|
|
Saturday, 20th April 2024 |
| Good governance is not a worthy cause – it is simply good management practice |
Back |
| A lot of lip service has been given recently to ‘good corporate governance’ as if it was good for goodness sake, but management should, and will only apply themselves to activities that will generate long-term value. Cormac Murphy offers advice on what the Irish financial services industry should learn from the recent ‘governance’ debate. |
The financial services industry in Ireland is a wonderfully diverse collection of activities. The domestic players extract impressive returns but are continuously challenged by the need to protect themselves from overseas competitors. The IFSC continues to develop and offers powerful insights into threats and opportunities for international banking, insurance and fund management.
The issue that these entities have in common is a disillusioned equity investment market and an associated criticism of corporate reporting standards. While the dissatisfaction of fund managers and underlying investors is palpable, we also hear a lot from nervous non-executive directors (NEDs) and regulators. NEDS, very reasonably, are very aware of the reputation and legal exposures to ‘problems’ during their tenure. Regulators have equally justified concerns at their exposures from industry viability. No other industry features such high levels of leverage or such an acute nose for failing reputations.
Management’s response
For a number of years, management’s focus seems to have been around concepts such as shareholder value, customer relationship management and of course, cost management. A lot of lip service has been given recently to ‘good corporate governance’ as if it was good for goodness sake. I remain convinced that charitable causes should be a matter of personal conscience and that they will only ever get superficial attention within our capitalist model of corporate management. Management should and will only apply themselves to activities that will generate long-term value.
In fact, financial services industry management continues to focus considerable resources and talent on demonstrating increasing value for shareholders, and brings this to individual business units and support functions through performance scorecards of the popularly labeled ‘balanced’ type. Customer Relationship Management (CRM) has become unfashionable of late – mainly because anticipated cross-selling of products has not materialised. Knowing that your favourite financial services provider has a lot of products to sell is very different from trusting them sufficiently to not bother shopping around. This applies to wholesale as well as retail markets.
Cost management is always in fashion and ranges from the blunt (you have 20 per cent less budget than last year’) to complex (with cross-border decisions on structuring of operations and outsourcing decisions). It is likely that every business manager in Ireland has touched both of these cost discussions and many carry the battle scars of defending the absurd increases in the cost of living in Ireland.
So, where are we going with this?
Good governance is not a worthy cause – it is simply good management practice.
Economics is the study of the allocation of scarce resources between competing ends. Management is about making and implementing such decisions by influencing factors that determine revenues and costs over time i.e. value. We were taught that decisions should be made by calculating the NPV of a particular investment. Decisions are based on expected future cash flows from capital investment. The other component of the NPV calculation is the risk adjustment factor reflected in your discount rate. This factor is based on volatility of expected returns. Part of the decision making process is therefore the identification and analysis of the high impact variables. Some such variables cannot be controlled, while with others management can reduce or eliminate by changing the business proposition (e.g. not selling to particular market segments), pricing (charge customers for the extra volatility they want you to bear), insurance (if a relevant market in the particular risk exists) or otherwise pay another party to take away the risk. The most common response to business risk appears to be to simply accept the volatility and not worry about it unless it steps outside acceptable parameters.
Say again?
Risk identification and management is intrinsic to every single business decision. It is not a sideshow. NPV calculations may never become popular but the underlying principles of forecasting future cash flow and thinking about your key variables should.
Total risk (market plus credit plus insurance plus operational) may not be a nicely measurable proposition but I am sure that you would agree that it is better to be approximately right than completely wrong. We should prefer management’s subjective view on future cash-flow volatility every time over the illusory comfort blanket of capital asset pricing models, historical PE ratios and historical cost accounting.
So why do we need risk managers?
If, as managers, we are loyal to concepts such as NPV, we do not need risk managers. What we do need is for managers to better understand the variables they are trying to manage and to better articulate both the inherent volatilities and their approaches to their management. They need this primarily so that they can make better-informed business decisions. The other great advantage is that such information can be made available to investors, NEDS, regulators, rating agencies, customers and even auditors. In fact, I would go so far as to say that the job of all such parties is impossible without such transparency and quality of management, and that these factors are all too often missing.
This is the alarming part. Has the great governance debate of the last couple of years in any way changed how managers go about their daily business? Are boards, regulators or auditors any the wiser as to the risk being taken in the business they are overseeing? Has the combination of Basel II, Sarbanes Oxley and our own Auditing and Accounting Act created anything other than a healthy market for so called compliance professionals?
This is all very conceptual – what should be done in practical terms?
Above all, recognise that risk management is all the things management does/should do on a day-to-day basis. All too frequently, risks are defined as extreme events of a negative nature. Fine for insurance industry salesmen. However, for the rest of us risks are all of the variables that could impact our ability to meet our business objectives.
The annual budget/objective setting process is a good opportunity to embed this idea. As each unit sets its targets for revenues, costs and utilisation for next year, ask also that they identify the key variables potentially impacting the expected outcome. For each such variable ask for a clear articulation of the expected gross volatility, the management approach to be adopted (eliminate, price, insure, transfer or accept) and most interestingly, ask that key performance metrics reported on a regular basis be aligned not just to tracking revenues, costs and capital, but also to the estimation of these gross volatilities and of effectiveness of their management. There is a fascinating and clear link between a manager’s cost base and his approach towards monitoring/ controlling business variables. This will enable management to monitor the overall business volatilities and respond to such changes so as to keep enterprise-wide volatility within acceptable parameters while delivering a decent return for investors.
Too conceptual?
Not at all. This is exactly what a number of domestic and international financial institutions have been doing of late. Bring risk into management – do not create an inadequate parallel process.
Any other practical tips?
Do not listen to anybody trying to sell you the ultimate solution in risk management if it involves lots of activities and databases outside your core management processes. Do not take the job as risk manager as you will not have control over management of risk. All you can do is facilitate management in the identification of their risks and advise them on their (risk) management approaches. However, if you get landed with the job, change the title to Risk Advisory Manager. HR departments set policy and advise on good practice implementation. They do not manage the people (hopefully). Risk management departments should have a similar focus.
In summary for speed readers!
Management needs to be clearly focused on the variables that can impact attainment of business objectives. This must be on a transparent basis for both management and other interested parties to have a chance of doing their jobs effectively. Any other form of ‘risk management’ is at best a passing fad with little value to shareholders or anyone else. At worst, it is a distraction from the real process of management and a false comfort for interested parties. Stop treating risk as a secondary list of things to do and get managing.
As for regulatory compliance, accept it as part of your business reality but contextualise it by seeing it simply as a subset of the risks you need to manage, which has a relative priority and so should be allocated an appropriate level of resources to control its potential impact on your ability to generate shareholder value. |
Cormac Murphy is the partner in charge of Ernst & Young’s Financial Services Risk. Management practice in Dublin. Any views expressed in this article are the writer’s own.
|
| Article appeared in the April 2005 issue.
|
|
|
