The Trusted Guide to Marketing Thought Leadership

Blog Posts
Apple Drinks Google's Milkshake
Revenue Performance Staff
7 Reasons You Need To Be In China
Revenue Performance Staff
Google CPCs Drop As Facebook's Rise 28%
Chris Trayhorn
Nobody Even Sees 50% Of Your Media Buy
Chris Trayhorn

Using Enterprise Risk Management to Evaluate Acquisitions and New Ventures

mThink Knowledge's picture

mThink Knowledge - Posted on 30 July 2007

Printer-friendly versionSend to friend
Authored by: 
David Ingram;
PDF File: 
pdf/pdf iconcfo3_5_142_wp_standardpoors_ingram.pdf
S&P
Companies must take a systematic, structured approach to assessing business situationsthat may introduce new risks or alter existing ones.

Standard & Poor’s Ratings Services uses the enterprise risk management (ERM) evaluation process to distinguish between those financial services firms that are able to moderate incidences of unexpected losses and thus improve the level of risk-adjusted returns, and those that do not have this capability. When resolving the credit implications of a major acquisition or other new venture, the ERM framework provides valuable foreshadowing of the eventual success of this action. These considerations could have general applicability to any firm.

When a merger occurs, Standard & Poor’s often places the firm(s) on a credit watch list and initiates discussions about the characteristics of the transaction and the progress of the integration process.

Two major issues relating to ERM are part of the agenda for resolving placement on a credit watch. The first, and most important, is the project risk management of the integration and implementation project. Second is the impact of the M&A on the risk profile of the acquiring firm, which includes assessing the ability of the firm’s risk management system to control risk in the newly created firm. If the resolution of these issues is positive, the M&A is expected to create a fully controlled new entity. If one or both of these issues do not have a favorable resolution, a significant possibility exists that there could be either a poor return from the transaction or an increased possibility of an unexpected loss and an adverse rating implication.

Due Diligence Phase

Integration Project Risk Management
During the due diligence phase, Standard & Poor’s looks for assurance that the acquiring firm has a robust risk management process to identify all of the implementation’s major risk points concerning, for example, sales and marketing, operations, systems, investment and compliance. Any firm that treats the due diligence phase as the time to develop a full and detailed integration plan for each of the major risk points, with checkpoints and due dates for each aspect, is viewed favorably. Financial services firms that cannot articulate such a process are viewed negatively. We form an opinion about the ability of the acquirer to avoid unexpected problems with the integration based on the implementation plan’s scope, clarity and degree of detail. Implementation plans that defer or ignore major integration issues are viewed negatively. Comprehensive plans that address all of these merger issues are viewed favorably.

At the end of the due diligence phase, Standard & Poor’s looks favorably upon the acquirer that is able to identify clearly the risk management system of the firm being acquired, especially if the acquirer, from that knowledge, is able to draw up specific risk management plans for the merged operations. Such plans may include details about what risk management activities might be performed and by which firm – the firm being acquired or the acquiring firm. For example, would the acquired firm continue with its past practices or incorporate new ones from its acquirer? Would a combination of practices from both firms be more effective? Also, which firm’s staff should be accountable for the newly merged firm’s risk management system? Standard & Poor’s views acquiring firms that leave risk management planning until after the merger unfavorably.

Risk Profile and Appetite
Standard & Poor’s feels that the best practice for the acquiring firm is to assess the risk profile of the acquired firm at the time of an agreement of sale. In addition, the acquiring firm should have a clear idea of how acceptable the resulting risk profile of the combined firms will be and how the new risk profile compares with the risk appetite and preferences of each firm before the merger. If, in any way, the resultant risk profile is unacceptable, the acquiring firm should have a plan to remedy this. Moreover, if the acquisition results in a major adjustment to the risk tolerance of the newly formed entity, it would be viewed favorably if its management were prepared to explain the reasons. Throughout the due diligence process, the acquiring firm’s management is expected to refine its view of the risk profile and make adjustments as needed, but it’s unfavorable for the acquirer to continually adjust the risk tolerance as more information becomes available about the acquired firm. An especially important aspect of the risk profile during this phase is developing a full awareness of any risks that were not fully disclosed or understood during the negotiation phase. Standard & Poor’s looks for the acquiring firm to have an aggressive approach for finding items that would include, for example, off-balance sheet risks such as litigation risks. In many cases, a part of the rationale for a merger is further diversification of the risk profile of the acquiring firm. A due diligence process that actively seeks either to validate or refute the presumption of diversification will be viewed as favorable. Unanticipated correlations of risks in a merger are sometimes a cause for worse-than-expected performance after the merger.

