McKinsey & Company Home
Strategy & Corporate Finance
Article - June 2017
Stress testing for nonfinancial companies
By Conor Kehoe, Cindy Levy, and Matt Stone
Assessing a company’s vulnerability to risk makes otherwise theoretical discussions of strategy more real.
In the decade since the global financial crisis, financial companies have honed their ability to measure risk in a way that nonfinancial companies have not. Granted, nonfinancial executives hadn’t faced the same existential crisis. And they’ve seldom come under the same kinds of investor and regulatory pressure. But the result is that they haven’t absorbed many of the lessons on risk management learned by the financial sector.
We believe that nonfinancial companies, too, would benefit from a more aggressive look at the risks they face. Among the most important steps they could take, for example, would be to quantify risks in the context of broader scenarios, and not just as discrete sensitivities. They should calculate the effect of more extreme one-off events, such as a cybersecurity attack, in addition to continuous risks, like GDP. They should model risk-mitigation strategies as well as the risks themselves. And they should sustain a conversation about risk that is explicitly tied to strategic planning, capital allocation, and other business decisions.
We recently tested our thinking qualitatively in interviews with the CFOs, company secretaries, and controllers of 11 leading nonfinancial companies in the United Kingdom. Having just completed their first full reporting year under a new policy requiring companies to assess their longer-term viability,1 these nonfinancial company executives offered insight into the value a structured risk-measurement exercise can bring to a company’s decision making. As one UK executive reflected, seeing what certain risks could really mean for the value of their operations gives the whole intellectual exercise more currency.
Gauge scenarios, not just individual sensitivities
Companies often maintain a list of the main risks that managers believe they face, which they report as their “risk register” in annual reports. These include discrete operational events, such as major industrial accidents, cyberattacks, or employee malfeasance. If they take the next step to quantify those risks, many simply turn to that list and model them, often for the first time, onto their financial outlook. That’s a good start, as it gives managers some insight into how sensitive the company’s financial health is to changes around individual risks, which many companies don’t do. But measuring individual risks discretely does little to illuminate a more complex landscape of interrelated risks that often move together in the real world. That requires the further step of coherently clustering risks together into scenarios.
Would you like to learn more about our Strategy & Corporate Finance Practice?
Visit our Corporate Finance page
Scenarios are more appropriate because they help managers consider the effects of a variety of severe but plausible scenarios without being farfetched. They can also accommodate interaction effects among sensitivities. One manufacturer in our group reported modeling 18 different scenarios, after eliminating many more that they felt did not meet the plausibility criteria. The comprehensiveness of the exercise equipped the board with a clear perspective on the company’s resilience and a number of management actions in time for the Brexit referendum months later. And finally, integrated scenarios also ensure that companies do not miss or underestimate the correlations between their different business activities and individual risk types, thereby underestimating group-level vulnerability.
Consider extreme and one-off events, not just everyday risks
We frequently encounter companies willing to model broader, everyday market variables, such as GDP or inflation, or more specific variables, such as the rate of formation of new companies. But we seldom find companies willing to model more extreme variables (see sidebar, “Stress testing for an energy utility company”) or one-off events, such as a cyberattack or a natural disaster. The data to measure the effects of the former are fairly easy to come by, some argue, while reliable data on the latter are not. Others believe that their employees would sufficiently rally together to counter such events. As one UK executive told us, “We did not try to model events of nature and operational issues. All hands would be to the pump in the organization anyway, to deal with that particular situation, given its gravity. The complete random nature of seeking to put in a number—we think that is too difficult.”
Sidebar
Stress testing for an energy utility company
Sven Heiligtag, Susanne Maurenbrecher, and Niklas Niemann
At most companies, scenario analysis looks for the likely development of core risk factors over time. When managers consider a range of scenarios, they tend to “chop the tails off the distribution” and zero in on those that most resemble their current experience. Extreme scenarios are deemed a waste of time because “they won’t happen” or, if they do, “all bets are off.”
That approach can work well in an era of gradual change. But, at times like the present, the sum of low-probability events quickly adds up to a high probability that one of them will actually happen. And it is the potential for extreme risks, not the everyday ones, and the prospect of chaotic change overnight that keeps many executives up at night. Stress testing requires companies to be bold as they imagine extreme scenarios; almost nothing is too strange or ridiculous to consider.
To illustrate, we modeled the potential impact of five extreme scenarios on a hypothetical energy utility, specifically examining their effects on the profits and losses, balance sheet, and cash flow for each of several business segments: generation, renewables, trading, distribution, and retail. After modeling the effects of a scenario separately for each business, we combined them to show the effect on the enterprise (exhibit).
Exhibit
Stress tests show the material impact of a scenario.
The financial implications would be considerable across the scenarios, though none would necessarily bankrupt the company. Significant profit and liquidity risks appear, especially in the generation and retail businesses. In the absence of successful countermeasures, all five scenarios lead to negative recurring earnings before interest and taxes, revealing major risks for the sustainability of the current business portfolio. Furthermore, the scenarios suggest a 10 to 60 percent drop in equity and a 5 to 40 percent increase in net debt—which might trigger liquidity concerns.
Of course, companies can forestall or mitigate many of the effects of stress—but only by building a stress-testing capability can a company know where to focus its efforts for resilience. Adding a stress-testing capability isn’t onerous. Companies will probably need one or two additional researchers to complement their current market intelligence and analytics teams. In all likelihood, the scenario-planning models currently in use can be repurposed for stress tests.
Excerpted from “From scenario planning to stress testing: The next step for energy companies,” February 2017.
About the Authors
Sven Heiligtag is a partner in McKinsey’s Hamburg office, where Susanne Maurenbrecher is a consultant; Niklas Niemann is a consultant in the Cologne office.
