative position yet ignores the associated losses(gains) on the underlying exposure. Similarly, theapplication of VaR to only the derivative position ignoresthe exposure associated with the overall position.
Pressure for More Pro-active CapitalStructure ManagementHistorically, the financial policies of non-financialcompanies have been largely passive, reflecting theaccumulated impact of a series of decisions ‘at themargin’. Today, however, the increasing pressure createdby the developments outlined earlier in this Section haveforced companies to be more pro-active in managingtheir capital structure. On the demand side, the focus onshareholder value has meant that companies simplycannot afford to have inefficient capital structures. Onthe supply side, innovation and deregulation, especiallythe legalisation of share buy-backs, have enabled
companies to dramatically change their capital structuresover a relatively short period of time. Figure 3 lists someof the tools that non-financial companies can use toadjust financial structures in light of changed marketconditions or company circumstances. The main messageis a simple one. Finance functions must continuouslymonitor the efficiency of the capital structure against thecurrent requirements of the business units and againstdevelopments in financial markets.
Even more fundamental than a freer regulatoryenvironment are the challenges to more traditional (andconservative) approaches to setting capital structuretargets posed by the LBO approach to financialstructure.12 The key elements of this approach are theaggressive use of debt and concentration of ownership. Itis argued that companies that generate surplus cash(generally those in mature or low-growth industries) willtend to reinvest such cash in negative NPV projects (andmanagement perquisites) rather than return significantfunds to shareholders. These companies thus destroyvalue for shareholders. Such behaviour is also more likelyto occur in conglomerates where funds from profitablebusinesses are at a higher risk of being invested in thosedivisions that are not performing as strongly. One way ofovercoming this profligate use of cash is to inject a highlevel of debt into the business. The resulting repaymentobligations effectively precommit a large proportion offuture cash flows. High debt levels also allow a greaterconcentration of equity ownership, particularlymanagement equity, allowing significantly leveragedreturns.
12 Refer to the Appendix for an illustrative application of the traditional approach to determining capital structure.
Tony Carlton
90
• market size• market share• volume/price
• raw material prices• staffing levels• wage rates• production efficiency• operational improvement
• corporate tax rate• franking credits• tax effective structures
• receivables• payables• inventory
• plant life• replacement policy• maintenance
• cost of equity for business• cost of debt• gearing• effective tax rate
• sustainable cash flowafter year 10
• duration and growth• cost of capital
Business Unit Specific Value Drivers (examples)
High-levelValue Drivers
Revenue
Operatingcosts
Taxes
Workingcapital
Capitalexpenditure
Project/costof capital
Discountrate
Cashprofit
Investmentrequired to
supportoperations
Cash flowsfrom
operations(years 1-10)
Businessunit
value
GrowthOptions
Terminal value (year 10)
X
Figure 4: Key Drivers of Company Value
While this type of argument is partly behind the LBO movement, it has also driven the use of otheraggressive financial strategies by non-financialcompanies. One example is leveraged recapitalisation.Under this strategy, a company funds a major share buy-back through the use of large-scale debt funding, oftenresulting in a capital structure very similar to an LBOcompany. While there have been a number of examplesof these strategies in the US, there do not appear to beany Australian companies adopting such approaches atpresent. Moreover, the limited numbers of buy-backsthat have been undertaken by non-financial companiesin Australia have generally been motivated by a desire toreturn divestment proceeds to shareholders. Proponentsof the aggressive use of debt cite the failure of internalcontrol systems to appropriately constrain the ‘businessrisks’ arising in those companies that are subject to the‘surplus cash flow problem’. There is a wide range ofcompanies subject to this risk, including many industrialcompanies operating in markets that are traditionally
characterised by surplus capacity. The LBO approach
can essentially be viewed as one that outsources the
process that drives corporate performance. One
alternative approach is the adoption of economic value
added/shareholder value added performance
measurement systems.13
4. Risk, Capital Management andShareholder Value
The previous Section identified a number of issues
facing non-financial companies, thereby highlighting
the difficulties in demonstrating value added. In order
to determine risk and capital management strategies in
a non-financial corporation, it is necessary to explore
those factors that underpin the valuation of the firm.
The purpose of this Section is to review recent theory
and empirical research to determine whether there are
guidelines available for selecting value maximising
strategies.
13 Refer to the paper by Funke Kupper in this Volume for further discussion of economic value added techniques.
91
Risk and Capital Management in Non-Financial Companies
• business cycle• poor marketing
strategy• poor acquisitions
strategy• changes in
consumer behaviour
• political/regulatory change
• treasury risks• lack of
counterparty/credit assessment
• sophisticatedfraud systemsfailure
• poor stock/receivablesreconciliation
• design mistakes• unsafe behaviour• employee
practices risks• sabotage
• loss of keyexecutive
• supplier failure• lack of legal
compliance
• equipmentbreakdown
• infrastructurefailure
• fire• explosion• pollution• drought and
other naturalperils
• poor technology
Risks of plans failing Risks of financial controls failing
Risks of human error or omission
Risks of business interruption
Risks of physical assets failing or being damaged
Strategic Financial Operational Commercial Technical
Figure 5: A Taxonomy of Business Risks
The most commonly accepted model of shareholdervalue has as its foundation the notion that value isdetermined by expectations of long-term cash flows,discounted at the risk-adjusted cost of capital. Figure 4describes the framework for a typical financial modelbased on this approach. The Figure highlights that awide range of variables, some of which are under thecontrol of management, and others which are externalto the company, impact on value. A model thatincorporates key operating variables will provide long-term cash flow forecasts and the appropriate setting forthe determination of long-term financial goals.
This model raises two questions in relation to risk andvalue: how should those risks confronting the businessbe measured and how does the choice of riskmeasurement technique impact on the perceived valueof the business?
4.1. Measuring RiskWithout doubt, all companies face a wide variety ofrisks, including strategic, operational, financial,environmental and technological risks. Figure 5summarises one way of classifying some of the riskfactors faced by corporations into broad risk classes.The total risk of a company is a measure of thecombined impact of these risk factors on the cash flowsgenerated by each of the business streams, after takinginto account hedging and other risk mitigation
techniques. Traditionally, the risks within the companyhave been managed on a segmented basis in line withbusiness or functional responsibilities.
The identification of risk in non-financial companies isa difficult task and there exists no consensus about howbest to tackle it. The task of quantifying these risks iseven more difficult. The ideal approach would quantifyeach risk on the basis of its likelihood of occurrenceand potential impact on the cash flows of the business.Forecasting and simulation models are useful tools ifsuch a methodology is to be adopted. The difficulty isin incorporating the totality of risks into the approach.Consequently, in practice any quantitative approachneeds to be supported by a rigorous, qualitativeevaluation of risks, to allow an overall assessment ofexposure to be made.
