After having calculated its risk tolerance the business may come to the conclusion that the overall risk is more than the business can carry. In that case it might be necessary to mitigate some of the risk inherent in the business. But not all risk can or should be mitigated.
The macro risk the business is facing is a risk it has in common with all businesses. These risks will impact all businesses and there are not often suitable instruments for hedging. The exception is the financial risk part of the macro risk, which I will address later in the article.
The micro risk of the business is a wanted risk. These risks are a result of the strategic choices the business has made and it is where the potential value creation lies. It this risk is hedged the opportunities for value creation will also be mitigated, which of course is not what the business wants. Hence, this risk should not be mitigated. In making the micro risk estimation, the business should however consider the extent to which it differs from its competitors. If it does, some mitigation might be appropriate if possible. But at its core, this is a strategic risk which should be managed by making strategic decisions.
Economic theory also says that it should be the owners themselves who mitigate this risk by adjusting the composition of their investment portfolios. Should the business itself take steps to mitigate the risk it may be directly contrary to the interests of the owners. They will want as “clean” a risk as possible to properly put together a diversified portfolio.
The business specific risk can often only be mitigated by the business itself. The business needs to hold necessary reserves to limit its refinancing risk and the business needs to mitigate risks which may only be mitigated in the actual books of the company itself. Other such risks are where it produces its products, the degree to which it has local cost and so on.
If the company differs a lot from its competitors it means that it has more business specific risk than would otherwise be the case.
Financial risks both can and should be managed in a structures way. These risks are really subgroups of the other three risk groups, and partly sub groups of more than one at the same time. For instance currency risk is
- a macro risk where the development is cause by the economy as a whole
- a micro risk where currency rates impact prices of goods and services and supply and demand of the. At the same time it is
- a business specific risk, where one company in a sector may have revenue and cost and localization of production so that it differs from its competitors
It is appropriate to separate the financial risk for two reasons. Firstly: because it is a risk which contains all the other risks. Secondly: because financial risks, as opposed to many other risks, are easy to mitigate using financial instruments. The other three risk groups are often not possible to manage with anything but strategic choices, with the exception of some risks – like the oil price and some other commodity risks.
Since financial risks are easier to mitigate than other risks they may be used to reduce overall risk. If the business has estimated its risk tolerance and come to the conclusion that the risk level is too high, and at the same time find it difficult to mitigate for instance parts of the business specific risk, it can mitigate financial risk to reduce overall risk.
In addition there are some cases where it is absolutely necessary to mitigate risk where hedging may only have the desired impact in the company’s own books. It is not possible for the owners to mitigate by diversifying their portfolios. One such risk is balance sheet risk, which I have written about here.
I believe the biggest pitfall in risk management is mitigating the wrong risks. To mitigate micro risk will work directly contrary to the strategic choices made. This kind of risk should be managed by the strategy department and not the risk management department.
