In the series of articles published over that past few years, the author has discussed many enterprise risks and proposed solutions to enable any enterprise of any size to address the exposure introduced by each risk. Admittedly, most of the exposures identified and discussed were internal, therefore known and readily identifiable, and subject to protection or hedge.
These risks might include:
• Default risk for nonpayment of undisputed debt
• Default risk from insolvency or bankruptcy
• Failure to provide trained support or proper succession
• Provider failure to perform/supply
• Credit insurer failure to cover…to name only a few.
• Foreign exchange volatility
• Government policy change risk
• Foreign market volatility
• Convertibility risk
Among the solutions to exposures that impact enterprise value and business continuity discussed in previous articles1 was the need to assess risk beyond the internal environment, particularly including awareness of risk in the extended value and supply chains. Understanding the challenges and opportunities associated with risk in supplier networks, provider networks and third party intermediary networks adds an important dimension to the risk management, and corporate governance strategy for success of the enterprise.
Given the current level of economic stress in most markets, it will be generally unpopular to recommend yet another layer of risk assessment. However, introducing this extended due diligence may very well:
• extend the life of the enterprise
• prevent an exogenous “surprise”
• hedge against loss of reputational capital
• sustain a more acceptable access to and cost of funding
The unfortunate rise in previously unforeseen external risks has resulted in a new risk management term: the Black Swan2. It has been generally described as an:
• economic event,
• not generally predictable or even identifiable using traditional ERM processes, but
• introducing serious consequences into the enterprise business risk model.
The condition has been exacerbated by:
• growing globalization
• rapidly changing:
a) geopolitics trends
b) economics trends
c) regulatory trends
d) trade volatility
e) technologies changes
f) environmental conditions
g) events of terrorism
• historical focus on internal risks and solutions, “known risks”
• lack of expertise and experience in assessing external risks
Market disruptions in 2012 as described by interests in their individual regions were driven by:
• Eurozone crisis
• Libor crisis
• US Debt crisis and the Fiscal Cliff issue
Supplementing this list following the review of some of the more easily identifiable Black Swans we find:
• Arab Spring
• Chinese “hard landing” from the high level growth rates
• Possible oil price shocks
• Venezuela succession questions
• Japanese tsunami/Fukushima nuclear disaster
At the global level, the World Economic Forum has been working to address the uncertainties of these major risks for the last eight years.3 Note that much of the methodology described applies to enterprises and the markets in which they reside, and the risk characteristics of the WEF report could easily, and should complement the risk characteristics traditionally considered by enterprises.
In this age of increasing focus on risk management, stakeholders rely upon and are confident in enterprise management and expect a high level of attention to corporate governance. It seems important to introduce discussion regarding the need and methodology for identifying, discussing and charting possible solutions to Black Swan events, in order to maintain this high confidence from stakeholders.
The sense of urgency in response to a particular risk depends upon the probability of occurrence of the event. In order to properly deal with Black Swans, enterprises should make a clear distinction between those risks generally identifiable and whose probability can be estimated (and hedged), and those unknown or unexpected risk events wherein the probabilities remain equally unknown and planning must take the form of scenario analysis.
As a simple example, fundamental risk management practices include a consideration of the sources of critical product supplies to the enterprise. Understanding that customer loyalty and competitive advantage rely first upon the provision by the enterprise of:
• Product or service of excellent quality
• Provided at a price acceptable to the customer
• Available for delivery or provision when ordered
• Supplied in a timely fashion
The series of events across time, wherein orders are placed and product is delivered (and the debt extinguished) is the substance of the relationship and the source of customer loyalty and enterprise differentiation in the market.
Any change to the expected performance gives rise to risk in the relationship model. To the extent that the failure extends beyond a specific customer to a broader segment of the portfolio of customers, it may impact the entire business model.
Consider the following diagram:
Under a fairly standard risk protocol, the Enterprise managed the stock of its most important product through a network of purchase from diverse sources, thus reducing the impact of a failure to supply from either Supplier 1, 2 or 3, or any two of the suppliers. Purchasing organizations regularly monitor the “fill rates” or provisioning of orders placed in order to maintain a suitable mix of suppliers in order to assure product availability as required. In most organizations, this represents sufficient action and has historically been deemed sufficient to represent a business control over the process.
However, there remains a key risk that, though of low probability, might represent a catastrophic scenario for customer if not business continuity.
