Microsoft established its risk management group (RMG) in 1997 within the treasury department to develop a comprehensive approach to risk identification, measurement, and management across the enterprise. The RMG worked to bring non-financial risk management practices in line with the more mature financial risk management processes. Microsoft developed internal risk measurement systems and consulted third parties to ensure all risks were captured. The company encouraged a culture of transparency around risk through accessible internal reporting and education for all employees.

1. Ulukman Mamytov
IPROMAC 7530-28-8213
Risk Management
Professor: Wakayama Kazuo
Microsoft operates in a competitive, high-risk business, with rapidly
advancing technology and ever shortening product life cycles. In that
context, Microsoft’s risk management group seeks to construct and
implement an enterprise-wide risk management system

2. Microsoft’s RMG was established in 1997, within the
treasury department
Brent Callinicos, treasurer, RMG leader
Worked in: Procter & Gamble, Walt Disney, Microsoft
(1992-2007), Google, Uber, Baidu, Hyperloop
Focus: to develop a comprehensive and integrated
approach to risk identification, measurement, and management.
Goal: to bring to the business risk area (nonfinancial risk) a level of
measurement and management similar to that in the financial risk area.
Financial risk management at Microsoft has been evolving since 1994, when the
company began its foreign exchange hedging program. In about 1995, the
company began to calculate VAR for its foreign exchange risk.

3. Value at Risk
Philip Jorion, author, professor and risk manager
Jorion is the author of more than 100 publications
on the topic of risk management and international
finance, and is credited with pioneering the
Value at Risk approach to risk management.
Jorion: “VAR measures the worst expected loss
 over a given time interval
 under normal market conditions
 at a given confidence level.”

4. In 1996, Microsoft’s treasury presented to the finance committee of the
board of directors a white paper analyzing the factors that had contributed
to the publicized derivative losses that companies had reported.
Result: Microsoft created a comprehensive and integrated approach to
financial risk measurement and management within the treasury function.
Tree of
Risks
Foreign
Exchange
Strategic
Equity
Employee
Stock
Option
Interest
Rate
Gibraltar:
• gives an aggregated view of the
market risks
• performs VAR analysis
To measure VAR, Microsoft
developed its own system – IRMA
(Internal Risk Management Appl.)
+ 2 additional third-party systems to
measure risks to make sure not to
miss any..

5. Foreign exchange program - price protection for areas with unstable
currencies - to make sure that distributors don’t lose margins and don’t
stop ordering products from Microsoft.
= SCM concept of AAA: Agility, Adaptability, Alignment

6. Every department has its own intranet site, and communication through
the intranet is part of the firm’s culture. Microsoft wants all managers to
understand the risks embodied in the decisions they make. As new
projects are launched, business managers are encouraged to consult risk
management’s intranet site with risk checklists, anecdotes, best practices.
Employees have access to virtually any financial data.
Bill Gates:
“A company’s middle managers and line employees, not just its high-
level executives, need to see business data… Companies should
spent less time protecting financial data from employees and more
time teaching them to analyze and act on it.”
Certainly, some information is password protected.

7. Microsoft does not rely solely on VAR to measure its financial risks. It
also uses stress testing through scenario analysis to consider the
impact of political, geographic, and economic circumstances.
Risk Management Group activities:
 Risk financing – having a clear view of risk profiles to validate the risk
financing plans.
 Quantification resources – inclusion of senior risk analyst and senior
quantitative analyst with a Ph.D. in mathematics.
 Face-to-face meetings with directors or product unit managers to
have enterprise-wide view of risks.
 Defining worst-case scenarios

8. In case of earthquakes - What risks are most important to Microsoft?
Property?
Is property insurance enough?
The real risk is not that buildings get damaged but that it causes
business interruption in the product development cycle and that
company cannot do business.
 Capital market risks because of the firm’s inability to trade
 Worker compensation or employee benefit risk
 Supplier risk for those in the area of earthquake
 Loss of market share because the business is interrupted
 R&D risks because those activities are interrupted / product delays
 Product support risks
What happened to Kobe Steel after Kobe earthquake?
How did their stock do? Did they get sued?

9. An important result of
scenario analysis is to put a
dollar amount on the risks.
What will it cost the company?
Risks ranking through
mapping and prioritizing risks
Pareto principle 80/20

10.  1998 – Callinicos – Ernst&Young Global Risk Manager
 1998 – Overall Treasury Excellence – an Alexander Hamilton Awards,
use of technology to design a web-based tool to share risk information
through the company’s intranet
 1999 – “Pioneer of the Enterprise approach to risk management” – by
CFO magazine and Arthur Andersen
 1999 – Gold award for financial risk management – at the Alexander
Hamilton Awards, noted that Microsoft turned the “financial crisis in
Asia and Brazil into significant gain for the company”
 1999 – Corporate Award for Risk Management Solutions – from
Treasury Management International