Michael D. Moberly    April 25, 2012

In my relatively small niche/corner of the intangible asset business world, it’s quite routine to engage experienced and seemingly successful management teams and risk managers who cavalierly express the view that it’s impossible to eliminate all (business) risk.  My response to such perspectives is usually to politely hedge a little by suggesting it is possible!  However, and here comes the hedging part, the resources a company would have to devote and the ultra-restrictive environment a ‘risk free’ business would necessitate, i.e., no external interactions or emanations are just two examples. I know of no company that would agree to such aggressive tactics because they could no longer be viable nor profitable and their intellectual, relationship, and structual capital (intangible assets) would be of little, or no value.

My experience also suggests most company’s ‘tolerance for risk’ (a.) varies, (b.) is largely subjective, (c.) is often influenced by industry sector and the products and/or services being produced, (d.) management team, c-suite, and board perceptions/beliefs about business risks (usually evolving from prior experiences and/or anecdotes), and (e.) locations of and interactions with a company’s primary markets, i.e., customers/clients, supply chains, and other stakeholders.

According to Dr. Marc Siegel, there are ways to measure and assess a company’s tolerance for risk which is dependent on their…

1. Experience, e.g., the confidence level held by a company’s management team achieved by their familiarity with current and over-the-horizon risks, coupled with their perceived ability to effectively manage (prevent and/or mitigate) such risks.

2. Resiliency – e.g., if or when a significant (business) risk or disruption occurs, are there policies and practices in place to (a.)mitigate/minimize the criticality posed by the risk, and (b.) rapidly return the company to a state of operational and financial/revenue normalcy in a reasonable time frame, in other words,  its resiliency. Achieving company resiliency also includes minimizing the vulnerability, fragility and/or loss of  intangible assets, particularly competitive advantages, for the duration of the risk event.

One question I often pose to management teams focuses on how they presumably achieved concensus to accept or tolerate a certain level of risk relative to a specific transaction, new venture, strategic alliance, etc.? The answer I tend to get when I pose such a question is the proverbial ‘risk is an inherent feature of doing business and all successful business persons are inherently risk takers’. I analyze risk a little differently in terms of why management teams, boards, and c-suites may be inclined to tolerate certain (business) risks and not others. It’s usually because the…

• level of risk is generally subjectively measured/assessed to be low in terms of vulnerability and probability, but the cost of mitigation through risk transfer, etc., may exceed potential (prospective) benefits, making self-insurance and elevated risk tolerance appear to be the prudent option.  Such circumstances often arise with risks that are assessed as having a low priority in terms of probability and vulnerability, but extraordinarily high in criticality.
• asymmetric nature of business risks, i.e., their magnitude, frequency, criticality, and cascading potential, should they materialize, coupled with the type of products and services a company produces, is beyond the capabilities of most to consistently prevent or mitigate.
• company’s anticipated/projected business opportunities associated with assuming a certain level of risk, outweigh risk exposures to the point that a management team can justify/rationalize proceeding with a particular transaction or initiative and therefore assume a substantial portion of the risk..

(This post was inspired by the work of Dr. Marc Siegel and his work related to organizational resilience on behalf of ASIS International.)