Tag: risk

How do you avoid a crisis?

I have been tracking the Coronavirus for about a month and a half, my first email on the subject was back on February 14th.  At that time, it looked like it was going to fizzle. It hasn’t.

“How did you go bankrupt?” Bill asked. “Two ways,” Mike said. “Gradually and then suddenly.” – Ernest Hemingway

Firms fail all the time.  They survive when the sun is out and the environment is consistent, but when change comes, even if expected, they can’t adapt and failure results. During a bankruptcy meeting at the court I overheard the case before ours.  The owner had lost a significant portion of his business but failed to downsize staff, equipment and space and in a couple of years was in bankruptcy court.  I commented to our attorney that if the owner had just recognized and taken some action he wouldn’t be in this mess.  The attorney commented that was true for everyone in bankruptcy.  The challenge is recognizing the need for change and the development and execution of actions to solve the problem.

Start-ups are generally dealing with crisis every day and they good at solving the problem. What used to work, doesn’t. Procedures and processes are revamped shortly after development.  The management team is having strategic planning sessions every month laying out a new course.  As a firm grows, it becomes less flexible and processes are written, reviewed and put into a book.  The firm achieves a level of effectiveness, so efficiency becomes more important and redundant staff which provided flexibility is removed from the company.  This process works great in a static market. Unfortunately we are not in a static environment. Here are my four steps to keeping the start-up mindset going as you grow.

Keep your head up. Too many management teams are inward focused.  They care about what goes on in the next office more than the next building and even less about what is happening across the world.  When I started out we had a news service curated by the company librarian.  We would receive via a buck slip (names of the relevant executives to be checked off as read) a package of the most relevant articles that affected our firm, our competitors and market. Today that may be your RSS feeds.  Management meetings would include time to discuss what we learned.  Understanding and wisdom was shared through the team.  Black swan events happen all the time, especially if you are not paying attention.  Cut down on surprises, make sure your team is looking outside the firm.

Build multiple redundant plans. A plan is a decision on what you are going to do to achieve some goal.  If you have only one plan, any change will mean you have no plan.  All plans are about an uncertain and possibly unfriendly future.  Good plans think through contingencies and outline potential options. Bad plans reflect the present circumstances.  Charlie Munger talks a lot about decision trees and thinking about options and choices.  Most schools don’t do a good job of teaching this skill. Learn it.  Thinking through what could happen along with what actions could be taken will make your plan more robust. 

Build a diverse team. “None of us is as smart as all of us” – Ken Blanchard.  Recent research talks about the decision-making advantage of a diverse team.  History proves this true.  Good teams work together but also bring experience and perspective.  We’ve all worked with the executive who has 10 years’ experience which is really 1 years’ experience 10 times. Different perspectives help make everyone smarter. Seven people you went to grad school will be a great party, but your shared viewpoints hide rather than illuminate options. I’ve worked with a lot of executives: both great ones and a few not-so-great.  Great ones don’t always fit, but they always add value.   Organizations are quick to exit the “poor fit” team members who don’t share similar viewpoints.  Fit works great when the environment is static.  When the environment changes “fit” drops in relevance and competence rises. 

Only the Paranoid Survive is more than a book by Andy Grove. I don’t wish you to be truly paranoid.  Paranoia is a symptom of illness.  But I’ve now worked with too many businesses which when successful consider themselves brilliant and special, and when difficult times come they shatter. In the stock market we used to say, don’t confuse brains with a bull market.  It is easy to make money when everything is up and to the right.  Don’t drink the lemonade, keep humble.  This section is likely wasted at this time.  By now you‘ve figured out that the tide has gone out as Warren Buffet says, and who is naked.  This crisis will pass but don’t forget – there will always be crises. 

Risk Mitigation for CFO’s

In my earlier post, I noted that converting uncertainty to known-unknowns requires thinking hard about the potential things that can go wrong and having a good risk identification search process.  I broke risk down into true risks, which are insurable at some level (known frequency and severity) and uncertainty, which could be hard uncertainty (can’t be known at a reasonable cost) and soft uncertainty (can be known relatively cost effectively).

Many firms do a poor job of searching for problems.  I have found several styles of management teams that struggle dealing with risk.

  • Insular management teams are prone to very large areas of soft uncertainty. Home grown executives are often dealing with problems for the first time.  Unaware of problems at other firms they repeat mistakes long solved elsewhere.  A diverse management team of backgrounds, industry and experience is just a better management team.
  • Management teams that are dominated by a single executive also tend to underestimate risks. Although I’ve worked with some great CEO’s, no one executive can reasonably see or know all the questions.  If the CEO calls all the shots, over time, management teams will let the CEO handle all the thinking too.
  • Firms with long term winning track records can begin to ignore risks as success begets complacency in the company culture. Company culture can be a great strength, but when the culture becomes too dominate, it blinds management to problems.  Andy Grove suggested that only the paranoid survive, which is good advice.  However, when you win a lot, it is tough to remain paranoid.
  • An executive team that is highly incentivized by the stock price (usually with options) tends to stay focused only on the positive news, and to only invest in strategies that appear to have a direct correlation with option value (usually growth initiatives). Stock options skew management priorities because the risk is one-sided.  If the stock price fails to increase or the company goes bankrupt the options are worthless.  So for the option holder, ignoring the risk of a blow-up makes sense, they only get paid if the stock goes up.  In these firms, it can be hard to get management focus on the known issues, much less invest in searching for unknown potential problems.

