Can You Have Too Many Coffee Shops?

The collective mood among Starbucks (SBUX) shareholders may have been dark and intense on Wednesday, following a 1% downgrade of the coffee company’s share price by BMO Capital Markets due to “store overlap.” BMO analyst Andrew Strelzik wrote: “There are now 3.6 Starbucks locations within a one-mile radius of the typical Starbucks in the U.S. relative to 3.3 and 3.2 stores in 2014 and 2012 respectively.”

That statistic does not factor in competitors, and implies that too many franchise cafes are located too closely together and are fighting for the same $2 per tall coffee.

The warning signs of overlap were acknowledged and dismissed by Starbucks CEO Howard Schultz in 2010, when he told the Harvard Business Review: “We’re not nearly close to saturation in North America, despite what the cynics or pundits might say…”

At the time of that interview, Starbucks total store numbers neared 17,000 and by the end of 2016, there were 25,085. Was seven years close enough to the saturation point to heed the warnings? Or does the old cliché about hindsight apply?

The overlap may have led to what’s known as risk failure, which Risk Management explored in a 2016 article, “The True Character of Risk.” Article author Michael J. Mazarr would characterize Starbucks’ market oversaturation as a “gray swan”—a danger that is “known, discussed and even warned about, but then discounted.”

Mazarr noted: “When senior decision-makers become immune to outcome-oriented thinking, they will not give serious consideration to risk. They may continue to give it rhetorical emphasis, talking about what could go wrong, but the trajectory of their judgment will never substantially vary.”

McDonald’s learned this same lesson the hard way in the 1990s. Although it had 19,000 worldwide locations, upper management wanted deeper market penetration and kept expanding. Cannibalization didn’t hurt the corporation at first, but investments in new locations outpaced the profits earned from increases in total sales. That led to the fast food chain closing 100 stores and unveiling the popular, but risky, offer of 55-cent Big Macs to attract and retain customers.

Unlike in 2008, when Schultz closed 600 locations overnight because he felt they weren’t meeting the Starbucks vision, the current problem is not reportedly a result of poor management or the inability to offer upscale imbibing experiences. Starbucks has just provided customers with too many options near their homes, workplaces and hangouts to get their next sandwich or caffeine fix.

Going Lo-Fi At Sea May Mitigate Cyberrisk

Cyberthreats have become seaborne in recent years, and preventative measures are on the radars of governments and the shipping industry.

GPS and other electronic systems have proven to help ensure safe and accurate navigation, but they have also put digital bullseyes on ship decks. These technology upgrades have unwittingly exposed ships to cyberrisk because their signals are weak enough for remote perpetrators to jam.

When ships and crew members rely solely on GPS systems, they can be at the mercy of a cyberhacker seeking to provide wrong positions (or “spoof”), endanger the crew and their cargo, or hold the crew, cargo or sensitive information for ransom.

These risks are exacerbated by the fact that ships typically do not have automatic backup systems, and younger crew members are increasingly reliant upon the newer electronic navigation tools.

Allianz’s Safety and Shipping Review 2017 highlighted the growing threat of cybercrime in the sector, and noted the increasing level of activity in the last five years. For example, World Fuel Services fell victim to an online bunkering scam in 2014 when it agreed to participate in a tender for a large amount of fuel from what it believed to be the United States Defense Logistics Agency. Cybercriminals collected $18 million from that successful impersonation. In 2016, hundreds of South Korean vessels had to return to their ports after North Korea allegedly jammed their GPS signals.

The report noted that most maritime cyberattacks have been aimed at breaching corporate security, rather than taking control of vessels, but warned that such attacks could occur.

Captain Rahul Khanna, head of marine risk consulting at Allianz Global Corporate & Specialty, noted in the report that more, larger-scale attacks are imminent if the risks are not appropriately addressed. “We can’t put IT security on the backburner,” Khanna said. “Just imagine if hackers were able to take control of a large container ship on a strategically-important route. They could block transits for a long period of time, causing significant economic damage.”

The report also stressed that “crew education and identifying measures to back up and restore systems should be implemented” to reduce cyberrisk.

Looking Back For a Signal Forward
Some companies and governments have heeded the warnings and are identifying these indicators of attack. Preventative measures may lie in a maritime tool that had taken a backseat to the prevalence of GPS—a backup radio technology called Enhanced Long-Range Navigation (eLoran), which was developed in the United States in the mid-1990s. It has continental reach, emits strong signals via a low-frequency and relies on land-based transmitters that reveal a limited number of fixed positions. These once-limiting traits could be the automatic backup systems ships need in the event of jamming or spoofing.

On July 20, 2017, when the Department of Homeland Security Authorization Act (H.R. 2825) passed the floor of the U.S. House of Representatives, eLoran’s importance was stressed. The act includes a section titled “Backup Global Positioning System,” which features provisions for the U.S. Secretary of Transportation to initiate an eLoran system. H.R. 2825 proposes that eLoran be made available as a “reliable…positioning, navigation and timing system,” with the purpose of providing “a complement to, and backup for the Global Positioning System to ensure availability of uncorrupted and nondegraded positioning, navigation and timing signals for military and civilian users.”

Reuters this week reported that South Korea’s Ministry of Oceans and Fisheries is looking to establish the technology in a test form by 2019.

Time will tell if eLoran is the most practical and cost-efficient method to mitigate cyberthreats at sea. It seems if companies want to mitigate maritime cyberrisk now, the first steps would be to look to the technology of the past and turn on the radio.

The ERM Value Connection

Research has shown that enterprise risk management (ERM) adds value. One research paper showed that ERM adds to the value metric called Tobin’s Q. Other award-winning research has shown that ERM enables better decision making. The authors of that research state:

“Specifically, as companies implement an ERM process, the new knowledge it provides them about objectives, risks, oversight, information and communication, and the internal environment leads to enhanced management, as evidenced by increased management consensus, better-informed decisions, better communication with management regarding risk taking, and increased management accountability. This enhanced management, in turn, leads to improved performance.”

ERM and Reputation
As an extension, it would make sense that there would be some impact on reputation risk if a company does ERM well, is sophisticated at ERM, and has developed a mature process. While this common sense may prevail, empirical data and testing is lacking. This is primarily because measuring both ERM and reputation risk is not so easy. But the questions remain:

  • Is there a relationship between ERM effectiveness and reputation?
  • Furthermore, does this relationship show up in performance metrics?

While we cannot answer these questions here, we can explore some simple relationships and at least gain a few insights. Admittedly, reputation risk and ERM are still young disciplines and more data is needed to explore these and other questions. Any attempt to answer these questions with current data carries some caveats. First, this is complicated data from nonfinancial firms and all data was before the year 2014. Second, these are simplistic looks at the data as split into the upper and lower percentiles (split at 50%). Third, the information discussed below reveals levels that have not been tested for statistical significance. In spite of these, let’s examine what may be obvious to some business risk experts.

What data reveals about ERM and Reputation Level
The big question might be, “Do we see higher reputation levels associated with better ERM?” The answer is not yet (at least in this data at this point in time). Companies in the sample with lower reputation scores have higher ERM effectiveness scores than companies with higher reputation scores.

Other Explanations
A good researcher knows to develop the theory first and also to consider alternative explanations. It is wise to follow that process. For example, in this sample companies with greater reputation are bigger than the lower tier reputation companies. It might be true that larger companies have more difficulty building a more mature ERM capable company because they are so large and spread around the globe. It could also be true that smaller companies are over confident in the ERM processes. Either theory (and others) could explain why the high ERM and high reputation levels do not match up. This testing is left for future research.

The Volatility Theory
An alternative theory (what academics explore and test) is that the level of reputation is not what’s important because the company already had their long-standing (developed over many years) reputation when they established ERM. Instead, it might be true today that the real reputation value of ERM is that it helps manage the volatility around reputation because the company is better prepared, sees the reputation risk, correlated risks, helps get the companies ahead of the risk events, and helps them understand how these events might play out and impact the organization’s reputation.

Examining the data shows that the answer on volatility is that this could be true. The data show that at set reputation levels (meaning when the data is split on high and low reputation volatility levels), better ERM leads to lower volatility in reputation at both levels and that is probably a very good thing for most organizations. It appears that ERM does have an impact on reputation but the impact is likely on reputation volatility.

