Printed from BusinessInsurance.com

SHARING, INTEGRATING RISK MANAGEMENT INFORMATION MADE EVEN EASIER WITH COMPANYWIDE INTRANET

Posted On: Nov. 30, 1997 12:00 AM CST

It is fitting that the director of risk management for Microsoft Corp. is borrowing aspects of the Internet to help spread risk management information throughout the company.

The approach fits not only because Microsoft is working to become nearly synonymous with the Internet, but also because the risk manager's project follows a philosophy of Microsoft founder Bill Gates that key knowledge must flow efficiently to decision-makers.

Scott K. Lange, director-risk management for Microsoft in Redmond, Wash., aims to integrate all Microsoft units' understanding of their risks, and then disseminate that information through a companywide Intranet.

Mr. Lange and his risk management department are perfecting a prototype site on the Microsoft Intranet that will guide anyone within the organization through information on the risks associated with business activities. This online tool is called "Risk Information System for Knowledge Sharing."

It's more than just a risk management manual, Mr. Lange said. It is based on a very broad, integrated risk management approach that will give business unit managers ready access to quantitative and anecdotal information on the risks inherent in a variety of processes they may want to pursue.

With the click of a mouse, managers also will be able to access everyone within the company who in some form manages risks, be they in the legal department, human resources department or in the auditing unit.

That fits with a corporate philosophy that front-line managers should be responsible for managing their unit's risk, and the risk information system will give them the tools to do so, according to Mr. Lange.

"It goes way beyond the traditional definition of risk management," he recently said. "This is the enterprise-wide, holistic, integrated risk management concept, because you are trying to link together all of the different organizations that provide risk management support and knowledge and you are applying it across all the units in the company."

One icon on the site will link users to "Anecdotal Information" that managers can visit to review histories of past blunders. In that way they can learn from the mistakes other company managers have made when launching a new idea, product or process. The information can be embarrassing, but it can have more impact in teaching a lesson than statistics, Mr. Lange said.

"For many companies, their past disasters, failures or problems come at a huge expense and yet the inclination is to bury them and make sure that the light of day never sees these," he said. "And, in fact, the organization paid dearly for them."

Once the site is fully implemented, it will show the company's managers the downside of risk assessment, such as the dangers signing certain contracts might present. Then they can leave themselves additional exit strategies or add suggested contract language to improve their positions.

The site also will introduce the upside of risk assessment, Mr. Lange said. When managers can get an improved grasp of their project's risks in relationship to Microsoft's appetite for risk they will make better decisions. That in turn will allow Microsoft to capture more revenue that might now be flowing to competitors.

Often managers make business decisions based on their personal risk appetite, or on their perception of how a risk decision might impact their career, Mr. Lange explained.

But an icon on the site for "Risk Analysis and Metrics" is key to one of the site's major goals of helping employees make decisions based on the corporation's risk philosophy, not their own. Managers will then be able to prioritize their risk decisions by capturing quantitative information from the site to assess those risks.

The risk information site already has been built at a cost of $15,000 and was built by an outside vendor using input from Mr. Lange's risk management staff. Microsoft's executive managers are reviewing the prototype risk information system for adoption as a companywide plan for improving the execution of business decisions.

The greatest financial cost, and the biggest hurdle to full implementation, will be in obtaining the necessary content, Mr. Lange said. Because it is an integrated project, the risk management department will not generate the content; operating units will need to supply information on business risks, past mistakes and other data.

Obtaining content will be a "fairly considerable" task that could generate fears by some units of turf invasion, which can hinder risk management, Mr. Lange said. But he said he is confident the Intranet project will work, and the main challenge now is to design and promote the project so it gets off the ground.

The initial content will likely be in the form of generic business process models. But over time, as more business units accept the idea of sharing information about risk and see its growing success, they will want to participate and contribute more in-depth content, Mr. Lange said.

"You have to hit this critical mass point before it takes hold," he said. "It's getting people over the hurdle of thinking risk management is trying to take over the company. It's very much about dealing with lack of integration that comes with vertical silos within a company."

Already one unit has partnered with the risk management department and has provided content for the site. In fact, the idea was born when that unit came to risk management for help solving an "extraordinarily complex set of risks associated with their business," Mr. Lange said.

Risk management was able to help the unit address those risks. But along the way it became apparent that the traditional method for imparting knowledge within the company could produce differing results. So risk management went to work developing computer tools that would produce more consistent results.

The site works in part by addressing what Mr. Lange calls "the staff group slowdown syndrome." That refers to the delays business unit managers typically encounter when they seek corporate help in implementing a new business processes.

To get the necessary input, they often must go to numerous departments within Microsoft repeatedly explaining their goals to numerous managers. Responses vary, with unit managers getting assistance from some manager and none from others. The process can often be frustrating, and the need to involve everyone with information ultimately slows down the introduction of new business ideas, Mr. Lange said.

Addressing that slowdown and capturing the revenue resulting from understanding the upside of risks can be particularly valuable to a company such as Microsoft that generates revenue by quickly delivering cutting-edge products that have never been tested in the marketplace, Mr. Lange said.

The risk management site will help Microsoft managers in other ways. By clicking on an icon for "Best Practices in Process Designs" they will be able to look up things such as how to set up a successful credit card billing system for product orders. Or they can click on "Tactical Strategies" to track the company's efforts to address such risks as intellectual property infringement.

Hyperlinks to other elements of the Intranet site will allow the user to easily go from one area to another in one-stop-shopping fashion.

In addition to the inherent challenges of promoting the project within the organization, another problem confronting risk managers who may want to implement a similar program is developing infrastructure, Mr. Lange said. For example, the Microsoft site will require company accounting systems to capture risk costs associated with certain actions. But accounting systems are not currently set up to do that.

Therefore, it could be three years before the infrastructure is fully in place, the content is available, the data is mature, and the project is fully implemented, Mr. Lange estimates.

For now, Mr. Lange is willing to talk about his project with other risk managers, even though it is in the prototype stage, so that other risk managers might benefit and get started on their own systems.

"We would hope that others find the system and its inherent concepts useful as a starting point for developing their own customized, Web-based, risk management knowledge system," he said.

Caroline Dorsa, vp and treasurer for Merck, has seen Microsoft's risk management Web site because the two companies share benchmarking data. Ms. Dorsa, who oversees risk management for the Whitehouse Station, N.J.-based drug manufacturer, would like to emulate Microsoft's innovative project, she said.

It could be a valuable tool for Merck because its managers worldwide need immediate, around-the-clock access to information as they develop new business ventures. Through such a Web site, they could receive constantly updated information and answers to questions about risks without having to search out company risk managers. Or conversely, the site could warn them when they do need assistance from risk professionals.