Effective Risk Handling with Puneet Kapoor, Director, ERM at Walgreens
What value does the risk management process add to Management’s decision making process?
PK: Decision making is an exercise of making choices. When evaluating choices to make the most appropriate decision, one has to weigh the risks and rewards for each of those choices. A sound risk identification & prioritization process enables management to weigh their choices for their respective impacts sufficiently to ensure they take the optimal level of risk for the sought after rewards.
Management decision making is influenced by the risk management in several ways. Some of them include:
- The risk management process allows for identification of systemic risks that aren’t always apparent unless evaluated across various business units, functions and operational silos across the company.
- It allows for identification of the risks’ impact horizon being current or emerging. Every organization is different, but to keep things simple, one can argue that risks impacting the company’s operations in its current fiscal year would be deemed current and those beyond it as emerging, so appropriate business decision adjustments could be made.
- It helps identify the risk appetite and tolerance for the organization which in turn enables management to formulate more balanced business and financial plans.
- It helps in formation of risk adjusted goals and objectives for management which are often tied to performance objectives.
An effective risk management process allows for more effective decision making by management with the likelihood of achieving their desired results maximized. It is not meant to create a brick wall for management to operate within, but more of recommended parameter within which to operate. Business situations may occur that may require one to go outside of their risk appetite or tolerance from time to time.
Risk management and its value to management decision making should be viewed holistically to see its overall value in driving a culture of risk awareness and sharper & more balanced decision making, maximizing the likelihood of achieving results management is trying to achieve.
How can management be certain that they are making the best possible decision in the immediate and long term?
PK: Unless someone has the unique ability to see the future, decision making process will always have a level of uncertainty. Thus one can only be reasonably sure and astute in their decision making process taking the most optimal level of risks and rewards instead of seeking certainty.
Decision making depends on several inputs, including risks, where the organizational decisions should be aligned to its strategy and its strategy aligned with its objectives. The decision making process should, however, be agile and conducive to in-route re-calibrations, as needed. As in any business, there is a constant change of business and risk drivers internally and externally to which one needs to be able to adapt and still be in pursuit of the intended strategic objectives.
Furthermore, integrating the risk management process into the strategic planning process allows for the organization to consider the current and emerging risks, evaluate the strengths, weaknesses, opportunities and threats facing the organization, in light of those noted risks and develop the appropriately balanced strategy. Additional inputs into a balanced decision making process may include strategic risk scenario planning, resource availability, shareholder/investor expectations, market conditions, financial considerations, regulatory environment, ability to execute etc.
The goal is to make decisions that are in the best interest of maximizing short term profitability with long term shareholder value considering the current and emerging risks.
What is the role of the Board of Directors in the risk management process?
PK: The Board of Directors exercises oversight over the Company’s strategic, operational and financial matters, including the elements and dimensions of major risks facing the Company. The Board administers its risk oversight function as a whole and through its Board Committees, and the processes it uses to assess and monitor risks include the following:
The Board meets regularly to discuss the strategic direction, operating performance and the issues and opportunities facing Walgreens in light of trends and developments in the healthcare and retail industries and general business environment. In addition, throughout the year, our Board and Board Committees provide oversight and guidance to management regarding our strategy and operating plans. The Company has also implemented an Enterprise Risk Management (“ERM”) process under the direction of management’s Risk Steering Committee.
The ERM approach helps the Board and Board committees to receive relevant information about and understand the Company’s risk management process, the participants in the process, and key information gathered through the process. The purpose of the ERM process is to identify risks that could affect the Company and the achievement of its strategic objectives, to understand, rate and prioritize those risks, and to facilitate the implementation of risk mitigation strategies and processes across the Company. The key risks identified through this process are reviewed with the full Board of Directors.
In accordance with its charter, the Audit Committee reviews the Company’s policies and processes with respect to enterprise risk assessment and risk management as well as financial risk assessment and risk management. The Company’s Treasurer, as chair of the Risk Steering Committee, Director of Internal Audit and Chief Compliance Officer all have direct reporting responsibilities to the Audit Committee.
On a quarterly basis, the Audit Committee reviews and discusses the key risks identified in the ERM process with management, their potential impact on our Company and our risk mitigation strategies. In the regular meeting of each of the other standing Board committees, those committees oversee management of risks relating to the applicable committee’s areas of responsibility.
For example: the Compensation Committee reviews risks associated with the design and implementation of our compensation plans and arrangements; the Nominating and Governance Committee reviews risks incident to the Company’s governance structures and processes including, among other topics, Board succession planning; and the Finance Committee oversees key aspects of our financial risk management activities, including market and operating risks.
Puneet Kapoor is the Director of Enterprise Risk Management (ERM) at Walgreen Co (“company”). In his current role, Puneet has the responsibility to oversee the entire company’s ERM process with reporting responsibilities to the company leadership, the Risk Steering Committee and, through the Treasurer of the company, to the Audit Committee and the Board of Directors. Prior to his current role, Puneet managed company’s internal audits of its healthcare business. He answered a series of questions for the 5th Annual Enterprise Risk Management Conference. All responses represent the view of Mr. Kapoor and not necessarily those of Walgreens. For more information please contact Michelew@marcusevansch.com.