The objective of the risk management function,therefore, is to monitor and manage the actualoccurrence of each risk. In a qualitative sense, new andexisting risks can be represented on a ‘risk grid’ or‘map’.14 For a number of risks, hedging may not bepossible and so significant reliance is placed onmanagement processes for screening and monitoringrisks. Some of the mechanisms for effective screeningof business risks include the use of the strategicplanning process and the use of a number of metrics toassess historical and prospective performance. Such aprocess requires that management understand the
Source: PricewaterhouseCoopers (1997).
14 Refer to Bennett’s response to this paper for further discussion of qualitative approaches to managing risk.
Tony Carlton
92 nature of the risks, the types of potential outcomes, thecompany’s capacity to absorb risk, and strategies tomitigate risk, such as training, enhanced risk screeningof new projects etc.
4.2. The Relationship Between Risk and Shareholder Value
The cost of capital approach to valuation implies thatchanges in the risk profile of the company will onlyaffect that company’s valuation through the impact oncash flow or the discount rate. This gives rise to thequestion of how risk is factored into the valuationmodel. The most common application of the cost ofcapital approach is through the use of the capital assetpricing model, which differentiates between ‘systematicrisk’ and ‘non-systematic risk’.15 The measurement ofeach of these risks has implications for determining theappropriate cost of equity.
Systematic risk cannot be diversified away. It reflects theinfluence of general economic activity on the volatilityof returns and is measured by the well-known betafactor. Investors demand compensation in exchangefor assuming systematic risk and hence this type of riskmust be incorporated into the cost of capitalcalculation. By contrast, non-systematic risk isparticular to each company. A basic premise of modernvaluation theory is that for well-diversified investors thenon-systematic risks associated with particular projectswill cancel out. As a consequence, such risks do notrequire additional compensatory return. Hence, themost appropriate way to incorporate these risks intothe valuation process is to include them in thecalculation of expected cash flows, not via anadjustment to the discount rate.
While the above discussion does give some insight intothe value consequences of business risks on corporatevalue, it is less clear about the capital structure andhedging strategies associated with financial risks. Asnoted earlier, the original Modigliani and Millerpropositions argued that financial strategies, such ascapital structure and financial hedging, have no impacton value. Their fundamental argument is that, as long ascash flows and investments are given, financial strategiescannot affect value as well-diversified investors canduplicate these strategies themselves. This is behindtheir well-known propositions that capital structure doesnot matter. Similarly, well-diversified investors do notbenefit from company specific hedging actions as these
risks can be eliminated if the investor holds a well-diversified portfolio or, under the assumptions of themodel, if the investor can duplicate a financial strategy.Since financial strategies only influence diversifiable risk,there is no change to the required discount rate. If riskmanagement and capital structure decisions are to addvalue, therefore, it must be through their effect on cashflows, and it is here where most academic effort has beenplaced.
How Can Risk Management Add Value?The conclusion to be drawn is that risk managementcan add value in certain circumstances. This isdemonstrated by considering the assumptions onwhich the Modigliani and Miller proposition (thatfinancial strategies do not add value) is based. The keyassumptions are:
• no taxes;
• no costs of bankruptcy;
• that operating and investment cash flows are given;and
• that management acts to maximise shareholdervalue.
Relaxing these assumptions highlights how financialstrategies can, in fact, add value:
• taxation. The asymmetric treatment of tax lossesmeans that the smoothing of cash flows improvesthe values of those cash flows. This arises becausepositive taxes must be paid as earned whereas thebenefit of tax losses is only realised when futuretaxable income accrues. This factor may beespecially relevant in Australia where the focus ofcompanies is on servicing franked dividends;
• financial distress. In addition to bankruptcy, financialdistress includes the costs to the company of actionsby suppliers, customers and employees who may beconcerned about the financial status of anorganisation well before it becomes bankrupt.Clearly, companies with potentially high costs offinancial distress, ie those with high switching costsor with a high service or reputation content in theirproduct offering, will benefit from the lower risk offinancial distress occasioned by a risk managementprogram; and
• under-investment. It could be argued that firms makedecisions in line with long-run shareholder valuewhen cash flows are available to meet investment
15 See, for example, Ross, Westerfield and Jordan (1995).
93requirements. Shortfalls in cash flows leadcompanies to approach external markets to fundnew projects. In turn, the costs of externalfinancing may result in the cancellation of valuecreating expenditures (such as expenditures onresearch and development), thus reducing thelong-run value of the company. Companies withsignificant opportunities for growth, but limitedaccess to funding, will benefit from a well-designedand executed risk management program that seeksto avoid cash flow shortfalls.
The implication of these sorts of analyses is that insome situations ‘risk does matter’ and, hence, riskmanagement can add value. Whether this is the casedepends on the situation of each company (eg tax,financial risk, growth options, competitor behaviour),the size and nature of the company’s risks, and thecompany’s own risk tolerance. It should be emphasised,however, that all of the situations mentioned aboverelate to the impact of shortfalls in cash flow, ratherthan cash flow volatility. The implication of this is thatrisk management in non-financial companies only addsvalue if the cash flows of the business can be enhanced(by adjusting the lower tail of the profit and lossprobability distribution). Thus, the objective ofcorporate risk management should be to eliminatecostly lower-tail outcomes.16 As mentioned at variouspoints throughout this paper, the relevant risk measureis the probability of cash flow shortfalls, rather than ameasure of potential changes in the value of theposition. To determine the risk profile of the company,a simulation-based approach can be used to analysevarious worst-case scenarios and assess the impact ofthese on the cash flows of the firm.
The above discussion implies that the optimal riskmanagement strategy is company specific – aconclusion consistent with the observation that there isa wide diversity in the risk management practices ofcompanies. A number of companies do not usederivative products and, for those that do, there is awide range of uses adopted. For example, largercompanies tend to hedge more than smallercompanies. While this result appears to be somewhatinconsistent with the argument that says larger firmsshould be more immune from risk, it most probablyreflects the economies of scale required to establishcomprehensive risk management programs.Additionally, companies with greater growthopportunities, including higher research and
development expenditures, also tend to have higherlevels of hedging, as do companies with more financialrisk. All of this is in line with the earlier discussion thatconcluded that the ‘most appropriate’ riskmanagement solutions for an individual company arepeculiar to that company.
The above arguments point to a number of factors thatexplain how risk management can add value. There isalso interesting empirical evidence suggesting a strongrelationship between management incentives and riskmanagement behaviour. For example, Tufano (1996)analyses risk management strategies in the US goldmining industry, and observes that the maindeterminants of hedging decisions are the level ofmanagement ownership and the nature ofmanagement compensation contracts. Lower levels of hedging are associated with lower levels ofmanagement ownership. This does not imply arelationship between shareholder value and riskmanagement, however, it does suggest that riskmanagement performance benchmarks need to bealigned with shareholder objectives.
