The Supreme Court quashing 122 telecom licences was no less than a Black Swan event for most. But for Essar, it meant code red.
Just a fortnight ago, on the first week of February, the CBI in its third set of charges had accused Essar Group promoters Ravi and Anshuman Ruia, senior company executive Vikas Saraf, Loop Telecom promoters and Ruia family relatives, Kiran Khaitan and her husband I P Khaitan along with three companies — Loop Telecom Pvt Ltd, Loop Mobile India Ltd and Essar Tele Holding — of criminal conspiracy and cheating the telecoms department to secure mobile permits in 2008.
As if that wasn’t enough, the SC verdict now meant Loop Telecom’s 21 licenses, its existing 3.21 million subscribers were at stake.
It may not have been such a calamitous turn of events, but just a week later, in Bangalore, Parmit Chadha, CEO, Strategy and Corporate Development, GMR Group, received a newsflash on his Blackberry about fighting breaking out in Male, after Maldives President Mohamed Nasheed was eased out following a coup d’état by military and police. GMR is modernising the international airport in Male. As information trickled in, it “naturally got picked up by our daily intelligence bulletin — a collation of business and events encompassing the entire GMR eco system.” He elaborates further: “For the last four years, we have codified our risk mitigation blueprint. We even have business continuity and a disaster recovery plan for each of our projects, in the event of an unforeseen event actually taking place,” he says.
More From This Section
Just rewind a few years. After Mamata Banerjee’s agitation against the Nano project in West Bengal, Tata Motors had shown remarkable resilience towards dynamic business circumstances. The relocation of the Nano plant from Singur to Sanand in Gujarat in October 2008 is a classic example of a strong risk management framework enabling the management the speed with which they moved. “We not only controlled the financial impact but also took minimum time in delivering the car, to begin with from Pantnagar, by July 2009 and subsequently from Sanand from June 2010.
This would not have been possible without effective risk taking ability and mitigation plans in place,” admits Nagesh Pinge, Vice President (Internal Audit), Tata Motors.
But if you don’t want to look so far back, just look around. Did you foresee riots for democracy across the Middle East, even a year back? But the anger, anguish and agony of an Arab Spring or an Occupy Wall Street movement are a reality that businesses have to grapple with. Or have had to in just the last one year.
The geopolitics of oil is again spooking the commodity markets. Back home, inflation and high interest rates have made all business projections go haywire. Add to that internal security challenges, a policy paralysis and a regulatory logjam. It probably cannot get more chaotic than that.
In the backdrop of this challenging economic environment, heightened shareholder activism, enhanced regulatory interface and Black Swan events, managing and analysing operational business risks is bound to become an alpha priority, says Sardul Seth, Associate Director, Advisory Services, Ernst & Young.
Take unseen risks, for example. How prepared do you think were Uninor or MTS when the apex court cancelled their three-year-old telecom licences? Or when Maruti Suzuki was thrown completely out of gear during a fortnight-long labour strike at their Manesar plant last October, the second within four months?
These unseen risks are hard to predict, rare events that are beyond the realm of normal comprehension, but have high impact. They also test an organisation’s readiness to protect shareholder value.
THE RISK OF GLOBALISING
It becomes that bit extra essential for those in India Inc with a transnational operation. Indian conglomerates — largely promoter-led — have traditionally been good at intuitive or reactive risk management. “But when you go overseas you should be sensitive to managing a new set of unfamiliar risks — these could be commodity risks, currency risks, political and regulatory issues or even the cultural ethos. One needs to build new relationships and natural links to manage these risks well,” feels Alok Eknath Kshirsagar, Director and Head of Mckinsey Asia Centre.
