Successful risk management comes from ensuring all parts of a business adopt a common approach and understand its rationale
For Tetra Laval group risk management and insurance director David Howells, excellence at work is easily summed up: “It’s all about collaboration. Having a good procedure or methodology is only the start. Implementation requires the buy-in, co-operation and commitment of the businesses, plus having auditors understand and support your approach.”
Howells says that success comes from focusing the attention of colleagues on the benefits that good enterprise risk management (ERM) can bring: the improved practices and better decision-making that comes from not simply ticking boxes or marking milestones just for the sake of being able to say ‘we’ve done it’.
But despite this seemingly simple logic, the route to delivering the benefits of ERM within Pully-based Tetra Laval has required the creation of a complex and thoroughly researched plan. “We were asked by the group board to centrally define a methodology for the identification, measurement, documentation and reporting of risks,” says Howells. “We then assisted each business unit to understand this common approach and to implement the procedure.”
The group board defines the risk appetite in each risk category and sets the reporting requirements. Howells says: “This approach requires the integration of risk management activities into all business processes. The standardisation ensures that management of risks and associated controls is consistent and documented, properly supervised, covers all types of risks and allows the board to maintain strong oversight and gives them the ultimate approval of each industry group’s risk management strategy.”
Adapting to change
This methodology was reached by adapting the most important elements from the UK Combined Code, the US Sarbanes-Oxley Act, the Committee of Sponsoring Organizations of the Treadway Commission and other governance and legislative frameworks to the culture and structure of the Tetra Laval Group, which is privately owned. Howells says: “[The plan] was reviewed and overhauled in 2010 to include the latest regulatory and risk management advances and focus more on the added value brought.
“It is currently being reviewed again and, this time, the focus will be on internal control systems and deriving added value from the procedure and the improved decision making it brings.”
Tetra Laval’s ERM reflects the firm’s complex risk profile: the group is present in more than 190 countries and has more than 30,000 employees working across five business segments: milk production, food preparation, processing, packaging and distribution. More broadly, these segments provide a huge range of goods and services, including packaging, the technology for processing and distributing foodstuffs, including liquids, fruit and vegetables, ice-cream and processed food, along with systems for managing agricultural production and livestock herds.
Howells says: “We face challenges similar to other multinational companies and risks specific to our businesses and areas of activity. At the moment, we are investigating, like most organisations, supply chain risks, political risk and cyber exposures. These risks are regularly reviewed, their impact and probability are monitored and new or emerging risks are tracked. Then, the knowledge and understanding gained from these activities is integrated into the business – planning processes, feeding strategy, financial planning, reporting, operations and so on.”
Howells believes that one of the successes of Tetra Laval’s approach to ERM is that each individual business, or industry group, has its own risk officer who is responsible for implementing the group methodology on their particular patch. “By providing them with a common procedure, my team is able to support the work they do and share best practices and the challenges,” he says. “The chief executive and leadership teams of each industry group have been quick to embrace risk management, and we now have good collaboration between my team and the risk officers, and among the risk officers.
“This has not been quick to achieve, but we can see the benefits of working together on problems rather than reinventing the wheel every time a new challenge arises.”
Identifying risks
Howells believes one of the best examples of how well this collaboration works is in the way the group is reviewing its risk management methodology by engaging with individual risk officers throughout the review process. “I am confident that we will end up with a procedure that meets the needs of the board and the industry groups. Because they have been involved in and contributed to the update, they have buy-in and the enthusiasm to implement it within their own organisations.”
It all comes back to that word again: collaboration. Howells says: “We work with the business to understand the risks it has identified, to challenge the measurements it has defined and the effectiveness of its controls.
“Once we are comfortable that the current, or ‘net’ exposure is understood, we determine if the level of residual risk is acceptable. If it is not, we investigate how the current controls can be strengthened and improved to further reduce the probability of an occurrence or its impact. Only after that exercise has been completed do we consider if the remaining risk could, or should, be transferred.”
For example, the multi-departmental challenges of mergers and acquisitions mean that everyone needs to be talking – together – about risk. Howells says: “Whether you focus on depth of due diligence, the accuracy of valuations and pricing, the financing structure or extracting value from the integration of successful acquisitions, each step contains risks.
“A sound risk management procedure and risk management approach to acquisitions will identify these at the beginning. Risk managers bring another tool to this process, and we need to demonstrate that it is not a barrier, but a value-adding tool we are bringing.”