Implementation Phase

Integration Project Risk Management
Standard & Poor’s expects to talk to a firm at least one or more times during the implementation phase. The optimal time for these discussions is close to major milestones that were identified during the due diligence phase. Because we do not expect that an acquiring firm will have anticipated all contingencies during the due diligence phase, it would be optimal if there were discussions about the manner in which the acquiring firm handles unexpected findings and steps that were more difficult than expected. Financial services firms that are able to execute their plans in a timely manner and make immediate adjustments to resolve new problems are viewed once the risks have been identified favorably. Financial services firms that find their implementation dragging for extended periods of time and that keep adding significant deferred items to their plans are viewed negatively.

During this phase, important implementation issues for discussion include which key employees may be retained, as well as the degree to which the newly created organization is able to add staff or streamline operations where there are overlaps, without creating operational holes.

Standard & Poor’s pays particular attention to whether the acquiring firm is keeping control of the newly acquired businesses or whether it plans to transition from one control system to another, during which process there may be periods when there are no controls. This is a particular concern if the acquired business has risks with which the acquiring firm is not familiar. There have been many instances of newly acquired businesses being given mandates for growth by a new owner that doesn’t understand its acquired risks or that doesn’t exercise adequate risk controls because of physical or organizational distance. We are especially concerned if we find evidence of this type of situation. In addition, concern is heightened if there is increased turnover among the risk management staff immediately before or after the acquisition.

Risk Profile
Standard & Poor’s looks for prompt implementation of any changes to the retained risks that are identified during the due diligence phase.

Specific Concerns for Financial Services Firms
Examples of specific areas of concern for mergers and acquisitions of financial services firms include:

  • Inadequate evaluation of asset quality, including investments and reinsurance receivables;
  • Quality of underwriting portfolio management and underwriting expertise not assessed;
  • Inability to articulate clearly a combined risk appetite;
  • Inadequate assessment of credit and counterparty exposure;
  • Failure to assess market risks fully;
  • Failure to assess regulatory and political risk, including mandatory approvals and requirements;
  • No assessment of economic conditions or foreign exchange exposures;
  • Back-office and internal control weaknesses not identified;
  • Failure to meet strategic goals and projected cost savings, which may arise if businesses are incompatible or in the event of a loss of management focus on the core business;
  • Good will or intangible assets overvalued, making return hurdles difficult;
  • Excess optimism in evaluating future business growth prospects that could drive excessive risk taking in order to achieve unrealistic growth goals;
  • Failure to retain key staff in operating and risk management positions and sales staff; and
  • Excess focus on short-term earnings accretion rather than long-term value.

New Ventures and ERM

An acquisition can be thought of as one type of major new venture. Other examples include the launch of a new product, entering into a new market or territory, starting a joint venture and even sometimes a divestiture. In fact, Standard & Poor’s considers that the ERM process may be even more important in these situations than in acquisitions.

Standard & Poor’s would consider it a favorable sign if the firm followed a new venture approval process with many of the same characteristics as the acquisition due diligence and implementation previously described. This takes on more importance for the primary reason that, with many other types of new ventures, there are not any existing risk control processes in place.

Some firms have formal structured processes for the due diligence and implementation phases of new ventures. These processes will sometimes specify reviewing standards to be followed by the managers of departments and functions that may be impacted by the new venture. The items discussed hereafter will focus solely on the risk and risk management aspects of a new venture approval and implementation process.

In the due diligence phase, the firm may have a robust process for identifying all of the potential risks of its new venture. If the new venture is significantly outside of the firm’s experience, it may be necessary to acquire outside expertise to assist with that analysis. If the firm has a robust internal ERM framework, a major part of this risk identification process might be to identify which of the risks that have already been identified within the firm are also present in the new venture.