One-off events can also be more correlated with market downturns than companies expect. For example, the pressure on income after a recession can translate into aggressive business practices that lead to one-off risk events—by undermining product or employee safety or leading to ethics violations. Governments may add to the pressure with a more aggressive tax and regulatory stance. Many companies will model the economic downturn, but they often don’t model one-off events like changes in tax policy.
Some companies do find ways around the challenge of quantifying one-off events—often turning to the lessons of history to drive the analysis. One IT company, for example, used the experience of other companies that suffered a cyberattack to quantify the potential impact on its business. Press and financial reports often provide the kinds of relevant details needed, such as an increase in customer churn rates or declines in revenues.
A materials company used a proportionate measure of the impact of the 2007–08 financial crisis on its business to stress test its current financial outlook. Managers then used the data to inform a strategy discussion with the board. In so doing, these companies gained a deeper appreciation for the magnitude these catastrophic shocks could have on their business and could allocate resources to prepare for them more effectively.
Model mitigation strategies as well as risks
Even nonfinancial companies that undertake a regular measurement of risks often neglect also to measure the effects of their plans to mitigate the fallout of a downside scenario. Steps like reducing dividend payouts, cutting capex, or selling assets come with their own risks over the long term—and we believe risk-savvy managers should model both.
However, among our UK interviewees, several worried that modeling mitigations on top of the initial scenario or sensitivity amounted to piling assumptions on top of assumptions. Indeed, there was also some debate as to the right perspective from which to comment on risk. Viability is one, but metrics such as the risk of a dividend being cut might be another—or, for companies that have promised a progressive dividend, the risk that the rate of growth might slow.
Whichever metric is used, companies and their boards would benefit from understanding which mitigations exist, when they should be triggered, and what rough magnitude of impact they could deliver. One approach to understanding mitigation steps that we’ve observed elsewhere immerses executives in a war-game-like exercise. Teams representing different interests, such as competitors, suppliers, and regulators, debate a risk scenario and then run their respective reactions through the risk model to measure the effects. This has the benefit of ensuring that mitigation efforts are plausible and how they might affect viability or dividends, for example. It also gives management confidence in their approach when an actual crisis comes to pass.
Broaden the conversation
The usefulness of risk-measurement exercises can be limited if they aren’t dynamically linked to strategic planning, capital allocation, and other business decisions. That means such exercises need to include more than just a CFO or a board audit committee, or they amount—as one UK interviewee put it—to little more than a “tick-box exercise” that fails to change behaviors in the business.
Overcoming_obstacles_1536x1536_Original Overcoming obstacles to effective scenario planning
Read the article
Yet in cases where internal engagement is more comprehensive, we’ve seen risk-measurement exercises provoke a systematic review of a company’s risk profile, risk-management approach, and strategic posture—even if it can take some time before the consequences become evident. One UK retailer we met with described holding workshops with the company’s executive team to reconsider its risk register and define plausible downside scenarios. Its board audit committee also spends significant time discussing the appropriate modeling methodology to arrive at robust and meaningful results. As with many of the companies we spoke with, it’s too early to see concrete impact—we didn’t hear of anyone who had made a major change in the business as a result. But several told us that a better understanding of risk was valuable input and wanted to deepen the process.
Indeed, several of our UK interviewees acknowledged that they’d previously had a limited understanding of their risk exposure. As a consequence, for example, they had no systematic understanding of how much capital they actually needed to absorb risk in current operations. Again, none reported after undergoing the risk-measurement exercise that they felt the need to raise or conserve more capital for such risks, though a few did report finding they were much more resilient to downside risks than they had expected. We also found broad recognition of the value of a more structured, analysis-enriched conversation with key decision makers about risks, and many companies were keen to improve on their approach going forward. As the lessons from the viability-statement exercise are embedded and companies’ approaches evolve, the intent is summed up by one interviewee as, “you start with the risk process and it develops and becomes richer in time.”
For nonfinancial companies, a more structured approach to risk measurement can lead to a more nuanced and insightful appreciation of true risk levels, and eventually a better-informed strategic posture.
About the author(s)
Conor Kehoe and Cindy Levy are senior partners in McKinsey’s London office, where Matt Stone is a consultant.
The authors wish to thank Emma Gibbs and Sven Heiligtag for their contributions to this article.
Article Actions
Share this article on LinkedIn Share this article on Twitter Share this article on Facebook Email this article Download this article
More on Strategy & Corporate Finance
Article
From scenario planning to stress testing: The next step for energy companies
February 2017 – Utilities and oil and gas firms have long used scenario analysis, but extraordinary times call for new measures.
Podcast
How CFOs can use war gaming to support strategic decisions
February 2017 – CFOs are often natural leaders of this strategic planning tool.
Article
Overcoming obstacles to effective scenario planning
June 2015 – Scenario planning can broaden the mind but can fall prey to the mind’s inner workings. Here’s how to get more out of planning efforts.
Article
Overcoming a bias against risk
August 2012 – Risk-averse midlevel managers making routine investment decisions can shift an entire company’s risk profile. An organization-wide stance toward risk can help.
Article - McKinsey Quarterly
Strategy under uncertainty
June 2000 – The traditional approach to strategy requires precise predictions and thus often leads executives to underestimate uncertainty. This can be downright dangerous. A four-level framework can help.
Most Popular
Article
Battery storage: The next disruptive technology in the power sector
Article
Product managers for the digital world
Article
The expanding role of design in creating an end-to-end customer experience
Executive Briefing - McKinsey Global Institute
What’s now and next in analytics, AI, and automation
Article
The CEO’s role in leading transformation
Report - McKinsey Global Institute
How artificial intelligence can deliver real value to companies
McKinsey & Company Logo
© 1996-2017 McKinsey & Company
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment