From the October 2003 issue of Treasury & Risk magazine

Two Steps Ahead

Back in 1998 and 1999, when the markets were rallying, insurance costs were well behaved and there were no 9/11 or Enron factors to consider, Microsoft was already re-evaluating the way it assessed risk. Events expose companies to more than one type of risk simultaneously, says Treasurer and Vice President Brent Callinicos, but Microsoft--and every other company--were still compartmentalizing risk. "Risks are related," Callinicos says.

As the Microsoft treasury team saw it, the solution was to move away from the labels that insurance companies place on risk when they try to sell short-term policies on individual specific risks. Risk assessment was going to have to be conducted on a business-line basis-"understanding what each Microsoft business is doing and figuring out from that what kind of risks may occur," Callinicos says. "It's useful to look at buckets of risk." He cites the example of an earthquake, which could result in property damage, but could also mean business interruption, the death of a company executive or a shareholder lawsuit, all of which would traditionally have been covered by separate insurance policies.

Microsoft's award-winning financial risk management project is an example of its work with its businesses. Here, the hedging program aimed to help distributors in Brazil deal with the foreign exchange risk to which they are exposed because they pay Microsoft in dollars, then resell the products in Brazilian real. The risk management work with Microsoft's businesses represents "the biggest fundamental shift I've seen" in the way that treasury operates, Callinicos says. "Treasury departments were treasury departments, banks within a company. We're now getting much more mindshare and spending far more time with our internal customers as to how treasury can help Microsoft."

Nonetheless, enterprise risk management doesn't mean that all risks can be analyzed in the same manner. Callinicos distinguishes between the finance side, where quantities of data about the performance of markets and currencies are available to use in assessing risks, and the business side, where there may be relatively little data to use. Because of that, "you can't apply the same statistical measurements in terms of risk assessment," he says.

When it comes to assessing risk, Callinicos advocates employing as many methods as possible to guard against the danger of being surprised by a change in correlations. Microsoft uses Value-At-Risk analysis, which projects possible financial market losses based on market trends and volatilities, but it also does scenario testing and sensitivity testing, he says. "If you use just one risk management tool, you're probably missing the boat."

But such risk assessment can be time-consuming, and no treasurer--not even Callinicos--has a limitless number of staff hours to devote. That's why Callinicos advises that it is essential to automate some of the work. Unfortunately, commercially available tools and systems aren't always adequate. "The vendors have not kept up with the needs," Callinicos claims, which is why Microsoft felt it necessary to construct a risk management information system to handle its insurance claims from the ground up. The systems on the market embody an insurer's perspective, rather than the view from corporate, and they aren't sophisticated enough to handle the complex methods Microsoft uses to transfer risks, which include captive insurance companies and finite insurance programs. Microsoft had a system that met its specifications built in seven months by a software company in India.

Callinicos notes that to get a system capable of what it needed on the financial risk management side, Microsoft was forced to purchase one--called Barra Redpoint--that is "essentially comparable to what a bank or investment bank has in place. Vendors who sell to treasuries aren't selling systems [that are] mission-critical risk management systems," he says.

In Callinicos' view, the cheap insurance available in the 1990s led companies to rely too much on insurance as a panacea to risk. "Your first choice should be figuring out a way to eliminate that risk--either contractually passing it on to someone else or finding a way to address the risk prior to it being a potentially loss-triggering event," he says. "There are hundreds of instances over the last four years where we have partnered with the business and changed something operationally to mitigate rather than transfer the risk to someone else. And you can often do that for free."

Once the company has decided to transfer its risk to an insurer, Callinicos advocates insuring bundles of risks, such as all the possible outcomes of an earthquake, rather than getting coverage for each exposure separately. "What you will pay for that bundle of risks is probably less than you would pay for the individual silos of risks," he says, but adds that it is hard these days to get insurance companies to cover a group of risks. Insurers "want to sell you very specific, very granular silo-ly defined short-term insurance," Callinicos says. "What we want is broad, long-term insurance."

Looking ahead, Callinicos says he expects "increasing volatility" in financial markets and "more scenarios where correlations break down." Nor can Microsoft rest on its laurels when it comes to business risks. The software business is dynamic and the risks will continue to change, he says. "We will learn as we go, but we're going to have to constantly adjust the way we're assessing risk, the way we're measuring risk and the way we're mitigating and transferring that risk in the future. We're not done, in other words."



THE JUDGES AND HOW THE WINNERS WERE SELECTED

George Davidson, Treasurer, UOP LLC

Glenn Gunn, Treasurer, Alcatel USA

Matthew McKenna, Treasurer, PepsiCo Inc.

Susan Skerritt, Partner, Treasury Strategies Inc.

Glenn Votek, Treasurer, CIT Group Inc.

Each judge read all entries in the seven AHA categories. They then graded them and sent the grades to T&RM's editors. The editors added up the grades to see which company scored the highest and awarded the gold, silver and bronze accordingly. Judges recused themselves from voting in categories in which their companies had submitted applications. To choose the overall winner, the judges discussed, via conference call, the quality of the winning applications and the potential impact of the innovation on the profession until a consensus was reached as to which company should be awarded the overall prize.

Comments