To : Board of Director
From : Risk Manager
Date : 22 January 2016
Introduction
For the past few years, the financial crisis has been a humbling experience in financial
system. Major big companies’ failure had brought major effect on the operations
these days.
In 2001, Enron Corporation, Energy Company had filed for bankruptcy and the
consequences were 4,500 employees lost their jobs, investors lost $60 billion and
trust of American economic system destroyed. Enron’s auditor, Arthur Andersen who
was one of the five largest firms that provide accounting services, audit and tax issues
has been found provided non auditing services to help Enron Corporation to
manipulate the account to hide the debts by using special purpose entities. Arthur
Andersen lost its reputation and surrenders its CPA licenses and its right to practice.
In 2008, Lehman Brothers who was one of the fourth largest investment bank in
United States filed for bankruptcy. Lehman Brother’s bankruptcy was the largest in
history as its assets surpassed those previous bankrupt giants such as Worldcom and
Enron. According to International Monetary Fund (IMF), collapse of Lehman Brother
could hit $945 billion as the impact spreads to global economy and unemployment
rate doubling up to 10%.
Recalling big companies failures, their failures were mainly due to overpass the risks
in the market and at the end make them incurred huge lose that nothing can do to
recover from all the losses. However, based on the past experiences gained,
companies that used to operate with financial forecasting, financial management has
now focus on risk management. Normally smaller size of the organization will have
higher risk as it has limited range of products and tend to take more risk to expand its
business. For large organization will has lower risk as it has diversified by providing
wide range of products.
1
Risk is defined as uncertain event that will have probability of a perceived threat or
opportunity to the company’s event. Risk distinguished from hazards then Peril then
loss. There are dynamic risk, static risk, fundamental risk, particular risk, speculative
risk and pure risk. None companies could possibly escape from the presence of risk
and management must seek for the ways to deal with it. Although some risks
(example, environment risk and currency exchange risk) cannot be controlled by the
company, but the company need to minimize the damage or lost that could affect the
company.
However, internal risk is also one of the major factors to cause of the big organization
to failures. In many organizations, the chief executive officer (CEO) who holds the top
management also holds the position of chairman of the board. One of the main role
of board is to monitor the operations of the company that carried by CEO and
management. Having combined role results in chairman monitor him/herself and it
caused abuse of the position. Chairman should be an independent person that could
identify and monitor the act of CEO is for the sake of shareholders and make sure CEO
do not break the law or make unlawful decision that could harm shareholders’ wealth.
Furthermore, CEO’s remuneration is one of the issues when chairman and CEO is
same person. Normally is board of directors that vote in the meeting to increase the
pay of CEO. There is conflict when CEO cum chairman voting for his/her pay. Although
there will be other members in the board, but the chair always has the influence
power to control the decisions which the outcome that he/she most satisfy with.
All those failures of big companies have created awareness to current business
environment not to only focus on profit and the important of risk management. Risk
management refers to systematic or an approach to the tasks of indentifying and
assessing risks and then planning and implementing risk responses. Role of risk
management is to manage upside risks (opportunities) and downside risks (threat) at
the objective of business growth and wealth creation. Company that has systematic
approach in managing risk helped them survive in harsh economic and even gain
profit during economy crisis.
2
It is impossible for companies to eliminate all those risks because the firms that take
no risks at all make no money. As long as the companies able to manage its risks
efficiently, companies could make money and at the same time minimize possible
risks by having contingency plan.
Part A
Goldman Sachs Group, one of the top four leading global investment banking and
securities company that provide financial services in United States. During 2007
economic crisis, Goldman Sachs Group survived from collapse in subprime mortgage
which caused of Lehman Brother to collapse. The main reason Goldman Sachs Group
survived was due to avoid large subprime mortgage and they sold Goldman Sachs
Alternative Mortgage Products (GSAMP) right before subprime mortgage crisis.
Goldman Sachs Group President cum Co-Chief Operating Officer(COO) Gary Cohn said
poor risk management and not sophisticated products is to blame for financial
company losses and failures. If don invest in risk management, it is a risky business.
From past failure organisation, the major problem of collapse is not due to company
that has sophisticated products but mainly because they did not have good risk
management in forecast possible events that could arise that will impact to their
business. When the event happened, they didn’t have time for them to analyse and
think of strategies that able to help them to overcome the risk. During the crisis
period, a good and right decision within short time is a must. If shareholders feel that
the company could not handle the risk properly, they will pull out invested fund
because lack of confidence in the company’s future and cause of market value of
company to drop.