This conclusion has implications for the selection ofperformance benchmarks and for the management ofmultiple risks within companies. The core of anyeffective performance measurement system is theselection of a benchmark. The analysis implies thatthe appropriate benchmark is most properlydetermined by the circumstances of the company –two companies with similar exposures can legitimatelyhave different benchmarks and follow different riskmanagement strategies. One possible approach is tocompare performance against a ‘benchmark strategy’.That is, rather than compare performance against afixed outcome, such as a certain return or cost offunds, actual performance is compared against theresults of a pre-agreed risk management strategy thatyields an acceptable risk-return profile (expressed as aprobability distribution of future cash flows). Thebenchmark strategy reflects informed judgementsabout issues such as debt capacity, funding for growthand dividends, and franking-credit policy. Theapproach must also take into account the risktolerance of the company (ie what the companyregards as an acceptable decline in cash flow) as wellas external factors such as expected market volatility.
CSR has adopted a risk management framework forfinancial risks that allows each exposure in each
Risk and Capital Management in Non-Financial Companies
16 See Stulz (1996) for further discussion of this objective.
Tony Carlton
94
• selective hedging for individual exposures
• no speculative transactions to be undertaken Approved exposure
CSR Credit Limits Policy• reporting requirements specified
• required development of benchmark and defined limits for each exposure
• Board not involved in detailed strategic or tactical decisions but does have assurance in proper management processes
• each Business Unit responsible for managing their own exposure
• treasury provides expertise, dealing, systems
• delegated authorities for individual transactions
• credit limits not to be exceeded
• approval for new instruments for specific application
• transactions must comply with approved risk management process
Conditions of use of each instrument
Approved instruments
Approved hedging limits
Approved benchmark
Approved strategy
Figure 6: CSR’s Risk Management Approach
business to be managed individually at the businessunit level (see Figure 6). Such an approach ensuresthat the responsibility for risk management is delegatedto the business units. Decentralisation also ensures thatindividual business units are accountable for their ownperformance. The framework specifies for thecompany as a whole a range of controls, responsibilitiesand reporting obligations that each business mustfollow when managing its exposures.
How Can Capital Management Add Value?Not surprisingly, the same factors that provide the riskmanagement process with an opportunity to add valuealso influence a company’s optimal capital structure.Specifically, the benefits of debt are achieved through:
• taxation. The existence of tax benefits on interest,relative to dividends, creates a tax-induced motiveto borrow funds (as opposed to raising equity).The significance of this factor may also depend onthe debt tax shield available to the entity;
• financial distress. Given excessive leverage, the taxbenefit described above will eventually becounteracted by the increased risk of financialdistress and the many costs that are associated withit, such as those relating to bankruptcy and theactions taken by customers, suppliers andemployees in response to a perceived deteriorationin financial quality. The trade-off between thesetwo factors will, in theory at least, lead to anoptimal capital structure. Companies will havedifferent optimal capital structures depending ontheir taxable income capacity and the costs offinancial distress;
• under-investment. The problem of under-investment is also regarded as a significantdeterminant of capital structure strategy. Firmswith valuable growth options have a higher risk offollowing a sub-optimal investment strategy whendebt levels are excessive – hence the debt levels ofsuch firms are expected to be lower;
• benefits of debt in controlling over-investment. Oneadditional dimension, which is unique to the capitalstructure decision, relates to the benefits thathigher levels of debt can bring to situations where acompany has considerable surplus cash flow. Thisissue was raised in the discussion of capital structuremanagement in Section 3. Of course, the benefitsof higher leverage need to be balanced against theassociated increase in risk.
A significant amount of empirical research into whatdrives a company’s capital structure decisions has beenundertaken. As with risk management, the conclusionsdrawn from this research are wide ranging. Some of themain findings are:
• there is significant divergence in the choice ofcapital structures between firms;
• there is some evidence, albeit weak, of arelationship between a company’s tax position andits use of debt; and
• the most consistent variable that appears to explaindifferences in gearing is the extent of growthopportunities available to companies. As expected,companies with more opportunities appear to havelower debt ratios.
As with risk management, the conclusion is that capital
95
Risk and Capital Management in Non-Financial Companies
17 Refer to the papers by Funke Kupper and Morony in this Volume.18 Bernstein (1996).
structures can affect value. The optimal capitalstructure is dependent on the circumstances of thecompany.
5. Towards an Integrated Approachto Risk and Capital Management
Many of the developments highlighted throughout thepaper are suggestive of a broader trend towardsintegrated risk management. In particular:
• theoretical models imply a need to focus on thecompany’s total risk capacity, by analysing thecombined impact of business and financial riskfrom all sources and comparing this impact againstthe company’s overall risk tolerance level;
• practical concerns suggest that the potential linksbetween commodity and currency prices, andbetween prices and quantities, should be taken intoaccount when assessing the effective exposure to behedged; and
• measurement approaches such as VaR andsimulation techniques tend towards themeasurement of total cash flows across thecompany.
All of this highlights the importance of having a riskmanagement strategy that has as its foundation acomprehensive understanding of the dynamics andeconomics underlying each of the businesses. Thisapproach also gives rise to the issue of how to link riskand capital structure management such that eachapproach complements the other. As noted earlier, infinancial institutions the two approaches are closely tiedwhile in non-financial companies the link is less distinct.
For companies that are highly geared, the riskmanagement approach adopted might involve a higherlevel of hedging, to counter the higher risk of default.
For companies with lower gearing ratios, hedging maynot be a useful tool. That said, if such companieschose to undertake a buy-back funded by increasedleverage, hedging techniques may be of use inmaintaining a constant risk profile while allowing thecompany to benefit from the advantages of higherdebt (most notably the tax benefit, but possibly thebenefits of concentrated ownership facilitated by thedebt-funded repurchase of equity).
Generally, an integrated approach to risk and capitalstructure management makes good sense in that itoffers a number of benefits. Most importantly, it willensure that companies give explicit consideration tothe overall risk position of the company. Anintegrated risk management approach will, in turn,allow for enhanced comparability of key risks acrossthe company as well as appropriate managementresponses. In addition, the adoption of a ‘portfolioapproach’ to the management of the overall exposureacross the company means that risk managementshould become more efficient. Figure 7 provides aschematic of this type of approach, demonstrating thepotential for trade-offs between the range of riskmitigation strategies.
