Part A
Risk management is an imperative concern for various enterprises and a reflection on the trends in the contemporary business environment. Therefore enterprise risk management has evolved as a competitive aspect in modern corporate governance reforms. Enterprise risk management has been associated with the recognition of distinct guidelines, standards, and principles which could enforce the impact of the ERM framework. However, there has been a considerable necessity for understanding the classification of the different types of risks encountered by organizations and according to Mike and Kaplan’s review of contemporary enterprise risk management, the specific types of risks are identified in the form of preventable risk, strategy execution risk and external risks (Kaplan & Mikes, 2012).
The following analysis would be focused on the analysis of three specific companies which experience unique types of risks such as external risks, preventable risk and strategy execution risks. The identification of the sample companies would be followed by a comprehensive illustration of the risks encountered by the individual sample organizations as well as the measures that have been taken now and can be taken in the future for reducing the impact of the risks. The recommendations presented to the board of the respective sample organizations would be supported by real life examples of situations where corrective measures for control and management of the specific risks have proved to be successful (Akintoye & MacLeod, 1997).
Preventable risk:
The first category of risk that can be recognized from the theoretical interpretations related to enterprise risk management emphasizes on preventable risks or internal risks. As per Boehm (1991), the preventable risks are termed as internal risks in various contexts implying towards the origin of the risks within the organization’s internal environment and could be brought under the control of the organization with possibilities for reduction or elimination. The examples of preventable risks include inappropriate or unethical actions from managers and employees as well as the risks emerging from the discrepancies in the routine operational processes of the organization (Boehm, 1991).
Generally the preventable risks are not associated with profound damage to the organization which leads to the concerns of higher costs for the organization. On the other hand, As per Bouchaud & Potters (2003), the preventable risks are found to be detrimental for an organization in the long run which could potentially affect the value of the company. Some of the common remedial measures that are implemented in the case of preventable risks are derived from active prevention that are based on monitoring of operational processes and the modification of decisions and behaviour of people in accordance with specific norms (Bouchaud & Potters, 2003).
The example of sample organization, Uber, could be considered for reviewing the impact of preventable risks on organizational performance and suitable indications towards design of an integrated risk management framework. The image of the company’s culture has been consistently tarnished with the complaints regarding sexual harassment and the unconcerned response from the HR department.
As per Cooper (2005), Uber’s culture has been characterized with a prominent association with the Hobbesian environment which implies that the discrepancies and unethical activities from well-performing employees are ignored and employees have to compete with each other (Cooper, 2005). The examples of overlooking the claims of sexual harassment by female workers are reflective of the inefficiency of the HR management framework of Uber.
The HR department was not able to facilitate appropriate levels of safety in the working environment that can be considered as an example of a preventable risk. The implications of the preventable risk have been identified in the loss of reputation of the brand with certain employees coming out in the open regarding the case of sexual harassment experienced at the workplace (Froot & Stein, 1998).
So it is essential to determine particular aspects of the organization that led to the proliferation of the preventable risk of a broken culture in order to anticipate the roots of the problems encountered by Uber. The foremost insufficiency that can be perceived in the case of Uber refers to the lack of meaningful company values. Majority of companies in the domain of technology and user services are associated with company values which define the uniqueness of the company culture. On the other hand, Uber’s company values indicate a certain hint of vagueness with examples of statements such as ‘employees should be themselves’ that are responsible for defining standards of appropriate conduct according to the personal judgment capabilities of the employees (Hallikas et al., 2004).
The discrepancy in the company values also reflects on the lack of communication between the top strata of management and the employees of the enterprise that lead to internal strife within an organization. The disconnection emerges from the gap between everyday activities of employees and the perception of their work by the leadership. Furthermore, it is essential to focus on the measures adopted by Uber for addressing the preventable risks vested in a vague organizational culture (Jüttner, Peck & Christopher, 2003).
The existing measure that was implemented for addressing this issue included references to the formation of a team for investigation of the culture and the release of a diversity report. As per Kaplan & Mikes (2012), the measures could be considered ineffective for resolution of the preventable risks since the team of investigators comprise of insiders from the company which induces the scope for bias in the findings that would be reflected in the recommendations presented by them for the change in organizational culture (Kaplan & Mikes, 2012). The implications derived from the diversity report direct towards the inability of the organization to ensure transparency in the organizational culture. The report does not present any significant insights into the source of the problem and the reason for the complications of the risk into larger ones.
