The benefits of risk assessment

By Maeve McCumiskey and John Hall

Download PDF

It might not feel like it at the moment, but with hindsight many organisations will come to realise that the recent financial crisis did them several favours. One of those favours is that it revealed the considerable risks they were exposing themselves to because of poor governance of their benefits plans.

Clearly, during the crisis, when survival was the name of the game, organisations were concerned primarily with the costs of providing benefits, and how to reduce those costs in the short term. However, this in itself proved challenging, because, at corporate level, they had scant information on the benefits plans they were operating, what those plans cost and what they could and couldn't do with them in different countries because, for the most part, they had delegated management of the plans to a local level.

Now that the dust has settled, firms are trying to regain control over their benefits plans – not just in terms of how much they cost them and whether or not they are appropriate for different groups of employees, but also how to adapt them to respond to future internally- or externally-driven changes. But they are struggling to implement change because much of the organisational knowledge has disappeared as a result of severely reduced HR departments at both central and regional level.

It is no surprise, then, that Mercer's Global Governance Survey 2009/2010 revealed that just 16 per cent of organisations surveyed feel their existing governance structures are sufficient to meet current and anticipated future needs. For the remaining 84 per cent this lack of governance is potentially highly dangerous: while the cost of benefits provision continues to preoccupy them, respondents see the biggest threats to their organisations from inadequate governance arrangements as being strategic and reputational.

Strategic risk derives from an organisation's ability – or lack of it – to maintain the appropriate numbers of employees who are motivated to deliver the corporate objectives. This depends on benefits being designed to drive the kind of behaviour that will achieve the desired outcomes. Reputational risk is concerned with the perception of all the organisation's stakeholders that the strategy is being effectively prosecuted – as above.

But while they understand the importance of managing strategic and reputational, as well as financial, risk, most firms have been unable to quantify that risk because they lack the information to do so.

However, there is a solution to the conundrum. If companies adhere to what Mercer has identified as five key pillars of good governance they will go a long way towards mitigating some of the risks – both known and unknown – that they are exposed to.

The first pillar is to have an effective global committee or decision-making body to help set direction for benefits governance.
The second is to write clear and easily-understandable guidelines and policies that become embedded in the corporate culture.
The third is to establish appropriate accountability, so that people understand what is expected of them and take responsibility for it.
The fourth pillar is rigorous supervision and monitoring – constant overview should be part of process.
The final, and typically most overlooked pillar, is effective two-way information flow between the corporate centre and local businesses.

Articulating objectives, and implementing a framework of principles, guidelines and processes to ensure key risks are managed carefully and responsibility accorded appropriately will help companies achieve a level of control over their benefits plans that they may not have had for many years.

But this begs the question, of course, of where the responsibility for good governance lies. Ultimately, of course, it should be right at the top of the organisation, with the CEO, but the fact that 'lack of organisational support' was identified by respondents to our survey as one of the major stumbling blocks to implementing change successfully, suggests that this is frequently not the case. However, given the acknowledged strategic and reputational risk of inadequate governance – not to mention the growing interest among wider groups of stakeholders, including shareholders and employees – it is more important than ever that the CEO has at least some overview.

The CFO should also be involved and, arguably, the Chief Administrative Officer too, along with senior-level representatives from treasury, the legal department and accounting (if this is separate from finance). HR's involvement goes without saying, but a recurring problem among many governance structures is that sometimes HR doesn't fully take into account the need to include other stakeholders.

But this unilateral approach does HR no favours: not only does including other stakeholders make for more effective governance, but it also secures the kind of top-level buy-in necessary to effect successful change. What's more, it helps elevate governance from a local to a global level – and it is a fact that the range of activity that receives global attention needs expanding.

For example, many organisations focus on plan design and funding decisions, but few devote the same attention to investment policy and monitoring. To manage risk effectively, you need an integrated approach to all three levers. Also, organisations with defined-contribution pension schemes need to pay much closer attention to the way they manage and communicate these in order to head off employee relations problems. Therefore it makes sense to involve the head of communications on the global governance committee too.

Unfortunately, most organisations only realise exactly how much their exposure to benefits plan risks costs them when a problem hits them – they might suddenly find themselves facing an unexpected hole in the pension fund of an acquired company, for example, or discover that their health insurance policy for key workers on a project in Saudi Arabia is not recognised by the Saudi government. Such problems may be expensive to resolve, but they are containable.

Problems arising from the failure to manage strategic and reputational risk, however, could threaten the very survival of the company.

Examples of risk

A global company made a retirement promise to a manager in Germany, who then transferred to Switzerland. However, nobody realised that the documentation of the benefit promise covered only service in Germany, so the company has had to renegotiate a new pension promise with the transferee. Also, because the company was unaware of the promise, the pension liability came as a surprise when it reached the due date.
Different retirement promises were made to different groups of employees in Japan, by local, regional and corporate management. Consequently, management in different locations are now expending a huge amount of time on working through what the benefit obligations will be for the group. The company may have to bear a cost for a benefit based on a promise made locally that corporate would not have approved of.
In some organisations executive benefit plans have been put in place locally to give generous benefits (and benefits that are outside the company's normal targets) to the very people designing the plans.
Vague and poorly documented pension promises are often made to expatriates.
Plans that don't comply with, for example, local legislation, are often put in place.
Sometimes tax-inefficient contracts, such as offshore plans (risk, medical or retirement) are not properly recognised for tax purposes locally, leading to recovery of past taxes and fines.
Administration errors sometimes arise due to failure to select or oversee the administrator; these are not only costly to fix, but also damage the company's reputation.

About the authors

Maeve McCumiskey's role is EMEA Benefits Benchmarking. Based in Brussels, she can be reached at +322 674 8964 or maeve.mccumiskey@mercer.com.

John Hall leads Mercer's international consulting practice EMEA. Based in Paris, he can be reached at Office phone: +33 1 55 21 38 02 or john.hall@mercer.com