Primary navigation:

QFINANCE Quick Links
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Financial Risk Management Best Practice > Integrated Corporate Financial Risk Policy

Financial Risk Management Best Practice

Integrated Corporate Financial Risk Policy

by David Shimko

Executive Summary

  • Corporate risk is any threat to financial objectives, measured in financial terms.

  • Risk is defined not necessarily as absolute risk, but relative to a benchmark.

  • If risk is free, corporate departments will squander it. By putting a price on risk, it is managed when it should be.

  • Corporate treasuries tend to minimize risk, probably not consistently with corporate objectives.

  • Procurement risk problems often come from fixed budget levels.

  • Marketing risk problems often come from giveaways in customer contracts.

  • An integrated corporate risk policy defines how risk should be measured, priced, and rewarded in the corporation, leading to better corporate decisions in all departments.

Defining Risk—Harder Than It Seems

Risk can be described as the threat of an adverse outcome. Many firms take the benchmark strategy of doing nothing (i.e., investing in Treasury Bills), and measure their risk in absolute terms relative to the strategy of doing nothing. Others measure their risk-taking behavior relative to what might be considered risky benchmarks. Mutual funds, for example, do not focus on the absolute risk of their portfolios; rather, they determine how far away they are from a market benchmark, such as being long the S&P 500. Corporations should explicitly determine their proper benchmarks.

For example, when a gold company hedges its exposure to gold prices, it is arguably reducing risk. However, shareholders may see this as an increase in risk, since it moves the company away from its natural gold exposure. Similarly, shareholders own all sorts of assets and diversify their risks; if a company moves away from its natural risk profile it is making the shareholder portfolio less diversified.

Most financial institutions should measure their risks relative to holding Treasury Bills, since that is an appropriate benchmark strategy for its shareholders. Furthermore, because financial institutions’ risk capital levels are regulated, risk is a scarce resource that must be consumed wisely.

In all cases, shareholder preferences should be considered in establishing the risk benchmark, risk measure, and risk appetite. This is the first critical step in establishing a best practice integrated risk policy.

Risk Integration

Many treatments of risk deal with risk silos: treasury risk, insurance risk, budget risk, procurement risk, sales price risk, and marketing risk. While specialized knowledge in each of these areas informs risk management and execution, it does not address questions like the following:

  • How important is one risk vis-à-vis the corporation’s entire risk profile?

  • Is it better to manage a risk operationally or through financial means?

  • Are there natural risk offsets to consider before targeting a particular risk for elimination?

  • What are the interactions among risks and the natural diversification benefit companies generally have?

The following sections consider selected risks that are shared by many corporations, within the framework that good risk management in each area must be consistent with the overall corporate standard. The overall corporate standard should include a cost for risk to prevent it from being squandered, measures of risk that are consistent with corporate objectives, consistent policies for treasury and insurance risk, best practices in procurement and marketing risk, corporate hedging policy to hedge integrated risk (not in each silo), and risk-based performance measurement to reward those who manage risk prudently.

The Cost of Risk

Financial institutions often place an explicit cost on risk to ensure it is being taken prudently. For example, a bank may require that a transaction that risks $100 million in bank capital must earn at least $25 million in present value. This cutoff percentage (25%) can be called a risk-adjusted return on capital, or RAROC.

Bank capital is affected by market risk (changes in market prices), credit risk (default risk and counterparty performance risk), and operational risk (people, processes, and systems). Any activity that increases risk should not be voluntarily undertaken without earning a commensurate return. The logic is as simple as net present value: if money were free, people would squander it more. When risk is free, it is also squandered. Nonbanks also need measures of the cost of risk, although the measures may be different.

The risk-based performance measurement process is designed to ensure that managers take risk prudently, by reflecting the cost of risk in assessments of their performance, and thereby affecting their compensation.

Measuring and Reporting Risk

If risk is the threat of an adverse outcome, that threat should be measured against the corporation’s business objective. If the business objective is to “maximize shareholder value,” then the logical risk measure is the potential reduction in share price. If the business objective is to “maximize earnings while keeping an investment grade rating,” then the appropriate risk measures are “earnings at risk,” a probabilistic statement of how bad earnings can get, and the probability of a ratings downgrade.

Many corporations report their risks in terms of value-at-risk or, worse, Greek letters such as sigma (standard deviation) and delta (sensitivity to a pricing benchmark). Best practice firms report their risks not only in financial terms that senior managers can understand easily, but also in terms that map directly into financial goals.

Back to Table of contents

Further reading


  • Many good books specialize in enterprise risk management for financial institutions, but there are few titles available on enterprise risk for corporations generally.
  • Chew, Donald H. (ed). Corporate Risk Management. New York: Columbia University Press, 2008.
  • Damodaran, Aswath. Strategic Risk Taking: A Framework for Risk Management. Upper Saddle River, NJ: Wharton School Publishing, 2008.
  • Smithson, Charles W. Managing Financial Risk: A Guide to Derivative Products, Financial Engineering, and Value Maximization. 3rd ed. New York: McGraw-Hill, 1998.

Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share