Worried. CFOs are very worried.
Eight months after the worst terrorist attack in U.S. history, finance chiefs say they are still concerned about the prospect of another assault on American soil. This pervasive fear was underscored by a recent survey of 200 chief financial officers, treasurers, and risk managers. In the survey (conducted by FM Global, the National Association of Corporate Treasurers, and Sherbrooke Partners), more than half of the respondents said their companies are not well prepared for an interruption to their businesses.
What’s more, forty-three percent of the surveyed finance executives said a major disruption to their businesses’ top earnings driver would either cause sustained damage to their companies’ income or severely threaten business continuity. Only 24 percent thought such a loss would be a one-time hit to earnings.
Not surprisingly, few CFOs want to talk on the record about this topic. Scaring shareholders is the last thing a finance chief wants to do. But privately, some executives predict another terrorist attack on U.S. soil would send stock markets plummeting, derail the recovery, and gut corporate revenues.
Despite those fears, it’s hard to find any CFOs who have actually factored the exogenous risk of terrorism into their corporate budgets and plans. Finance chiefs say they have set aside funds for the costs of extra security, employee background checks, and network protection. But few appear to have addressed how a terrorism-triggered economic spiral might mangle their revenue forecasts. In fact, CFO.com could not find a single finance chief who would admit to having a fall-back budget in case another terrorist attack occurs.
For some CFOs, this lack of vision falls under the heading of wishful thinking. For others, there’s little point in attempting a calculation: their companies are already as lean as they can get. Says Rajeev Dhawan, director of the Economic Forecasting Center at Georgia State University: “The threat of another attack and the fragility of the economic recovery in general is deterring financial managers from starting any projects that may require more cash than might be available to them should things go wrong.”
But for most CFOs, the problem is more basic: quantifying the economic damage of another 9/11 is mercurial stuff. “Terrorism is such a wild card,” explains Bill Houlihan, CFO of Hudson United Bank, “that you can’t come up with a base financial plan for business-as-usual — and a backup plan in the event of an attack.”
In Case of Emergency
Instead, finance chiefs appear to be concentrating on how much it will cost to keep their companies running if an attack happens.
Mitch Walsh has first hand knowledge of just how disruptive a terrorist attack can be. Walsh is CFO of Cadwalader, Wickersham & Taft, a law firm whose offices are located in lower Manhattan. Following the attack on the World Trade Center, Cadwalader, Wickersham & Taft was forced to close its offices for over a week.
Compared to the human toll of 9/11, that’s no tragedy. But the shut-down did get the firm’s managers thinking. “We are focusing on business continuity plans and on trying to understand the impact of that on the expense side,” Walsh explains. “We feel it is more effective to focus on preparedness planning than trying to isolate a hypothetical event and [then] measuring the impact it could have on our future business.”
Similarly, Hudson United’s Houlihan says the bank’s management has developed a business continuity plan in the event of an attack. The CFO’s job? Figuring out the costs of implementing such a plan. “We are putting our operational concerns first, trying to determine how we will stay in business if another attack occurs,” Houlihan notes. “Then we’re figuring that into our expenses.”
Walsh and Houlihan’s responses are typical of most finance chiefs CFO.com spoke to. William Hurley, a national practice leader at Parson Group, a risk management consulting firm, says that many of his clients are investing a substantial amount of time and resources into reducing exposure to business-interruption losses. But, he notes, they are not generally going to great lengths to factor another attack directly into budgets, plans, or forecasts. “CFOs are not saying, ‘We will be left with x amount of unmitigated risk, so we are going to plug this amount into our budgets and forecasts to take into account the eventuality of another attack occurring.’”
Indeed, many CFOs view terrorism as just one of many variables that could potentially affect future revenues. Brian Jarzynski, CFO of Comshare, a budgeting and planning software vendor, says he is only loosely calculating the possibility of another terrorist attack into his financial plans. “In trying to map out different scenarios for the economic recovery,” he says, “we lump the likelihood of another terrorist event in with all the other factors that might slow the economy down.”
But Jarzynski says Comshare does not have a specific projection for what happens if religious extremists strike again in the U.S. “That’s so difficult to predict with any degree of accuracy that it simply becomes one more variable that can make a bad scenario worse.”
On the Fly
But how much worse? In the ten days following 9/11, the Dow Jones Industrial average fell nearly 12 percent, and corporate managers circled the wagons, canceling capital projects left and right.
