Risk Management Starts at the Top


How to sort out strategies and weather the storm.

How to sort out strategies and weather the storm.

Fortnightly Magazine - October 2006

The chief executive of a failed corporation says, “I didn’t know what was going on. The chief financial officer made all those decisions. I couldn’t have been expected to understand them.” The collapsed energy merchant had a chief risk officer who had put in place an expensive risk-management system that did not protect the firm. The hedge fund with tight risk-management rules failed because it had violated its own risk rules. What went wrong?

Perhaps the corporate structure became too large and complex for anyone to know what was going on, a risk that deserves, but rarely receives, management attention. Perhaps the directors and managers viewed risk management as an administrative burden rather than as a tool for decision making, a window-dressing procedure to deflect criticism. Perhaps management decided to ignore guidelines because it had in front of it a deal too good to pass up.

Risk management serves a real purpose only if executive officers and directors embrace it as an integral part of business strategy. Otherwise, it is nothing more than a bureaucratic exercise that lulls the management and directors into a false sense of security. 1 Those at the top, who oversee the organization, need to determine its rationale for being involved in energy markets, its objectives and the policies and procedures to assure the firm meets its objectives and stays in line with the overall goals regarding strategy and risk. 2 If the board of directors and senior management do not explicitly develop and proclaim these goals and explain them to those in charge of executing them, then the policy will evolve by default from the actions of those who are involved in either trading or making the decisions that affect the firm’s exposure to risk.

Please participate in this brief PUF survey

The board and senior management need to make a priority of enforcing their policies and procedures—and not permitting deviations. 3 If the rules are not enforced, then the systematic flouting of the rules will produce a new policy by default—one that most likely will be contrary to the board’s wishes. 4 If the rules need revision, that is a job for the board to decide—not the traders on the desk. 5

Business Strategy Shapes Risk-Management Style

As a start, management must determine the purpose of its activities that require the risk management. Not having a clear notion of business strategy creates risk. Consider the case of energy trading as an example. Firms need to decide why they trade in energy markets.

To simplify the situation, think of the energy-trading function as having three purposes:

1. Trading for profit: Less politely referred to as “speculation,”