The economic crisis that began in 2007 alerted many executives to the gaps in their understanding and management of risk. As a result, many have taken actions to improve their risk management, some of which will be beneficial, but many of which serve merely to mollify their boards of directors.
Risks can be categorized in many ways. For our purpose, a useful distinction is between (1) internal risks that the company can be expected to control (such as employee and customer safety, pollution, and employee malfeasance), (2) natural disasters (such as hurricanes or earthquakes), and (3) external economic risks (such as recession, inflation, interest rate changes, commodity price changes, shifts in consumer demand and preferences, technological change, and competitor actions).
Internal risks and natural-disaster risks are typically one-directional, downside risks that can result in major crises but do so infrequently. Companies need to weigh how much they are willing to invest to reduce these risks. For example, heavy industries with real safety risks like oil production need to decide how much to invest in training and building a safety culture, while industries like gaming or securities trading need to decide how to effectively monitor employee behavior.
Our focus in this chapter is on external economic risks. Decisions about how to manage these risks are complex because they're often two-sided risks (economic changes can be beneficial or harmful), and reducing these risks ...