Although the U.S. economy is teetering on the edge of economic recovery, company shouldn’t forget the dangers that the past few years have gone through. “In good times,” wrote Harvard Business School’s Robert Simons, “it’s easy to forget about risk.” [“How Risky Is Your Company?” Harvard Business Review, May 1999] Simons goes on to warn, “It’s in good times that managers need to be most watchful for signs of impending danger.” To help companies assess risk, Simons developed a risk exposure calculator that will be discussed further below.

Ignoring risk in good times is not the only thing that can result in potentially catastrophic problems. Conveying the wrong message about risk tolerance can also create havoc. Philip Delves Broughton reports that the chances of that happening rise when conversations involve different languages, cultures, locations, and disciplines. “Risk is a risky word,” he writes. “Already prone to misinterpretation among people who share a language and a culture, the difficulties multiply dangerously when it moves across borders.” [“A conversation that translates,” Financial Times, 6 June 2012]

In the past when I have written about supply chain risk management, the focus has been mostly on external risks that can cause disruptions. Simons’ and Broughton’s articles, however, focus on how companies approach and communicate risk tolerance within their organizations. Before looking at the challenge of how business executives communicate the proper level of risk tolerance to employees in a transnational corporation, let’s examine what Simons had to say about assessing risk tolerance. Daniel Dumke reminds us, “Not all risks are unintended. … Risk is part of doing business, so a good risk calculator would only include … unwanted and unrecognized risks.” [“How Risky is your Company?” Supply Chain Risk Management, 05 September 2011] Since some risks are necessary, company executives need to assess how much risk they are willing to take on behalf of the company. Simons wrote:

“Consider how an aggressive, can-do culture often arises when a company’s sales and profits soar. Such a culture usually accounts for bold initiatives and satisfied clients, but it also can end up silencing any messenger carrying bad news about a company’s practices. Success can also require an organization to invest in new computer systems to carry the load of increased orders. That growth is reason to celebrate, except that the all-too-common failure to integrate new technology is a disaster waiting to happen. Success, in other words, should make executives nervous. Better yet, it should galvanize them to identify their level of internal risk exposure. Not all risk is bad, of course, and in fact, most organizations must take risks in order to make progress.”

If risk-taking is an uncomfortable, yet necessary, business activity, then assessing how much risk a company should be willing to take is an essential business activity. Simons doesn’t believe that assessing risk is considered essential by many executives and that’s a problem. He cautioned, “Managers—especially those of successful enterprises—must always be on the lookout for the risk lurking in their organizations. The question is: how can they pinpoint the areas of risk exposure?” To help companies assess their risk tolerance, Simons “developed a tool called the risk exposure calculator.” He explained:

“The calculator shows the pressure points present in every organization that lead to increased risk, such as the speed of operational expansion and the level of internal competition. Depending on a company’s circumstances and management style, the amount of pressure on each point can be low or high. A uniformly low score on these pressure points, it should be noted again, isn’t necessarily a virtue. Remember that nothing ventured is nothing gained. But too high a score on too many pressure points can be a strong signal that a company is exposed to dangerous levels of risk. Remedial action may be necessary—and fast. The risk exposure calculator is not a precise tool like an electronic spreadsheet or a discounted cash-flow analysis; its results are directional. It allows executives to determine if a company’s risk level is in the safety, caution, or danger zone. Once executives calibrate and understand a company’s risk level, they can align it with the organization’s strategy.”

Simons reported that he had tested the calculator on “managers from hundreds of different companies attending Harvard Business School’s executive education programs.” He went to report that most managers were surprised with the results. He wrote:

“Because the calculator shows the combined effect of risk exposure throughout a company, the typical reaction to the total score is surprise, followed by nagging discomfort. It is not as if these executives don’t know that their organizations carry risk. The CEO of a manufacturing company might, for example, be fully cognizant that a new factory has been put on-line too quickly. That single pressure has been worrisome, but not enough to keep him up at night. Using the risk calculator, however, the same CEO might discover that there is enough pressure on other critical pressure points that his company’s overall risk exposure has risen to dangerous levels.”

Simons went on discuss what companies can do with the results produced by the risk exposure calculator.

“The risk exposure calculator … gives executives the opportunity to conduct two illuminating exercises. First, managers can ask people at different levels and in different functions within a company to use the calculator—and then compare scores. In my experience, that process shows that people at the very top of the company are less aware of risk exposure than those closer to the ground. Similarly, the exercise often reveals that people in one division or business unit rate the company’s exposure to risk much higher than the rest of the organization. In such cases, it is time for senior executives to find out what one business unit knows that no one else does.”