You may think FMCG companies are stable, defensive in nature. But last year in Nigeria — a market that Godrej Consumer had entered by acquiring the beauty business of Tura in 2010 — they confronted a unique situation. Just prior to the elections, there was a rash of kidnappings of expat professionals. Many of the political outfits were seeking hefty ransom payments to fund their campaigns. “Our local team spotted the trend and alerted the chain. The corporate centre and the local units initiated a dialogue to firm up their risk mitigation strategy. The drill involved measures like ensuring safety of executives, the plant and securing inventory. So we immediately ramped up production, so that even if there was a drop, supply wouldn’t suffer,” remembers Gambhir. “The factory did actually shut down for a week and the executives moved to a safer neighbourhood, but the risk mitigation mechanism ensured there were no major disruptions.”
For most big Indian corporations, the template is somewhat standardised. Usually, the enterprise risk management process begins with each business unit identifying risks, by using a risk scoring matrix, through an institutionalised approach that is aligned to the strategic objectives of the company. The matrix looks at the likelihood and impact of an event, if it were to take place.
“Under ‘likelihood’, we consider three parameters — financial, market share and customer satisfaction index, revenue and regulatory compliance,” says Tata Motors’ Pinge. Based on them, risk mitigation strategies are broadly developed.
And these are then monitored, reviewed and reassessed periodically at different levels of management — at process, department, business, sector and corporate levels. The process is also overseen by the board. While the board of directors tend to review strategic risks in great detail, the audit committee reviews operational, financial and other business risks and their mitigation plans and implementation. In the risk dashboard, the topics vary. Sometimes the discussions veer towards events that are highly likely and have high impact like political or financial risks.
In global conglomerates like Essar, that process is elaborate. The Group Risk & Compliance Committee, India (GRCC) with a cross-section of members from the senior management, evaluates the risk associated with each business plan, every quarter. They in turn report to the promoter-members of the GIEC.
“There would be three colour codes. Red, you inform the promoters directly. Green, the business CEOs or CFOs take a call and if it’s yellow then they inform GRCC for a roadmap. Even within the nine-member GRCC, led by old Essar hand J Mehra, is an empowered cell of three for quick decisions,” says Drabu.
THE UNIQUE ELEMENTS
Sectoral nuances vary. For infrastructure developers like GMR, the highest risk is at the bid stage. The bid amount is paid upfront based on projections and they then get fixed. “In a bid, you are making a 20-30 year commitment. We use quantitative, qualititative tools. We usually identify 150-175 scenarios. There would be 100 variables, out of which 15-20 would be key. And we’ll then examine at least three scenarios for each one of them,” quips Chadha. Considering each bid is different, the guidelines have been designed reflecting the risk appetite of the group. “You prepare by examining natural checkpoints like the expected returns scenario, the political and regulatory environment, natural disasters, legal and contractual obligations, and sovereign’s risk profile."
For the Male airport project, GMR actually commissioned a global warming assessment report to understand sea levels over a long period of time.
More recently, despite the initial traction, GMR last month opted out of the multi-billion dollar airport redevelopment project in Sao Paolo, Brazil, after the authorities imposed punitive conditions and stiff financial penalties, subject to any delay in meeting deadlines.
“In such cases, you can factor it in the bid price itself to calculate your return projections. But in Brazil, we took some qualitative calls. We predicted a boom in construction because of the upcoming Olympics and soccer World Cup and that would mean raw material and labour costs going up. The execution risks went up considerably,” says Chadha by way of a post mortem.
Being commodity-centric corporates, for Reliance, Aditya Birla Group, Essar and Vedanta Resources — incidentally the top five in size and scale — the risk types and profiles get very different from the rest of the pack. For them, environmental issues, raw material availability, logistics can become strategic risks.
Visualise Vedanta’s Anil Aggarwal or Sajjan Jindal of JSW and Jairam Ramesh. You get the picture? Maoists had bombed Essar’s 267 km iron-ore slurry pipeline and crippled a large part of its steel operations. For them, there are five distinct risk profiles and each one of them is further broken down.
Similarly, backward integration can be a risk in itself. In a bad cycle, it may hurt right through. Ideally, for such conglomerates, there should be a blend between cyclical and annuity business. So in Essar, you have steel and a BPO. Ditto for the Birlas. But they have opened other flanks by entering into financial services and telecom.
“For commodity companies, corporate treasury functions take on a bigger role. You are buying with currency, and through debt. So the treasury functions need to be more sophisticated and their roles redefined. It cannot be a profit centre but has to manage the flow of funds and be proactive in risk mitigation. An evolved team will also give insights to cover risks with far more sophisticated instruments that are available now,” says Drabu.
THE EMPOWERED OFFICER
These are natural steps of evolution, feel experts. As a naturally corollary, even the scope of the chief risk officer (CRO) is getting morphed. Some like Mahindra’s have already crossed the threshold and have a dedicated CRO like most of their global peers. “An experienced manager often does it with intuition and trades off conflicting priorities, but a good risk management process also requires its institutionalization across the organisation,” says M&M’s Doshi.
He may have a point, but in most cases, risk evaluators in Indian corporates are still a part of the strategy cell or the internal audit function. “We have separate audit committees. The risk management teams are part of the audit controllers too. We have PE investors on board and they follow stringent governance norms. Additionally, the Management Assurance Group helps to create a risk-based audit plan,” explains GMR’s Chadha.
At Tata Motors too, the reviews are conducted periodically at a central level by the Chief Risk Officer (also the Chief Internal Auditor of the company). “An Anchor-ERM has been appointed under him to coordinate the cross-functional teams in the business units within the company and its various subsidiary companies to get a holistic view of the risks,” says Pinge. After the senior management, the risk assessments along with the mitigation plans are eventually presented to the Audit Committee.
According to Gambhir, at Godrej, “We are however still debating if we need a dedicated chief risk officer. The head of internal audit is currently overseeing that role. At the local level, usually the CFO doubles up. The CEOs too are always kept in the loop.”
That’s also the recipe for success. Risks have to be owned by the business, meaning both identification and dealing with it has to get decentralised. The corporate teams and headquarters should act as the facilitator, provide the necessary tools, but the ownership and execution has to get done by the local operations team.
RISK TO REPUTATION
But how does India Inc define their risk tolerance levels? Do they decide based Is it exclusively a financial parameter? Conscious of their brand and goodwill, corporates are getting much more sensitized. “Reputation risks, which can impact the brand and goodwill, too are monitored on various functional fronts like quality of products, customer satisfaction surveys,” says Pinge.
“The biggest risk for us is risk to reputation and brand. We pay disproportionate attention towards it. Operational risks like currency have become part and parcel of running a business, but we also pay more attention to major risks like natural disasters or frauds,” adds Gambhir.
Most managers have also realized that all risks are not bad. Bereft of any risk appetite, what will be left of the entrepreneurial zeal?
At Mahindra’s, says Doshi, risk and opportunity are looked as two sides of the same coin. As an early mover of this combo approach, M&M in the mid-1990s had set up its financial services business focusing on auto and tractor financing. “We saw the opportunity out of a risk mitigation approach to M&M. This has been constantly evolving. Today, both M&M and Mahindra Finance have mutually derisked, with each one reducing its dependence on the other, and M&M deals with multiple financing firms on the Street. Our forays into electric cars, solar energy, auto components and second hand cars, to mention a few, have evolved out of this ‘combo’ approach of recognising risks and opportunities,” adds Doshi.
Even Mukesh Ambani in a way is striving to protect his revenue streams by diversifying into homeland security. “If you want a safe Jamnagar, or a safe Mumbai, you might as well offer the best security solutions to the nation’s top cities and its energy assets. It’s also linked to strategic energy security,” says a senior RIL executive, who did not wish to be quoted.
But Parmit Chadha concludes by saying: “High risk equals to high returns is a good thumb rule, but it’s not an axiom.”