After identifying the risks, it would be favorable if the firm made plans to monitor all of them. This might entail direct measures of risk, where existing processes for risk assessment are already in place, or might look at less direct key risk indicators. Management will need to decide when the monitoring of these risks will be integrated into existing risk-monitoring reports. Sometimes management will decide to keep separate reports on a new venture for a period of time; in other cases, it might make sense to integrate them immediately. In situations where a specific risk assessment process is indicated, the firm may decide that the new venture requires the development or acquisition of additional risk assessment tools.

Once the risks have been identified and methods for monitoring have been determined, some firms will assess the potential impact of the new venture on the risk profile of the firm. Just as with an acquisition, the firm would be viewed favorably if able to articulate the expected changes to its risk profile as well as any ways the new venture creates additional risks that will require inclusion in existing risk control processes or the development of new ones. Best practice would be for the firm to have a plan specifying when in the new venture’s implementation such actions would be triggered.

Once the ventures have reached a stage where the risks are large enough to be material within the firm’s risk control framework, it would be optimal if a full-limit system were ready for implementation, consistent with the firm’s other risk-limit systems. This would include a full set of governance processes for limit enforcement and for actions following breaches of limits. The likely risk management tools that will be used to keep the risks within the limits are usually identified in advance. The possibility of correlations of the new venture risks with existing risk exposures may be considered in this discussion.

In addition, the firm might develop a complete link between existing risk management guidelines and the risks of the new venture, identifying where those guidelines are insufficient, and filling those holes.

Before the decision is made to implement a new venture, it’s recommended that firms have a formal sign-off process where senior officers are called upon to agree that the venture meets firm standards and guidelines, including those for risks, reward for any risks that will be retained, the ability to cover within the revenues of the venture, the costs of risk management and risk-monitoring activities, and the likelihood that risks can be maintained within the firm risk tolerances by the proposed methods.

Ongoing Maintenance

When the venture enters into the implementation phase, the same sort of risk as described above for acquisitions is present. Optimally, the firm would have a plan outlining how it expects to monitor and manage the implementation risk. During the implementation process, the firm could be alert for signs that assessments of risk made during the due diligence phase were materially in error.

The degree to which this ERM evaluation impacts the rating of a firm depends upon the materiality of the new venture, including the potential negative impact of a major implementation or control failure resulting from a poor approach to addressing new risks, which, in some cases, could be many multiples of the venture’s potential benefits.

These ERM evaluations of acquisitions or new ventures would also be viewed in the context of the overall ERM assessment of ERM capabilities of the firm. Standard & Poor’s has a comprehensive process for evaluating the ERM processes of financial services firms that include the risk governance and culture of the firm; the control process for credit, market, liquidity, operational, insurance and other risks; risk and economic capital models; emerging risks processes; and the use of risk and risk reward considerations in strategic decision-making processes. These evaluations have been incorporated into credit ratings for insurers and financial institutions. Trading risks of firms in the utility and energy sectors have also been reviewed using a similar framework. As of this writing, extension of these ERM considerations into other sectors is under consideration.

About the Author
S&P
  • "share
..

Top Stories
SCAMWORLD: Huge Beatdown Of Internet Marketing "Gurus"
Chris Trayhorn
Former Epic Execs: Leaving A Sinking Ship?
Revenue Performance Staff
TradeDoubler Financials: "Especially Bleak"
Chris Trayhorn
The Future Is Local?
Chris Trayhorn
AdWords For Video Is Finally Here
Chris Trayhorn
Travel Vertical Heats Up For Summer
Revenue Performance Staff
Performance Marketing Technology Allows Brands To Track Social Media To Point-Of-Sale
Revenue Performance Staff
Performance Marketing State of the Union
Peter Klein
Motivating Affiliates “From Within”
Evgenii Prussakov
Technology Gives Performance Marketers the Edge
Rob Durkin

Thought Leadership

Perform: Marketing 2.0
Midmarket Strategies
Healthcare Technology
ASCET: Supply Chain
The CFO Project
The CRM Project
The Energy and Utilities Project

Sponsors