The greatest threat to an organisation’s sustainability is the emergence of unidentified and unreported exposures to nonfinancial risk that accumulate until they pass a tipping point when they mutate into losses euphemistically termed ‘unexpected’. Organisations have become increasingly susceptible to this threat due to two primary factors:
First, recent decades have seen exponential growth in exposure to nonfinancial risks both in terms of their size and complexity. Boards and C-suite executives must now navigate their organisations through a veritable minefield of nonfinancial risks that have evolved from simple and benign to complex and treacherous. They include manufacturing, transaction processing, climate change, supply chain, cyber, conduct, fraud, geopolitical, model and legal and compliance risks.
Second, enterprise and operational risk management (ERM & ORM) tools and techniques are appallingly weak. The information reported to boards, CEOs and CFOs on the status of nonfinancial risks is typically derived from subjective, non-aggregatable, non-comparable, colour-coded (red/amber/green) risk & control self-assessments thereby disenabling the analysis, monitoring and controlling of accumulating exposures to nonfinancial risks in the aggregate.
Control of the Risk Agenda
A combination of exponential growth in exposure to nonfinancial risks, weak and ineffective ERM and ORM tools and techniques and a history of unpredicted failures of influential corporations, most significantly during the global financial crisis of 2007/8, has undermined confidence in nonfinancial risk management and financial accounting and reporting. In response, legislators and regulators have progressively taken control of the corporate risk management agenda through ever-increasing volumes of statutes, regulations and public disclosure mandates.
Perversely, the consequential migration from boardrooms to legislators and regulators of a significant portion of the accountability for the management of nonfinancial risks has stifled the capacity of organisations to innovate, inhibited their freedom to operate and, paradoxically, further increased exposures to nonfinancial risk by adding a deep layer of regulatory and compliance risk.
To halt and begin to reverse this costly, anti-business trend boards, CEOs, CFOs and CROs need risk management systems that comprehensively and reliably identify, quantify, aggregate, value, report and account for exposures to nonfinancial risk. Such solutions have not materialised to date because of a wrongheaded but universally accepted mindset that a nonfinancial risk is inherently unobservable… only outcomes are observable.
This negative, anti-progressive mindset must change. Organisations must view nonfinancial risk as a financial abstraction in the same way that profit or loss, shareholders’ equity, ROE and unit cost are viewed as financial abstractions. If accountants can transform so many diverse financial abstractions into observable accounting measures, there’s no reason why they can’t do the same for nonfinancial risks and ESG attributes.
Risk Accounting incorporates a nonfinancial risk quantification technique first pioneered at the Chase Manhattan Bank (now JPMorgan Chase) as a production (operations) risk measurement and management tool. In the aftermath of the global financial crisis of 2007/8 the technique was extended and codified at the Durham University Business School as an integrated nonfinancial risk management and accounting solution where it was proven for application in banks through laboratory testing. Further tests were successfully conducted against publicly available bank holding company financial statement (US GAAP) datasets provided by the Federal Reserve Bank of Chicago.