Learning from Loss
Many companies will terminate a loser rather than learn why it went wrong.
A CEO was meeting with their CRO, CFO along with several members of business unit management a few months after the close of a year that included an unexpected loss by that same business unit that reduced reported group income by almost 75%. They asked if there was any good reason that they should continue the business unit that had created the loss with the current management. Of course, a wild melee started with everyone talking at once.
It was obvious from this chaotic scene that no one had planned for any loss, ever. That is not uncommon. Overconfidence is often highly valued, until it fails.
When companies first started to add the Chief Risk Officer (CRO) position along with risk departments, there were several functions that they immediately assigned to the CRO. Designing and implementing the new risk management system, risk assessment and reporting, presenting risk and risk management reports to the board are several of the most common responsibilities. Sometimes, looking backwards and assessing the compliance with and effectiveness of the risk management system is a part of the CRO’s responsibilities and sometimes that role falls to auditors under a “three lines of defense” approach.
But usually that review is not the sort of “failure analysis” needed after a major loss. That regular oversight function is often too gentle to produce the kinds of information to support the natural question that the CEO asked above, basically should he terminate just the management or should he just close the business, or is there something salvageable here?
This sort of investigation could be assigned to the CRO well in advance of any major loss. If that assignment has happened, then the CRO has a good reason to accumulate the sorts of background information that is essential to getting to real insight as to the reason for the loss. That background information basically is the answer to the question: What is it that management of a business unit expects to happen in a seriously adverse situation?
More specifically, here are a dozen questions that the CRO should answer about the business unit and the loss:
1. Was the strategic risk trajectory for the business unit appropriate for the company’s financial situation, the risk environment and the primary strategic objectives of the organization?
Here, risk trajectory means the choice of either:
· Increasing risk faster than surplus
· Increasing surplus faster than risk
· Balancing the growth of risk and capital.
The wrong choice of risk trajectory may leave a company in too fragile of a situation, and therefore more sensitive to losses. Or, the losses might be just the inevitable consequence of being in the risk business.
2. Did the specific plans of the business unit in the years prior to the loss support the chosen trajectory?
Companies can make good decisions but execute them poorly. A major loss might result from a bad decision, or a good decision and poor execution.
3. Were the risk appetite and tolerance for the group and limits for the business unit set through a robust process that considered the pertinent factors?
Many companies use a “momentum” approach to setting targets and limits for next year. Simply adding x% to everything. A robust approach would reflect prospective differences and changes in profitability and in risk environment for each business and for the group in total.
4. Was compliance with risk appetite, tolerance and limits monitored regularly?
It is easy to take on too much risk if no one is watching.
5. Was the company in compliance, especially for the business unit that had the major loss?
All too often a calamity will hit the one area that was the most overexposed. Murphy’s Law, I guess.
6. If risks exceeded their limits, were actions take to get back in compliance?
The choice of risk appetite, tolerance and limits can have a major impact on risk taking activities, but only if compliance is monitored and if there are real actions taken as a result of breaches or near-breaches.
7. Did the risk assessment process expect to use the best available methodology?
A weak assessment process may allow a business to slide into taking higher and higher per unit risk because it isn’t sensitive to such changes.
8. Was that methodology actually used?
Improvements to risk assessment seem to esoteric. So they get postponed.
9. Were the risk assessments performed and reported in a timely manner?
The best risk management requires the best risk assessments so that actions are taken at the right moment. There is often a trade-off between the accuracy and timing of risk assessments. The best number, delivered too late for corrective action is of little value.
10. Were the planned mitigations capable of reducing the frequency and/or severity of losses in the manner expected?
Could the plan have succeeded? As I once told a BU head, “The point of planning is not that you are being expected to predict the future, but we just want you to show that there exists a plausible future where your plan works.”
11. Were the planned mitigations carried out as expected?
Mitigations are your defense. If you chose the right mitigations and executed them well, then you would have expected to be safe. And finally:
12. Did your peers suffer comparable losses?
There are several parts to the answer to that one, like were they similarly exposed, did they use the same mitigations to similar effect (or lack thereof).;
Available on Crossing Thin Ice Podcast with some additional material.
https://crossingthinice.podbean.com/e/learning-from-loss/
If there was a flaw in your approach to this risk that resulted in the major loss, these 12 questions ought to help find it for you. And if the CRO can lead the company through the process of answering these questions and finding that flaw, then management will be able to continue with the intended strategy and corrections as needed, rather than abruptly fleeing their strategy and seeking some other path. But only if the activity can still meet company objectives after those flaws are corrected.
https://crossingthinice.podbean.com/e/learning-from-loss/