Therefore alternative measures in the form of ‘identifying and preventing’ preventable risk could be applied for resolution of the issues arising from internal risks. According to Leland (1998), Uber could address the preventable risks arising from a vague organizational culture through the establishment of specific principles of organizational culture which would guide the interplay between the human resource capita within the organization (Leland, 1998).
The principles should tailor the organizational culture towards the accomplishment of primary objectives such as creation and safeguarding value, explicit resolution of uncertainty, integration across organizational processes, consideration of cultural and human factors as well as the mandatory implications of inclusiveness and transparency (Miller, 1992).
The examples of Shell’s inclusion of an IT initiative, Downstream-One as change management ensured that the staff has been able to access to the enterprise-wide system for reporting that limits communication gaps thereby addressing the preventable risks. The enterprise-wide system is liable for bridging the gap between executives and employees thereby facilitating the basis for an integrated enterprise risk management framework. Another example of successful addressing of preventable risks through a change in organizational culture could be identified in the case of Wal-Mart which has implemented downsizing of old jobs and creation of new jobs in order to cope with its progress on the online marketplace.
Strategy Execution risk:
Strategy execution risks are comprehensively identified in the case of an organization’s initiative to obtain superior returns from a strategic approach. The example of a bank assuming credit risk could be considered as a strategic risk during lending money and can also be observed in the case of companies undertaking research and development activities. The strategy risks are characterized with differences from the preventable risks since the former are considered essential for the organization to a certain extent (McNeil, Frey & Embrechts, 2015).
Generally, organizations that undertake strategies with the possibility for obtaining higher returns could be required to assume the impact of formidable risks and precedents for managing the risks. Strategy risks are not subject to control according to a rule-based model. On the other hand, strategy risks imply the requirement of a risk management system that is specifically designed for reducing the probabilities for the materialization of the risks.
The system should be capable of augmenting the capabilities of the organization for management or inhibiting the impact of the risk events in case of their occurrence (Rasmussen, 1997). The risk management would enable an organization to undertake risky ventures that facilitate promises of higher rewards and advantage over companies with limited effectiveness of risk management.
The strategy risk taken by Toyota can be considered as a sample case for evaluating the sources which led to the risks for Toyota. The primary fault in Toyota’s manufacturing was due to the lack of a promising structure that would facilitate the feasible execution of the organization’s strategy. The company was recognized for the quality of its vehicles and yet in 2010, Toyota had to recall millions of cars on the basis of defect-related issues. This factor can be considered as a major limitation in the case of Toyota which was associated with the existing brand image of Toyota as a producer of good quality cars (Stulz, 1996).
The insufficiencies of the strategy could be identified clearly from the preferences for the separate operations in international businesses being integrated into a functional structure as compared to that of reporting to a single headquarter in the particular jurisdiction. The consumer complaints had to be presented to the US operations which were then sent to Japan headquarters for special committee review. The measure implemented by Toyota was the introduction of supply risk management initiatives for guiding the quality monitoring initiatives. The particular references towards the measure’s effectiveness in resolution of profound risks in the supply chain such as brand, commodity and disruption can be considered as a major highlight for Toyota’s risk management system (Wipplinger, 2007). The implications of strategic risk management should be addressed through references to the three distinct areas as brand, commodity, and disruption management. A clear understanding of the binding principles of risk management associated with these distinct aspects would help in addressing the risks with ease alongside framing contingency measures for containing the impact of disruption caused due to the risk (Zhi, 1995).
Prior to design of risk management approaches, Toyota should anticipate the association of strategic risks with the inherent risks in a company’s strategic decisions as well as the macro structural decisions that promote internal risk-taking. The management should also ensure grouping of risks at the organizational level that would increase the prospects for effective allocation of resources for risk management and assignment of responsibilities. Toyota could leverage the benefits of evaluation of the strategic risks on the basis of data collection inferences (Rasmussen, 1997).
The inclusion of an integrated tool that could help in the collection of data pertaining to qualitative and quantitative interpretations of the risks can be presented as a recommendation to the board for resolving the strategy risks. The lack of consistency in the qualitative interpretation of strategy risks could be considered as a major aspect that should be addressed by Toyota in order to deal with strategy risks. The example of implementing a system for collecting data regarding risks could be identified in the ERM strategy of IBM which implements a strategy cycle and execution cycle (McNeil, Frey & Embrechts, 2015).
The strategy cycle is intended to address the short-term objectives as well as long-term prospects for the company. Another company that can be considered as an example of resolving strategy risks is PNC which was subject to strategic insufficiencies leading to customer fraud in March 2004.
