Bridging the Gap Between Research and Practice

Risk Institute Portraits Fisher Hall - Third Floor Feb-02-2016 Photo by Jay LaPrete ©2016 Jay LaPreteIsil Erel
Academic Director, The Risk Institute
Professor of Finance
The Ohio State University Fisher College of Business

 


One of the primary functions of The Risk Institute at The Ohio State University Fisher College of Business is to serve as a conduit between academic research and practitioners of risk management.  New research insights, the advancement of theory, and top-tier empirical studies are at the foundation of our mission, but we also want to see the utilization and implementation of our research findings.

We often reference that The Risk Institute exists at the intersection of academia and practice of risk management. It is at this intersection where we facilitate the translation of academic research into practical application. The challenge most busy industry practitioners face is that high level research is written in the unique language of academia and their busy schedules don’t afford them the discretionary time to tackle a lengthy thesis of academic research on the off chance it might contain a relevant insight or two.

risk3TwitterThe Risk Institute is meeting the need by bridging the gap with The Risk Institute Research Translation Series – a curated collection of insightful one-page practitioner focused translations of relevant research topics. Written from the perspective of a practitioner for a practitioner this one page overview goes beyond an executive summary and focuses on the substantive insight of the research in a concise and efficient manner. A practitioner can supplement their knowledge of the latest research in a matter of minutes. Should a topic resonate, the opportunity exists for more in depth reading as well as engaging the researchers through The Risk Institute.

New translations will be coming online and I encourage you to frequently consult our digital library for new offerings. Of particular note will be the translations from each of our academic grants for research from last year, which will be available later this summer.

Risk is an ever-evolving field and we are confident that The Risk Institute can play a vital role with these translations in advancing the knowledge base and practice of enterprise risk management.


The Risk Institute at The Ohio State University Fisher College of Business brings together practitioners and researchers to engage in risk – centered conversations and to exchange ideas and strategies on integrated risk management. Through the collaboration of faculty, students and risk management professionals, The Risk Institute addresses risk at a broad cross section of industries and is dedicated to developing leading – edge approaches to risk management.

 

The Risk Institute at The Ohio State University Releases its Second Annual Survey on Integrated Risk Management

Risk Institute Portraits Fisher Hall - Third Floor Feb-02-2016 Photo by Jay LaPrete ©2016 Jay LaPreteIsil Erel
Academic Director, The Risk Institute
Professor of Finance
The Ohio State University Fisher College of BusinessRisk Institute Portraits Fisher Hall - Third Floor Feb-02-2016 Photo by Jay LaPrete ©2016 Jay LaPrete

 

Philip S. Renaud II, MS, CPCU
Executive Director, The Risk Institute
The Ohio State University Fisher College of Business


On June 1, 2016, The Risk Institute at The Ohio State University Fisher School of Business unveiled findings from its second Annual Survey on Integrated Risk Management. The research initiative focuses on how U.S. companies view the role of risk management, how it is structured and the ways it is integrated to support business decisions. Senior leadership from more than 530 financial (23 percent) and non-financial (77 percent) companies both public and private were surveyed for the report.

This year’s survey has demonstrated that risk management continues to evolve and firms are creating holistic and organization wide risk management functions. The survey highlights how integrating risk management plays a key role in a firm’s ability to remain competitive and create sustainable value in the current business and economic climate.  

Respondents of the survey deliver insights across five key areas:

  • Organizational structure and tone at the top
    • Firms are moving toward a more centralized approach to risk management, as it is a source of both growth and value. In fact, half of the firms surveyed shared that senior leadership is allocating more funds for external and internal resources.
  • How risk management is integrated into business processes
    • To effectively integrate risk management into business decisions, firms must recognize business processes. The three leading processes reported by survey participants were:
      • Compliance
      • Strategic Planning
      • Operational Business Planning and Management
  • The scope of risk management
    • The survey highlighted that to limit risk taking by employees in financial and non-financial firms, management extensively takes steps to limit sales at risk (or similarly cash flow at risk). They also require use of financial instruments (e.g. derivatives) as hedges rather than speculative tools, set size limits on projects permissible without limits, and use financial hurdle rates to adjust for risk.
  • Risk management process
    • While many respondents believe risk management is integrated across the firm, they also report that only a subset of business functions are actively involved in identifying, measuring and managing major risks.
  • Disruption
    • Approximately 80 percent of firms participating did not experience a disruptive event in the last year. If they did, most reported that the disruptions were related to regulations, cyber theft of confidential information and or systems failure.