Unfortunately, moving down the path towards anintegrated approach to risk and capital managementalso raises a number of dilemmas. In particular, suchan approach can potentially result in an excessivereliance on quantitative measures of risk. Many of thepapers in this Volume have discussed situations whereevents have not occurred in line with historical data; itis usually when financial markets have experiencedsome sort of shock or increase in pressure thathistorical statistical relationships break down.17
This idea is appropriately captured in an article byPeter Bernstein.18 Bernstein distinguishes between
minimumacceptablecash flow
Time
Cas
h f
low
($)
Sources of Risk Risk Profile Alternative Hedging Strategies
Evaluating Hedging Options
• strategic
• operational
• technical
• commercial
• financial
• financial markets
• operational• financial
– derivatives– insurance
• financial structure– gearing– debt structure
• self-insurance
• cost• effectiveness• liquidity• flexibility• term• risk• management
resources
Figure 7: An Integrated Approach to Risk and Capital Management
Tony Carlton
96 three occurrences that may arise when too muchemphasis is placed on quantitative measures of risk,namely: exposure to discontinuity; the arrogance ofquantifying the unquantifiable; and the threat ofincreasing risk instead of managing it. He concludes,somewhat emotionally, that: “whenever we allowourselves to ignore that truth [computers exist toanswer questions, not to ask them], the computerbecomes the ally rather than the enemy of conceptualerrors. Those who live by the numbers may find thatthe mathematically inspired techniques of modernismhave sown the seeds of a destructive technology inwhich computers have become mere replacements forthe snake dances, the bloodlettings, the genuflections,and the visits to the oracles and witches thatcharacterised risk management and decision makingin days of yore”.
A second dilemma arises for companies involved innumerous businesses. That is, will an integratedframework outweigh the benefits of a decentralisedapproach to managing the risk across businesses? Thisis especially an issue in non-financial companies whererisk (its identification and management) is so inter-connected with the other fundamentals of the business(both economically and behaviourally) that theremoval of responsibility for risk management couldhave an adverse effect on business results.
The final problem is the issue of determining the risktolerance of the company, which is necessarily asubjective task. While this is a difficult problem toaddress, an understanding of what makes financialstrategies potentially valuable at least provides anindication of the kind of factors that must beconsidered in determining a company’s risk tolerance.
6. The Way ForwardIn attempting to manage risk on a total portfolio basis,a non-financial company is faced with a number ofoptions. For example, the company can adjust theactual operations of the business, utilise financial riskmanagement techniques, adopt self-insurancestrategies or alter the overall financial structure of thefirm. While most non-financial companies haveestablished functional responsibilities for managingindividual risks, it is likely that many are unaware ofthe complete realm of risks with which they areconfronted, and the implications of these risks forshareholder value.
It is probably fair to say that the management offinancial risk has attracted an inordinate amount ofattention. Perhaps this is because of the availability oftechniques and the well-publicised misuse ofderivative products by a small number of companies.In any case, non-financial companies are beginning todevelop a much improved understanding of how riskmanagement can add value, as well as what mayconstitute an adequate process for the assessment andon-going management of risk. Similarly, there isbetter recognition of the potential for financialstrategies to add value, largely through the moreaggressive use of debt to minimise the agency costs of‘free’ cash flows.
In any non-financial company, the role of a financialstrategy is to support the extraction of maximumvalue from the company’s operating businesses.Sound financial and risk management strategies canonly be developed in light of the risks andcharacteristics of each of the underlying businessstreams. Thus there is a need for risk managers tounderstand the dynamics of each business as well asthe potential risks. Although many of these risks maybe unhedgable, there is a range of operationalstrategies available to mitigate such risks. In addition,techniques to quantify risk are an important inputinto the determination of the most appropriate riskmanagement approach.
So where should non-financial companies go fromhere? As a first stage, non-financial companies need toplace more effort into the risk management process,that is, the identification and quantification of therisks they face. Since risk management is a skill that isnot especially well developed in many companies, theonus is on the finance function to advance thisprocess via the provision of analytical techniques, thefacilitation of skills, and financial and businessanalysis support. Companies must build on thebenefits of qualitative approaches and enhancedcorporate processes, including reporting mechanismsto ensure compliance and measure performance.
The use of sophisticated techniques to quantify risk innon-financial companies is not widespread. Moresophisticated measures of risk will undoubtedlyemerge, with many such techniques being borrowedfrom financial institutions. Failure to understand thedifferences between financial and non-financialcompanies could lead to the inappropriate
97application of these risk measures. This paper hasargued that a measure of long-term cash-flow-at-risk isa suitable approach for non-financial companies.
Also important are improvements in risk managementevaluation and the need to demonstrate theeffectiveness of the risk management effort. Anunderstanding of how risk management can add valueis helpful in determining the appropriate risk tolerancelevel for the company, and the performancebenchmarks that reflect that tolerance. As non-financial companies move towards integratedapproaches to risk management, individual businessesmust continue to be accountable for performance. Inthis regard, the issue of how financial structure andincentives can be used to drive managementperformance is most important. For companies orbusinesses characterised by cash flows in excess of thoserequired to fund growth opportunities, the use ofleverage to both precommit cash flows and concentrateownership can serve as a very powerful incentive.Hence, the increase in financial risk needs to beevaluated against the potential to enhance cash flowsand the possible use of risk management strategies tohelp mitigate financial risk.
Should non-financial companies be learning morefrom financial institutions? It is clear that, by the verynature of their operations, the focus of riskmanagement in a non-financial company is different tothat in a financial institution in many respects. Thatsaid, there is a good deal to be acquired from financialinstitutions in terms of the ‘technology’ of riskmanagement and financial strategy. Much learning hasalready taken place and will continue, with the possibleadoption of VaR-type techniques and the application ofincreasingly sophisticated hedging products and riskmanagement processes.
Bearing in mind the differences between non-financialcompanies and financial institutions, one of the mainbarriers to more widespread use of risk managementtechniques in non-financial companies is theinformation cost imposed by external reportingrequirements. In particular, disclosure requirementsthat do not reflect underlying exposures willundermine improvements in risk management. In thearea of capital management, it is clear that non-financial companies are less aggressive than financialinstitutions in managing equity, with much morelimited use of share buy-backs for example. However,
the LBO approach to the financing of maturebusinesses demonstrates that a number of businessesare beginning to use leverage in a more pro-activemanner.
7. ReferencesAustralian Society of Corporate Treasurers (1998),
‘1998 Corporate Treasury Survey’.
Bernstein, P. (1996), ‘The Religion of RiskManagement’, Harvard Business Review, March-April.
Bodnar G., G. Hayt, R. Marston and C. Smithson(1995), Survey of Derivatives Usage Among U.S.Non-Financial Firms, Wharton/Chase, March.
Copeland, T.E. and Y. Joshi (1996), ‘Why DerivativesDon’t Reduce FX Risk’, The McKinsey Quarterly,Number 1.
Kaplan, S.N. and R. Leftwich (1998), ‘Value-at-Riskand Hedging: Pitfalls for the Unwary’, MasteringFinance, First Edition, Pitman Publishing.
