Transcript Risk and Value

Understanding the
Control Environment
Timur Gök
Caribbean Association of Audit Committee Members
Basseterre, St. Kitts
30 September – 2 October, 2010
Outline
•
•
•
•
•
Internal Controls
Towards an Alternative Approach
Strategic Control
Risk Management
Conclusions
2
Internal Controls
Internal Controls
• System of controls
– Put in place to provide reasonable assurance
that the corporation will achieve its objectives,
including efficiency and effectiveness of
operations, reliable reporting, and compliance
with applicable laws and regulations
– A strong system of internal controls is
imperative to effective ERM
– Consists of the control environment,
pervasive control plans, and business control
plans
Gelinas and Dull, Accounting and Information Systems (2007).
4
Internal Controls
• Control environment
– The tone set by the BOD and top
management regarding the general
awareness of, and commitment to the
importance of, control throughout the
organization
Gelinas and Dull, Accounting and Information Systems (2007).
5
Internal Controls
• Business process controls
– Procedures that identify specific business
risks to prevent interruption of operations
• Pervasive controls (and general controls)
– The governance structure and ancillary
control procedures that keep the corporation
“on track”
Gelinas and Dull, Accounting and Information Systems (2007).
6
Framework for Internal Controls
• COSO
– Also the framework suggested by PCAOB in
Auditing Standard No. 2 as a suitable
framework to guide management’s
assessment of internal control for SOX
Section 404
• But how does one apply the COSO
framework to implement ERM?
– “COSO … seems like an instruction manual
that never got around to giving actual
instructions”
7
COSO Framework
8
• Imagine if you will, that on some Christmas Eve,
facing a slew of unassembled children's toys,
you were to read the instructions that come with
your child’s new bicycle, which is completely
unassembled. To your horror, you find that the
authors of the instructions used, as a guide, the
COSO framework. The first few pages discuss
the definition of "bicycle" and "ride". They then
go into a definition of "assembly" which reads,
"Assembly involves the processes and
procedures undertaken by a person or
organization to put together the various parts of
a disassembled object such that it provides a
complete and whole object."
B. Vance, Why ERM Frameworks do not work (2007).
10
Towards an Alternative Approach
Better Models and Stress Tests?
• Could “better” models and stress testing
have saved us from financial ruin?
– Conditional VaR—capture spillover effects in
troubled markets, such as losses due to
distress of others
– Continuous VaR—measure within-horizon
probability of loss
– Simulations and stress testing
12
Strategic Risk
• “[A]rray of external events and trends that
can devastate a company’s growth
trajectory and shareholder value”
Slywotzky and Drzik (2005)
• “Risk stemming from an inability to adapt
to changes in the environment”
13
Strategic Risks
Slywotzky and Drzik, “Countering the biggest risk of all,” Harvard Business Review, April 2005.
14
Risk Taxonomy & Risk Contribution
Kuritzkes and Schuermann (2007)
15
Strategy v. Tactic
• The starting point is corporate strategy
• Strategy
– Overall plan for deploying resources to
establish a favorable position
• Tactic
– Scheme for a specific action
• Strategy is about winning wars; tactic
about winning battles
16
Strategy
• Provides a link between the firm and its
environment
Industry Environment
Firm
• Customers
• Goals and values
• Resources/capabilities
• Structure/systems
• Suppliers
Strategy
• Existing competitors
• Potential competitors
and substitutes
Internal
Factors
External
Factors
R.M. Grant, Contemporary Strategy Analysis, 4/e. Blackwell, 2002.
17
Strategic Analysis
• Conduct a strategic analysis to develop
and articulate a strategy
• Analyze “how the firm can generate
returns (rents) in excess of the opportunity
costs by engaging in a more effective
corporate/business strategy”
– Corporate strategy as domain selection
– Business strategy as domain navigation
R.M. Grant, Contemporary Strategy Analysis, 4/e. Blackwell, 2002.
18
Shareholder Value Approach
E. Maug, “Valuation and shareholder value.” Lecture slides.
19
Strategic Control
Strategic Control
• Process of monitoring and correcting a
firm’s strategy and performance
• Traditional approach to strategic control
– Strategies are formulated and top
management sets goals
– Strategies are implemented
– Performance is measured against the
predetermined goals set
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
21
Traditional Approach
• Most appropriate when
– Environment is stable and relatively simple
– Goals and objectives can be measured with
certainty
– Little need for complex measures of
performance
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
22
Contemporary Approach
• Contemporary control system
– Continually monitor the environments (internal
and external)
– Identify trends and events that signal the need
to revise strategies, goals and objectives
– Exercise informational control
– Exercise behavioral control
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
23
Contemporary Approach
Dess & Lumpkin, Strategic Management, McGraw-Hill Irwin (2010).
24
Contemporary Approach
• Informational control
– Concerned with whether or not the
organization is “doing the right things”
• Behavioral control
– Concerned with whether or not the
organization is “doing things right” in the
implementation of its strategy
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
25
Behavioral Control
• Behavioral control is focused on
implementation—doing things right
• Three key control “levers”
– Culture
– Rewards
– Boundaries
Dess & Lumpkin, Strategic Management, McGraw-Hill Irwin (2010).
26
Why Culture and Rewards?
