Risk Management Audits Set Directors' Minds at Ease

Article excerpt

Material threats facing business today abound. The Manville Corp.'s difficulties with the adverse health effects of asbestos is well known. Union Carbide knows the risks of hazardous-chemical releases in a populated area as a result of the Bhopal tragedy. In the non-profit arena, Goodwill of Chicago received an intensive environmental liability education after accepting, without prior inspection, a donation of contaminated property. Exxon's public image has also been tainted, with its problems tied to oil spills in Alaska's PrinceWilliam Sound and New Jersey.

Recognizing that the responsibility for responding to these material threats lies with the company's management, the board should avoid second-guessing every risk management decision and focus on the overall health of the risk management function and the company's success, or failure, in safeguarding its assets. The risk management audit is a primary method used to review the effectiveness of the company's risk management functions. If properly conducted, it will provide the board with the necessary due diligence.

As guardians and representatives of a corporation's shareholders, directors are obliged to protect the company and its shareholders from harm, including inept management, unfavorable takeover offers or inaccurate financial reporting. Since a company's ability to produce income for dividends or stock value appreciation is important to shareholders, it follows that the board of directors has an obligation to ensure that the business' ability to produce income is safely guarded. That means protecting the organization's primary income-producing base-its assets, which include its reputation, customers, suppliers, employees, land and equipment, technology and financial resources..

Depending on one's perspective, the obligation to produce income can be balanced against other corporate and societal goals, such as acting as a good corporate citizen and providing a safe work environment and products and services that do not damage the environment. Many companies have created corporate ethical standards or guiding principles-even environmental ethics"-to balance conflicting economic and non-economic goals. Even discounting these "higher order," non-economic responsibilities, directors have an implicit responsibility to ensure that income-producing assets are reasonably well protected, as it is in their best economic interest to do so.

What About Insurance?

In the past, the board's inquiries have typically been limited to asking, "Do we have enough insurance?" This question is also important to the directors on a personal level, as directors' and officers' claims have been levied for failure to effect and maintain adequate insurance. Underlying this common question is the board's desire to understand and measure the adequacy of the corporation's ability to respond to the risks of loss.

Insurance, however, responds only to a portion of the broad spectrum of corporate risks. Typically excluded are pollution losses and product-recall incidents. Insurance seldom pays for the total loss. Indeed, hidden or indirect costs, such as loss of reputation, lost productivity, product recall, retraining, diverted management resources and loss of market share, can be significantly higher than the insured or direct loss. Also, adequate insurance, a reactive loss financing mechanism, does not prevent the loss from happening in the first place. The broadest insurance policy available with the highest limits imaginable has never prevented an oil spill, put out a chemical fire or stopped a claimant from suing.

Given recent concern over the financial security of some insurers, even the promise to address the direct financial effect of a covered loss is questionable. Companies insured with Mission, Transit and other insurers have painfully discovered that the safety net of insurance may contain a few holes.

Today, prudent management no longer depends on insurance as its primary safety net. …