Many benchmarks of corporate practice start by looking at successful companies. But a recent Booz & Company survey took the opposite tack. We decided to study the biggest losers: companies that, in one way or another, had seen their fortunes go south over a 10-year period. We had gone through this exercise once before. In 2004, when the Enron, Tyco, and WorldCom scandals were fresh, we surveyed thousands of public companies and determined that, contrary to prevailing wisdom, it was not compliance issues that were most responsible for destroying shareholder value. That distinction went to the mismanagement of strategic risks — those risks embedded in the top-level decisions made by the executive team, such as what products and services to offer, whether to outsource manufacturing, or what acquisitions to make.
Our 2012 survey revealed the same culprit, and suggested that it still leads to significant value destruction. Making matters worse, the sources of strategic risk have increased. Accelerating technology development is forcing the rapid adoption of new products, services, and business models; digital information is making organizations more vulnerable to theft and loss; supply chain disruptions quickly ripple around the globe, affecting both companies and customers; consumer connectivity via social networks can broadcast missteps instantaneously to millions of people worldwide; and natural, political, or regulatory shocks can reverberate widely. Companies must learn how to effectively anticipate and hedge against these and other risks in order to survive.
To be sure, during the past decade, companies have steadily dialed up their focus on risk, in part as a reaction to the requirements of the U.S. Sarbanes-Oxley Act of 2002. But they have usually done so with a bottom-up approach that has proven flawed. Individual functions such as accounting, finance, and compliance have improved risk controls. Meanwhile, executives have made their enterprise risk management (ERM) teams accountable for identifying and evaluating the interconnected risks facing their companies.
But although ERM teams can identify and hedge risks related to relatively narrow business decisions, they do not have the mandate to evaluate the strategic risks rooted in the decisions made by senior management. An ERM team must assume that the strategic course set by senior management is sound.
For example, an ERM team can call attention to risks associated with doing business with manufacturers in Southeast Asia, but it can’t evaluate whether the company should be outsourcing to the region in the first place. This responsibility gap can be costly.
Studying the Biggest Losers
To more fully support this conclusion — that the lack of attention to risk destroys shareholder value — we must look at our study in more detail. We analyzed U.S. public companies around the world with at least US$1 billion in enterprise value on January 1, 2002 (1,053 companies met these criteria). We calculated each company’s change in enterprise value over the next 10 years, and then indexed each company’s annualized return to that of its industry benchmark to control for industry-specific effects. This allowed us to zero in on the biggest losers — the companies that experienced the most dramatic losses of enterprise value. Only 103 companies had annualized returns relative to their respective industry benchmarks that were worse than negative 10 percent. This group corresponded to the bottom 10 percent of performers in our overall sample.
We checked to see if the companies on our list of the biggest losers were simply the weakest companies in one or two industries in terminal decline. But this was not the case. There was broad industry representation among the bottom performers.
Next, to get at the root cause of this lost value, we conducted an event analysis by going back to news reports, press articles, and brokerage reports for each of the 103 companies before and after their loss of value. We then assigned each company’s economic decline to one of four categories.
The first category included major strategic blunders (such as new product or new market failures) or instances when a company was caught flat-footed by a major industry shift (such as digitization of content). We included failed mergers and acquisitions in this category, as well as dramatic shifts in major enterprise value drivers (for example, a major input cost), because these occurrences should have been foreseen. This category includes, for example, Time Warner and its widely criticized merger with AOL in 2000.
In the second category, we grouped together major operational problems, such as supply chain disruptions, customer service breakdowns, and operational accidents, that had caused substantial shareholder value destruction. A high-profile example is the April 2010 Deepwater Horizon offshore oil rig explosion and leak in the Gulf Coast, an event that wiped out more than $50 billion in BP’s shareholder value in the days and weeks following the accident.
The third category included fraud, accounting problems, ethics violations, and other failures to comply with laws, standards, or ethics. During the 10-year time frame we analyzed, a few prominent examples were Tyco’s accounting and discrimination lawsuits in 2002 and Tenet Healthcare’s 2006 legal battles over improper medical and business practices.