An example might include an enterprise whose strong diversification strategy requires it to divide its sourcing among several suppliers in order to assure access and delivery of critical components. Performance history of each of the three suppliers indicates that each is a strong performer, thus minimizing the risk of supply interruption. This tier 1 transaction hedges risk of non-availability from one, or even two sources, by extending buying opportunities to three separate sources. What if the diversification schedule through which product purchases are executed holds a critical but unknown flaw?
However, unless the risk review extends to Tier 3, including the supplier sourcing strategy, it may easily be missed that each and all of the three secure critical components of the enterprise regular bill of materials from a single manufacturer. This lack of knowledge and risk is clearly a black swan, introducing a significant potential risk with tremendous consequences to the enterprise.
What if ALL suppliers upon whom the Enterprise relies for the supply of Critical Product 6.211, purchase that product from a single manufacturer. This would not normally be a feature of the transaction discussed in the supplier agreement with Enterprise. This would not be omitted due to malice, perhaps not even considered an oversight, because it represents non-traditional thinking that extends beyond the standard representations and certifications contained in the agreement.
Enterprise agrees to order and supplier agrees to ship, given conditions agreed to by the parties. Neither party intends that the product ordered will not be available for shipment, and by no direct fault of the supplier. But the resulting failure to ship would be catastrophic to the Enterprise!
The mere discussion of this scenario by Enterprise executives could release a chain of research, analysis and events that could save the Enterprise from failure. This is especially true where Black Swan events, such as the concentration of purchasing from all of Enterprise suppliers regarding this critical product, focused in one manufacturer. Without evaluation of the business and in this case supplier model beyond the traditional inquiry, there would be an unknown exposure of potentially catastrophic proportion.
How many of these similar types of events are represented in the model of your business?
Another example might include the probability of an earthquake in a certain area where the enterprise is considering building or occupying a facility depends upon on factors such as a) historical level of activity, b) scientific knowledge about the potential for activity in, or near the target area c) experience from previous events and occupants of the area, among many.
In more general terms:
• What types of event may be possible?
• What events are the most probable?
• What is the probability that a Black Swan scenario/event may occur?
• If such an event occurs, what are the ramifications?
• Given these potential ramifications, what are possible enterprise responses?
• Challenge common assumptions.
• Identify dependencies and interdependencies.
• Given the proposed actions, what would be the impact upon the enterprise under different decision scenarios:
a) Business continuity
b) Level, method and success in satisfying customer needs
c) Enterprise reputation
d) Fiscal achievement
• Would such a response service other problem scenarios?
• Perhaps a playbook4 be established to promote extended thinking among the management team to continuously identify challenges, measure effectiveness of existing strategies and opine new or alternative solutions to the scenarios?
It is intuitive that adapting a new or previously unrecognized challenge to a scenario-devised solution would save time, cost and perhaps the Enterprise by providing a framework and structure through which to evaluate and address the current problem and new features, introduced by the potentially unique facets of this current Black Swan event. The diagram of a possible analytical method follows.
Supplier Network Analysis
Tier 1 Internal to the traditional model
Tier 2 Internal to the traditional model
Tier 3 External to the traditional model
You will note that the incidence of black swans continues to grow and with it the level of exposure, perhaps unrecognized exposure for enterprises. It is particularly troubling that over the course of the period between 1985 and 2005, the number of recorded natural disasters doubled, from 200 to 400 annually, reflecting the extent to which human construction and habitation has extended over the earth’s surface.5 We, and our enterprises are positioned to experience these natural events, these Black Swans, as never before.
Complement these facts with the increase in enterprise global span and the inherent impact of complex linkages among customers, suppliers and other business partners, and the problem with transparency and visibility of such events becomes even more complex. Add to the problem expansion in operational complexity, including logistics and transportation, customer relations, warehousing and distribution, and information technology, support elements that are often subject to outsourcing (often an unknown realm beyond the contract). In these instances, enterprises must rely on partners over whom they have little or no control, and wherein may exist less focus on comparable standards of corporate governance. This represents clear exposure and risk.
As suggested by the author in numerous articles on risk management, a key 3 has suggested that one key risk mitigation tool is the integrated executive management reviews performed weekly in order to assure risk management and the effective communication of customer condition among key factors of the enterprise.
