The corporate world has traditionally taken a flawed approach to risk management, but a better alternative is readily available.
It is well known that over the past decade, and especially over the past few years, a number of the world’s most widely respected companies have collapsed. Analysts have cited equally well-known reasons for these collapses — the “usual suspects” of nonviable business models, greed, incompetent (and overpaid) management and a lax regulatory environment. Not often mentioned is another key consideration, something that appears to distinguish collapsed companies strongly from their noncollapsed counterparts. It is the breadth and depth of these companies’ approach to risk management.
That risk management could be a major (though not sole) cause may seem counterintuitive. The troubled American International Group Inc., for example, was a leader in risk management and even maintained a risk-management subsidiary. Its former CEO Maurice R. “Hank” Greenberg boasted that AIG had “the best risk management [departments] in the damn industry.” Bear Stearns Cos. claimed the “best-in-class processes in analyzing and managing … risk”; even the New York Times cited the company’s “carefully honed reputation for sound risk management.” Fannie Mae, the Federal National Mortgage Association, touted its “excellent credit culture and risk-management capabilities,” and Lehman Brothers Holdings Inc. prided itself on what its leaders called a “culture of risk management at every level of the firm.”1
The Leading Question
What risk-management approach should companies adopt to help them avert future failures?
- The traditional “frequentist” approach is based entirely on the historical record.
- The alternative “Bayesian” approach incorporates judgments to complement historical data.
- The Bayesian perspective provides more powerful and accurate results.
Yet at these companies, and at others with comparable “cultures,” risk management apparently performed quite dismally. How could this be? We contend that the answer lies in the concepts and practices of traditional risk management, which tend to look for risk in all the wrong places. That is, failure did not stem from merely paying lip service to risk management or from applying it poorly, as some have suggested. Instead, collapse resulted from taking on overly large risks under the seeming security of a risk-management approach that was in fact flawed. The more extensive the reliance on traditional risk management, we believe, the greater the risks unknowingly taken on and the higher the chances of corporate disaster.