• The competitive environment is complex
and unpredictable, demanding both
flexibility and quick response to its
challenges
• The implicit long-term contract between
the organization and its key employees
has been eroded
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
27
Culture
• Culture sets implicit boundaries (unwritten
standards of acceptable behavior)
– Dress
– Ethical matters
– The way an organization conducts its
business
• Culture acts as a means of reducing
monitoring costs
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
28
Sustaining an Effective Culture
• Effective culture must be
– Cultivated
– Encouraged
– Fertilized
• Maintaining an effective culture
– Storytelling
– Rallies or pep talks by top executives
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
29
Rewards and Incentives
• Rewards and incentive systems
– Powerful means of influencing an
organization’s culture
– Focuses efforts on high-priority tasks
– Motivates individual and collective task
performance
– Can be an effective motivator and control
mechanism
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
30
Effective Rewards and Incentives
Dess & Lumpkin, Strategic Management, McGraw-Hill Irwin (2010).
31
Example: TIAA-CREF Principles
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
32
Boundaries and Controls
• Improve operational efficiency and
effectiveness
• Minimize improper and unethical conduct
Dess & Lumpkin, Strategic Management, McGraw-Hill Irwin (2010).
33
Organizational Control
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
34
Putting It All Together
• Corporate Governance
– Improve operational efficiency and
effectiveness
– Minimize improper and unethical conduct
Dess, Lumpkin, & Eisner, Strategic Management, McGraw-Hill Irwin (2010).
35
Risk Management
Better Models and Stress Tests?
• Could “better” models and stress testing
have saved us from financial ruin?
– Conditional VaR—capture spillover effects in
troubled markets, such as losses due to
distress of others
– Continuous VaR—measure within-horizon
probability of loss
– Simulations and stress testing
37
Yes, But…
• British regulators found that banks’ stress
tests before the crisis were very modest
– “There was absolutely no incentive … to run
severe stress tests … because if there were
such a severe shock, they would very likely
lose their bonus and possibly their jobs [and]
in that event the authorities would have to
step in anyway to save a bank and others
suffering a similar plight.”
A. Haldane, “Why banks failed the stress test,” (February 2009).
38
Models and Objectives
• Lynda Gratton, who was Chief
Psychologist in the early 1980s at British
Airways when the company was starting to
break free from its state-owned origins,
observed “nervous young avionic
apprentices arriving for job interviews
carrying large bags containing Airfix
models of aeroplanes.”
S. Stern, Lunch with the FT, Financial Times (February 5, 2010).
39
Models and Objectives
• “We had to convert an
organisation which
loved aircraft [British
Airways in the early
1980s] into an
organisation which
loved people, and that
was a rather difficult
thing to do.”
Lynda Gratton
S. Stern, Lunch with the FT, Financial Times (February 5, 2010).
40
Purpose of Risk Management
• Likewise, risk management is not just
about quants and their models, but it is
about making institutions more resilient
41
Case Studies
The Titanic
• Stresses similar to what the Titanic experienced
in its collision with the iceberg were applied to
the joint, and the top of one of the rivets popped
off, at a load only 60 percent of what a good
quality rivet should have withstood.
43
Challenger
• Gray smoke escaping
from the right side
44
Vietnam and the Dereliction of Duty
• During the Vietnam war, … [t]he joint chiefs of
staff were warned by their chairman, Maxwell
Taylor, that Lyndon Johnson did not like "split
advice". Johnson's defence secretary, Robert
McNamara, argued that government would be
ineffective if department chiefs were to "express
disagreement" with the president. Not disobey,
but "express disagreement". Johnson trusted
McNamara implicitly and relied too heavily on
the advice of a man he praised as a "can-do
fellow". Isolating himself from dissent, the
president made a series of disastrous decisions.
T. Harford, “Listen to the bearers of bad news,” Financial Times, (Feb. 25,
2010). From Dereliction of Duty by H.R. McMaster (1997).
45
Iraq
• “Mr. Rumsfeld would not even let his
commanders use the word ‘insurgent’.
This Orwellianism made it much harder for
army officers to rely on the appropriate
doctrine: a counter-insurgency strategy.”
T. Harford, “Listen to the bearers of bad news,” Financial Times, (Feb. 25,
2010).
46
Oversimplification
• IPCC's thorny mission: Take sophisticated
and sometimes inconclusive science, and
boil it down to usable advice for
lawmakers. To meet that goal, scientists
working with the IPCC say they sometimes
faced institutional bias toward
oversimplification.
J. Ball and K. Johnson, WSJ (Feb. 26, 2010).
47
Warning Ignored
• Werner Hoeger, an Olympic luge athlete injured in a
crash at the Whistler Sliding Centre in November, had
warned Canadian officials about safety hazards at the
track months before a competitor was killed at the
Vancouver Games in an accident on the same course.
J. Abrams and K. Thomas, NY Times (Feb. 19, 2010).
48
Hurricane Expert Dismissed
• Ivor van Heerden, an internationally known
hurricane expert, lost his job at Louisiana State
University. He and other experts said it was
because of his outspoken criticism of the federal
government’s flood protection of New Orleans.
• In the years before Hurricane Katrina, in 2005,
he sounded alarms about the potentially
devastating impact of a major storm on New
Orleans despite 40 years of hurricane protection
efforts.
J. Schwartz, NY Times (Feb. 11, 2010).
49
Toyota
• Toyoda
Concedes
Profit Focus
Led to Flaws
• Regulators
Hired by
Toyota Helped
Halt
Investigations
Graphic, NY Times (Feb. 2, 2010).
N. Shirouzu, WSJ (March 1, 2010) and Bloomberg.com (Feb. 13, 2010).
50
51
The significant problems we face cannot be
solved by the same level of thinking that
created them.
Albert Einstein
52
Conclusion
Lesson?
• “It is the human element that completely
dominates risk.”
Managing Risk (2009)
R. Duffey and J.W. Sull
54
Timur Gök
Regional Director, PRMIA Chicago
Visiting Associate Professor
Director, Arditti Center for Risk Management
Department of Finance
DePaul University
Chicago, IL 60604
312/362-5001
[email protected]