Despite the current preoccupation with corporate governance, customer service risk still concerns European financial managers more than financial reporting requirements, says Wendy Cohen

At present, company managers' minds are heavily concentrated on compliance and transparency. Recent developments in corporate governance legislation and regulation caused by post-millennial fraud and corporate collapses, have placed risk in the spotlight. For instance, many US-listed, European companies are currently under pressure to comply with the US Sarbanes-Oxley Act, and it is fully expected that equivalent EU legislation will follow shortly. This will force corporate governance further up the agenda for the whole of the European business community.

As a result, much technology investment is currently being driven by the need for regulatory compliance. This emphasis may be masking other priorities to which company managers should be affording an equal amount of attention.

No one can deny the problems caused by corporate fraud and misreporting, or the need for strong legislation to help restore the confidence of investors and markets. But where does this accounting risk sit in relation to other corporate risks? Should businesses perhaps be more concerned about the billions that can be lost through an emergency product recall, or a failed international expansion, or by unwittingly offending customers? The answer to this question is critical to supporting technology investment strategies.

Risk mitigation and management in all of the areas discussed in this article are effected through automated management, monitoring and measurement of underlying business processes. Implementation of what has become generically known as business process management (BPM) technology is rising fast.

According to Gartner, the BPM market was worth $1.2bn in 2003 and will grow at almost 10% per year through to 2007.

In order to offer some insight into the relative importance of different corporate risks, HandySoft commissioned research among financial managers of the European top 1000 companies. Respondents were asked to rank the significance of these risks in relation to one another.


Customer service risk

Right at the head of the field comes customer service risk. This is the risk that high customer service standards fail to be maintained, with the consequence that customers become dissatisfied and defect to competitors.

In order to retain and develop customers, companies must ensure that their legitimate requests or complaints are dealt with promptly and resolved satisfactorily.

The importance that astute companies put on customer service, especially when centralised in a call centre, may be illustrated by the refusal of HSBC to outsource its call centres to India because of concerns over customer reaction and service quality, and the recall of call centre operations by Dell and Lehman Brothers back from India to the US, because of customer feedback. According to researchers ContactBabel, European customers who had used offshore agents - whether by telephone or computer - were four and a half times more likely to have changed their supplier.

Operations risk

Operations risk, the second most significant area of risk for European top company financial managers, is closely intertwined with customer service.

Operations was defined in this study as the process of making and delivering the right product to the right customer at the right time. It also embraces product quality assurance, product availability, channels to market, and so on.

There are many examples of operations failure which have led to big losses.

The lack of process controls and checks, which led to the recall in 2000 of Ford vehicles fitted with Firestone tyres, cost the automotive giant in the region of $2bn. Perrier's operations process control failure in 1990 meant that its bottled water was the subject of a massive product recall costing the company over EUR150m.

Measuring revenue, profitability and potential at the individual customer level is becoming a more common metric among financial managers in order that they can better understand the financial implications of satisfaction levels among different customer groups (defection cost risk). As a result, the popularity of BPM systems that implement, manage and measure best practice has gained ground. In this way, leading companies are making customer services promises to differentiate themselves competitively, and are now able to make sure those promises are met in the field. Company representatives are forced to follow best practice routines: departures from the standard trigger alerts, and management are able to identify systemic weaknesses and take prompt remedial action.

Acquisition and marketing risk

Hovering around the average risk score, we find acquisition risk and marketing risk. Acquisition risk covers the challenges of merging two organisations after an acquisition, in terms of skills, culture, data and brand. Marketing risk covers the hurdles of understanding customer and prospect value and potential, and then successfully putting appropriate and compelling offers and brands in front of them.

Acquisition risk certainly poses the threat of heavy costs for not getting it right. A combination of deteriorating market conditions and poor integration of acquisitions led to the collapse of Marconi shares in 2001, wiping over EUR18bn off shareholders' investment compared to the share value in early 1999. In 2003, M&A watcher Ken Silverstein stated that 80% of mergers end up losing money for shareholders, citing well known examples such as AOL/Time Warner.

The problem with acquisition risk is that it is almost impossible to pre-assess. Certainly, thorough due diligence will reveal if there are any anomalies in financial reporting, trading statements, production and sales volumes, and so on. But it will rarely be able to qualify employee contribution and productivity, richness of customer knowledge, or complementary skill sets. The way the merged organisation works - successfully or otherwise - will only be revealed by assessing the reality. The resulting exposure has caused our respondents to classify acquisition risk some nine points above the average. Therefore, some form of BPM tends to be crucial in allowing management to monitor what is and is not working in the merged company, and deal quickly and intelligently with accurately identified bottlenecks or problems.

Good marketing practice matches profitable products to high-demand markets.

Bad marketing practice can be financially disastrous. European marketers still shudder to recall the debacle caused by Hoover's offer of a free return flight to the US on every purchase over £100 back in 1992. No cap was placed on uptake of the offer, a mistake which should have been caught by effective BPM, and the promotion cost the company over EUR70m.

In another example, a German high street grocery retailer decided to start a loyalty scheme. However, lack of process control allowed the scheme to collect all sorts of data on scheme members without having analysed which of those pieces of information were predictive of purchasing activity.

The financial impact was threefold: the scheme had no appreciable affect on customer retention and spend, the right data components were not available for cross-selling offers, and an opportunity was lost.

In truth, these two areas of risk - acquisition and marketing - are related, in that it is poor implementation of a newly-merged company's customer proposition that most often causes acquisition failure. Most marketing risk centres around the hurdles of: sufficient market and customer analysis, rich customer data, efficient time to market, and rapid reaction to market conditions. In other words, best practice marketing is mainly about processes, and about ensuring that these processes are controlled, monitored and regularly refined. Campaigns cannot be launched without full customer segmentation, analysis and validation; new products cannot be put into production until convincing market sizing has been conducted; strategies cannot be implemented until sample cell tests have been conducted with live customers. BPM technology is therefore required to mitigate marketing risk.

Getting the right focus

As mentioned at the beginning of this article, accounting risk is where the bulk of corporate attention is being focused, and a plethora of spot solutions has come onto the market. There is certainly no way that organisations can avoid mandatory compliance, and efficient, cost-effective compliance with corporate governance standards such as SOX requires suitable technology support. Yet European financial managers ranked accounting risk well down the list of significant corporate risks.

This leads us to conclude that business managers contemplating IT investment must demand that business strategies and technology solutions should be extensible to improve core processes in the crucial areas of risk exposure - such as customer service and operations. To deal with compliance issues in isolation will not reap the maximum return on investment, and wastes the opportunity to obtain extra value from a platform that can be applied to many areas of risk management within a company.

- Wendy Cohen is director of operations and sales, EMEA, HandySoft, Tel: 020 7959 3042


- Despite the current concentration on corporate governance and transparency compliance (accounting risk), company financial managers do not see this risk as top of their corporate concerns.
- Problems in customer service and in operations are seen as the two greatest areas of exposure by top European companies, with process failure able to cause losses in the millions (and occasionally billions).
- Integration difficulties following an acquisition were also considered to carry above average exposure to potential damage to a corporation, a topical issue in the light of the recent upswing in M&A activity.
- Technology procurement/management and financing risk were seen as holding least risk of corporate damage, these business processes being more subject to recognised professional standards.
- Technology support for business process management should therefore not be concentrated solely on spot solutions for regulatory compliance, but should be extensible to manage other priority risk areas and processes in the corporation.