Question

“Does Enterprise Risk Management Increase Firm Value?”

Explain the relevant theories and use researches and references to support the arguments.

Answer 1

What is Enterprise Risk Management?

Enterprise risk management is a holistic approach to risk management where all risks are viewed together within a coordinated and strategic framework. It differs from the more traditional silo approach where firms seek to manage one risk at a time, on a largely compartmentalized and decentralized basis.

ERM is essentially the use of a common risk management framework to manage risk across the organization. Although organizations typically have differentiated frameworks, there are three permanent features – people, rules, and tools. “People” stands for individuals with defined responsibilities. These individuals employ repeatable processes (rules) and technology (tools) to mitigate risk.

ERM creates value for companies both at the “macro” or company-wide level and the “micro” or business-unit level.

The Macro Benefits of Enterprise Risk Management

At the macro level, ERM creates value by giving senior management the ability to quantify and manage the risk-return tradeoff that faces the entire firm. By quantifying risk, the management is able to come up with an optimal risk-return tradeoff which in turn assures steady access to the capital markets and other resources it needs to implement its strategy and business plan.

In that regard, firms have an incentive to manage risk to avoid a situation where they are forced to pass up potentially profitable (positive NPV) projects due to a lack of capital. We can demonstrate the importance of ERM by exploring one of the most contentious issues in finance: Are markets perfect or imperfect?

In a perfect market, a company’s cost of capital is determined solely by its systematic (undiversifiable) risk as measured by beta. Diversifiable risks do not count as far as the cost of capital is concerned because it is assumed that the providers of capital (investors) hold well-diversified portfolios and therefore largely ignore a firm’s diversifiable risks when making their investment decision. What this means is that efforts to manage total risk are a waste of corporate resources.

In the real world, however, there’s information asymmetry and markets are far from perfect. A bad outcome resulting from a risk considered “diversifiable” can trigger a significant effect on the firm’s cost of capital.

Example: Macro benefits of ERM

Consider a company that prides itself on its ability to continually identify and reap big from new projects. In the current year, the company (and its investors) expects operating cash flow of $100 million. What will happen if the company ends up reporting a loss of $50 million? First, this means there will be a cash flow shortfall of $150 million in the eyes of investors. Such an outcome can set in motion events that will collectively result in loss in company value.

For starters, investors will adjust downward their expectation of future cash flows and earnings. These investors will express their displeasure by selling off the company’s stock, a move that will result in a reduction in market capitalization. In these circumstances, the loss in value will likely surpass $150 million. Even if operating cash flow rebounds quickly, there could be other, longer-lasting effects. For example, let’s assume that true to its mantra, the company has a number of strategic investment opportunities that require immediate funding. Unless the firm has considerable cash reserves or unused debt capacity, it may have no choice but to turn to the capital markets for support.

Investors will likely demand a significantly higher risk premium for any new debt or equity issued. If the new cost of capital is high enough, management may have little choice but to cut investment. This inability to fund strategic investments on a timely basis can result in a permanent reduction in shareholder value, even if the cash shortfall is temporary.

By investing in a robust ERM framework, the company can avoid such an outcome and protect its strategic plan. The company will be able to come up with ways of hedging the diversifiable risk.

The Micro Benefits of Enterprise Risk Management

In order to successfully optimize the risk-return tradeoff, ERM must be practiced not just at a firm level but also at the project level. The firm must evaluate the risk of every prospective project and how it affects the overall risk of the firm. The company should take on a project that increases the firm’s total risk only if the project provides an adequate return on capital after compensating for the costs associated with the increase in risk. In other words, the risk-return tradeoff has to be part and parcel of every corporate decision.

To realize micro benefits of ERM, risk evaluation of new projects must be decentralized. In a centralized structure, any given project must pass through the chief risk officer who initiates the evaluation of the risk-return tradeoff and approves the project only if they are satisfied that it meets all the risk-related thresholds. In a decentralized structure, the risk-return evaluation process starts at the business unit level with line managers and project “sponsors” playing a starring role.

In order for decentralization of the evaluation of the risk-return tradeoff to bear fruit,

· Managers proposing new projects must evaluate all major risks in the context of the marginal impact of the projects on the firm’s total risk; and

· The chief risk officer must establish how each and every business unit contributes to the firm’s total risk. This gives individual unit managers an incentive to monitor the risk of every project they decide to bring to the table.

