. 9
( 131 .)


book the term ˜risk™ will be viewed by SERM to mean:
anything which prevents an organisation from achieving its business objectives.

In part, this merely follows the natural usage of the word ˜risk™ as an essentially
negative concept “ for example, one would not generally describe the possibil-
ity of obtaining a higher than expected return from an investment as a risk.
However, it is clear that a risk could relate as much to the failure to achieve
a positive benefit as to the incidence of liability or loss. Furthermore, an organ-
isation™s ability to tolerate or manage risk may constitute a competitive
advantage in itself.
The inter-relationship of risk with uncertainty in positive outcomes may
become blurred. Increasingly, even good surprises may be regarded unfavourably
by stakeholders. The last thing an investor would want to see after having
recently reduced a shareholding in any given company would be a sudden and
unexpected upturn in share price, or analysts who placed moderate profit esti-
mates being made to look inaccurate by outperformance. This kind of risk issue
is probably best described as a stakeholder risk, with current and potential mar-
ket investors constituting one of the important categories of stakeholders of a
publicly listed company (see Chapter 9).
The view of risk as essentially negative does not deny the importance
of the management of uncertain positive outcomes, we merely recognise that
risk analysis, while an important tool for management, is not a panacea for
managing an organisation as a whole.

Direct cost risk
Direct costs are primarily those that financially impact upon the organisation,
they include: fees, fines, remediation costs, lost materials and production
˜down™ time, or the loss of contracts.

Intangible and indirect risks
One of the difficulties in establishing an effective framework for evaluating and
managing risks is the treatment of intangible or indirect risks. Intangible value
Chapter 1 “ Introduction

is often regarded as difficult to measure and break down into its constituent
parts. Nevertheless, it is estimated that intangible assets and goodwill constitute
71% of the total market value of FTSE100 companies (Interbrand and Citibank
research from 1998). Any framework that does not effectively address risk
issues affecting that value is therefore unlikely to deliver reliable business
The intangible factors, which should be considered in the context of a risk
framework, include the following:
Corporate reputation: i.e. the perception of the company™s strength, corporate
governance, credibility, reliability and trustworthiness;
Individual brand values: reflecting customer perception of the branding asso-
ciated with particular products or services; and
Stakeholder value: being a function of the company™s relationship with
stakeholders such as investors, employees, government and the media. An
element of how and where a risk arises is from which group of stakeholders
it originates. We have developed a stakeholder template to review their
impacts which is covered in more detail in Chapter 9. It is a useful aide mem-
oir for your organisation with which to view the variety of stakeholders
Indirect (intangible) costs are the losses sustained from things such as:
Reputation damage;
The loss of business opportunities; and
Reduced sales and brand damage.
The diagram below shows a sample risk profile for a company, demonstrating
the gross and net direct and indirect risk. By presenting it in a common radar
format, it provides the company and its stakeholders with a visible corporate
risk/liability ˜health check™.

Business restructuring
Gross risk Net risk
Health & safety indirect Environment direct

Social & ethical indirect Social & ethical direct

Environment indirect Health & safety direct
Chapter 1 “ Introduction 13

It also identifies risk ˜hot spots™ and management underperformance. The
outer ring is the gross risk the company faces and the management of risk issues
reduces this to the inner ring.

Sustainability risk
In the last decade, a set of inter-related social and cultural, environmental and
economic factors have been forged into the sustainable development frame-
work. The increase in ecological stresses has been accompanied by an increase
in the severity of breakdowns in our life support systems and this will have an
impact upon our ability to produce economic development and ˜wealth™ from
the limited resources this planet has to offer. These pressures will impact upon
the level of social development we can achieve as local environments are dam-
aged. Without economic income there is not the capital revenue to support the
development of social capital and the preservation of ecological capital.

Risk management
Generally, risk management is the process of identifying, measuring and assess-
ing risks and developing strategies to manage them. Strategies include: transfer-
ring the risk to another party; avoiding the risk; reducing the negative effect of
the risk; and accepting some or all of the consequences of a particular risk.
Overcontrol of risk can be as damaging to business interests as the lack of
controls. The objective of risk management is not necessarily the elimination or
reduction of risks, but how they are actively managed in a business context.
This could mean that particular risks are being overcontrolled, and unneces-
sary costs incurred. Robert Winter™s dictum that ˜undue aversion to risk can be
the riskiest behaviour of all™ can ring very true (Risk Management Reports,
volume 21, number 2, February 1994).