Modigliani and Miller (1958), ‘The Cost of Capital,Corporation Finance and the Theory of Investment’,American Economic Review, Volume 48, Number 3.
PricewaterhouseCoopers (1997), CFO: Architect of theCorporation’s Future, John Wiley & Sons.
Ross, S.A., R.W. Westerfield and B.D. Jordan (1995),Fundamentals of Corporate Finance, Third Edition, Irwin.
Standard & Poor’s Ratings Services (1997), CreditAnalysis Reference Disk, July.
Standard & Poor’s Ratings Services (1998), CreditAnalysis Reference Disk, September.
Stulz, R. (1996), ‘Rethinking Risk Management’,Journal of Applied Corporate Finance, Volume 9,Number 3, Fall.
Tufano, P. (1996), ‘Who Manages Risk? An EmpiricalExamination of the Risk Management Practices of theGold Mining Industry’, Journal of Finance, September.
Appendix
Estimating the Optimal Capital StructureAs in many financial and non-financial companies, theoptimal rating for the debt component of the balancesheet drives the approach to capital structure. In turn,the company’s optimal rating is a function of thesensitivity of the cost of equity and debt (ie theweighted average cost of capital or WACC) todifferent rating levels. The aim is to maintainfinancial settings in line with the assessed rating. Thebehaviour of the cost of capital under different rating
Risk and Capital Management in Non-Financial Companies
Tony Carlton
98 levels is depicted in Figure 8. The main conclusiondrawn from the chart is that the optimal rating for atypical large Australian company is about single-A(‘A’); beyond this rating the cost of capital climbsquite sharply. The results of similar analyses forequivalent US companies suggest an optimal rating oftriple-B (‘BBB’). Figures 9 and 10 show the Standard &
Poor’s debt ratings of 79 Australian corporations and477 US corporations. Clearly, the results regardingoptimal ratings for Australian and US companies are inline with the actual rating levels achieved by non-financial companies, with A and BBB being by far themost common.
Figure 9: Australian Industrial and Commercial Corporations
Standard & Poor’s Debt Rating (Number of Companies)
Source: Standard & Poor’s Ratings Service (1998).
Figure 8: Typical Cost of Capital for an Australian Company
Figure 10: US Industrial and Commercial Corporations
Standard & Poor’s Debt Rating (Number of Companies)
Source: Standard & Poor’s Ratings Service (1997).
BBBBBAAAAAA
12.5%
12.0%
11.5%
11.0%
10.5%
10.0%
9.5%
9.0%
8.5%
8.0%
12.5%
12.0%
11.5%
11.0%
10.5%
10.0%
9.5%
9.0%
8.5%
8.0%
WACC (incl. franking)
WACC (classical)
14
12
10
8
6
4
2
0
14
12
10
8
6
4
2
0
AA
A
AA
+
AA
AA
-
A+ A A-
BB
B+
BB
B
BB
B-
BB B
CC
C D
140
120
100
80
60
40
20
0
140
120
100
80
60
40
20
0AAA AA A BBB BB B CCC
99
Discussion
* Vice President, BHP Risk Management and Audit.1 Economist Intelligence Unit (1995).2 Australian Stock Exchange (1997).
1. Fiona Bennett *Companies must take risks in order to stay in businessand to gain competitive advantage. This idea was wellcanvassed in Tony Carlton’s paper. As the paperobserved, the issue is one of managing the risksefficiently and effectively to enhance shareholdervalue. Of course, the phrase ‘risk management’ canmean different things to different corporations.Carlton primarily applied the term to the use ofderivatives and other financial instruments to hedgefinancial risks, however, it can also refer to theinsurance of risks, the management of safety hazards,the management of operational risks, and so on. TheEconomist Intelligence Unit defines business risk as“the threat that an event or action will adversely affectan organisation’s ability to achieve its businessobjectives and execute its strategies successfully”.1
This discussion focuses on a qualitative mechanismfor managing the potential impact of business risks ona non-financial organisation.
The management of business risks is clearly animportant component of effective corporategovernance. In recent years there has been anincreasing focus on governance by regulators,investors and governments throughout the world. Thisincrease has been precipitated by the major corporatecollapses of the late 1980s and early 1990s. In Canada,for example, the failure of two major banks in 1984 ledto the Estey Royal Commission, whilst in the UnitedStates the Treadway Commission was set up by a groupwhich included the Financial Executives Institute,Certified Public Accountants and the Institute ofInternal Auditors. The objective of the TreadwayCommission was to investigate the savings and loanscrisis, which resulted in the failure of dozens offinancial institutions. The Commission recommendedthe development of formal guidelines on internalcontrol procedures which, in turn, led to theformation of the Committee of SponsoringOrganisations (COSO).
In the United Kingdom, the Cadbury Commission wasestablished to study the failure of several prominentcompanies. At the same time, further collapses offinancial institutions in Canada induced the CanadianInstitute of Chartered Accountants to establish theCriteria of Control Committee (CoCo) to provideguidance on designing, assessing and reporting onthe control systems of organisations.
Many of the risk and control models in placeinternationally and in Australia are based on Cadbury,CoCo or COSO, or a combination of all three models.These frameworks aim to set standards for internalcontrols and corporate governance. In Australia,legislative requirements are becoming more complex,broadening in scope and resulting in increaseddirector liability. Institutional investors are alsoexpecting increased accountability by Boards and are,increasingly, exercising ownership rights.
For example, since July 1996 the Australian StockExchange (ASX) has required listed companies toinclude in their annual report “a statement of themain corporate governance practices that the entityhad in place during the reporting period”. 2 The ASXprovides an indicative list of corporate governancematters that an entity might consider when puttingtogether the above statement. The list includes adescription of “the governing body’s approach toidentifying areas of significant business risk and toputting arrangements in place to manage them”. TheASX approach is not prescriptive in its requirementsat present, although there are indications fromFederal Government and the Courts that this may notalways be the case.
Key Features of the Risk AssessmentProcessUnderlying the COSO and CoCo models is therecognition that the identification and measurement ofrisk is the first step in assessing the effectiveness of arisk control framework. Traditionally, the controlsystems of companies have been biased towardsfinancial controls and have been based on theassumption that the more controls in place the betterthe system will be. This approach has two keyweaknesses. First, an over-controlled system will divertresources from other more value-added activities.Second, risks and controls in other facets of theoperation may be either ignored, or addressed andmanaged in an ad hoc manner.
Ultimately, what is required is a structured approach torisk management that integrates key aspects of businessrisk identification and management. While the Board’srole in risk management should be at the strategiclevel, directors and senior management need to befully informed about the key risks facing each part of
3 Standards Australia and Standards New Zealand (1995).Author’s note: Standards Australia and Standards New Zealand have since released a revised Standard (see Standards Australia andStandards New Zealand (1999)). The process described in this discussion is equally applicable under the new Standard.