To address these black swans both in the manner of determining where these risks might occur and their impact on the enterprise, a similar integrated forum should be introduced to assure an ongoing due diligence and to review potential threats in every market in which the enterprise trades.
This should supplement ERM reporting to include at the least, scenario planning and sensitivity analysis. In that way, the enterprise will have had the experience of evaluating the readiness status of the enterprise in addressing the potential risks reviewed.
The potential to test alternative assumptions under conditions of uncertainty will enable a level of experience for the participants and a resource for preparing the enterprise should such an exogenous event occur.
It is the purview of enterprise boards of director to assert that:
1. Risk management standards and fiscal representations memorialized in the quarterly and annual financial reports are prudent and correct.
2. Enterprise controls are maintained at levels appropriate to the risk in markets and
3. Risk appetite of the enterprise is managed and at a level acceptable to firm.
4. These issues are managed subject to enterprise policy and practices.
Notice that stakeholder confidence relies directly upon the reported performance metrics of the firm, including a reliance upon the ability of the enterprise to identify and protect itself from the myriad of risks inherent in its markets. Stakeholders do not differentiate between internal (endogenous) or known risks and external (exogenous) not previously known risks.
The addition of this third tier of risk analysis provides further focus on the risks potentially impactful to the enterprise and contribute towards the achievement of its tactical and strategic objectives… including the maintenance and growth of stakeholder value. We have established a need for this depth of analysis, and the need to move tiers beyond the current risk analysis domain.
To begin, it is prudent to establish an assessment and design group, preferably including representatives from each operational part of the organization. The chair of this group should be a C-level executive, chartered to achieve the key objectives and empowered to cross organizations to assure maximum model efficiency and content. Each organizational group should contribute experienced associates.
Preparing for the Black Swan scenario discussion requires establishing a structure, an audience and a scenario framework. But more about that interesting subject later.
Generally, the local process begins as follows:
I. First create a diagram of the complete enterprise value chain, both:
• Internal
• External
II. Include all relevant stakeholders in the value and supply chain:
• Customers
• Suppliers
• Providers (banking, trade credit, information resources, utilities
• Third party providers (finance, analytics)
III. Discuss Black Swan issues from all facets of enterprise relationship
• Determine dependencies
• Identify interdependencies
IV. Establish the Black Swan “playbook” in which to memorialize the strategies proposed for given events. Refer to this when seeking new solutions.
V. Introduce the WEF Global Risks Report as a feature of the scenario analysis to assist in the identification of Black Swan issues.
Understand that risk in both Tier 1, that which directly interacts with your firm and Tier 2, that impacts suppliers, providers etc., and directly impacts them, but creates an event that directly impacts your firm’s ability to satisfy the objectives of the firm.
As the elements and relationships are defined, it is important to question historical assumptions about the impact of certain risk events on the current business model.
The reasons for introducing Black Swan analysis into the enterprise risk management framework are clear. That action enables the enterprise board and executive team to assert a level of intensity and protection not generally found in enterprises.
The enterprise therefore represents a much better investment in the market for customers, suppliers, funding and banking sources, and investors. The practical reality is that the enterprise will be much better poised for continued or even renewed profitable growth if these exogenous issues are addressed.
Additional articles in this series will address the methodology utilized to actually structure the executive meeting and introduce scenario analysis.
1 See Prof. Patrick O. Connelly, “Capitalizing on Synergies Introduced at Each Level of Organizations, An End-to-End Approach.” ICM Magazine, February, 2013
2 See The Black Swan by Nassim Nicholas Taleb, 2007, Second Edition, Amazon.com
3 For research methodologies and current insight into the subject of global complex risk, see www.weforum.org/wef_globalrisks_report_2013.pdf
4 this knowledge is a proprietary asset of the enterprise and should receive the same level of security as other intellectual property assets.
5 World Economic Forum, Supply Chain Risk Initiative at http://weforum.org/supplychain
Professor Connelly is an itinerant educator and author of numerous articles on the subject of foreign trade, China trade, credit and risk management. He further authored Trade Credit Risk Management Fundamentals of the Craft in Theory and Practice.
As founder of the Tao Institute for Credit & Risk Management, he has offered the International Certified Credit Risk Professional certification program in the People’s Republic of China successfully for the last decade. For questions on the content or discussion please refer to pconnelly@taoicrm.com. All rights are reserved by the author.
