Newsletter Sign-up

By PATRICIA VOWINKEL, who has worked for national media outlets for more than 20 years

As the senior risk management executive at a company with some $31 billion in cash on its balance sheet, Microsoft's Lori Jorgensen doesn't rely on the traditional insurance markets for much.

Even if Jorgensen wanted to spend money in the traditional insurance markets, the markets do not have the interest or the capacity to take on Microsoft's other big risks, such as intellectual property.

"Many of the major risks that one would think about with Microsoft, things like intellectual property--both first and third party--errors and omissions, there's not the capacity or interest in the insurance market to provide any kind of risk-transfer solutions," said Henry Maddocks, the senior managing director at Aon who is in charge of overseeing Microsoft's account.

And so for those risks?intellectual property, directors' and officers' (D&O), and errors-and-omissions (E&O) liability--Redmond, Wash.-based Microsoft is essentially on its own, with Jorgensen focusing on alternative strategies to identify and minimize risk for the corporate office as well as the company's various operating segments.

In many cases this has involved years of working to build internal networks and relationships in an effort to work closely with various product groups and bring value to their planning and strategy meetings.

"What Lori has brought to that situation is a pretty laid-out process involving a lot of modeling, enterprise risk identification, so that the people at Microsoft can understand the risk involved in their particular business segment and some orders of magnitude around that risk," Maddocks said.

"What she's doing is very unique, and she's done a very good job of it," said Maddocks, who has known Jorgensen for more than eight years. "Very few companies outside of maybe some of the major petrochemical companies face the kind of megarisks that Microsoft has," he said. "With the possible exception of some companies like Exxon Mobil, few have anything near the balance sheet that Microsoft has and the ability to self-retain risk."

Jorgensen's mission involves not just the company's operational risk, but its financial risk as well, bringing together two areas that are often run separately. At the heart of it, it's about understanding the big threats to the company's survival and then finding solutions that can help protect the bottom line--even when the traditional insurance markets are of little help.

MOVING UP THE RANKS

Jorgensen's path to one of the top risk management jobs in technology began years ago when she landed a job at an insurance company after graduating from college.

She worked her way up the ranks, became an underwriter, and from there spent a short period of time at a Seattle-area insurance brokerage owned by Bruce McCaw, brother of Craig McCaw, who headed up cellular-phone giant McCaw Cellular Communications.

During her time at the brokerage firm, Redmond-based McCaw Cellular was indeed one of her accounts. "It got to where I needed to have access to much more confidential type of information that only employees should really have," said Jorgensen, who was born in Germany in 1954 but grew up in the Seattle area. And so after nine months of working for Bruce, she moved from broker to risk manager at McCaw Cellular, which was later acquired by AT&T in 1994.

She was McCaw Cellular's first risk manager and was there when cellular wasn't a commodity as it is today. McCaw, she said, was "a big influencer on how I think about risk."

"He saw opportunity and saw how to take an opportunity and make it into something advantageous for the consumers and customers and shareholders," said Jorgensen.

It was then, when AT&T was in talks to buy McCaw Cellular, that Jorgensen received a call from Microsoft, which was beginning to expand its risk management group. Until then, risk management at Microsoft had still been primarily about insurance procurement, she said.

In 1995, the company brought Jorgensen in to be principal risk manager to its product groups and to establish a network throughout the organization. "The risks of the organization were expanding in a way so that the insurance markets were becoming less and less responsive, and so there was a need to really understand what the risks were and their magnitude and be more and more creative," Jorgensen said.

This was at the time when Microsoft was just launching the Windows 95 operating system and Internet Explorer Web browser.

"That was an exponential change to our risk as we were going from being just a traditional software company that sold a boxed product" to a company that was publishing on the Internet and making content available online, she explained

Even in 1995, Microsoft was a tech-sector leader. But in these last 15 years, the company has grown even more, with revenues expanding from about $6 billion in fiscal 1995 to about $58 billion in fiscal 2009. It now has 93,000 employees in more than 100 countries

In the years since Jorgensen joined Microsoft, the company has been through some challenging times. Through the late 1990s and into this decade, Microsoft has been a lightning rod for controversy, drawing accusations of monopolistic business practices and anti-competitive strategies from the U.S. Justice Department and the European Union, both of which ruled against the company.

This has resulted in some significant losses for the company. In February 2008, for instance, the European Union fined Microsoft $1.4 billion for failure to comply with a 2004 antitrust decision. The company is still appealing that fine. This came on top of other fines in 2006 and 2004.