The next time, an act of terror wouldn’t be nearly so surprising. What’s more, many companies reexamined their crisis management and business continuity plans following the September attacks. In all likelihood, most businesses would be up and running just days after any sort of conventional terrorist attack on American soil.
Whether consumer confidence would be as easily restored…. well, that’s another question. Walsh says he has set up a kind of budget stress test which allows him to see the impact of declining revenues. The model enables him to determine the ways in which financial behavior must adjust to accommodate different rates of business contraction.
For instance, Walsh can set the model to see how a 5, 10, even 25 percent reduction in business would reverberate through Cadwalader, Wickersham & Taft. He then assess how the expense side of the equation must be adjusted to meet the company’s earnings forecast. “Although a downturn in business due to a terrorist event is engrained in the assumptions we put into our financial models,” Walsh says, “it is by no means what is driving them.”
Maybe not. But it is driving some finance managers to seek out more powerful (read flexible) budgeting and planning (B&P) software. A number of recently released B&P applications give finance managers access to real-time transaction data. That, in turn, enables CFOs to re-adjust their budgets on a daily, not yearly, basis.
Users of such software say there’s no pressing need to craft a 9/11 budget scenario because their B&P software allows them to rejigger their forecasts on the fly. “Since 9/11 we have seen a greater focus on rolling budgets,” notes software vendor Jarzynski, “and a stronger push toward a real-time analysis process.”
(For an in-depth look at real-time budgeting and planning software, see CFO.com’s 2002 B&P Buyer’s Guide.)
Of course, even the best B&P software won’t help if a company’s computer systems are knocked off line by an act of terror. In a chilling speech given last week, Warren Buffet, the legendary head of investment group Berkshire Hathaway, said he believed terrorists would attempt to detonate a nuclear device on U.S soil. Buffet did not give a timetable for the catastrophe. The oracle of Omaha did say, however, that he believed such an attack was “a virtual certainty.”
Many experts disagree, however, claiming future terrorist attacks will be on a much smaller scale. Rick Clinton, president of Eqecat, a catastrophe risk management consulting company, says he is currently working with a corporate client to devise a basic probabilistic model for terrorism. The software can be modified to assess the different types of attacks that might be launched against a company’s major facilities. In addition, the client is using the modeling program to estimate the probability that an attack will occur during a given year, and the potential losses that might be incurred. That information, Clinton asserts, will enable the company’s CFO to make more informed decisions about the scope — and costs — of business continuity plans.
Admittedly, coming up with these probabilities is not an easy task. And once reasonable probabilities have been identified, they can only serve as raw estimates. After all, the odds that an attack will occur is derived in large part from limited historical data and expert opinion. “Engineers can estimate, for example, the damage resulting for bombs of various sizes, which can then be translated into expected loss amounts,” explains Clinton.
Eqecat’s process involves developing an overall probability of attack in a particularly country, and then breaking that down into the types of events that could occur (a conventional bomb blast may have a higher probability than a biological release, for instance). The modeling software also rates the attractiveness to terrorists of certain facilities (a government facility in major city is a more likely target than a plant in a rural area). “There is a lot of uncertainty in the process,” Clinton concedes. “But that is accounted for to some degree in the final results.”
Some risk management experts argue that an imprecise number is better than no number. Frank Terzuoli, a senior vice president at Marsh McLelan Company’s crisis management unit, says CFOs shouldn’t lose sleep trying to nail down the exact probabilities of different types of terrorist attacks on their businesses. Instead, Terzuoli maintains that CFOs should identify what he calls single-points of failure: the places that if affected, would have the largest negative impact on overall financial performance.
These assets might include a major data center or an important production plant. “At the very least, the single-point of failure analysis should be done to assess how exposed a company is, relative to its continuing cash flow, to a terrorist event,” Terzuoli argues.
For his part, Terzuoli believes CFOs should be doing this kind of stress-testing on a continual basis — and adjusting budgets accordingly. “Before more terrorist events occur,” he argues, “CFOs have the responsibility to think as rigorously as possible how those events might affect their companies’ potential to earn in the future.”
It remains to be seen if analysts and investors will start demanding such planning from CFOs at publicly traded companies. But by Terzuuoli’s reckoning, companies that design strategies to deal with future terrorists attacks will have a competitive advantage over those that do not. “This type of precautionary analysis is a bellwether of how well-managed a company is,” Terzuoli says. “Most managers still view it as discretionary, however.”
If terrorists strike again in the United States, it won’t be discretionary for long.