Deloitte & Touche (South Africa)   Deloitte & Touche (South Africa)
Global > South Africa >    
Managing High Impact Low Likelihood Risk
Published: 19/6/06

Many of the world’s largest companies have suffered tremendous losses in market value over the last ten years because they failed to anticipate the interaction of multiple risks.  Most major losses resulted from a series of high impact, low likelihood events.  In many cases, the consequences were so dire that the affected companies never recovered.

 

Not so long ago, risk management was considered the domain of academics and consultants and not a priority for mainstream businesses. But that bubble of complacency was burst through a succession of cataclysmic events: the dot.com bust, 9/11, the Asian financial crisis and a wave of business scandals.

 

Today, although most companies are paying more attention to risk management principles, many of them have yet to translate this increased awareness into effective actions to address the threats.  In fact, many companies are still asking how they can better protect themselves. To address this question, Deloitte researched instances of major losses in shareholder value experienced by hundreds of companies over the last decade.

 

According to the Deloitte report on this study, a pattern of “value killers” emerged.  For business leaders, recognising these potential value killers will begin to help answer the question of what companies can do to protect themselves.

 

Some of the answers have already been supplied by regulators and government legislation to reduce the occurrence of inaccurate or even fraudulent financial reporting.  Beyond that, there are several initiatives which can be implemented to protect the organisation:

 

“We have found that at least four initial steps can help companies guard against these value killers,” says Justine Kathan-Mazzocco, Director Risk Management Services, at Deloitte.

 

“Firstly, companies must manage the domino effect of critical risk interdependencies; secondly, in their scenario planning, they need to predict unknown future low-frequency, high-impact risks; thirdly, they need to promote a strong, ethical control culture which leads employees to act as stewards of corporate value; and finally, they need processes and information systems which provide timely information.

 

“In managing risk, the silos need to be broken down and the risks need to be looked at in combination with each other.  Take, for example, the drop in the rand, one could take forward cover to address a specific risk of foreign currency, but on a more strategic level how we have seen companies responding by looking at the potential impact of a combination of risks, is to potentially diversify their markets, products and services in an attempt to anticipate the growth going forward.”

 

“A risk intelligent organisation looks at managing the upside as well as the downside of risk.  You need to anticipate market opportunity, respond timeously and in that way potentially create more value for your business. A recent example of optimising an opportunity risk is that of a South African diversified fuel and chemical manufacturing group.  In looking at alternative energy sources as well as the market’s heavy dependence on oil, the group has entered into a joint venture with a company in the Middle East for the establishment of a gas-to-liquid fuel plant there. If successful, this venture would potentially result in the group being a global leader in the gas-to-liquid industry.  They anticipated this a few years ago and is an opportunity risk that they have maximised.”

 

“We would also recommend the establishment of a risk committee comprising representatives from Risk Management, Internal Audit as well as executives and non-executives. This would greatly assist the Audit Committee as Internal Audit cannot provide assurance on all risks in the organisation.”

 

According to Kathan-Mazzocco, what is needed is an integrated, organisation-wide risk management function to identify the key risks across the organisation, understand the connections between them and develop a risk management strategy that takes into consideration the organisation’s appetite for risk. Companies need to invest in new capabilities to increase the organisation’s ability to withstand low-probability, high-impact risks.  They should use “stress testing” to ensure that their internal controls and business continuity plans can withstand the shock of a high-impact event.  They should proactively plan and acquire the strategic flexibility to respond to specific scenarios.

 
Contact us for more information about this topic.
 
Page Last Updated: 24 October 2006
Source: Deloitte & Touche (South Africa)  - South Africa (English)

Print This Page    Email To A Colleague
  Security | Legal | Privacy    

Copyright ©2009 by Deloitte & Touche, a member of the Swiss Verein Deloitte Touche Tohmatsu. All rights reserved. Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its Member Firms.

Deloitte RSS Feeds | Site Map