Exposing the fault lines

20 September 2011

Whether it’s financial turmoil, security or social unrest, businesses are facing an increasing number of risks in the UK and overseas

In THE WAKE of the worst financial crisis in living memory, it is no surprise that financial and market factors are top of the risk management agenda for many major businesses.

“With the fragile state of the markets, uncertainties about the Eurozone, flat growth in the US and UK, and increased regulatory challenges, a whole pile of different issues are rapidly coming together,” says Lesley Jones, group chief credit officer at RBS.

UK banks are starting to “think the unthinkable”, she says – what would happen to the weakest banks in the sector if the Eurozone is broken up, and what impact would that have on the fragile economic recovery? “People are starting to get very nervous that uncertainty over the Eurozone will act as a damper on global stock market recovery.”

Prolonged economic woes pose risks for all businesses. “The longer the economy bumps along the bottom, the longer there’s a heightened risk of highly leveraged companies going into insolvency, especially SMEs,” says Jones. “There’s also clear evidence that fraud increases during a down cycle.”

“ The banking system could collapse again, as there’s no clear idea of how much toxic waste still exists in the system,” Jonathan Hopkin, senior lecturer in comparative politics at the LSE , told Ernst & Young’s recently published annual risks and opportunities survey. In that survey, s ix of the top ten identified risks relate to financial and market factors.

Many business owners – and even their banks – remain confused about what would happen if it did. “The Financial Services Compensation Scheme is very unclear,” says Thomas Coles, managing director of MSM Risk Management, a medium- sized firm which develops risk engineering software. “Our bank had to ask eight different managers whether we were covered.”

Consumer and business confidence seem as depressed as the economy. If you add in market maturity, declining and ageing populations, volatility in commodity and realest ate prices and the effect of government spending cuts, organic growth for many companies is slowing or is even in retreat, observes Ernst & Young. This means firms seeking rapid growth must take market share from competitors, often through aggressive pricing.

“It’s difficult to envisage many business sectors where pricing pressure isn’t a major issue in the current financial situation,” says Nicholas Brookes, chairman of security printer and papermaker De La Rue.

“This is only likely to increase for UK plc as international competition is imported from emerging and developing markets.”

Competitive threats are often over looked by business leaders and their risk managers, who are too ready to accept them as a natural part of doing business, says Mils Hills, senior lecturer in global strategy at Coventry University. “Any business that fails to regard competition as a risk may be in trouble –especially now that brand loyalty is low – and outsourcing and offshoring enable new ventures to be set up very quickly,” he warns.

Access to credit is less of an issue now than a year or two ago, according to Ernst & Young, but its survey still saw a third of companies reporting constraints on credit availability, with one in ten facing challenges in obtaining capital for major investment programmes.

“Finance remains one of the biggest risks for any business and is a major constraint on growth,” says Ajaz Ahmed, internet entrepreneur and founder of Freeserve, whose latest venture, legal365.com, offers legal services on the web. “Banks are so cautious they’ll turn away promising prospects: I think that will continue longer than many people realise.”

Supporting the company pension scheme is a top – ten risks for many organisations, according to Tim Archer, partner in enterprise risk services at Deloitte.

And Steve Culp, managing director for Accenture Risk Management, says companies that are overly eager to boost export sales may do so without adequately hedging their exposure to local market pressures or currency fluctuations.

Supplies

The move to put UK workers on short time when March’s earthquake and tsunami in Japan choked off component supplies brought home the fact that risk is no longer confined by geography.

But today’s super-efficient manufacturing practices c a n exacerbate a risk still further, says Richard Thomas , European head of risk management services at business insurance specialist QBE. “Supply chains can be so streamlined that there’s no duplication, so if anything goes wrong companies are very exposed,” he says. “Attenuated supply chains mean organisations may not even realise where or what the risks actually are.”

According to the 2010 Cross-Sector Risk Research programme of insurance risk analysts Mactavish, 85 per cent of UK manufacturers are concerned about the supply- chain risks resulting from single sourcing, elimination of buffer stocks and spare production capacity, and consolidation of production and distribution centres.

Outsourcing one’s operations does not mean outsourcing the risk – a fact often forgotten by businesses that do outsource – as Armoghan Mohammed, a risk partner at PwC , points out . “It increases complexity and make it more difficult to get a proper view of the risk,” he adds. “Often one or two major projects make it on to the board’s ‘top ten’ risks, such as a major outsourcing or offshoring, a shift in operations or a new I T system,” says Deloitte’s Archer.

While focusing on strategic risks is understandable, De La Rue’s Brookes says: “Companies also need to focus very carefully on operational risks, in particular deliverability of the company’s offering and the risks which could disrupt this. Look at BP where the failing [that caused the Gulf of Mexico oil spill] was essentially an operational, not a strategic one.”