The Risk Institute is excited to continue to participate in the conversation around the evolution of risk management within business, from an integrated perspective of academia and practice. Stay tuned as we dig deeper into the survey results in future posts, and feel free to contact us to continue the conversation or explore ways to engage with us on this mission.


Continue reading The Risk Institute at The Ohio State University Releases its Second Annual Survey on Integrated Risk Management

The Risk Institute 2014 Survey – Evolving the Conversation

minton bernadette 130x195By Professor Bernadette A. Minton
Academic Director, The Risk Institute
Arthur E. Shepard Endowed Professor in Insurance
The Ohio State University Fisher College of Business 

 


Last week, The Risk Institute released its first annual Survey on Integrated Risk Management.  As my colleagues and I reviewed the survey results, we agreed that they provided insights into three aspects of risk management:

  • Senior executives’ views about the role of risk management in their firms
  • The structure of risk management functions
  • How firms integrate risk management into business decisions

Yet, we also agreed that the results raised several questions, including:

  1. Are firms’ risk management approaches really integrated or are they just aspirational? On the one hand, firms say they view their risk management approach to be integrated, meaning they stress its use across the firm and recognize it to be a source of growth opportunities and not just a reactive or defensive strategy. Yet, further survey questions about how they integrate risk management into business decision-making show that such integration is piecemeal and does not extend to all functional areas or units.
  2. If a firm reports the recognition of risk management as the source of growth and as the most important catalyst for their increased risk management efforts over the last three years, why does the audit committee have the primary responsibility for risk management? The executive committee and/or strategy committee of the board understand the drivers of firm value and set the corporate objectives to enhance firm value. However, firms rarely reported that these committees are responsible for risk management at the board level.
  3. Why are business functional areas like marketing, sales, human resources or research and development not more involved in risk management processes? These functional areas have large amounts of data that can help firms understand risks to their corporate objectives as well as help identify emerging risks.
  4. If balancing risks to create value means mitigating risks at times and leveraging risks at other times, why are firms not using mechanisms to set the scope of risk taking consistent with this view?

At The Risk Institute, we are dedicated to advancing the adoption of leading risk management strategies by leveraging the collaboration between academic scholars and RiskInstitute_block Dpractitioners. As we work to provide insights into the questions raised by the survey, we look forward to continuing the conversation on the evolving role of risk management through: new areas of research; translations of completed academic research for practical business applications; and educational programs for business professionals, undergraduate and graduate level students.  Through these dialogues, we can collectively advance our knowledge of risk management and influence adoption of leading risk management practices.


To learn more and access the complete 2014 Survey on Integrated Risk Management, visit: go.osu.edu/2014RiskSurvey

A Snapshot of Risk Management in 2015

minton bernadette 130x195By Professor Bernadette A. Minton
Academic Director, The Risk Institute
Arthur E. Shepard Endowed Professor in Insurance
The Ohio State University Fisher College of Business 

 


As published on Columbus CEO’s CEO Live blog on May 20, 2015

In recent years, risk management has evolved into a more comprehensive and integrated practice.  Risk management was once viewed as only being done to meet regulatory requirements and to protect the firm against the negative effects of volatility in their business environment.  While those aspects remain leading catalysts for firms who increased risk management efforts over the last three years, a fraction of firms recognize risk management to be a source of growth.

