Watch CBS News
Leadership

BP, Buncefield Illustrate Risk of Ignoring Risk

By Richard Northedge

/ MoneyWatch

Add CBS News on Google

You don't need to operate an oil rig in the Gulf of Mexico, like BP to realise the consequences of risk.

You don't need to be a firm facing unlimited fines because of the explosion at Britain's Buncefield fuel depot either. But such incidents are a reminder that companies need a risk strategy and that it probably needs moving up the corporate agenda.

Risk comes in many forms other than oil explosions. It could be the effect on weather on business, staff loss caused by a flu epidemic, a product or process failure, a collapse in markets or a credit crunch.

The banks' own inability to cope with a liquidity crisis and falling asset values suggests their own risk strategies were deficient, but the starting point for any board must be to compile a risk register -- a list of everything that could go wrong. Only then can the risk be assessed and measured so that a risk-management policy can be constructed.

Many companies believe they take risk seriously by ensuring a wide range of departments are aware of it, but spreading responsibility can add to the danger rather than reduce it. If risk is monitored by internal auditors, compliance staff, internal control functions and a dedicated risk officer, it can slip between the cracks.

That is why an increasing number of companies are establishing risk committees on which all those parties can be represented, but which co-ordinate assessment and action. But while some firms put non-executive members on these committees, others believe it essential that risk remains a matter for full-time executives.

And even in the smallest of organisations, it is important that one person takes ownership of risk matters. This need not be the chief executive or finance director but the risk manager must have direct access to those people and, to have authority, this manager may well need to be a member of the main board.
I is also essential risk assessment has a financial aspect. Geologists and engineers might have been able to tell BP the probability of its rig exploding and the amount of oil that might spill, but they would not have assessed the environmental damage, the political reaction and the reputational loss. The spill has so far cost BP $20bn and cost its shareholders their dividend and half their capital. It is also likely to affect future business and directors' jobs.

Risk management is thus much more than a statistical analysis of probabilities but it need not be about minimising dangers. Having assessed a risk, managers may choose to accept it -- insuring against it, hedging costs or holding sufficient reserves to absorb a loss.

But that decision -- as the directors of BP, the banks and the Buncefield operators now know - can be taken only once a risk strategy has been drawn up. Surely boards do not need more reminders of how serious it can be to underestimate the consequences of ignoring risk?

(Pic: Stuart Axe cc2.0)

© 2010 CBS Interactive Inc. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue