Chilling Thoughts

Risk, like luck, comes in two varieties: good and bad. The latter you hope to avoid, the former to capitalize on. Lately, however, there's been precious little capitalizing. Companies have been decidedly risk-averse for years, accumulating piles of cash and returning it to shareholders rather than investing it in new products or ventures.

Many critics of regulation have claimed that one reason for this uncharacteristic caution has been the "chilling effect" of the Sarbanes-Oxley Act. Now researchers at the University of Pittsburgh have put that theory to the test, and have concluded that it's true.

Or true-ish. Or maybe just a coincidence, but if so a big one. Leonce Bargeron, Kenneth Lehn, and Chad Zutter looked at companies in the United States and the UK and assessed them on both accounting variables (the levels and types of investments companies make) and stock-based variables (for example, returns, betas, and company-specific risk measures). They also looked at data on initial public offerings for both countries in an effort to see whether Sarbox has, as many speculate, driven companies to pursue IPOs overseas, and whether the companies that do so tend to be more risk-based (as measured by their research-and-development expenditures).

Once the data was crunched on more than 5,000 firms (split about 80/20 between the United States and the UK), the team concluded that risk-taking by U.S. firms has declined significantly in the post-Sarbox era. "We can't nail it down to Sarbox," says Bargeron, an assistant professor of business administration at Pitt (and a former CFO). "In isolation, any of our measures could be taken issue with, but together they create a preponderance of evidence that is striking."

Meanwhile, Sarbox was intended to have a positive impact on negative risks, the kind companies hope to avoid, by encouraging a more rigorous assessment of high-risk areas including finance and technology. But a PricewaterhouseCoopers study has found that almost one in five companies conducts no annual risk assessment, while a third conduct multiple assessments but rarely share the results across departments.

"The cost of overseeing risk and compliance goes well beyond Sarbox," says Miles Everson, a PwC partner, "and often runs to hundreds of millions of dollars a year." Many companies have rushed to create new positions or departments in response to specific demands, creating huge duplication of effort. "When was the last time a newly created job title wasn't named after a regulation?" he asks. "You have privacy officers, compliance officers, and new audit positions proliferating." By adopting a formal governance, risk, and compliance (GRC) strategy, he says, companies can get faster efficiency — and free up employees to explore the strategic risks that companies should be pursuing. — Scott Leibs

Who Will Pick Up the Terror Tab?

The Terrorism Risk Insurance Act (TRIA) will expire at the end of this year, and as Congress prepares to debate a second extension of the act (the first passed in 2005), the stakes have changed.

For one, more than 60 percent of U.S. corporations now participate, and despite the absence of any triggering event on U.S. soil, the uptake rate over the past 2 years has been strong, particularly in such sectors as utilities and higher education. Meanwhile, the Bush Administration, which backed off on demands that the private-insurance market absorb more of the risk when the act came up for renewal two years ago, may be far less flexible this time, as proponents push for a 10-year extension.

Enacted in 2002, TRIA established a federal "backstop" program that would provide partial compensation for insured losses in the event of a massive terrorist attack. The Administration said at the time that the act was a temporary measure to allow the private-insurance industry to develop its own forms of coverage. But that has been slow to happen, and Aaron Davis, director of National Terrorism and Property Resources for Aon Corp., says another extension of TRIA is imperative to keep the insurance industry from total collapse if a substantial terrorist attack is carried out on U.S. soil.

Since 2002, premiums have dropped more than 50 percent, which may provide ammunition to those who believe that TRIA puts too much risk on taxpayers and not enough on private insurers. Few doubt that TRIA will be extended in some form, but when debate resumes in the Senate after the August break, expect to see strong differences of opinion as to just how far the government will or won't go in backing up the insurance industry. One major point of contention: the new bill would reduce the payout trigger point from the current $100 million in losses to $50 million. In 2005 the Administration had wanted the trigger point raised to $500 million. — Laura DeMars

• 1
• 2
• 3
• 4
• next »