Summary by James R. Martin, Ph.D., CMA
Professor Emeritus, University of South Florida
Change and Risk Management Main Page |
Strategy Main Page
The authors define political risk for an organization as the probability that a "political action" will significantly affect the organization's business in a positive or negative way. They use the term "political action" to refer to actions by a wide array of global political actors that occur in homes, on the streets, in the cloud, in chat rooms, dorm rooms, boardrooms, and neighborhood bars (See the illustration below for ten types of political risk). The probability that political risk will significantly affect a business is high, but effectively managing it is fairly straightforward. The purpose of this paper is to describe a political risk framework that includes four core competencies, and a series of questions that help identify gaps in an organization's ability to operate in a new era of global insecurity.
The New Forces Behind Political Risk
Three megatrends are transforming the political landscape:
Dramatic changes in politics since the end of the Cold War - Today the international political environment is filled with rising states, declining states, failed states, rogue states, and nonstate actors such as terrorist groups and cybercriminals.
Supply chain innovations - Longer leaner global supply chains allow for lower costs and better inventory management, but leave companies more vulnerable to disruptions from political actions in faraway places.
The technology revolution - Social media, cell phones and the internet have dramatically lowered the cost of collective action, or social activism. By 2020 more people are expected to have mobile phones than running water and electricity.
The Political Risk Framework
The framework includes four core competencies and a series of questions that address the most important issues related to each competency.
1. Understand risks:
What is the organization's political risk appetite? This is influenced by factors such as the time horizon of major investments, availability of alternative investments, ease of exiting investments, and the visibility to consumers. For example, extractive industries like oil and gas have investments that cannot be moved easily, while consumer-facing industries like theme parks and hotels are particularly susceptible to reputational damage. A well known example is where Sea World lost 60% of its stock value after a documentary focused on how the treatment of orcas harmed the animals and their trainers.
Is there a shared understanding of the risk appetite? Political risk needs to be a concern for everyone in the organization from the boardroom to the sales floor.
How can we reduce blind spots? Do not expect the future to look like the present. Foster creative thinking and guard against group think. Methods such as scenario planning and war-gaming exercises can help identify hidden risks.
2. Analyze risks:
How can we get good information about the political risk we face? You have to look for good information to find it.
How can we ensure rigorous analysis? Challenge assumptions and mental models about how risks might occur. Understand which assets are the most valuable, which are the most vulnerable, and how those converge to form an organization's highest political risk. Tools such as Monte Carlo computer simulations can help the analyst understand the key drivers and possibilities. FebEx and Marriott International are mentioned as examples of companies with risk alert systems.
How can we integrate political risk analysis into business decisions? One method used by Lego is called "boat spotting", i.e., watch for potential risks and opportunities so that you don't "miss the boat". Their approach includes analyzing Google Trends search data, and scenario planning (See the Axson summary below).
3. Mitigate risks:
How can we reduce exposure to the political risk we have identified? Strategies include dispersing critical assets, creating surge capacity and slack in the supply chain, and sharing political risk assessments and mitigation strategies.
Do we have a good system and team in place for timely warning and action? Set up a team to spot risk, and an effective warning system to reduce decision making on the fly.
How can we limit the damage when something bad happens? Build relationships with external stakeholders.
4. Respond to events that indicate a system's vulnerability:
Are we reacting effectively to crises? An organization should assess the situation, activate a response team, lead with values, tell their story (honestly), and not fan the flames.
Are we developing mechanisms for continuous learning? Mechanisms for continuous learning must involve assessments of what to keep doing, what to stop doing, and what to start doing, plus an inspirational approach to motivate everyone to join in.
Risk Management in Action
This section of the paper describes Royal Caribbean's Haitian crisis that occurred when a 7.0 magnitude earthquake struck Haiti, killing an estimated 200,000 people. The company was criticized for docking a cruise ship, and sending passengers to swim and play near the hard hit capital of Port-au-Prince. The cruise line responded in a number of ways including paying per guest taxes to the government, contributing $1 million in aid, and building a new school in Haiti. They stayed on message, expressing empathy and their commitment to Haiti's recovery avoiding a serious threat to Royal Caribbean's reputation.
Five Global Shocks that Rattled Business
Periodically exogenous shocks affect virtually everyone in the global economy. Examples include:
1. The terrorist attacks of September 11, 2001,
2. The 2008 global financial crisis,
3. The Arab Spring and subsequent unrest across the Middle East,
4. Great powers behaving badly (China and Russia), and
5. Nativism, populism, protectionism, and isolationism making a comeback.
Concluding Comments
The most effective organizations take political risk seriously, approach it systematically, and lead from the top.
_______________________________________________________
Related summaries:
Axson, D. A. J. 2011. Scenario planning: Navigating through today's uncertain world. Journal of Accountancy (March): 22-27. (Summary).
COSO. 2016. Enterprise Risk Management: Aligning Risk with Strategy and Performance. Public Exposure Draft. (June). (Summary).
Kaplan, R. S. and A. Mikes. 2012. Managing risks: A new framework. Smart companies match their approach to the nature of the threats they face. Harvard Business Review (June): 48-60. (Discussion of three categories of risks: Preventable risks, strategy risks, and external risks that are beyond the organization's influence and control. Each type of risk requires a different risk-management approach). (Summary).
Levin, B. and L. Downes. 2022. Every company needs a political strategy today: Five principles will help leaders take decision action when fast-moving laws and regulations conflict with stakeholder values. MIT Sloan Management Review (Fall): 1-4. (Summary).
Malone, D. and M. Mouritsen. 2014. Change management: Risk, transition, and strategy. Cost Management (May/June): 6-13. (Summary).
McKay, S. 2016. CGMA tools: How to communicate risks using a heat map. Journal of Accountancy (June): 35-40. (Summary).
Merchant, K. A. 2012. ERM: Where to go from here. Journal of Accountancy (September): 32-34, 36. (Summary).
Shenkir, W. G. and P. L. Walker. 2006. Enterprise risk management and the strategy-risk-focused organization. Cost Management (May/June): 32-38. (Summary).
