As advisers to family-controlled operating businesses and private investment offices, we’re likely to encounter every week a new tale of dispute, fraud, theft, litigation and ensuing financial loss among multi-generational businesses.
After decades of serving this community, we are no longer surprised when we see material deficiencies in controls, structures and processes to govern and manage risk, even among the largest and most sophisticated of family enterprises.
Given the influential size and scope of family-controlled enterprises in the U.S. economy, this is not an academic concern. The country’s 5.5 million family businesses employ 63% of its workforce and are a major source of economic vitality and job growth. These enterprises, often in the second or third generation of family ownership, account for 57% of GDP. Their diversity, ranging from middle-market companies with $25 million in annual revenue to global enterprises – Wal-Mart, Cargill, Mars, and S.C. Johnson to name a few – makes it hard to make general observations.
Nonetheless, regardless of scale, we continually see a lack of coordinated, integrated risk management processes in place for family enterprises. In our experience, the gap between “best practices” and “common practices” is far too wide.
Over the course of this summer, we surveyed 159 family enterprises, with the goal of benchmarking them against best practices. The Family Enterprise Risk Index, developed by Crystal & Company and Family Office Metrics and administered by Cornell Survey Research Institute, sets out to establish a new baseline. Built upon the COSO Enterprise Risk Management Integrated Framework, the survey examines risk management in terms of five major components: control environment, risk assessment, control activities, information and communication and monitoring.
Of the survey participants, over half were executives or owners of family-controlled operating companies, with balance executives or principals of family offices. Ninety-four percent of the respondents were from second, third, fourth or greater generation businesses.
The results of the study are still preliminary, but they confirm many of our observations as professional practitioners:
Why do we feel so strongly about developing an integrated process to address risk for the family enterprise? From our experience, failing to address all areas of risk can lead to gaps in both management plans and insurance purchasing. For example, lawsuits naming directors and officers alleging mismanagement affect privately held companies of all sizes. In family enterprises, the family’s personal net worth may be tied to the financial health of the firm making costly management liability claims all the more devastating. Evaluating and setting processes to manage risk at the executive level can help mitigate lawsuits initiated by any number of sources within the enterprise, including employees, customers, creditors and government regulatory agencies.
Additionally, the methods of risk management oversight may not account for the pace of societal and technological change, younger generations, entrepreneurship, increased global mobility, social media and other emerging risks. High-profile families in the public domain are at risk of public litigation. Breakdowns in governance and communication are often something we pinpoint as a weak link in a families risk management process.
Linda Bourn, an executive managing director at Crystal & Company, a national insurance brokerage firm, leads the firm’s family enterprise risk practice. Paul McKibbin is a managing partner at Family Office Metrics, a management consulting firm.