We’ll return the topic of how risk is perceived when we look at what Broughton has to say. Dumke notes that “the key elements of Simons’ calculator are three internal pressures: due to growth, culture and information management. A version of the calculator can be found in figure 1.”

Dumke explains the calculator’s elements as follows:

“There are three pressure points in each category:

Growth

• Pressure for performance — Setting challenging goals can have stimulating effects on employees, but also increase risks when employees try everything to achieve those goals: ‘They may, for example, accept customers with poor credit ratings or cut quality to accelerate operations.’
• Rate of expansion in operation — If companies are expanding at a faster rate than the knowledge of their employees, it can also lead to additional risks: ‘Managers should ask themselves: Are operations expanding faster than our capacity to invest in more people and technology?’
• Inexperience of key employees — This can also be a problem in times of growth, when key managers are employed without sufficient training.

Culture

• Entrepreneurial risk taking — Risk taking is part of daily business and also a reason why a profit can be reaped from those deals. But of course, the more risk a company takes the more it has to take care of.
• Bad news — This point measures how information, especially the bad news, travel upwards to the management. So the questions to ask here are: ‘How much bad news do I actually hear? Have I surrounded myself with “yes men”?’
• Internal competition — For some conglomerates this last cultural pressure point is just the way of making business. But internal competition can also have negative effects like decreased information sharing within the whole company, and thus increasing risks.

Information Management

• Transaction complexity and velocity — ‘To determine the score on this point, managers should do a rough calculation in their heads. What were the complexity, volume, and velocity of information a year ago? Have they risen, and by how much?’
• Diagnostic performance measures — Simons argues that performance measures are often neglected in times of growth. This point should have a high score, if there is: ‘a feeling of frustration – a sense that it’s hard to get the right data at the right time. When there are gaps in diagnostic performance measures, managers end up getting the information they need by making phone calls and walking around. In short, they spend a lot of time doing the work a computer system should be doing.’
• Decentralized decision making — The last point here is decentralized decision making, which can be used to improve motivation and performance. But also local managers often do not fully follow the guidelines set by the company and also information flow might be disturbed.

“Overall the risk index can be calculated by adding up the individual scores. But the insights you gain are by answering the questions and not by the resulting number alone.”

The following figure provides a quick overview of five questions that Simons recommends business executives ask as they attempt to deal with risk exposure.

The first question — “Have senior managers communicated the core values of the business in a way that people understand and embrace?” — touches on the concern raised by Broughton. He writes:

“What a Wall Street trader might define as moderately risky may seem downright insane to a Japanese retail broker; what an oil pipeline engineer in Brazil might characterize as gung-ho may appear overcautious to his revenue-chasing chief executive in London. ‘The perception of risk and uncertainty is very different across cultures,’ says Javier Gimeno, a professor of international risk and strategic management at Insead. ‘In some cultures, there is a very high level of uncertainty avoidance. People avoid discussing things where there is uncertainty, or imitate their competitors just to feel the safety of doing the same thing.’ In some Mediterranean and Arabic cultures, he has observed a ‘strong sense of fatalism or destiny. You don’t want to talk about possible scenarios and possible risks. No one wants to be the person bringing up the risk, which makes the communication of risks difficult.'”

Broughton reports that analysts have determined that one of factors that led to “the explosion of BP’s Macondo well in the Gulf of Mexico two years ago … appears to have been a failure in communication between BP’s London headquarters and its US operations over the balance between internal control and operational aggression.” Broughton concludes:

“Oil companies, for example, measure risk in all kinds of ways, from political risk and operational risk to the macroeconomic factors that might lead to fluctuating oil prices. But these measurements are next to useless without open communication and shared assumptions about language.”

He provides the following five “tips for managing risk across borders”:

“Context is more important than language. Understand what matters most in the markets where you are doing business. Is it the law, logic or maintaining relationships?

“Every word comes with its own ‘metadata’ in different cultures. Be as specific as you can and never assume you have been properly understood without checking for potential misunderstandings. Even colleagues who speak the same language may understand risk and its nuances differently.

“Don’t treat risk management as a separate activity by leaving it to auditors and risk officers. Investigate ways to integrate managing risk into all operations.

“Make everyone in the organization responsible for managing risk, from the board and chief executive to the lowliest employee.”

Properly assessing risk and then communicating clearly how the company wants those risks addressed is vital for multinational corporations. Read Broughton’s article in its entirety and you’ll be convinced that while communicating clearly across language, culture, and borders is essential, it’s not easy.