Furthermore, the other factor that caused of failure is poor communication within the
organisation. Hierarchy level of an organisation would be a factor that cause of poor
communication as there are too many level. Ineffective communication because one
message that need to pass from bottom to top and vice versa need to pass through
multiple level. It is time consuming and it normally only get the concern of
management when the problems are getting enlarged.
3
Important of Risk Management
Risk management is getting important in current business world. More and more
companies had established risk management department to face the current business
that changed rapidly.
Risk management allow organisation to identify internal risks (strengths, weaknesses)
and external risk (opportunities, threats). By identify all those possible risks, it helps
an organisation to plan in advance and prepare strategies to response to the event if
they arise.
Risk management has evolved from simply to very complicated modelling in present
day and also risks come more when the size of organisation getting bigger. Risk
evolved when company expanding their business globally and facing more factors that
could affect the company such as environment, social, politic stability and currency
fluctuation and etc. With experienced risk management expertise that combined from
various aspect of expertise able to provide a complete risk management plan that
calculate various factors that could impact to company.
Furthermore, risk management could help the company to carry feasibility study such
as financial, social and environment and technological etc. This could help at decision
making when there is project to analyse the cost and benefit and to possible risks that
it could possible happen.
With good and effective risk management policy, it could help in internal control and
arrangement as it should be clearly communicated to all employees. It could enhance
the communication within organisation and it solve the issue that time taken to pass
feedback from bottom to top. Frontline workers are very important as they serve
customers every day. Normally, they are the first one who knows whether the
customers satisfy and feedback. Slow response in these will cause of demotivation of
front line employee and dissatisfaction of customers.
Traditional and Enterprise risk management
4
Due to many rapidly change in business environment, risk management also evolved
from traditional risk management to enterprise risk management
Traditional risk management focuses on pure risk which is hazard risk that may or may
not be losses. Pure risk emphasize in identify insurable natural hazards and it has five
component which is risk identification, risk analysis, risk control, risk financing and risk
administration. Traditional risk management is a process that has four functions
which are planning, organizing, leading, and controlling the organization’s activities to
minimize business losses.
However, previous companies’ failure shows that traditional risk management has
become clear that it does not adequately identify, evaluate and manage risk.
Traditional risk management tend separate the risks. It limits the focus to managing
uncertainties at physical and financial assets. Because they focus largely on loss
prevention but not adding value, traditional risk management do not provide a
complete framework that need the most by organisations to facing rapidly changing
world.
Enterprise Risk Management (ERM)
ERM is a new concept of risk management which is more complex and take care
several of risks. ERM is a process that designed to identify potential risk and manage
risk. This is to ensure that the company able to identify in earlier stage and take
prevention or avoid the risk. Furthermore, it provides reasonable assurance regarding
the achievement of the organisation objectives. ERM not only apply to management
but include operational staff and board. Involved more parties could help in obtain
various view and opinion from different parties and take into consideration to make
analysis.
There is ERM framework that used to achieve company’s objective. There are four
categories in the framework which are strategic, operations, reporting and
compliance. This framework includes 8 components and they are internal
environment, objective setting, event identification, risk assessment, risk response,
control activities, information and communication and lastly monitoring.
5
There are many benefits of using ERM in organisation to mitigate risk.
Firstly, ERM needed by management to consider the risk appetite of the organisation
and then aligned with business strategies. Management need to set objectives with
board oversight and then management with board review and concurrence articulate
a risk appetite that is acceptable in pursuit those objectives. Management will then
sets tolerances around risks acceptable at the organisational unit level or functional
unit level in measuring the achievement of objectives.
After a link growth, risk and return, management will seek certain level of return for
the undertaken of risk. In current business world, businesses that take no risk could
earn for return. Therefore, management will expect certain level of return once they
choose to accept the risk.
Thirdly, ERM helps organisation to select the best response method to deal with the
risk. ERM provide better structure, reporting and analysis of risks. Directors and
executives can focus by using standardized reports with complete data that produced
by using ERM to make risk mitigation decisions.
6
Lastly, ERM helps in identify and manage risk across the organisation. Risk
management is the responsibility of every single one in the organisation. Everyone’s
experience, practice is very important in shared across the business with a common
set of tools and technique.
