FTI: Prevention Beats Cure - Roger Carlile
Devastating risks have become all too real after major corporate shocks on both sides of the Atlantic, prompting many to reconsider risk management methods. FDE spoke to FTI’s Roger Carlile about how, as enterprise risk management becomes more prominent, organisations must become even more proactive.
Corporate catastrophes like Enron’s collapse are still fresh in the mind, but many have followed, especially in the financial services sector. Bear Stearns in the US and Northern Rock in the UK, for instance, proved that theoretical risks can very quickly become all too real.
Among the few positives to emerge from these events is the business world’s increased awareness of the need to bolster risk management processes.
‘These were large organisations that were viewed as very successful but failed and were sold or taken over by government. Risks become more real every day for other companies as they see these losses and how they occurred. Boards are now more focused on risk policies and risk monitoring,’ says Roger Carlile, head of the forensic accounting and litigation practice at consultancy firm FTI.
Carlile assists leading companies with potentially damaging legal, financial and reputational matters. FTI’s usual role is to help clients react to adverse events, but its experience enables it to advise clients on how to minimise the likelihood of such events and implement more robust risk management strategies.
A common stumbling block, however, is that it is hard to quantify the benefits of risk management, while it is easy to quantify the cost of a risk management programme.
‘It is as if you or I were buying insurance – we can see the cost but not necessarily the potential loss for which we are covered, as there are so many factors involved. However, with insurance you can at least estimate many of the variables, like the cost of fire damage. Companies are still trying to put a value on risk management which needs a more intuitive approach, but they can at least see the consequences of failures in risk control,’ says Carlile.
There are many intangible factors to think about when considering potential risks to reputation, market share, revenues and profitability, but enterprise risk management (ERM) could help bring greater clarity.
Engaging with ERM
ERM is a risk-based approach to management, providing a framework for evaluating risks that might impact a company’s ability to achieve its strategic goals. Its benefits include greater transparency, risk mitigation, improved compliance and – as ERM matures – the ability to create value through identifying positive risk and market opportunity.
‘Companies are still struggling with the implementation of ERM, particularly with the elements of risk that are not purely financial. The pendulum swings towards more risk control and then back again. Banks that didn’t fail but felt losses from the sub-prime market, for instance, are probably very focused on risk now. The best companies pick a strategy in the middle of the pendulum’s range – they maintain focus and deal with an appropriate proportion of the risk,’ says Carlile.
Successful ERM begins with identifying all risks to an organisation, categorising and prioritising them – taking into account not only the scale, but also the breadth of their impact across the organisation. With a clear risk profile, a company can address critical issues first.
‘This approach means that companies have a choice over whether to mitigate a risk or accept it. Awareness always means you are better prepared. It is human nature to focus on cure rather than prevention, but since Enron we have seen risks materialise and regulatory standards like Sarbanes- Oxley legislate for risk controls,’ says Carlile.
‘The nature of our work means we have been in storms so many times we can foresee them and can assess conditions and structures to help companies prepare for risks. These risks may differ, but they often come from common issues, and our experience means we know how to prepare.’
It is time, perhaps, to move away from dealing with problems in crisis mode towards the more proactive approach embodied in ERM.