The organization’s risk management was associated with formidable integration of the risk profile and strategy followed by effective management of risk-based capital. On the other hand, the features of the risk management system of PNC to facilitate information pertaining to credit risk, market risk and operational risk management can be accounted as a promising source of information pertaining to the business environment as well as internal environment (Leland, 1998). Therefore, strategy risks could be addressed effectively from internal as well as external perspectives of the organization.
External Risks:
External risks are prominently derived from the events that could not be subject to control or influence of the organization. The general sources of external risks are identified in the form of natural calamities or major transitions in the macroeconomic environment. It is imperative that the external risks could not be controlled and hence could not be prevented. On the other hand, an organization’s risk management approach for the external risk would have to be aligned with identification and reducing the impact of the risk event (Froot & Stein, 1998).
It is also essential for an organization to understand the limitations that can be associated with the management of external risks especially in the form of references to limitations of time and resources, lack of information related to competitors, difficulty in identifying the scope of external risks that should be considered and perceived notions regarding the difficulty of addressing the external risks. The case of McDonald’s can be considered as a sample for the identification and management of external risks (Bouchaud & Potters, 2003).
The external risks for the fast food giant could be identified in various dimensions such as ecological trends which favour production and distribution activities aligned with the preservation of the environment. The image of the fast food industry in context of modern ecological trends is negative owing to large scale consumption of palm oil amounting to almost 700000 tonnes annually (Akintoye & MacLeod, 1997).
The reputation of McDonalds was jeopardized by the SUPERSIZE ME scandal across 30 countries where the detrimental impacts of the products of McDonalds were highlighted. The documentary illustrated the presence of various additives and cancerous substances in the products alongside the harmful impacts of the products on health of consumers such as hypertension and obesity. Another scandal marred the image of McDonalds which was responsible for declaring the company’s burger unfit for consumption owing to the presence of ammonium hydroxide.
The competition in various markets where the organization operates could also be responsible for external risks especially owing to the large scale promotion of the digital marketplace (Jüttner, Peck & Christopher, 2003). The threat of negative impact of competition is complemented further with the negative perception of the brand by customers on the grounds of various scandals regarding product quality.
The measures that were adopted by McDonalds to address these external risks could be identified in the form of radical change in the image of fast food industry. The organization also aimed at addressing the particular scandal of the SUPERSIZE ME scandal through excluding the ‘super size’ menu as well as including new offerings in the menu such as light sauces and salads. The trends of increasing favourability for healthy dietary habits could be addressed by the organization through supplying yogurts, salad, and fruits.
The complaints of the inappropriate quality of food with the presence of ammonium hydroxide were addressed through changes in the recipe (Kaplan & Mikes, 2012). However, the organization must follow a digital marketing campaign directed towards target customer groups which could facilitate reasonable opportunities to the company for improving brand equity. The examples of successful digital marketing campaigns executed by organizations can be identified in the case of Heineken and Airbnb.
Heineken utilized the social media platform, Facebook, for integrating people from distinct ends of the social spectrum such as feminists and anti-feminists through participation in team social activities by sharing a Heineken and discuss their viewpoints. Another example of successful digital marketing for risk management was by Airbnb which used a video for presenting their acceptance for people from distinct backgrounds and places that can be considered as a prolific response to the travel ban imposed by President Trump (McNeil, Frey & Embrechts, 2015).
Part B:
The effectiveness of an ERM strategy in an organization could be largely associated with the identification of effective risk management processes in the areas of governance, monitoring and strategic activities. The approach was determined by former COSO Chairman, Larry Rittenberg who identified the distinct activities (Bouchaud & Potters, 2003). The example of Sears Holding has been considered as a sample organization for evaluating the effectiveness of addressing the three distinct components of governance, strategic and monitoring in obtaining feasible resolution of the financial distress faced by the organization.
The following evaluation would present an overview of the organization’s background and the causes of the financial distress experienced by the organization as well as the strategic objectives of the company.
Organizational background:
Sears Holding Corporation has been established in the United States since a massive 125 years ago. The company has prolific presence in the United States with 1980 stores as well as in Canada with 449 full-line stores. The focus of Sears is vested primarily in commercial sales, home services and specialty stores. The competition in the retail sector accounts as a formidable risk with the various competitors such as Wal-Mart, Target and Home Depot. On the contrary, the organization has incurred substantial debt which poses indications towards its bankruptcy.
