By Alana McLain
Ken Bedingfield, a Corporate Vice President and the Chief Financial Officer of Northrop Grumman, discussed risk management from a defense contracting standpoint with the student fellows on Tuesday, April 4th. The main discussion was around how the board of directors works together to assess key risk factors for the company.
Northrop Grumman is a global security company whose largest customer is the United States government, who makes up a majority of Northrop Grumman’s business. They also operate globally with allied nations like Australia and South Korea. While a portion of their operations are classified, Ken was able to tell the student fellows about how the board of directors goes about managing risk for the company.
The board of directors outlined several risk factors for their investors in 2016. These are umbrella factors that include more specific risks, but have been broadened in order to manage them more effectively. A few of these broad risk factors include customer concentration, appropriations, contract performance, cyber security, pension plans, nuclear activities, work force, and performance obligations. One of the approaches that Northrop Grumman takes in risk management is the absence of a risk management officer. They believe that it is the entire company’s responsibility to manage risk and that farming out risk management isn’t beneficial to the organization. Instead, Northrop Grumman utilizes an enterprise risk management council to regularly review and address risk.
After addressing a few specific risk topics in detail – like pension plans, threat based risk, taxes, and insurance – Ken outlined the steps that the Enterprise Risk Management Council uses to recognize, assess, and mitigate risk. Their key elements of risk assessment are a robust and dynamic risk assessment at many levels, actionable and tested mitigation plans, recognition of significance and priority of risk, and managing risk instead of avoiding it. By regularly reviewing risks, they are able to catch new and changing risks early. Testing their actionable mitigation plans ensure that they can execute these plans before the risk gets out of hand. They use a risk cube to analyze the significance and priority of a risk to determine which ones are more important to manage. And finally, they must manage risk instead of avoiding it to take advantage of profit opportunities. As the saying goes, high risk means high reward. By managing risk, they can capitalize on these higher rewards generate profit for Northrop Grumman.