Part B
Background of Barings Bank
Barings Bank founded in 1762 and was the oldest merchant and most reputable
financial institution in England before it collapsed in 1995 after suffering losses of $1.4
billion due to poor speculative investments. Nick Leeson, one of the traders and head
of settlement in Singapore office, lost $1.4 billion by investing in the Singapore
International Monetary Exchange (SIMEX). Nick Leeson was trying to seek to profit
from differences in the prices of Nikkei 225 future contracts on Osaka securities and
SIMEX.
Nick Leeson started his trading in SIMEX and in 1992; he passed the SIMEX trading
exam and was able to trade on the exchange floor. Starting from 1992, Nick Leeson
made unauthorised speculative trades that earn $10 million which is 10% of Barings’
annual profit. However, Nick Leeson started to loss money in trade and hides his
losses in an account “88888”. He claimed that that account is open to correct error
that made by inexperience members. He also hides documents during statutory audit.
In 1994, his total losses as much as half of the capital of Barings.
In order to cover all his losses in the account, Nick Leeson placed a short straddle on
SIMEX and Nikkei. He was betting that Nikkei would fell below 19000 points. However,
an unexpected earthquake of Kobe resulted lost 7% in the week while Japanese
economy seemed recover after 30weeks of recession.
He try to recoup his losses by taking even more risky position and betting Nikkei Stock
Exchange would make rapid recovery, apparently it failed and cause of the losses
went up to $1.4 billion which doubled of the capital of Barings. Barings collapsed
when the losses has been found out.
7
Factors that leads to failure of financial institution
The main factor that cause of failure is poor risk management. Risk management is
used to identify, assess and evaluate the risks that could impact to an organisation.
However, many organisations have poor risk management as they underestimated
the important of risk management. Being able to foresee risks could help organisation
to avoid and reduce the risks from happening. Even some companies have risk
management but the risks that they look at are too narrow such as pure risk which
are natural disaster or theft. They only might only take action to prevent pure risk by
buying insurances. They do not analyse the internal risk that could possibly affect the
company for example Nick Leeson as trader and head of settlement in Singapore
could cause Barings to collapse. Furthermore, Nick Leeson only focuses on earning
profit to Barings to get rewards (bonus). Nick Leeson forgone the risk that high return
come together with high risks.
The factor that leads Barings to failure is no segregation of duty. Nick Leeson was not
only trader for SIMEX but also head of settlement operations. As a head of settlement,
he was responsible in make sure the accuracy of accounting for the unit. Nick Leeson
as a trader and to settle own trade, allow him to hide his losses because he is the
account preparer. So he created account "88888" to hide his losses. These two
positions should be held by two different employees and head of settlement should
be the one to supervise trader.
Furthermore, poor internal control also contributes to the failure of Barings. Good
internal control is control within the organisation which monitors and supervises to
make sure all actions is gone through authorisation, approval and reviewed by
management. Internal auditors should audit the process, plan, procedure that used in
Singapore time to time. Report and recommend to management once they found any
unwise position allocation such as Nick Leeson as a trader and head of settlement
which conflict of duties. Other than that, good internal control should ensure that
investment that involve large amount should be authorised and approved by top
management. In the case of Barings, it is obvious that they did not do this well as Nick
8
Leeson able to loss the amount of money that more than the capital of Barings.
Management authorise too many power to Nick Leeson and there is no other to
review his activities. Even during Nick Leeson report to UK about the profit he earned,
they also trust and just listen to Nick Leeson without further investigate whether he is
telling the truth.
The other factor that caused of failure is natural disaster. Natural disaster is an
unpredictable event that could happen without any signal and bring huge impact to
social, environment and also economy. Nick Leeson placed a short straddle in SIMEX
and Tokyo stock exchange, and it normally does not move significantly overnight.
However, Kobe earthquake hit in early morning and cause of significant change in
market. None of us can predict and prevent it from happening as that time is 1995
which technology in forecasting of earthquake is not that advance yet.
Lastly, Barings’ senior management lack of knowledge in trading market. Senior
management of Barings were came from merchant banking background, which
causing them underestimate the risks of trading. They do not provide an individual
who should direct being reported to by Nick Leeson and monitoring their activities in
Singapore. At the end, it caused of Nick Leeson performed unauthorised speculation
which is very risky in market. These trades either provide marvellous return or
devastating losses. If senior management has sufficient knowledge, they would not
assign Nick Leeson as traders and head of settlement that allow him to review own
work.
Opinion
After I have done some research about Barings and understand the factors of failure, I
think that good risk management could help them to prevent from failure. There are
7 steps in risk management process:1. Establish the context
2. Risk identification
3. Risk Analysis
4. Risk evaluation
9
5. Risk Treatment
6. Risk Monitoring
7. Communication & Consultation
Barings should establish the context with gaining understanding of the background of
banking and forming subject of risk management study in trading business. Context
provides basic foundation for everything which helpful in the rest of the process. This
context should include business objective, process, internal control, financial ratios
and value chain. It also analyse internal and external factor to know SWOT of Barings
so that can identify risk in the next step.
After get to know all information of Barings, the next step is risk identification. The
objective of risk identification is to identify both risks to Bearings which would reduce
or remove the likelihood of Barings reaching its objective, and the opportunities
which would enhance business performance. By identify of all strengths and
weaknesses of Barings, it easier to identify the risks that could arise and therefore
know the source of risks and whether there is interdependence between risks
identified. There are few techniques in identifying risks which are orientation, analysis
of documents, interview and inspection.
Through these techniques, it helps to
identify risks by using some of the tools like risk checklist, risk prompt, Gap analysis
and PEST prompt etc.
After identify the risks, third step is to analyse of the risk identified. At this stage,
Barings have to start to make judgement on the probability of risks and opportunities
and also impact is made if risk materialise. It is important to perform risk analysis,
without risk analyses Barings will not able to choose a preferred solution, then
prioritise risk management activities and cannot decide which solution is in the best
option to transfer, avoid, reduce or to accept. Probability can be interpreted in 2 ways
which is relative likelihood and relative frequency. Impact also must be performed by
calculate in term of cost, duration, quality or any other business objective.
10
Fourth step is risk evaluation which evaluates the result of risk analysis step. In this
step is to combine risk and opportunity to determine the next effect. Traditionally,
risk management focused on minimising financial losses through insurance or hedging
contracts associated with specific services or goods. However, it depends on the
situation. Different situation might require different approaches to be useful. Barings
should be use active risk management approach to focus on control, retention or
reduction of risk because active approach helps to provide fund whenever needed
and lower cash shortage.
Step five is risk treatment. Once Barings has evaluated the risk, it is time to use risk
management to produce responses and action plans to address the risks and
opportunities. Risk treatment is to ensure plans are prepared, considered, refined and
implemented. The purpose of RT is to plan specific management response to both the
threat and opportunities identified. Options for treatment need to be proportionate
to the significance of the risk, and the cost of treatment commensurate with the
potential benefits of treatment. There are few options to response to the risks:- Choose to transfer the risk to external party such as buying fire insurance policies.
- Avoid the risk by don’t do the actions that will cause the risk to happen.
- Reduce the risk by perform loss prevention or control the loss that have already
happen.
- Accept the risk by doing nothing.
After risk treatment process, risk monitoring need to be carried out to monitor the
performance of risk response actions to inform the need for proactive risk
management interventions. Main activities that have to carry out are reacting to early
warning indicators to the risk, recording the details or risk and opportunities,
reviewing the responses of the risks and reporting the success of failure of the risk
management. Barings should monitor the risks that already identified and treatment
that used to response to the risks. In this step, Baring need to react fast when the risk
is just about to begin. By response in early stage, it enables Barings to control the risk
before it get big therefore to minimize the cost such as financial lost
11
Last step will be communication and consultation. This stage refers to the dialogue
that takes place across all of the risk management stages to support their effective
implementation. Regular communication and consultation must be done so to ensure
all parties are aware of the risk exposure. Baring should communicate to all parties
regularly to ensure all parties aware of the risk and do not do any action that would
trigger the risks. This is important in maintain once the risk has been identified. Fail in
communication will make risk management ineffective.
Lesson learnt
In the understanding of Barings case, there are various reasons that actually caused it
collapse and those factors can actually prevent by implement risk management in the
organisation.
First of all, an organisation should implement enterprise risk management as risk
management able to review organisation background and based on that to identify
the risk based on its probability then further response to the risk. Enterprise risk
management take into consideration of all risks that could possible affect the
organisation rather than only consider physical asset. Furthermore, company should
not only focus on the measurement of earn profit for company show good
performance. Company should also take into consideration such as satisfaction of
peers, customers and its daily job routine. Too much focus on profit will cause of
some employee behave like Nick Leeson take risky actions to contribute profit to get
reward. With proper risk management, there is also a risk management policy that
can promote communication of staff and closely link to achievement of objectives.