All too often organisations take no action on operational risks until their hand is forced by legislation. Yet regulation and compliance is itself perceived as a significant business risk, topping the risk ran kings in the Ernst & Young survey for the second year running. “The inexorable rise of legislation and regulation is a major issue f or all businesses and is likely to increase,” says Brookes. “The Bribery Act, for example, has already had a major impact on the compliance controls of international businesses.” Considering the whopping fines that can be handed down to both businesses and directors for bribery and other anti-competitive practices – not to mention the collateral damage to the company’s reputation – such concern is understandable.

Regulation does not only pose a risk for multinationals. Recent research carried out by the Forum of Private Business has found that small firms are spending more time and money on complying with regulation s – £16.8 billion per year to be exact. In all, 84 per cent of the organisation’s members reported an increase in time spent on compliance since 2009. Head of campaigns Jane Bennett says: “Despite several government initiatives, it is clear that we are heading in the wrong direction.

Technology

Emerging technologies were placed in the top five in E r n s t & Young’s survey of risks. Respondents particularly cited the difficulty of developing an innovation culture, combined with fear of adopting “bleeding edge” (too new) or “white elephant” (of no value) technologies.

“Almost all businesses will need to maintain a clear focus on the delivery of innovation, particularly to avoid being overtaken by more cost- effective processes coming out of the emerging economies,” says De la Rue’s Brookes.

And there are global issues to consider, too – when will the next domino topple in the Middle East, will there be democracy riots in China, will a new government in South Africa nationalise foreign investments, or a new one in Germany abandon the euro?

There are also one-off events, whether known (such as disruption from the London 2012 Olympics), or merely feared. Many observers believe the world is overdue for another disease pandemic, for example.

In the longer term, sustainability of vital commodities such as water and energy is a major concern, as are demographic changes such as declining or ageing population s in many developed countries. And various industries have the potential to inflict huge environmental impact if things go wrong – with increasingly stringent regulations to punish t hem if they do.

If something does go awry for a business, there is an increasing likelihood that it will be all over the internet and social media in no time, rendering traditional damage limitation difficult or impossible. Whether it is a catastrophic oil spill, a spate of brake failures or an unpopular level of bonus payments, the reputational damage can be severe and long-lasting, especially now that consumers and trading partners are taking environmental and corporate social responsibility issues more seriously.

“The management of reputational risk is poor in the main,” says Mon it or Quest’s Andrews. “Many companies are too eager to play down problems that later turn out to be serious, or to shunt the blame on to someone else.”

Security

“With any company of any size, my greatest initial concern would be its information security,” says Dick Andrews, a former army brigadier who is now executive director of security specialist Monitor Quest.

Too many boards fail to understand the true value of their intellectual property or to protect it properly, and even apparently water tight information security policies can leave dangerous loopholes, he argues. “I don’t know any company that’s advising its staff over voicemail security, even after everything that’s happened. People leave documents on their desks, and directors have confidential conversations in front of their chauffeurs or in their club.” According to the government’s Office of Cyber Security and Information Assurance, cybercrime costs the UK economy £27 billion a year, £21 billion of this affecting businesses.

“Conventional crime such as burglary remains a risk,” says MSM Risk Management’s Coles. “But if you’re burgled at lea s t you k now about it. If someone infiltrates eavesdropping software into your system, it could lie hidden f or months or years before it finds something of value and silently passes this to the criminal.”

Denial of service attacks can take down websites or networks f or days or even week s. Company and customer data may be stolen. And the runaway use of social media means staff may be posting and tweeting potentially sensitive information f or anyone to read. Increasingly, staff use their own mobile phones and handheld computers for company business, often without adequate security, Coles says. And familiarity with online transactions such as shopping can breed contempt for the potential dangers – risky if the person is using a company account or credit card.

Coventry University’s Hills agrees that an organisation’s own employees pose various threat s to its security, some calculated, others unwitting. Some threats are perennial, such as the possibility of sabotage or fraud by staff members, or unsavoury elements who have infiltrated the organisation’s ranks.

Others may be exacerbated by the economic cycle, such as mass disaffection among workers who see their bosses receive generous salary rises while their own pay is frozen, or an upsurge of claims for industrial injury when a factory is about to close.

If staff leaves, especially under a cloud or through redundancy, they may take confidential knowledge of the organisation or its intellectual property to a rival employer, warns Monitor Quest’s Andrews. This is compounded by the fact that most employers are too trusting and tell members of staff things they don’t need to know, from cash-flow problems to new product developments.

Conversely, the concentration of skills or knowledge in a few key individuals can create risk. “Is it wise to let your whole R&D team fly in the same plane?” he ask s.

Less drastic events can still be serious. “If staff leave without a proper succession plan the consequences can be much more extreme than many organisations fore see,” says Accenture Risk Management’s Culp. This common problem is of t en compounded by a failure to “segment” the work force in order to identify and retain key individuals, he adds.

The issue of talent management, especially skills availability, is perceived as a growing risk by global businesses, according to Ernst & Young’s survey. Ironically, says Culp, one of the skills currently in short supply is risk management.

Paul Bray has written about almost every topic from business and technology to travel, education and food and drink, for many publications including The Daily Telegraph, The Sunday Telegraph, The Guardian, The Sunday Times, Britain’s Top Employers, Computing, Director and Nasdaq International.