Wharton experts on management and risk share what companies must do to ready themselves for major disruptions.
Between the 1990s and the 2010s the number of sessions devoted to catastrophic risk at the World Economic Forum in Davos, Switzerland, went from a handful to nearly half the agenda—a testament to the impact of devastating events like the 9/11 terrorist attacks; Hurricane Katrina in 2005; the financial crisis of 2008–09; and the combination earthquake, tsunami, and nuclear accident in Fukushima, Japan, in 2011, according to Wharton’s Howard Kunreuther and Michael Useem in Mastering Catastrophic Risk: How Companies Are Coping with Disruption (Oxford University Press, 2018).
Kunreuther is the James G. Dinan Professor of Decision Sciences and Public Policy and codirector of the Center for Risk Management and Decision Processes, while Useem is the William and Jaclyn Egan Professor of Management and director of the Center for Leadership and Change Management. Their collaboration was sparked by a concern “with the role that leaders of corporations can and should take in dealing with increasingly adverse events.”
Drawing on interviews with leaders at more than 100 S&P 500 companies, they set out to develop a “checklist from the experience and wisdom of many companies that would help executives, directors, and managers of others better prepare for major disruptions before they hit—and recover from them if they do.”
One key takeaway was the importance of fostering a deliberative approach to risk-management. “We found a troublesome thread across many of the firms we studied in the decision biases that stemmed from overly-intuitive thinking, including myopia, excessive optimism, and inertial resistance that led companies to underestimate the likelihood and impact of potential disasters,” the authors told the Gazette in a joint email interview. Resilient companies were likelier to have a structured process to identify potential risk-related problems and comprehensively search for the best alternatives. This held for external threats such as terrorist attacks and natural disasters, systemic economic blows, as well as firm-specific events like oil spills or illegal actions.
“We have found that mastering catastrophic risk requires a more analytic, deliberative, and disciplined way of thinking and preparation,” Kunreuther and Useem said.
They recommend that companies take a hard look at both their risk appetite—“the amount and kind of risk [the firm] is willing to take to achieve its objectives”—and their risk tolerance—the “willingness to accept a loss from an adverse event knowing the likelihood that it could cause significant disruption to the firm.” Besides money, potential losses could include damage to the company’s brand, credibility, and reputation.
Based on its risk appetite and tolerance, a company’s next step is to put in place its “risk-management and crisis response strategies,” the authors write.
Leadership remains key in responding successfully to a crisis. Among the real-life stories scattered through the book is that of Morgan Stanley’s director of security, Richard Rescorla. Kunreuther and Useem laud his order on 9/11 to evacuate their offices in the World Trade Center’s South Tower after the first plane hit the North Tower—which saved the lives of the company’s employees—as an example of leadership that struck the appropriate balance between deliberation and decisive action. (Rescorla died in the attack while checking that everyone else had made it out.) By contrast, they offer cases such as Lehman Brothers and AIG in advance of the financial crisis—whose leadership ignored signs of trouble brewing in the subprime mortgage market—and the failure of NASA’s upper management to heed engineers’ warnings about the performance of O-rings in low temperatures that led to the Challenger shuttle disaster.
Companies take a variety of approaches to formulating their risk management practices, but they generally are most influenced by their own and competitors’ experience with previous disruptions, along with their respective near misses. In the wake of the 2008–09 downturn, many turned to risk modeling “to anticipate and buffer themselves from disruptions like those that had followed Lehman Brothers’ bankruptcy.” Other measures included increasing electronic surveillance and building security in the wake of terrorist events, passing on opportunities deemed too risky, buying more insurance, and diversifying operations.
Improving communications within companies was another common strategy. In certain cases, communication extended to competitors—for example, international banks in Tokyo consulted on “what each knew about whether the Fukushima nuclear reactors were close to critical” and what they planned to do if employees were in danger. Many companies also employed various types of scenario exercises to imagine possible future disruptions and responses to them.
To determine how companies perceived their risk environments, they analyzed “several hundred” risk disclosure forms and divided them up into 21 categories. While they had assumed that disaster risks would be most common, it turned out that government action—“public policies, regulations, and decisions that affect the way a company conducts its business”—took the top spot in many years. Financial firms led the way in this assessment, but it was true across the board.
In addition to regulatory concerns related to laws like the Sarbanes-Oxley Act of 2002 (designed to improve company reporting to investors); Dodd Frank, passed in the wake of the financial crisis; and uncertainty surrounding the Affordable Care Act, firms also worry about the government’s own risky behavior—such as endangering the US credit rating with repeated Congressional showdowns over raising the debt ceiling.
“We were surprised that companies so often cited government practices and regulations as a source of risk,” Kunreuther and Useem said of this result. “At the same time, many of those we interviewed reported that public policies also had the effect of reducing their risk by leveling the playing field.”
To date, natural disasters have had limited impact on economic markets— “the S&P index remained stable” in the month before and after Katrina struck, they note—but that may change as intense storms and incidents such as the California wildfires become more prevalent. “Climate change is very much on the risk agendas of most companies,” Kunreuther and Useem said, “as it is now directly affecting the operations of firms in many industries, such as seafood, the pricing of products in other industries, such as insurance, and even the long-term viability of still other industries, such as carbon-based energy.”
Looking ahead, “more ‘black swans’ are circling companies than ever before due to increased globalization in sales and supply chains, rising threats from global warming, and other factors,” they added. “Fortunately, firms are focusing more attention on the growing threats, and they have developed a host of devices for better defining their risk tolerance, risk appetite, and disaster recovery. At the heart of their efforts is a more analytic, deliberative, and disciplined approach to anticipating risk, preparing for calamities, and recovering from setbacks when they occur.” —JP