Last week I touched on the topic of risk management and why boards of directors need to familiarize themselves with the topic. A risk is an uncertain event or condition that, if it occurs, can cause significant negative impact for an entity or individual.
Take the example of a member of parliament (MP). He is a fairly well paid public officer earning a six-figure salary, as well as pretty good perks like car grants and sitting allowances. The risk that he faces is that in five years, come the next election, he will have to expend an inordinate amount of time and resources to ensure his re-election. Since he has achieved a certain taste in lifestyle such as all expenses paid foreign trips, mileage allowances, state sponsored security etcetera, a loss will cause a significant negative impact for him. One way to mitigate such risk is to undertake a risk versus reward calculation. As chances of re-election are almost slim to none without pouring massive investment into the next party nomination process, the next best thing is to ensure that he acquires as much wealth as possible in the shortest time so help him God and may the Salaries and Remuneration Commission be damned. He would therefore support all efforts to reduce mileage allowances as well as salaries and gorge himself silly at the trough of state coffers while the belt of austerity girdles all other public expenditure. A high risk of being thrown out at the next election is matched by the commensurate quest for high reward.
Organizations require to regularly map out all the risks appertaining to their existence such asrevenues, costs, operations, facilities, taxation, fraud, cybersecurity, regulatory interventions amongst myriad others. Typically, each department should map out its risks and then the executive should map out what the overall key risks are and map them out on a table to determine their probability of occurrence versus the impact of such occurrence. (See image). This table is referred to as a risk heat map which visually illustrates what the risks faced by the organization at regular points in time are.
Thus a company that deals with plastic packaging would have identified and mapped out the risk of a regulatory intervention from the first time Kenya attempted the plastics ban during the Kibaki administration through various tools such as punitive tax and eventually an attempt at an all-out ban in 2011. Once the ambient noise about a ban began to get louder, that risk would have moved to the top right quadrant of high probability and high impact. When the ban was revoked, it should have remained in the high impact, but moved lower down the Y axisto medium likelihood. A well -informed board would put management to task as to what mitigants they are putting in place to diminish the risk. Hope is not a strategy, and a sheepish response from management that they’re hoping for an eventual change of government should never pass muster at the board level. Particularly since in subsequent years there was a successfully enforced plastic ban in Rwanda. Management would have done well to start looking at alternative packaging materials in the likely event that the risk of a total plastics ban would materialize.
But it’s not only the plastic packaging manufacturers that should have been watching the government moves with a tremulous lower lip and beads of perspiration speckled above their upper lip. Soft drink and bottled water manufacturers should have upgraded the regulatory risk of a total plastics ban to a high probability faster than they could spell polyethylene terephthalate, commonly referred to as PET. PET, which is used to manufacture many of the soft drink and water bottles, is a much-maligned material due to its primary inability to biodegrade.
It is noteworthy that while a risk heat map tries to identify the key risks that management faces in running the organization, it should be a dynamic rather than a static tool as risks shift constantly in likelihood and impact, with some extinguishing entirely while new ones appear in the ordinary course of time. The greatest danger for organizations is a risk agnostic board. There is no sustainability in adopting a high risk, high reward strategy for the short term. Unless of course, you’re an MP.