Most public companies don’t have dedicated chief risk officers. They’re either too small to make such an investment, or they operate in an industry where a CRO isn’t customary. Thus, many small and mid-cap public companies manage risk on an ad-hoc basis, or worse, they leave risk management siloed within each department.
Lance Bridges is out to change that during a critical time at Inseego (formerly Novatel Wireless). He stepped in as senior vice president and general counsel in 2015 as the well-known router company was poised to divest its hardware business and transform into a software and services firm. In taking a comprehensive approach to risk management, Bridges will protect his company as it enters a new and important phase of life.
Leaders at Inseego hired Bridges for the experience with securities and mergers and acquisitions he developed over a sixteen-year period at Cooley. When he joined, the company, known for its wireless routers, had grown weary of the thin margins associated with telecommunications hardware products. Activist investors had ousted the management team and led a push to diversify. In 2015, Inseego raised $120 million in a convertible debt deal and acquired two companies to get into the higher margin world of software and services.
After installing a new CEO and other senior leaders in 2015, Inseego entered 2016 looking to divest its hardware business. The company shocked industry insiders in September of that year when it announced plans to sell its popular mobile broadband (MiFi) business for $50 million and reorganize as a totally new entity.
When it closed in early 2017, the transaction signaled a new course for Inseego. The new company no longer sells any of the products it sold just two years ago, and has emerged as a software, services, and solutions business playing in the Internet of Things. Inseego created a new public holding company and operating structure to chart a path forward.
As Bridges looks to protect his new company, he’ll recreate an innovative company-wide risk management exercise he first enacted at his previous company, Entropic Communications. The initiative started after Bridges examined possible risks in legal compliance and the company’s IP portfolio. He identified 128 areas of potential risk, and when Bridges met with his CEO to discuss his findings, the leader asked him to coordinate a similar exercise with other internal departments.
“Everyone says risk management is critical, but actually doing it in a systematic and comprehensive way is a chore many executives will avoid. It doesn’t have to be that way.”
Armed with buy-in from Entropic’s CEO, Bridges launched his enterprise risk management project.
The project covered the following five steps: event identification, risk assessment, risk response, communication, and monitoring. Bridges worked closely with department leaders to unite disparate and varied risk management strategies. While managers were widely aware of existing risks, few examined the interrelationships between risks or fully appreciated the impact of their risk mitigation strategies on their counterparts company-wide.
The process led Entropic to take action in several areas. Most notably, Bridges and his peers realized the company’s small IP portfolio made it extremely vulnerable because one large competitor routinely squashed upstarts by filing patent-infringement claims. Entropic changed its M&A strategy accordingly and acquired a company with more than 2,000 patents in its portfolio. The move—a direct result of the comprehensive risk analysis—helped Entropic mitigate the potential risk from its competitor. In 2009, Bridges presented his findings to Entropic’s board of directors and outlined his suggestions for continued communication and monitoring of internal risks. In the years that followed, he coordinated Entropic’s enterprise risk management efforts across functional areas of the business, working closely with other executives outside of the legal department. He’s now following the same path at Inseego.
“Most companies have high-level risk conversations during annual strategic reviews, but the nuts and bolts of the operational risks are often glossed over, and risk management work remains isolated in functional silos,” he says. “A more formal exercise forces management to look at risks they otherwise might not consider.”
In addition, a cross-functional risk management process helps leaders examine the cause-and-effect relationship of risk. Although moving manufacturing offshore might mitigate some risks by reducing product costs, the practice could introduce new risks associated with logistics, currency exchange, or import rules.
“Companies need one person who can bring all groups together and drive risk management in a cooperative way by examining all issues and looking for subtle interactions across the whole company,” Bridges says.
He’ll do just that as his newly reformed company adjusts to life as a services and solutions company in 2017 and beyond.