CFO’s have to assess risk.  To do this, we must examine the business, the environment and the management team.

Managing Risks

When I try to manage risks, I start with a good scan of what could go wrong.  Some of these we insure, some of these we cannot.  Frank Knight broke risk into two categories, uncertainty and real risk.  Real risk is calculable, it has a frequency and a severity.  Uncertainty has neither.

Donald Rumsfield’s comments on knowledge can be related to risks. Rumsfield stated that there are known knowns or things we know we know.  These risks have a known frequency and severity and are generally insurable and controllable.

There are known unknowns, which are questions which we have, but which we don’t have an answer.  These are complicated risks that can’t fully be insured because the frequency is low, or the severity is incalculable.  These risks can still be managed.

Finally, there are unknown-unknowns, where we are not aware of the questions or the answers.  Risks that are unknown can’t be managed or insured. This category is the same as Knightian uncertainty.

The risks that make business crack up are generally unknown-unknowns and are often a surprise to management and investors.  Risk management for the CFO becomes a process of handling the various real risks and trying to better understand Knightian uncertainty.

Bad and unusual events that we were not aware of are sometimes referred to as black swan events.  Nassim Taleb defined black swan events as a surprise with a major impact. The thing about black swan events is that it may be a surprise to you, but it doesn’t mean mean that the event wasn’t known by others.  That is true also for Knightian uncertainty.  A larger knowledge base decreases uncertainty and unknown unknowns can be reduced by learning.

I therefore break uncertainty into two slices, hard and soft.  Soft uncertainty are issues that could be learned with a reasonable investment in diligence and research. Hard uncertainty can’t be.  The trick is to convert soft uncertainty into complicated risks, where management, insurance and reporting processes can be brought to limit losses.  Hard uncertainty remains retained risk.

   “Risk comes from not knowing what you’re doing.” – Warren Buffett

Converting uncertainty into something that can be managed requires an open mind and a sense of paranoia.  CFO’s who think risk management is an annual lunch with the broker are going to find themselves surprised by events.

Some thoughts on Risk Management

CFO’s are usually tasked with risk management. Often that means being in charge of the insurance renewal negotiations.   Basically this consists of an annual conversation with your broker on new policies that have been developed to help eliminate some new exposure which you weren’t aware of, and by the way, at a price that you can’t afford.   Generally, the broker buys lunch, which is the best part of the transaction.

CFO’s that define risk management as simply buying insurance make a mistake. Corporate risk management has to include problems that can severely damage or destroy a business but are basically un-insurable. The types of problems we’ve seen with credit cards and hacking are a CEO’s nightmare. A single instance can cause irreparable damage to sales and the value of the business. How does a modern risk manager or CFO deal with these types of “all-in” risks?

Risk is usually defined as a function of frequency and severity. Frank Knight, back in the 1920s, argued that there are two realms of risks. Simple risks, which have a known frequency and severity, and uncertainty which is not and cannot be known. Pretty much if an insurance company writes a policy, you know they’ve got a frequency distribution and a good handle on severity.   After all, insurance companies aren’t stupid. The big risks, however, remain in the uncertainty realm and those risks remain uninsured and uninsurable. Knight also noted that entrepreneurs generate profit by dealing with uncertainty and not risk.

Since we can’t know the future, business have to learn to deal with both types of Knightian risk. Dealing with known frequency and severity risks can be difficult, but the biggest challenge are in uncertainty or unknown distribution risks. Donald Rumsfield said: “The message is that there are no “knowns.” There are things we know that we know. There are known unknowns. That is to say there are things that we now know we don’t know. But there are also unknown unknowns. There are things we do not know we don’t know.”

Paraphrasing this into risk speak, we have insurance that covers the simple risks we know. Complicated risks that we are aware of but aren’t well known can only be partially covered by insurance. In these cases we manage the risks, putting in control processes, training and contingency plans to limit the occurrences and severity. Unknown risks by definition are retained and aren’t managed. Without a reporting processes, problems start, grow and can overwhelm a firm. This is true uncertainty.

What makes a risk truly an unknown-unknown? Does it imply that no one nowhere knows the risk? It does not. It simply means that the current management team is unaware of the risk. Nassim Taleb has a great story about a turkey who during its life considers the farmer a benefactor. The week before Thanksgiving the turkey finds out the plan, and imagines it an unforeseen and unknowable event. It might have been for the turkey, but it is not for the farmer.

The risks that will hurt your business are generally the ones that you aren’t managing. Integrated risk management is about pulling together efforts that manage exposure, control what can be controlled and insuring what can be insured. A good integrated risk management plan includes bringing the management team together to focus on the key risks, whether they involve credit cards, hacking. off-shore oil wells or workers compensation.