Feeding the world is the great legacy of Cyrus McCormick, whose invention of the mechanical grain reaper in 1832 was the first harvesting productivity improvement in 1,000 years. Shortening harvesting time decreased the risk of missing the narrow window for harvesting ripened grain. To grow sales, he produced reapers of higher quality than competitors. Perhaps a greater innovation was the widespread introduction of equipment financing to enable farmers to buy a reaper before they received the money from their harvest. For this, McCormick had to manage credit risk.
McCormick's innovations illustrate that risk always has been a multifaceted concern for companies, with each facet's methods refined over time. Practically every role in any organization is directly or indirectly related to risk management. Different industries and professions have long-standing methods for managing risk. To be conversant in how the organization addresses risk, internal auditors navigating today's complex and interdependent business environment must be able to understand the risk management views and calculations used by many different disciplines.
Over time, organizations have created a plethora of functions that manage business risks from their own point of view.
Product and Market Research Researchers look at risk by product or market life cycle. For example, missing customer needs, mistakes in product design, poor messaging, insufficient trial or repeat purchases, product extensions, upgrades, and delays in discontinuing a product are all risks that product managers routinely face. Mathematically, a key formula is "expected value of perfect information." Product managers are constantly asking themselves, "What is the risk (probability) of missing an insight if we don't invest more in research?" New Products Management by Merle Crawford and Anthony Di Benedetto is a key resource.
Strategy and Competitive Analysis Strategic professionals look at risk in stark terms — the potential of having business value diminished by failing to understand dynamics in competitors, customers, and products (including substitutions). They are constantly asking, "What am I missing?" and looking for ways to overcome structural blindness. For strategists, the risk that springs from change creates opportunity. Taking risk and managing it better than competitors is the ultimate competitive differentiator. This is illustrated by popular books such as Jim Collins' How the Mighty Fall, Harold Evans' They Made America, and Peter Diamandis' Bold.
Financial Management A central responsibility of finance is to allocate capital to the best investments. Two frequently used formulas for guiding these investment decisions are net present value (NPV) and options modeling. NPV is the more popular of the two. The numerator in the NPV formula is the risk-adjusted return of a proposed investment. The denominator is the overall or average risk-adjusted cost of capital to a business or business line. Both the proposed investment and average NPV include the time value of money. If the proposal's return is better than the average, the decision criterion is to fund the project. Options modeling extends NPV by breaking an initiative into phases. At each phase, the question is asked, "What is the probability that the value of the business options for action created by funding the initiative is greater than the cost of funds?"
Operations Management Operations managers use a huge tool kit of risk-balancing equations. One of the most basic equations is the "economic order quantity" (EOQ), which centers on stock-out risk. For example, if too much of a perishable product is ordered, it expires and is wasted. If too little is ordered, sales opportunities are lost. To calculate the EOQ given risk, this formula includes factors such as delivery time, cost of capital, and cost of storage space. Bar code check-outs have become important because they provide more precise data to calculate EOQ to manage stock-out risk.
Marketing Execution and Sales Management "What will be the year, quarter, month, week, and day-end sales?" This is the critical question from marketing and sales managers. Forecasting is vital to allocating marketing and sales resources as well as ordering the right quantities of the right products for the right locations. A key risk management method is analysis of the marketing-sales funnel. In the new world of online sales, "clicks" funnel stages include people aware of a product, aware of a seller, visiting a website, clicking around, putting a product in a shopping cart, ordering, ordering again, and telling their friends. Today's forecasts are cascades of probabilistic equations tracking the clicks through online shopping chains.
Human Resources Hiring and resource planning, from the initial job posting to the interview and selection process, is about risk management. What's the risk a job candidate won't perform as expected? Reducing this risk is the reason organizations engage expensive consultants to conduct personality surveys, emphasize employee benefits and retirement plans, and create on-boarding plans.
Quality Management Quality and risk are closely related. Quality is about the probability that products will meet expectations. Risk is about the probability of a defective product.
The Common Thread
For all their differences, these business disciplines share many risk-related concepts and assumptions. A common thread running through their risk management processes relates to the use of mathematical concepts, which have been refined over many decades. For all of them, math based on probabilities is central to managing risk. Other common ground includes:
- Managing risk is needed to enable taking risk — sometimes huge risk — to achieve objectives.
- Risk resides in a dynamic world of change, complexity, and fatigue. These are the three catalysts of risk.
- Each process requires an appreciation of systems, interconnectedness, and the need to understand deep root causes and process interactions.
- Asking "what if?" with scenario analysis is the heart of managing risk.
- Decisions seek to optimize risk and return.
- The roots of risk management are millennia old.
In short, appropriate risk mathematical and management methods matter. Internal auditors, while rotating their focus from one part of the organization to another, can observe and learn from each role's math and methods.
By learning from the risk methods in each business area, internal auditors can help cross-pollinate risk methods across the organization. Opportunities to cross-pollinate include bridging strategy and finance through the options modeling approach, smoothing the flow of risk math from all business areas into the risk calculation used inside options models or NPV, streaming together the quality improvement and sales risk analyses to make it more likely that quality will be free of cost, and encouraging teams to come together in scenario analysis workshops to more easily achieve shared business objectives. Each bridge built could become financial value created and personal trust earned.