With risk management, it allows company to step into the risk to prepare for the
possible of the event. It provides company to plan in advance before take any
decision and the risk appetite that acceptable by shareholders and management.
Secondly, there is a must to segregate the duty that will cause the person has the
opportunity to commit fraud. Company should segregate the critical process to more
12
than one person to manage the fraud. In the case of Barings, Nick Leeson was a trader
and also head of settlement. Head of settlement is to check the traders’ record and
prepare account. This allow Nick Leeson to has fraud in review and prepare own
documents. Trader and head of settlement should be different person to reduce
fraud. If Nick Leeson was only a trader, there is no opportunity for him to hide his
losses by creating account ‘88888’ as this only can be done by back office. By using
segregation of duty, it lowers the risk of fraud by employee.
Thirdly, there should have a good internal control in the company review the process,
make sure company is in efficiency and effectiveness, compliance with law and
company’s policy. Internal control also will test the process whether there is possible
in process that cause of fraud, and create and recommend the way to improve the
critical process. For example, need signature of director when issue the amount of
cheque that more than $100k or need authorisation when order the stock that more
than the amount that could critically affect the company. This internal control
department should be independent which don’t have any cooperation with any
department in the company. Internal control team members are mostly experienced
and able to detect fraud and mistake in early stage. It can prevent the fraud in the
case of Barings that hide the losses for several years and none detected before it is
too late.
Other than that, company should also consider the investment in the countries that
have natural disaster. Company should has a detailed plan or contingency plan to face
the risk when happen natural disaster such as earthquake, typhoon etc. Company
needs to have sufficient fund to prepare to rebuild and response quickly to the risk as
it could happen anytime. Proper manage of risk able to make shareholders more trust
at the company because once shareholders feel their value might be affected they
will pull out the fund immediately. Company shoulder also diversified their risk by set
up business at different place and industries so that the revenue of company does not
affected much.
Lastly, company should have a group of senior manager with sufficient knowledge
regarding the nature of business. They should be experienced and able to identify the
13
possible risk and do not underestimate any risks. Senior management should not only
focus on own department but also give suggestion to improve whenever they found
any process that may contain of risk that could be imitated. Senior management also
should require their team to report monthly about their progress and make sure they
are motivated and consult them whenever they face problems. Senior management
should also have professional scepticism which always has a questioning mind and
being alert to the condition that may have misstatement.
Conclusion
In a nutshell, there are a lot of big company collapses in this global business world.
Every failure of these big companies brings the concern of managing the risk. None of
the company could have escaped from the risk. Therefore risk management is very
important to keep company’s sustainability. Previously companies only use traditional
risk management which deals with pure risk. Due to the complexity of business world,
traditional risk management has evolved into Enterprise Risk Management (ERM).
ERM focus at strategic and operational risk. ERM is a better approach for financial
institution that deals with speculative risk. There are 7 steps in risk management
process which helps to make sure risk management is efficiency and effectiveness.
It is also very important to have good risk management, good internal control,
segregation of duties, diversified of risk and proper knowledge of nature to the
company to prevent future failures.
With proper risk management, it able to enhance company’s position in global and
avoid from making a mistake that could cause the whole organisation collapse. An old
and well established company can collapse by one person mistake as in the case of
Barings. Company shall not underestimate very single risks that could possible arise.
However, it is impossible to avoid from all the risk, therefore companies need to be
prepared for the risks and response before it gets too late.
14
Reference
Colombo, Jesse 2005, Nick Leeson & the collapse of Barings Bank, viewed 19 January
2016, < http://www.thebubblebubble.com/barings-collapse/>
ClearRisk 2013, ‘Risk Management–Traditional Approac ‘, viewed 20 January 2016
<https://manager.clearrisk.com/Resources/RiskTool/Risk_Management__Traditional_Approach>
Simona-lulia, C 2014, Comparative Study Between Traditional and Enterprise Risk
Management
-
A
Theoretical
Approach,
viewed
21
January
2016,
January
2016,
<http://steconomiceuoradea.ro/anale/volume/2014/n1/029.pdf>
Ghosn,
A
2016,
Segregation
of
Duties,
viewed
21
<https://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Auditing/In
ternalControl/Pages/value-strategy-through-segregation-of-duties.aspx>
15