Potential risk treatments
Once risks have been identified and assessed, all techniques to manage the risk
fall into one or more of four major categories (Dorfman 1997). Some ways of
managing risk fall into multiple categories:
Risk transfer means causing another party to accept the risk, typically by con-
tract or by hedging;
Risk avoidance includes not performing an activity that could carry risk. An
example would be not buying a property or business in order not to take on
the liability that comes with it;
Risk reduction (mitigation) involves methods that reduce the severity of the
loss. Examples include sprinklers designed to put out a fire to reduce the risk
of loss by fire, even though water damage can be severe; and
Chapter 1 “ Introduction

Risk acceptance (retention) involves accepting the loss when it occurs. True
self insurance falls in this category. Risk retention is a viable strategy for
small risks where the cost of insuring against the risk would be greater over
time than the total losses sustained.
Traditional risk management focuses on risks stemming from physical or legal
causes (e.g. natural disasters or fires, accidents, death and lawsuits). Financial
risk management, on the other hand, focuses on risks that can be managed using
traded financial instruments. In this book very significantly we also look at how
to measure intangible risk, a new type of risk “ a risk that has a high probability
of occurring but is ignored by the organisation due to a lack of identification.

Useful web links
Within the book there are extensive sections dedicated to abbreviations,
glossaries and definitions (like appendix B). The following web sites will
also assist your research into the terminology used within the book.
Electronic glossaries:

* http://investopedia.com/
* http://www.investorwords.com/
* http://www.nytimes.com/library/financial/glossary/bfglosa.html
A useful business search engines can be found at the following site:
Overview of Risk Management
The chapters in this part cover introductory risk management themes:
What is a Sustainable Enterprise Risk Management system? (Chapter 2);
Trends and drivers in risk management (Chapter 3);
Background to key aspects of legal risk management (Chapter 4);
The relevance of due diligence (Chapter 5); and
How risk management themes affect your organisational culture (Chapter 6).
Part A “ Overview of Risk Management

The net risks to market value from all the issues discussed in the book are
outlined in the pie chart below:

Economic &
Risk, 2%

Risk, 5.4%

Social & Ethical
Risk, 5.1%
A Sustainable Enterprise Risk
Management (SERM) system
2 A Sustainable Enterprise Risk
Management (SERM) system

The overall objective of the SERM system is twofold: to help organisations
avert risks stemming from corporate social responsibilities issues; and
seize opportunities from becoming more sustainable. This can be achieved
with limited additional financial and staffing resources if existing systems
are expanded to cover sustainability risk management and the aligning of
risks and rewards to your business objectives.

Introduction to a SERM system
We will explore the business case for sustainability and the benefits from
ensuring that a Sustainable Enterprise Risk Management (SERM) system leads
you towards becoming a sustainable organisation. There are benefits to be
derived from proactively seeking opportunities for new markets in a world of
increasingly constrained resource supplies and increasing demands. The
approach seeks to minimise the risks, the negative aspects of not yet being sus-
tainable. In so doing it should be understood that an enlightened view of the
risk environment can:
Reduce overheads and material costs;
Increase compliance;
Reduce fines and penalties; and
Improve competitiveness and marketing opportunities.
Outstanding economic, environmental, social health and safety and govern-
mental performance can have practical benefits for the organisation. Actions to
mitigate risk can include the taking of opportunities as they present them-
selves. Companies like BT, General Electric and Wal-Mart are changing their
competitive game by taking sustainability risk factors and turning these into
benefits for their competitive strategy.
There is some debate regarding whether the modus operandi of business is
anything other than business. To support the view that sustainability issues are
Chapter 2 “ A Sustainable Enterprise Risk Management (SERM) system 19

crucial to business operations, a survey conducted by the Center for Corporate
Citizenship & Sustainability (http://www.bcccc.net/index.cfm) of 198 medium
to large multinational companies found that:
A total of 90% of participating companies say their company™s approach to
corporate citizenship and sustainability issues reflects at least some belief in
the potential rewards;
Two-thirds of survey participants say that corporate citizenship and sustain-
ability issues are of growing importance for their businesses; and
A majority of big companies concerned with corporate responsibility issues
acknowledge that they lack an active strategy to develop new business oppor-
tunities based on those concerns.
An emerging example of the new mode of operations and how values-led
brands are helping to create value is a recent quote from Unilever™s CEO Patrick
For us, social responsibility is about creating social benefits through our brands and
through our interactions as a business with society. It™s the business of doing business
responsibly ¦ The business case for corporate responsibility can be summarised in four
ways: sustainable development, building reputation, growing markets, and fuelling innov-
ation. (Business as an Agent of World Benefit Forum in Cleveland, USA, 24 October

The SERM framework seeks to highlight that there is a broader definition of
business risk which covers a wider range of current and emerging risks that can
impact upon an organisation. Quite often these risks affect intangible assets and
value as opposed to the more tangible damage we are used to as risk managers.
Many of the triggers can originate from outside the organisation, yet still
require management. So we offer the following version of what we perceive to
be risk as,
anything which prevents an organisation from achieving its business objectives.


. 9
( 131 .)