The financial situation of Sears Holding is considered to be in distress also due to the depreciating income statement as well as the balance sheet which depicts continuous depreciation alongside drops in the liabilities of the organization (Akintoye & MacLeod, 1997). The prominent factors which were considered responsible for the depreciation included poor brand recognition, lack of direction for the company and in-store innovations as well as transition to online sales.
The strategic objectives for the organization for addressing these issues could be identified in the form of estimating the company’s priority, improving strategic leadership, human resource management, cohesion, perceptions regarding employees, environment and the company and identify key departments for the sustainability of the organization (Kaplan & Mikes, 2012). The objectives would have to be oriented distinctly towards various dimensions such as employees, competitive advantage, stability, and formal procedures.
The primary source of improving the existing situation of financial distress could be ascertained in the form of human resources of the organization. Furthermore, the discussion on stakeholder responses as well as compliance to emerging technological development can be considered as notable ambiguities for the company’s strategic approach. However, in order to present a suitable risk management strategy for the organization would have to be based on the use of Larry Rittenberg’s three-step approach. The three-step approach would have to be based on the identification of strategic, governance and monitoring issues and implementing the risk management framework of Sears Holding Corporation (McNeil, Frey & Embrechts, 2015).
Risks for Sears:
The risk identification is particularly considered as an essential element for addressing the risks leading to the financial distress of Sears which has to be implemented for identification of risks in the three distinct areas such as strategic, governance and monitoring. The strategic issues encountered by the organization can be found primarily in the form of limited focus on employee productivity that can be identified in the form limited options for employees to improve their competitive advantage and expansion opportunities.
The development of employees is restrained thereby presenting another complicacy for the management of people in the organization on the grounds of inexistent philosophy. The strategic discrepancies encountered by the organization could also be identified in the form of political and economic shifts that could imply the requirements for undertaking strategy risks or contain the impact of external risks (Kaplan & Mikes, 2012). Government intervention in the free market could also imply prominent strategic risks for Sears.
Governance issues that could be identified in the case of the organization include limited confidentiality in voting for stakeholders, dissent of stakeholders regarding shareholder rights and executive compensation. The governance of Sears is subject to issues arising from the unethical practices of certain managers who emphasize their personal interests over that of the company. The particular issues identified in the case of monitoring aspects of the organization can be considered as resultants of technological advancements. Technological advancements have influenced the cost structure within the retail sector and the value chain structure which have been complemented with large-scale technological integration for monitoring applications.
The monitoring risks within the organization’s risk management framework would also have to be subjected to the legal implications suggesting protection of intellectual property (Bouchaud & Potters, 2003). Monitoring issues are not particularly limited to the surveillance aspects within the retail stores. On the basis of a larger picture, the monitoring extends towards the review of organizational performance as well as consumer protection and safeguarding the intellectual property of the organization.
The compliance of the organization to specific legal precedents pertaining to intellectual property protection can be considered as a major monitoring risk for the organization. The legal barriers are also variable in different markets which could be addressed through tailoring the monitoring activities to the guidelines. The monitoring aspects of the organization are also subject to the issues of reporting that imply the maintenance of ethical standards (Hallikas et al., 2004). The lack of a precise guideline for reporting can lead to prominent discrepancies for the organization for its monitoring activities. The resolution of these risks can be presented through an effective risk management approach that comprises of references towards the three-step approach presented by Larry Rittenberg.
Rittenberg’s risk management:
The particular rationale for resolving risks through Larry Rittenberg’s three-step approaches is vested in the identification of risk appetite. The definition of risk appetite could be presented in the form of the extent of risk acceptable by an organization for pursuing value thereby implying its potential for productivity upon integration in the strategic planning framework of the organization.
The identification of risks in various categories such as strategic, governance and monitoring issues would have to be followed by a clear estimation of risk appetite for the risk levels that can be sustained by Sears. This would help the organization to ensure a long-term foresight for its strategic objectives rather than confusing over the existing distressful situations (Kaplan & Mikes, 2012). It has been aptly termed that prevention is better than cure thereby implying that risk appetite is a preventive measure for Sears to address the consequences of different types of risks. The risk management strategy can be illustrated as follows with a specific identification of the underlying stages involved in each step such as the development of risk appetite, communication of the risk appetite and the monitoring and update of the risk appetite of the organization.
Develop risk profile:
Development of risk appetite is presented in the form of a statement which would define the specific amount and nature of risks that can be possibly taken by the organization for accomplishing novel reward opportunities. It is imperative for the organization to understand that there is no specific amount for risk appetite and it varies from company to company. The four factors that must be assumed as considerations for developing risk appetite include existing risk profile, attitudes towards risk, risk tolerance and risk capacity.
