Implementing an Enterprise Risk Management Approach

by Constantinos Tsolakas, Head of Group Treasury Risk Management, ABB

Royal Caribbean's Oasis of the Seas, the largest and most spectacular cruise ship ever built,
driven by an energy-efficient power and propulsion system delivered by ABB.

In recent editions of TMI, we have heard from Brocade (edition 203) and Agrium (edition 204) about the changing ways in which treasury is contributing to the business. In this article, Constantinos Tsolakas describes how ABB’s treasury has evolved to become a strong partner to the business by developing an enterprise risk management approach that has revolutionised the way that risks are prioritised, monitored and mitigated.

Treasury background

The ABB business has changed substantially over the past 10 years, triggered by very challenging business conditions and the subsequent crisis in 2002 (when ABB faced challenging times). Until then, liquidity management was largely decentralised, with a reactive approach to cash management, hedging and financing. Transactions were generally conducted locally, while treasury’s role was predominantly that of a profit centre. Since 2003, we have recognised that liquidity is a corporate asset, and treasury has a major role to play in delivering liquidity and risk management services to the rest of the group.

This change in attitude has had a marked effect on our treasury strategy and the way in which our treasury function collaborates with both internal and external counterparties. Treasury operations are now centralised in Zurich, Switzerland, to optimise operational efficiency and reduce costs, whilst ensuring group-wide visibility and control over cash and risk. To provide an effective service to the business, however, we also need to maintain a close proximity to front-line business activities, so we have regional treasurers in Norwalk, USA, Dubai, and Beijing, China. While Group Treasury is based in Zurich, Switzerland, country treasurers are also based in many countries around the world.

Our country treasurers, regional treasurers and group treasury functions work together as a cohesive organisation to manage liquidity and risk on a group basis. As we have expanded our business and extended geographically, the importance of risk management has grown considerably. As an engineering company, the concept of managing risk of all types is integral to all aspects of our business, but we have increasingly recognised the importance of adopting an integrated approach to risk management across the group.[[[PAGE]]]

The emergence of an enterprise risk management model

Although treasury departments typically focus on financial risks such as credit, interest rate, FX risk and liquidity risk, we recognised that treasury was a natural owner of risk management in a wider sense. Over time, therefore, we have been able to leverage our proximity to the business, and our robust centralised systems infrastructure to develop a more holistic approach to risk, combining business (e.g., project), market and operational (control) risks. When the board of directors first awarded the mandate for enterprise risk management (ERM) to treasury in 2009, we launched an ambitious project to develop an ERM tool that would allow us to prioritise our risks across the group, and provide a consistent tool for both reporting and managing risks.

We decided to build a team of four professionals, each representing a different department within Group Treasury to work part-time on the ERM project, to develop our ERM framework internally, rather than sourcing external assistance, in order to maintain the necessary skills in-house. We were fortunate that Group Treasury at ABB already possessed best-in-class risk expertise and systems, but it was still a highly challenging undertaking. We involved internal audit from the beginning, as the team had good visibility of risks across the business, which gave us valuable insights.

As part of our analysis, we developed a risk catalogue of the many hundreds of risks to which our business was subjected, and grouped them into three risk categories: external risks; strategic risks, and operational risks. Each of these risks was then broken down into further groupings (figure 1). In close consultation with the business, we eliminated those that were not relevant, resulting in a list of 200 risks that needed to be included in the final risk catalogue.[[[PAGE]]] 

Approaching the business

We then asked each part of the business to report their most significant risks. This was a ‘top down’ and ‘bottom up’ approach, as we asked group functions, business divisions and in-country business units to contribute this information, providing us with a multi-faceted view of risk. We had to define the scope of this undertaking clearly, however, as with business operations in around 100 countries, we needed to prioritise. We therefore selected the top 25 countries by revenue, representing all regions.

Business managers across ABB have a good awareness of the need for effective risk management, and they remain the owners of risks within their own business functions. However, we needed to make it easy for people to provide the information that was required to devise a group-wide risk management strategy, and ensure the consistency of information. We therefore sent out a grid of 15-20 risks categorised by likelihood and potential impact. We asked the participants to identify the top five risks in their business function/ division/ business unit, plotted on a matrix in terms of their potential impact on EBIT based on current mitigation actions, if any. They were then asked what residual risks would remain in 12 months after any incremental mitigating actions had been put in place. The approach was therefore more qualitative than quantitative, focusing on real-life issues that affect the business.

ERM Roundtable

Having collated this information from across the business, we organised an ERM Roundtable to discuss the findings from our research and determine the effectiveness of our risk mitigation strategies. Once again, we did not want to overload participants with data, so we designed a simple template to capture key information to which we could direct the conversations. Based on this assessment, managers of each business function, division or business unit were tasked to assess the implementation, progress and effectiveness of their risk mitigation plans, which were embedded into the country, division and global business and financial planning process.

This approach proved overwhelmingly successful and enabled us to move forward with a pragmatic risk model that had buy-in from across the business and a high level of trust.

Value of an ERM approach

We have learnt a number of important lessons through our experiences of developing an ERM framework at ABB. The first is the importance of a simple process, to which the business can easily relate. The second, related issue is to be realistic in the number of deliverables. Having proved the concept and generated trust amongst business managers across the group, we were then able to expand the scope of our ERM framework, so we now include more than 40 countries, (with greater depth of analysis in certain key countries), eight regions and more Global Business Units.

Click image to enlarge

ERM is now an essential management tool, and enables us to present a consistent, consolidated risk position to the board and to the executive committee (figure 2). Of equal importance, business managers across the group are actively engaging with the ERM Roundtable to manage their risks more effectively. Therefore, senior managers have a complete picture of risk across the business, while business units have a tool to prioritise how to manage risk and track the effectiveness of their mitigation strategies. Internal audit is also equipped to monitor processes and decision-making in risk management.[[[PAGE]]]

The outcomes of introducing an ERM framework, using a collaborative approach, have been substantial. There are myriad quantitative measures to manage individual risks, but typically there is less emphasis on qualitative analysis across the entire business. Few business managers are treasurers or a specialist risk managers, so providing the right tools, that can be deployed easily and consistently, ensures that risk management becomes an integral part of their role.