Discussion
100 the business. Hence, the objective should be to create arisk profile of the organisation that raisesunderstanding of business risk issues and assistsmanagement in allocating resources appropriately.
In 1995, Standards Australia and Standards NewZealand jointly published a Risk ManagementStandard that provides guidance on the adoption ofsuch an approach to managing risk.3 Coupled with aneffective control framework, a structured approachcan result in a number of company-wide benefitsincluding:
• an increased focus on key commercial andoperational risks;
• greater understanding and open discussion of risk;
• more comprehensive documentation of risks;
• a basis for assigning accountability;
• the identification of areas for concentration ofeffort (time and money);
• the analysis of risks and rewards;
• improved management information;
• sharing of best practice and experience across thecompany;
• an enhanced position in negotiations with insurers;and
• improved business efficiency and effectiveness,resulting from a value-added internal auditfunction that works with business managers toredesign the control structure.
The other key aspect of the risk managementframework is integration. The framework shouldintegrate key aspects of business risk identification andmanagement to create a risk profile of the organisationthat raises understanding of business risk issues. In thisregard, directors and senior management need to befully informed of the key risks facing each part of thebusiness. An integrated process allows the managementof the corporation to understand the relativity of riskissues between different parts of the business; toprioritise risks objectively; and to allocate resources tothose areas of most importance and need.
Figure 1 shows the many components of business risk.In most non-financial companies, individualdepartments are generally responsible for individualaspects of risk. A further step is needed to take theseindividual risk assessments and link them together withall other risk sources to create a complete picture of therisks within a company.
The Workshop Approach to Managing RiskA useful process for identifying and assessing businessrisks is a workshop-based approach. This approach, basedon the principles set out in the Risk ManagementStandard referred to above, is an effective process foridentifying and assessing business risks. By identifyingbusiness risks, assessing the controls over those risks andformulating action plans to mitigate each risk, anorganisation can build a comprehensive profile of therisks to which it is exposed.
The workshop approach, illustrated in Figure 2,consists of five separate stages:
i. the initial stage is the preparation for eachworkshop. This includes interviewing stakeholdersto define the business model, determining the riskconsequence parameters and preparing an initiallist of key risks;
ii. the first workshop comprises all members of themanagement team, including functional andindustry specialists as appropriate. Key businessrisks are defined, with the causes of riskdocumented, the potential likelihood ofoccurrence and the severity of consequencesassessed, and an overall risk rating determined;
iii. in the period between the first and secondworkshops the controls over the identified risks aredocumented and assessed;
Figure 1: Facets of Business Risk
BusinessRisk
Operations
Strategy planning & fit Environment
Engineering
Technology
Country
Treasury
External affairs
Human resources
Project delivery Safety
Market Legal
101
Risk and Capital Management in Non-Financial Companies
Describe current externalenvironment considerations
Determine current internal environment
Determine current control effectiveness
Challenge/revise/agree pre-work
Review/revise likelihood rating
Review/revise risk rating
Risk management action plans
Report to stakeholders
Monitor action plans
InsignificantMinorModerateMajorCatastrophic
RareUnlikelyModerateLikelyAlmost certain
LowModerateSignificantHigh
RareUnlikelyModerateLikelyAlmost certain
LowModerateSignificantHigh
PositivesNegatives
SatisfactorySome weaknessesWeak
Determine consequence parameters
Define business model
Consider relevant risk issues
Identify key business risks
Identify responsibility and agreebroad risk category
Determine possible causes
Determine possible consequences
Determine current likelihood
Determine risk rating Post
wo
rksh
op
Wo
rksh
op
2
Wo
rksh
op
1
Prep
arat
ion
Prep
arat
ion
Figure 2: The Risk Profiling Process
iv. the second workshop reviews the findings of iii and
reassesses the risks in light of the controls in place.
During the workshop, action plans are designed and
prioritised, accountability clearly assigned, and dates
by which action is required are set; and
v. after the second workshop, management reports
the risk profile to the stakeholders, including the
Board of Directors. Progress against action plans is
then monitored regularly, say, at monthly
management meetings.
In a changing business environment, regular reviews
of the business risk profile of the company should be
undertaken. If there are no obvious changes to the
business environment, an annual update of the profile
is highly desirable.
A workshop approach to managing risk gives rise to
many potential benefits. In providing an avenue for
forthright discussion of potential hazards within andacross business units, the management team is able togain a common understanding of the business risksthroughout the organisation. Moreover, based on theinformation acquired from the discussion,accountability and responsibility can be clearlyassigned, risks can be prioritised and scarce resourcescan be allocated across the company.
Qualitative Assessment of theConsequences of Each Business RiskUltimately, most business risks have a financial impact ofsome kind. This financial impact, however, is oftendifficult to quantify. Some risks may have an effect on anorganisation’s reputation and, in turn, this may have ashort-term, or even a long-term, effect on theorganisation’s share price. It is extremely difficult toquantify such effects, given all the other market forcesthat might need to be considered.
Discussion
102
For this reason, it is often more appropriate to assessthe potential consequences of a particular business riskusing some combination of qualitative parameters,such as those outlined in Figure 3. The ‘consequencecategories’, ranging from insignificant through tocatastrophic, are taken from the Risk ManagementStandard.
Qualitative Assessment of the Likelihoodof Occurrence of Each Business RiskIn assessing the likelihood of occurrence of a businessrisk, it is necessary to consider external factors in thebusiness environment as well as factors that areinternal to the organisation. Figure 4 lists some of thefactors that might be considered in an assessment. Indetermining the effectiveness of the controlenvironment, it is useful to use a framework such asthat developed by the Canadian Institute of CharteredAccountants. The CoCo framework explores theunderlying reasons for a potential breakdown incontrols and addresses issues such as training,attitude, commitment, capability and continuousimprovement.
After considering all the potential internal andexternal factors, the workshop arrives at an assessmentof the likelihood of occurrence of each risk factor.
The Risk Management Standard sets out qualitativemeasures of the likelihood of risk occurrence, rangingfrom ‘rare’ to ‘almost certain’.
The Qualitative Assesment of Liklihood
Management consensus concerning the consequencecategory and the likelihood of risk culminate in aqualitative assessment of total risk. Figure 5, also takenfrom the Risk Management Standard, shows thedifferent combinations of consequence and likelihoodthat will result in ratings ranging from ‘low’ through to‘moderate’, ‘significant’ and ‘high’.
Figure 3: Qualitative Assessment of Consequence
Source: Standards Australia and Standards New Zealand (1995).