In the fourth category, we identified declines resulting from external shocks that were natural, political, or regulatory. We narrowed these situations down to circumstances in which the external event could not be controlled or easily anticipated by the company. For example, USEC — a supplier of enriched uranium for nuclear power plants — saw a sudden and sharp decline in enterprise value after the 2011 Japanese tsunami and ensuing nuclear disaster.
The results are unambiguous. Among the 103 companies studied, strategic blunders were the primary culprit a remarkable 81 percent of the time. (See Exhibit.) When we segmented the data by industry and geography, we found some variations; for example, strategic failures are particularly acute in the financial-services industry, and Europe has more operational problems than the U.S. or Asia. Nevertheless, strategic failure remained the major cause in these cases as well.
About half the time, the loss of value occurred gradually — over many months, or even years if the company took too long to grasp a changed strategic environment or lacked the agility to react. The other half of the time, the lost value occurred in a matter of months, weeks, or even days. Sometimes these sharp shocks were caused by strategic failure (for example, being caught by surprise when a competitor introduced a superior product), and sometimes they resulted from an operational issue, compliance problem, or external event that overwhelmed the company.
Often, it is a confluence of events that leads to value destruction. To better understand these more complex situations, we segmented loss drivers into primary, secondary, tertiary, and quaternary causes. But even when second-order causes were taken into account, strategic failure caused more than 60 percent of shareholder value destruction.
The Resilient Company
How should management respond to the threat posed by strategic risks? Senior leaders can’t rely on ERM teams to make the enterprise more strategically resilient, because ERM teams do not have the scope to question the strategic decisions that set the company’s course and undergird its operations. Make no mistake, the ERM function is vital: Once handed a strategic plan, these teams identify and quantify risks and then assign people to build continuity plans. Thus, ERM groups play an essential role in addressing frequently encountered risks in areas such as compliance, ethics, finance, and accounting, as well as safety. (The research shows that some companies could also stand to improve in these areas, but in general, most companies have a well-functioning program in place.) However, ERM groups can’t be the only source of protection, especially when it comes to the most potentially disruptive issues.
Instead, what senior executives need is a more balanced approach to strategic decision making, augmenting traditional cost and value considerations. They need to adopt an element of ensuring resiliency that is critical, yet currently missing in most companies: a top-down view of risk. To improve their risk management capabilities, executives should add the following three steps to their decision-making process — all of which are outside the scope of most ERM teams.
1. Broaden awareness about uncertainty and risk. We expect change to continue accelerating and uncertainties to increase. Extreme events with extreme consequences cannot be accurately predicted, but they can be anticipated. Management teams need to think broadly about what could occur and constantly layer new risks into their calculations as these risks emerge.
2. Integrate risk awareness directly into strategic decision making. By conducting more conversations about risk at the top levels of the company, looping in key individuals as needed, management acquires a full understanding of the uncertainties — both upside and downside — inherent in strategic decision making.
3. Focus on strategic resiliency. Managers need to consider how strategic decisions can affect resiliency, incorporate resiliency into all decision making, and always be on the lookout for more strategically resilient alternatives in order to build greater corporate agility.
Just as managers can make use of advanced tools to analyze cost, revenue, profits, and value, they also need sophisticated tools — such as scenario planning, wargaming, and trend analysis — to judge the potential risks of the decisions they are making before turning the strategy over to the ERM team. Ultimately, companies need both a robust ERM function and leaders willing to evaluate risk at the highest level of strategic thinking. This combination will bridge the gap, enabling executives to preserve and grow shareholder value.
Reprint No. 00146
- Christopher Dann is a partner with Booz & Company’s energy practice, and is based in San Francisco.
- Matthew Le Merle is a partner with Booz & Company’s communications, media, and technology practice, and is based in San Francisco.
- Christopher Pencavel is an associate with Booz & Company’s communications, media, and technology practice, and is based in San Francisco.