Over the same three-year period, senior executives and the board of directors have become more involved in risk management processes. This integrated approach leverages collaboration across an organization to identify and evaluate risks and to proactively manage those risks to achieve corporate objectives and enhance shareholder value.

One of the primary goals for The Risk Institute at The Ohio State University Fisher College of Business is to create a greater understanding of how organizations can proactively leverage risk management to create value.  Given the varied roles that risk management plays in different organizations, it is important to hear from senior executives from both financial and nonfinancial industries about how they view risk management’s role in their organization. It’s also critical to understand how executives, if at all, integrate risk management into business decisions as well as structure their risk management function to support its role in the firm.

Organizations are increasingly impacted by risks that are more interconnected and ever changing. This means that the conversation about risk and risk management must continue to evolve and grow. It is with this goal in mind that The Risk Institute developed a comprehensive research initiative to survey senior risk management executives. The survey is designed to deepen the understanding of how U.S. companies structure their risk management practices.

The annual Risk Management Survey is one example of how The Risk Institute and its founding partners are committed to moving this conversation forward. In this inaugural survey, we provide a snapshot of risk management practices among a large and diverse set of U.S. firms.

As The Risk Institute unveils the findings from its inaugural 2014 Risk Institute Survey on Integrated Risk Management several things are clear.

 1) In order for firms to transition to a more integrated risk management approach, which views risk management as a source of value enhancing opportunities, it is important to choose a leader of the risk management functions who embraces this view and who does not see risk management as merely a defensive strategy. Equally important is choosing a leader who can effectively collaborate with other C-suite executives to leverage risk to enhance shareholder value.  Finally, the Board committee responsible for risk management also should share this view.

2) For firms wanting a more integrated risk management approach, it is important to include more business units/functions in the processes and not only rely on those functions related to finances and meeting mandated requirements. Aligning risk management with key organizational strategies will aid an organization to successfully develop a fully integrated risk management function that can leverage risk to achieve corporate objectives and enhance growth and shareholder value.

3) For firms to fully reap the benefits of an integrated approach, not only do they need to recognize a business process and analyze the risks of that process, they must also increase their efforts to have their analysis feeding back into the risk management of the firm itself. This “looping” process will allow firms to proactively manage the risks impacting their organizations and identify emerging risks to be leveraged or mitigated.

4) Given the changing nature of risks impacting firms, firms must continue to use a variety of techniques like best case/worse case and extreme scenario analyses, which can effectively evaluate these risks by including proprietary models and simulations.

5) As firms move from viewing risk management as a defensive strategy to a more fully integrated approach, senior executives and the Board must develop mechanisms to set the scope of risk-taking that are consistent with this latter view of risk management.

These findings afford some great insights and will enable us to investigate and address challenges in the practice of risk management so to advance the adoption of leading integrated risk management strategies.


To learn more and access the complete 2014 Survey on Integrated Risk management, visit: go.osu.edu/2014RiskSurvey

Preparing for Supply Chain Disruption and “100-year events”

john-gray 100x150By Professor John Gray

Tsunamis. Nuclear disasters. Factory fires. These are the kinds of cataclysmic incidents companies often label “100-year events,” putting even the best risk management infrastructures to the test and leaving an indelible stamp on the businesses that survive.

For companies with global reach, however, these so-called 100-year events can occur with striking regularity. For a firm operating in 30 independent regions, the likelihood that they experience at least one “100-year event” in one of those regions in a given year is over 25 percent. Considering each year independent of the other, this company in a half-decade will have a nearly 80 percent likelihood of experiencing at least one 100-year event, making the unpredictable seem, on the contrary, quite predictable.

The incidents themselves don’t indicate a company has taken undue risks or “failed.” In the end, what separates firms with strong risk programs and those with weaker ones is the degree to which they’re aware of risks they face (and have reduced these risks where appropriate), how they detect those risks, and how they respond when an event occurs.