Conclusion
Prior research shows ERM adds value and helps improve decision making. With further testing, future research may be able to confirm another obvious truth, that better ERM improves reputation. But it may be doing so in a surprising way via reduced volatility of reputation.

The Risk of Being Too Delicious

Shockwaves were felt around the wing-eating world last week, when Buffalo Wild Wings announced it will be discontinuing its Tuesday night half-priced wing promotion.

According to reports, the franchise’s decision was a difficult one as the promotion was “a major driver of traffic” and “boosted same-store sales” for some locations. Ultimately, the deal was just too delicious. With wing prices on the rise (jumping 11 cents per pound in a year), the promotion started to impact the company’s bottom line. In fact, the food chain blamed the historically high wing prices for its 63% profit drop in the second quarter, turning the crowd-pleasing promotion into a losing proposition.

It is an interesting risk that many organizations, especially in retail, must take, however. How do organizations develop a promotion that attracts new customers and entices existing ones to visit more frequently, purchase something new or add a service without causing any financial hardships? And, perhaps more importantly, at what point is the promotion no longer worth it?

The majority of promotions go off without a hitch. It is probably safe to say that most of them have either a positive or neutral effect. Companies must be prepared, however, for those rare deals that negatively impact businesses’ finances or reputation.

While Buffalo Wild Wings’ risk management approach to this promotion may have intervened in time to save them from a worse fate, others have not been so lucky.

Take, for example, seafood chain Red Lobster’s 2003 all-you-can-eat summer crab leg special that ultimately put the company in hot water. Parent company Darden’s then Chief Executive Joe Lee was quoted as saying, “It wasn’t the second helping, it was the third that hurt.” “And the fourth,” then Red Lobster President Dick Rivera added on a conference call to investors.

The deal lasted a bit too long and was linked to the wipeout of $405.9 million in stock value in a single session, with stock prices dropping 12%.

Red Lobster isn’t alone. In 2009, Kentucky Fried Chicken decided to introduce its new grilled chicken option by hiring mega star Oprah Winfrey to make an announcement during her show, giving away an online voucher for a free lunch. About 16 million people printed out the voucher. Stores ran out of food and eventually stopped accepting the coupon. Even worse, competitors jumped in and offered discounted meals to voucher holders.

Then there was McDonald’s, which gave away MP3 players with viruses; an unapproved promotion code for free Domino’s pizza was leaked to 10,000 people; and the obvious consequences of a 10 cent beer night at a Cleveland Indians game. What could go wrong? (Hint: chaos ensued.)

Risk management can play a vital role in supporting marketing initiatives, like the creation of an effective promotion. And, for practitioners managing an enterprise risk management program, it highlights just how important collaboration between different business areas really is.

Companies can be blinded by opportunities that include increased traffic, return customers and add-on purchases. Some deals are just too good to be true—not just for the consumer, but the company making the offer as well. It is apparent that the downside of the promotion must be carefully assessed and that tolerance limits be set in order to know when to pull the plug on a deal.

When developing a risk tolerance statement for a promotion, it’s important to also realize that sometimes the financial losses associated with a promotion is not the only thing to look at and might not be a bad thing at all.

Take a look at Costco, that refuses to raise the price on its $4.99 rotisserie chicken and $1.50 hotdogs.

“I can only tell you what history has shown us: When others were raising their chicken prices from $4.99 to $5.99, we were willing to eat, if you will, $30 to $40 million a year in gross margin by keeping it at $4.99,” the bulk wholesale giant’s Chief Financial Officer Richard Galanti told the Seattle Times in 2015.

The philosophy is rather simple and has worked for Costco. Cheap, delicious rotisserie chicken brings people into their warehouses. And, hopefully, on their way to pick up dinner, they will also grab new patio furniture, a television, golf clubs, a 64 oz. jar of mayonnaise and a five pound bag of cashews. The wholesaler banks on statistics indicating that consumers spend on average $136 each time they enter the warehouse.

Developing a promotion should not be done on a whim. Careful consideration must be taken before the promotion is introduced. Many different groups within the organization should be included in the conversation…and risk management can take the lead on bringing those groups together and initiating the dialogue.

So, before the company serves up that next mouth-watering deal, risk management must realize that it has a real opportunity to support value creation and show its worth way before the pot boils over.