• political • community • regulatory expectations• economic • competition
• markets
External EnvironmentAlmost Certain
Internal Control Environment
• management • skillssystems • culture
• information • leadershipflows • performance
• processes feedback
Likely
Moderate
Unlikely
Rare
Figure 4: Qualitative Assessment of Likelihood
An event, the impact of which can be absorbed through normal activity
An event, the consequences ofwhich can beabsorbed, butmanagementeffort is requiredto minimise theimpact
A significantevent which canbe managedunder normalcircumstances
A critical eventwhich with propermanagement canbe endured
A disaster withpotential to leadto collapse of thebusiness
Issues of individualsignificance
Issues ofcompanysignificance
Issues of local area significance
Issues ofnationwidesignificance
Issues ofinternationalsignificance
Minor pollution Significantpollution
Serious pollution Majorenvironmentalevent
Catastrophicevent
Minor injury Significant injury Serious injury Fatality Multiple fatality
< $ x reductionin profit
$ x – y reductionin profit
$ y – z reductionin profit
$ z – zz reductionin profit
> $ zz reductionin profit
Insignificant Minor Moderate Major Catastrophic
Managementeffort
Reputation/outrage
Environment
Safety
Financials
ConsequenceCategory
Consequence Factors
Improving the Control FrameworkRisk RecordThe preliminary output from the workshop approach isthe detailed risk record prepared for each individualbusiness risk (a hypothetical risk record is shown inFigure 6). The risk record can be used as a means ofmonitoring the actions taken to mitigate risks.
Risk ProfileThe risk profile in Figure 7 (over the page) is ahypothetical illustration of how risk records may besummarised for management and Board reportingpurposes. Consequence is charted against likelihood tohighlight the areas of greatest risk – namely, those in thetop right-hand corner of the diagram. The risks in thetop left-hand corner, although unlikely to occur, couldhave catastrophic consequences if they did occur; hencethe risks in this region must be closely monitored. The
Significant Significant High High High
Moderate Significant Significant High High
Low Moderate Significant High High
Low Low Moderate Significant High
Low Low Moderate Significant Significant
Insignificant Minor Moderate Major Catastrophic
Rare
Unlikely
Moderate
Likely
Almost Certain
Consequence
Likelihood
Figure 5: Qualitative Risk Assessment Matrix
103
Risk and Capital Management in Non-Financial Companies
Process: Commercial Broad Risk Category: Supply Responsibility: Management team
Consequence: Moderate Likelihood: Moderate Risk Rating: Significant
Risk Issue: Failure to Manage Performance of Contractors Risk ID: XX
Possible Causes: Possible Consequences:• lack of attention to contract preparation • increased costs and decreased production• lack of contract management skills • potential litigation• inadequate procedures • safety and environmental issues• poor contractor selection • ‘out of spec’ product and services
Positives: Negatives:• involvement at early stage of contract preparation • lack of understanding of contract scope of work
by legal specialists (in contracts)• weekly performance meeting with contractors • contractor culture may not be aligned with
recently commenced company culture• contract payment not tied to contract
performance indicators
Control Effectiveness Assessment: Weak
Revised Consequence: Moderate Revised Likelihood: Likely Revised Risk Rating: Significant
Action Plans: Responsibility: To be completed by:• formalise open tender process • contract manager • xx/00/99• legal review to assure performance • legal counsel • xx/00/99
benchmarks linked to paymentlevels
Current External Environment Considerations:• proposed government bill on outsourced contract obligations• litigation current between ABC company and XYZ contractor
• move to outsource functions has been strongly and publicly criticised by Industry Council
Current Internal Control Environment Considerations:
Control Environment Overview
Figure 6: A Risk Record
Discussion
104
Loss oflicence
Businessinterruption
due toindustrial
action
Recruitmentof inappropriate
personnel
Failure tomaximisereturns
Failure tomanage &safeguard
physical assets
Non-compliancewith year
2000Inappropriatemanagement
of capital
Loss ofkey people
frombusiness
Lack ofcohesionbetweenoperating
groups
Failure toprotect IT
intellectualproperty
Non-compliance
employment related
legislation
Managenative title
issues
Impact ofcommodity
pricesFailure toprovide
safe workingenvironment
High
SignificantCatastrophic
Major
Moderate
Minor
Insignificant
Rare Unlikely Moderate Likely Almost certain
Moderate
Low
Consequence
Likelihood
Figure 7: Hypothetical Risk Profile
Healthand safety
Year 2000
Recruitment& succession
policies
Projectdelivery
Commodityprices
High PriorityRisk rating
High
Significant
Moderate
Low
Satisfactory Some weaknesses Weak
Medium PriorityLow Priority
Exchangerates
Industrialrelations
Intellectualproperty
Nativetitle
Control effectiveness
Figure 8: Hypothetical Prioritisation of Action Plans
risks in the bottom left-hand corner are not of greatconcern, but should be monitored to ensure that theyremain a low priority, whilst those in the bottom rightare relatively insignificant.
It is important to note that the risk profile in the Figurerepresents a snapshot of risks at a particular time. Riskswill almost certainly change over time, becoming more,or less, important as both the internal and externalbusiness environments change. Hence there is a needfor on-going monitoring of the risk profile to ensurethat risk management strategies remain efficient andeffective.
Prioritisation of ActionAnother way to analyse the data obtained from therisk workshops is to plot risk ratings against theeffectiveness of controls (see Figure 8). This approachhighlights those areas where controls are weak yet therisk rating is high so that resources can be allocated tothese areas for ‘priority action’. Conversely, some low-risk areas that are well controlled may, in fact, be over-controlled, implying that there are resources that aregoing to waste and so need to be redirected.
105SummaryAs Carlton’s paper acknowledged, the identification andmeasurement of risk in non-financial companies is adifficult task. The workshop approach to business riskidentification and management is one simple yeteffective technique that enables a more informedassessment of the risks faced by a corporation. Mostimportantly, the workshop process allows the riskmanagement function to be integrated into keymanagement decisions. This, in turn, helps to ensurethat risk management is supported by management atthe business unit level and is commensurate withcompany systems and objectives such as those relating toplanning, budgeting and capital expenditure. Theapproach not only helps company management to moreeffectively and efficiently conduct their businesses, butwill also enhance corporate governance and ultimatelylead to strengthened shareholder returns.
ReferencesAustralian Stock Exchange Limited (1997),
ASX Listing Rules.
BHP (1996), ‘Risk Management – Guidelines forBHP’.
Canadian Institute of Chartered Accountants (1995),Guidance for Directors – Governance Processes for Control.
Canadian Institute of Chartered Accountants (1995),Guidance on Control.
Economist Intelligence Unit (1995), ‘ManagingBusiness Risks’.
KPMG (1996), ‘Toolkit for the Company Director –Australia’.
Malcolm Baldrige National Quality Award (1996),‘1996 Award Criteria’.