Decentralization of the risk-return tradeoff is associated with three main benefits:

i. It cultivates a strong risk culture where project appraisal is considered incomplete in the absence of detailed risk analysis. Risk is not accounted for in an ad hoc, subjective way and is never ignored.

ii. Every risk is owned in the sense that someone is always held to account with respect to the project’s performance.

iii. It improves the risk analysis process by ensuring that each risk is assessed by those closest to it. Individual business units will usually have a much better understanding of the risks of the unit than the chief risk officer and senior management, especially during the early stages of a project.

How a Company Can Determine Its Optimal Amount of Risk Through The Use Of Credit Rating Targets?

Every firm has to strive to establish the optimal amount of risk to bear. Failure to do so would lead to one of two outcomes:

1. The firm could end up holding a buffer stock of equity that’s too little to see the firm through a period marked by a sharp drop in cash flow. This would mean passing up positive NPV projects at a time when it needs to demonstrate resilience and stability, leading to a permanent loss in value.

2. The firm could end up holding a buffer stock of equity that’s too large, a situation that also comes with costs. For starters, the firm could forego some positive NPV projects because it believes that there’s need to hold some liquid capital even when in reality, it doesn’t. Excess cash is deemed to be low-value by investors. Studies have shown that for larger, mature companies, the last dollar of “excess” cash is valued by the market at as little as 60 cents.

For these reasons, many companies identify a level of earnings or cash flow that they want to maintain under almost all circumstances that will optimize the firm’s risk portfolio, limit the probability of distress, and maximize firm value. It is important to note that the goal is not to minimize or eliminate, but rather to limit the probability of distress to a level that management and the board agrees is likely to maximize firm value.

This begs the question: how does the company identify the optimal level of risk that maximizes firm value? Many companies achieve this by identifying a level of earnings or cash flow that they want to maintain under almost all circumstances (i.e., with an agreed-upon level of statistical confidence, say 95%, over a one-year period). They then design their risk management programs to ensure the firm achieves that minimum. It is common for the minimum cash flow amount to be called a “threshold.”

Many companies use bond ratings to define this threshold. For example, the management of a company, currently rated A, may estimate that the firm would have to start giving up valuable projects if its rating falls to Ba. In line with this, the firm would adopt a financial and risk management policy that aims to limit to an acceptably low level the probability that the firm’s rating will fall to Ba or lower. Although it may be difficult to estimate the actual probability of moving from an A rating to a Ba rating within a specified period, the firm can work with average probability data supplied by rating agencies. For example, a study by Moody’s using data from 1920 to 2005 has revealed that the average probability of a company rated A having its rating drop to Ba or lower within a year’s time is 0.99% (we add up the probabilities of ending with a rating equal to or lower than Ba along the row that corresponds to the initial rating of A).

Table 1 – Transition Matrix from Moody’sTable 1 – Transition Matrix from Moody’s

Average one-year rating transition matrix, 1920-2005, conditional upon no rating withdrawal. Source: Moody’s Default and Recovery Rates of Corporate Bond Issuers, 1920-2005, March 2006.

Financial institutions such as banks and insurance companies tend to target a much lower probability of distress compared to the typical industrial firm. That’s because their liabilities – including deposits and insurance contracts – are highly credit-sensitive and a rating downgrade can have a devastating effect on their financial standing and even threaten their status as a “going concern.”   

Apart from rating downgrades, companies also use the following to establish the optimal level of risk:

· Establishing the probability of default within a specified period, say a year. A different probability of default corresponds to each level of buffer equity. That means by choosing a given level of equity, the management is also effectively choosing a probability of default that it believes to be optimal. From the table above, we can see that the probability of default for a firm rated A over a one-year period is 0.08%. To maintain it’s a rating, the company must maintain the level of buffer equity that makes its probability of default equal to 0.08%.

· Identifying scenarios that could impose large costs on the company while stopping short of causing a rating downgrade. Such scenarios may include high levels of volatility in earnings and capital. Although such scenarios may not “hit the alarm bells” loud enough to cause a rating downgrade, they could contribute to an increase in overall risk and hence the required level of capital.

When working out acceptable levels of volatility, many firms often go a step further and calculate the value at risk, i.e., the amount of the loss that is expected, with some pre-specified probability level, to be reached or exceeded during a defined time period. For example, let’s assume that a portfolio of securities has a one-year VaR at the 5% probability level of $10 million. What this means is that there is a 5% chance the portfolio will have a loss that exceeds $10 million in the next year. It would also be correct to say the firm is 95% confident that the loss over the next year will be no more than $10 million.

VaR can be established both at the portfolio level and at the firm level. Going by the data on Table 1, for example, a firm rated A would have to compute its firm-level VaR at a probability level of 0.08%. The company would then have to hold buffer equity capital equal to the VaR.