Greif Protest 2014

One Columbus, Ohio-area company, Delaware-based industrial packager Greif experienced its own collision with supply chain risk when one of its plants in Turkey was taken over in the spring. News reports described the takeover as “led by a small radical group of individuals,” reportedly communist workers. The takeover and subsequent plant closing will cost the company $27 million this year, no small change for a firm whose 2013 net income was under $150 million.

From an outsider’s perspective, such an incident can raise many questions: When the company chose Turkey, were these risks considered in comparison with other locations? If they were, how was the risk incorporated into the decision? If not, would they have changed course if this possibility hit the radar? Once the plant was operational, what disruption mitigation plans were implemented? And finally, were there any opportunities for prevention?

It is important to note that Greif already has a well-structured and comprehensive risk management system in place, driven by risk management teams for each strategic business unit. They’re the source of regular monitoring of economic, political and regulatory changes that might impact operations along with education, auditing and compliance management for the company’s global footprint. Even with such a system in place, this incident still occurred, illustrating a brutal truth about supply chain risk management: You can do everything right and will still experience adverse events.

Doing everything right starts with a program that includes four key elements: Assessment, planning, detection, and response.

  • Assessment is crucial as the supply chain is being designed, but it is impossible to assign expected costs to all potential supply chain risks. Companies often use a “red-yellow-green” or slightly more sophisticated coding system to supplement the analysis of quantifiable costs. Assessment also includes evaluations of “time to recover” ( TTR) and “revenue at risk” (RAR) (which goes by other names, including revenue impact and risk exposure) for a given site, which are critical for planning.
  • A key aspect of Planning is Business Continuity Plans (BCPs), which outline steps to be taken in the event of foreseeable disruptions. This is also where firms invest in risk mitigation (for example, owning extra inventory or developing a second source for a component). TTR and RAR provide the justification for such investments.
  • Detection is learning about risks as soon as possible, ideally while they are still developing.
  • Finally, Response is the “real-time” work after an incident has occurred.  Firms with sophisticated supply chain risk systems have “playbooks” to improve responsiveness to many possible incidents.

In the aftermath, companies faced with challenges similar to Greif’s typically revisit their location-related risk management programs and often face another classic problem of risk management: Return on investment. Because quantifying all risks, even probabilistically, is impossible, quantifying ROI is not feasible. Because of this, firms may overinvest in risk management plans after an incident hits close to home, and then scale back programs, ironically, when they have been effective at reducing risk. The general belief in the context of investment in supply chain risk managements currently seems to be “more is better.” As most firms historically have neglected this area, that’s probably a good thing. At some point, though, especially after periods of quiet, CFOs may start asking what return they are getting on risk mitigation plans with such as multiple/backup sources, extra inventory, and a staff working on plans they hope will never be used. Supply chain risk managers will likely need to rely on more and better data on the likelihood and costs of supply chain risks, not just for internal planning but for justification of risk-reducing investments. With the “big data” trend, consultants, entrepreneurs, and even insurance companies are stepping up to try to fill this need. It is far from clear whether supply chain risk will ever be quantifiable enough to develop accurate ROIs for risk-reductions , but it is likely firms will continue to get incrementally better. That’s all anyone, even the CFOs, can ask for.


Professor John Gray is an associate professor of operations at the Fisher College of Business and an affiliated faculty member of The Risk Institute. Prior to receiving his PhD from the Kenan-Flagler Business School at the University of North Carolina – Chapel Hill, he worked for eight years in operations management at Procter & Gamble while receiving an MBA from Wake Forest University. Prof. Gray’s research has received several awards and recognitions, including the 2012 Emerald Citations of Excellence award, the OM Division’s Chan Hahn best paper award at the Academy of Management conference in 2012, and the 2011 Pace Setters award for research at Fisher. He also serves as a senior editor for Production and Operations Management and an associate editor for the Journal of Operations Management. Among his service to professional societies, he is serving a 5-year leadership role for the Academy of Management’s OM Division from 2014-2018.

Interested in supply chain logistics and risk management? Join us for our executive education session on  September 10, 2014  to learn more.  Contact The Risk Institute for details.