In December, Microsoft ended more than a decade of antitrust disputes after the European Union agreed to changes proposed by the company to allow more software choices to consumers buying Microsoft operating platforms, and interoperability between Microsoft systems and systems made by other manufacturers.

Microsoft also has been in the news in recent months with the launch of its new Windows 7 operating system, which it hopes will meet with better success than its predecessor Vista, which acquired the reputation of being a clunky memory hog that many businesses and consumers were reluctant to adopt.

With its high-profile operations and global dominance of the personal computer market, the company certainly has no shortage of risks. But the risks that get transferred are those that insurance markets understand well and know how to price, such as property and cargo risks.

Microsoft, for instance, turns to the insurance markets for its big property risks. With its Redmond headquarters located close to Seattle and the Puget Sound fault zone, Microsoft has some significant earthquake risks.

Microsoft also buys cargo insurance for products, such as its popular Xboxes that it ships to vendors around the world. In general, Microsoft relied on the insurance markets for asset- and property-related risks. Microsoft's other risks aren't really suitable for the insurance market for one reason or another. In some cases, the insurance markets are not interested in the risk.

Take intellectual property, such as patent infringement. The insurance markets have attempted to provide coverage for patent infringement from time to time, but they have not had much success in this area because they could not find a way to accurately price the product and ended up paying out far more in claims than they ever imagined, according to Jorgensen.

"That's a risk the insurance markets are not typically interested in especially for a company like Microsoft, where if you look in the context of product liability, our intellectual property (IP) is our product," she said.

In other cases, the coverage the markets could provide is simply not sufficient to make it worthwhile for Microsoft. "It really doesn't make sense to buy a $10 million limit of insurance," Maddocks said, noting "it's probably less than one day's earnings."

And so Microsoft retains a lot of its risk.

D&O liability is a risk that Microsoft insures itself rather than in the traditional insurance market.

"D&O is a risk that we look at every year," Jorgensen said. "The protection provided by the insurance is not that interesting to us compared with what we are able to do on our own."

Without insurance or a third party to fall back on for these and other risks, Jorgensen often turns to alternative strategies--a strength that was noted by her boss, Microsoft Treasurer George Zinn, and her risk management colleagues.

"To a person, the one thing everyone said was that what she brought was an appetite to look at alternative methods for insurance," said Zinn, commenting on the results of a quick poll he took of Jorgensen's Microsoft colleagues.

For the company's D&O risk, for example, instead of buying insurance from a third party, the company allocates funds to a type of a trust, which is allowed under Washington state's incorporation laws, Zinn said.

"The point is, we've put this money off to the side and we've invested it and, to date, thankfully, we have not had a D&O claim or issue," he said.

Another example is Project Atlas, which provides estimates of loss distributions for the company's biggest risks. This process led to some interesting discoveries.

"Intellectual property is our largest risk," Zinn said. "You'd expect that. But until you've seen the numbers around it," he said, "you don't realize the magnitude of the risk."

The project provided managers with concrete information that allowed the company to direct its efforts toward those most critical of risks.

In addition to managing operational risk, Jorgensen also is responsible for financial risk management at Microsoft--and that also contributes to Microsoft's unusual approach to risk.

"Lori is the risk manager for any and all risks that Microsoft might face," Zinn said, including responsibility for financial risk management.

"The combination of the financial risk and what I refer to as business risk really led to a much more quantitative approach to risk management at Microsoft," Zinn said.

At Microsoft now for 15 years, Jorgensen has guided the tech giant through some big challenges, one of the most recent being the upheaval in the financial markets in 2008.

As the markets were coming apart in September and October of 2008, senior management turned to Jorgensen and her group for assistance in understanding the company's full economic exposures.

Jorgensen and her group came up with a report--the 360-Degree Exposure Report--which provides the company with an in-depth look at all of its various operational and financial risks.

The report is produced weekly, and it brings together information about the company's top 25 accounts receivable from across various silos, giving senior management a much clearer picture of the risks associated with any particular issue or situation.

"If you aggregate it, you can see very intuitively the size, the riskiness, as well as the standing relative to the accounts receivable," Zinn said.

"It allows us to see our exposures in a way that is very intuitive and also in a way that most people don't look at it," Zinn said.

The report, for instance, provided important information about Microsoft's exposure to Circuit City as the retailer went into bankruptcy in 2008. Information provided by the report helped Microsoft manage its risk through the Christmas season that year.

The company ended up having only a very small exposure to Circuit City in 2008 as a result, compared with exposures worth several hundred millions of dollars in the previous year, Zinn also said.

May 1, 2010

Copyright 2010© LRP Publications