The competitive nature of the market especially in the retail sector has to be included as a notable factor for estimating risk appetite (McNeil, Frey & Embrechts, 2015). The drastic changes in the business environment could also be considered liable for the variations in the development of risk appetite. The risk appetite statement should comprise of clear statements in order to facilitate effective monitoring and flexible communication, a direct relation between risk-taking and organizational objectives. The risk appetite statement also describes the identification of a risk portfolio that could be used for resolving the other risks. The example risk appetite statement that can be recommended for Sears can be presented as, ‘The operations of Sears are vested in a high overall risk range (Wipplinger, 2007).
The organization has indicated a limited risk appetite for product quality and performance objectives while the higher risk appetite is estimated in aspects such as reporting, monitoring, operations and strategic objectives. This factor suggests that addressing the primary risk appetites in the areas of reporting and communication could improve the capabilities of Sears to interact with stakeholders and customers on a regular basis alongside involving them in the change management process.
Communication of risk profile:
The next step involved in the risk management process is associated with communication of the risk appetite statements. The risk appetite could be communicated through expressing appetite for individual categories, wide-ranging risk appetite statements and expressing risk appetite for individual major section of strategic objectives of the organization.
The representation of the risks using visual and graphic aids can be considered as a feasible measure for Sears to ascertain the risks and the threat level of individual risks (Bouchaud & Potters, 2003). The advantage of communicating risks categorized on the grounds of distinct categories such as political, economic, and technological or personnel risk can be identified in the form of identifying distinct criteria of acceptable levels for other risks that are identified in these categories.
Monitoring and updating of risk profile:
The final stage of the risk management strategy of Sears would include references to the monitoring and updating of risk appetite that should be executed on a daily basis. This stage of an effective risk management approach would involve prolific references to the use of KPIs and ensure that the risk appetite estimated by the organization is aptly integrated in the organizational culture.
The monitoring and updates of risk profiles could also be associated with effective monitoring and communication of formidable changes and risks in risk appetite. Other significant activities that could be executed by Sears would be directed towards a clear identification of risk appetite and the specific tolerances for the individual departments in the organization (Kaplan & Mikes, 2012). Finally, the organization should ensure formidable consistency between risk appetite, relevant reward systems, and objectives. However, the organization should also emphasize on reporting any deviations from the conventional estimate of risk appetite.
References
Akintoye, A.S. and MacLeod, M.J., 1997. Risk analysis and management in construction. International journal of project management, 15(1), pp.31-38.
Boehm, B.W., 1991. Software risk management: principles and practices. IEEE Software, 8(1), pp.32-41.
Bouchaud, J.P. and Potters, M., 2003. Theory of financial risk and derivative pricing: from statistical physics to risk management. Cambridge university press.
Cooper, D.F., 2005. Project risk management guidelines: Managing risk in large projects and complex procurements. John Wiley & Sons, Inc..
Froot, K.A. and Stein, J.C., 1998. Risk management, capital budgeting, and capital structure policy for financial institutions: an integrated approach. Journal of financial economics, 47(1), pp.55-82.
Hallikas, J., Karvonen, I., Pulkkinen, U., Virolainen, V.M. and Tuominen, M., 2004. Risk management processes in supplier networks. International Journal of Production Economics, 90(1), pp.47-58.
Jüttner, U., Peck, H. and Christopher, M., 2003. Supply chain risk management: outlining an agenda for future research. International Journal of Logistics: Research and Applications, 6(4), pp.197-210.
Kaplan, R.S. and Mikes, A., 2012. Managing risks: a new framework.
Leland, H.E., 1998. Agency costs, risk management, and capital structure. The Journal of Finance, 53(4), pp.1213-1243.
Miller, K.D., 1992. A framework for integrated risk management in international business. Journal of international business studies, 23(2), pp.311-331.
McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts, techniques and tools. Princeton university press.
Rasmussen, J., 1997. Risk management in a dynamic society: a modeling problem. Safety Science, 27(2), pp.183-213.
Stulz, R.M., 1996. Rethinking risk management. Journal of applied corporate finance, 9(3), pp.8-25.
Wipplinger, E., 2007. Philippe Jorion: Value at Risk-The New Benchmark for Managing Financial Risk. Financial Markets and Portfolio Management, 21(3), p.397.
Zhi, H., 1995. Risk management for overseas construction projects. International journal of project management, 13(4), pp.231-237.
