Koch Industries didn’t become the nation’s second-largest privately held company without taking risks, but the $100 billion conglomerate puts a premium on risk management, and its approach includes a strong information-technology (IT) component. Software helps the company analyze a variety of exposures, such as swings in commodity prices and foreign-currency rates, both individually and in the aggregate, according to chief risk officer (CRO) Michael Hofmann. The system (from Algorithmics Software) enables staffers throughout the company to perform what-if scenarios, such as the potential effects of different pricing schemes on margins and cash flows.
But the software “doesn’t substitute for thinking,” Hofmann says. That’s a subtle but important distinction about what risk-management systems can and can’t do. Such systems help managers “understand what the risks are, where the risks are, and how to mitigate that exposure throughout corners of the company,” says Chris McClean, an analyst at Forrester Research.
Given the enormous attention that failed risk-management practices on Wall Street have received, you might think the software category would have suffered a reputational blow as well, but that doesn’t seem to be the case. In fact, even though many companies are curtailing their IT spending this year, the market for operational-risk-management systems is fairly strong, says McClean. In the battered financial-services industry, spending on risk-management systems is projected to grow at 11.5 percent from 2009 to 2010, according to Robert Iati, partner and global head of consulting at TABB Group, a financial-markets research and advisory firm that focuses on capital markets.
There is a huge range of risk-management software on the market. Some systems are designed specifically for financial-services firms to monitor credit and market risk, while others are geared toward evaluating a variety of operational risks faced by companies in many industries, says Gartner analyst Douglas McKibben. Some products can be applied as stand-alones, while others are components of broader governance, risk, and compliance (GRC) software packages.
Most risk-management systems are designed to collect data from other systems, with the data source determined by what kind of risk is being assessed. For investment banks, equity and foreign-exchange trading systems may be the primary source. For companies outside of financial services, such as power companies or retailers, the systems can be customized to create risk models or risk profiles that suit a company’s needs and then reach into other systems or external data sources; for a retailer the system might analyze the risk to customers’ buying behavior posed by interest-rate increases. Some systems employ Monte Carlo–type simulations to predict possible outcomes from thousands of potential variables, such as how a 20 percent drop in the Dow Jones Industrial Average might affect the credit ratings of business partners in the commercial construction industry.
Vendors offer varying degrees of functionality and sophistication. The Algorithmics software, for example, enables financial managers to test how changes in risk drivers such as interest rates or inflation would affect a customer’s investment portfolio over time, says Andy Aziz, executive vice president of risk solutions at the vendor. Like other packages, the software can notify users when their company is about to reach a predetermined limit on a financial exposure, such as sell-side thresholds on a stock.