Hewlett-Packard, Highly Commended, Effective Risk Management

Published: Aug 2011

HP’s treasury department sought to leverage the company’s quantitative risk assessment capability, which was developed as part of its Enterprise Risk Management (ERM) programme. ERM provides data and analysis to support and inform insurance purchasing decisions and other risk mitigation solutions.


Photo of Richard Parkinson and Jonathon Traer-Clark accepting on behalf of Cristina Tate.

Cristina Tate

Director, Enterprise Risk Management

HP is the world’s largest information technology company with a portfolio that spans printing, personal computing, software, services and IT infrastructure. Founded in 1939, with corporate headquarters in Palo Alto, California, HP has more than 300,000 employees doing business in over 170 countries around the world. HP reported revenues totaling $126 billion in its 2010 fiscal year.

The ERM programme allows the company’s treasury team to assess its risks quantitatively by measuring the distribution of potential risk impacts using subject matter experts, simulation models, and probabilistic analysis.

The project, which was a collaborative effort between two treasury departments, was developed in partnership with HP Labs, the company’s research and development arm.

HP embarked on the ERM journey in 2004, when the first enterprise risk assessment was undertaken at the request of the company’s CEO. The treasury department began to develop the company’s quantitative risk response optimisation capability in 2009, a process that bore fruit in 2010 when a fully-fledged insurance purchase decision support project was completed. HP made changes to its insurance programme structure, using the modelling output as support for the decision and approval.

“We are extremely honoured to receive the prestigious Adam Smith Award on behalf of all who contribute to HP’s Enterprise Risk Management programme.”

By having the capability to quantitatively assess insurable risk, the company incorporates analytics to determine appropriate insurance coverage and calculate premium value proposition. This allows HP to support and validate insurance coverage purchase decisions and provides a platform for evaluating other risk mitigation techniques.

The ERM programme also allows the treasury team to model the quantitative impact of employing a variety of risk mitigation strategies against significant risks, thereby providing decision support.

Given a probability distribution of financial impact, the model calculates the new distribution based on the various insurance offerings assessed:

  • Retentions.
  • Limits.
  • Premiums.

The approach is based on both the expected-value analysis and the cost-benefit analysis. This quantitative analysis supports the risk manager in insurance purchasing decisions and negotiations with the insurance companies.

“HP’s Enterprise Risk Management (ERM) programme goes beyond risk assessment and drives risk mitigation. It is not enough for the treasury team to be aware of the risks that the company faces. It is as important for HP’s leadership to decide how best to manage and mitigate these risks,” says Cristina Tate, HP’s Director, Enterprise Risk Management.

“We can take data such as industry claims, company claims, probability, exposure – and incorporate all into an incident simulation capability that provides an impact distribution curve.

By analysing different points on the curve – for example, expected value or worst-case scenario – appropriate decisions can be made around premiums HP is willing to pay for different types of coverage.”

All our content is free, just register below

As we move to a new and improved digital platform all users need to create a new account. This is very simple and should only take a moment.

Already have an account? Sign In

Already a member? Sign In

This website uses cookies and asks for your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).