MCS Control Training and Design Inc. (1996),‘Mastering Control – An International Perspective’.
Standards Australia and Standards New Zealand(1995), ‘Risk Management’, Australian/NewZealand Standard AS/NZS 4360:1995.
Standards Australia and Standards New Zealand(1999), ‘Risk Management’, Australian/NewZealand Standard AS/NZS 4360:1999.
Stoner, J.A.F and F.M Werner (1995), Internal Auditand Innovation, Financial Executives ResearchFoundation.
Risk and Capital Management in Non-Financial Companies
2. General DiscussionDiscussion revolved around the role of riskmanagement in non-financial companies and thedifficulties involved in determining an appropriatelevel of diversification. Particular emphasis was given tocomparisons between the risk and capital managementapproaches adopted by financial institutions and othertypes of corporation.
Participants were interested in exploring the qualitativeapproach to assessing risk implemented by BHP. Thequestion was raised of how such an approach focusesmanagement attention on very rare, yet catastrophic,events given the low probability that such events will beexperienced during a manager’s career. Under BHP’sworkshop approach, most, and ideally all, exposures areelicited during the workshop even if those risks willoccur rarely, or never, during a particular manager’slifetime. Further, an important element of the approachis the ‘crisis exercises’ involving each of the businesses.The objective of these exercises is to evaluate theresponses of the relevant businesses in the event of acrisis. The responses evaluated range from broadconsiderations such as how the crisis is managed, to
more specific aspects such as communications to theaffected site, the release of media statements and thesafety of staff and the community. In addition toimproving response procedures, these exercises serve tomaintain management attention on the potential for‘tail events’.
A problem faced by financial institutions and non-financial companies alike is how best to summariserisks, particularly business and operational risks, in asingle measure. BHP’s methodology utilises, instead, amatrix approach to risk quantification. ANZ recentlyadopted a similar likelihood-based framework toevaluating risk, but took the further step of attemptingto quantify risk into a single number. There werevarying opinions as to whether risk, especiallyoperational risk, can be measured in any meaningfulway. Moreover, some participants were of the view thatoperational risk, once quantified, could not realisticallybe added to market and credit risk measures todetermine an overall risk exposure for the company.There was broad agreement that a difficultyconfronting all organisations is how to combine all the
Discussion
106 risks to which a large company is exposed whencommunication between some areas of that companymay be limited or non-existent.
There was some discussion of the problemsexperienced when establishing an effective riskmanagement framework. At the outset, it is importantthat companies are fully aware of why a riskmanagement function is required and what theobjective of that function should be. For example, acommodity producer, exposed to fluctuations inforeign exchange, commodity prices and, moregenerally, the state of the global economy, might decideto implement a risk management operation with theobjective of producing consistent earnings results and,ultimately, of adding shareholder value. As part of thedecision making process, companies naturally questionwhether investors are actively seeking exposure toparticular markets, in which case hedging some of therisk would be taking away from investors what they hadintended to acquire.
Further, as earlier discussed, the development of acomprehensive risk management framework mayinvolve implementation of a methodology to quantifyfinancial risk. Participants were interested in the extentto which value-at-risk (VaR) type concepts are beingapplied in non-financial companies. The point wasmade that VaR is based essentially on the notion ofvalue, a concept related to on- and off-balance sheetexposures. For many non-financial companies, thebalance sheet is fairly stable from year to year, with riskimpacting on earnings. This suggests that the focus ofthe framework should in fact be earnings-at-risk orcash-flow-at-risk. Of course, many corporate treasuriesthat are also trading treasuries use VaR in the same wayas financial institutions.
The difficulties in establishing an integrated riskmanagement function were also canvassed. Inparticular, there were concerns that centralisation ofthe risk management function abstractedaccountability from individual business units;participants were of the view that responsibility for riskmanagement should ultimately lie with individualbusiness units. There was broad acceptance that theobjective of centralisation should be to co-ordinate riskmanagement strategies and educate business units.Businesses should remain responsible for managingexposures since it is their actions that can affect thenature of a company’s risks.
The typical objective of an investor is to maintain a well-diversified portfolio. To achieve this objective, theportfolio would ideally be comprised of sensiblyenterprising companies that act in such a way as tomanage those events that could potentially obstruct theability of the company to achieve its business targets.Some participants were of the view that, increasingly,executive remuneration schemes that inordinatelyconcentrate the potential wealth of management in theone company are an impediment to shareholder valuecreation. Other participants argued that incentivestructures such as option plans potentially offer anumber of advantages, provided that they areappropriately structured. While there wasoverwhelming support for aligning managementincentive structures with shareholder objectives,participants acknowledged that managementbehaviour is extremely sensitive to the frameworkchosen.
Participants were interested in determining the pointat which diversification begins to encroach on thesensibly enterprising company that investors expect.Diversification, in the context of the discussion, refersto the adoption of risk management strategies, or arange of business activities, to reduce earningsvolatility. It was thought that a certain level ofdiversification is necessary to protect core businessactivities and maintain earnings stability. Participantsagreed that volatility in financial performance is heavilypenalised by the market, inducing management tomanage shorter-term accounting results. That said, itwas argued that the use of strategies to smooth cashflows might give rise to significant costs. Mostparticipants agreed that there exists a fine line betweenthat level of diversification that is appropriate and thatwhich is excessive. In some cases, the difficultiesinvolved in managing a diverse range of activities(markets, products etc) outweigh the benefits thatdiversification might bring.
There was some discussion of the cost of capitalmeasure and its application within performancemeasurement frameworks. Essentially, the cost ofcapital is regarded as a charge or hurdle rate that mustbe exceeded before businesses are deemed to beadding value. To assess financial performance, aprincipal measure used by many companies, includingANZ and CSR, is economic value added (EVA). Thismeasure attempts to quantify an economic return foreach business and to remove some of the accounting
107distortions on reported profitability. While thecalculation of EVA is reasonably straightforward,determining a measure of year-on-year performance ismore difficult. Some company’s have the view that EVAmust improve each year and thus define performanceas the change in EVA. More commonly, however, theabsolute value of the measure is used. Such anapproach gives rise to a number of problems. Forexample, requiring a business with very highprofitability, significantly in excess of the cost of capital,to simply out-perform the cost of capital may lower theexpectations of the business so dramatically as to be a
disincentive. It was thought that one way to overcomethis problem might be to estimate the market values ofeach of the business units on the basis of projected cashflows. If these estimates are reasonable, the cash flowforecasts and the EVAs implicit in those forecasts, canbe used as the performance targets for the businessunits. This type of approach runs into difficulty whenprofitable businesses, with very high targets, experiencelower returns in a particular year and so are notrewarded, while other businesses earn negative EVAsyet achieve better than target and are rewardedaccordingly.
Risk and Capital Management in Non-Financial Companies
