Back in 1998 and 1999, when the markets were rallying, insurance costs were well behaved and there were no 9/11 or Enron factors to consider, Microsoft was already re-evaluating the way it assessed risk. Events expose companies to more than one type of risk simultaneously, says Treasurer and Vice President Brent Callinicos, but Microsoft--and every other company--were still compartmentalizing risk. "Risks are related," Callinicos says.
As the Microsoft treasury team saw it, the solution was to move away from the labels that insurance companies place on risk when they try to sell short-term policies on individual specific risks. Risk assessment was going to have to be conducted on a business-line basis-"understanding what each Microsoft business is doing and figuring out from that what kind of risks may occur," Callinicos says. "It's useful to look at buckets of risk." He cites the example of an earthquake, which could result in property damage, but could also mean business interruption, the death of a company executive or a shareholder lawsuit, all of which would traditionally have been covered by separate insurance policies.