aerial view of winding road and dense forest

Portfolio Governance, a Differentiator for PE Firms in a Dynamic Risk Environment

Dolores Atallo, Managing Director Risk and Compliance
Rob Gould, Managing Director Private Equity Practice Global Leader

Vibrant fall colors are beginning to set foliage ablaze in a period of seasonal change, a prime time for private equity firms to take stock of their internal and external business environment to evaluate evolving and emerging risks and the potential impact on their goals The evolving post-pandemic landscape is filled with plenty of unknowns, including whether there will be yet another resurgence of COVID-19; whether the economic recovery will pick up or continue at the same pace; what impact current supply chain bottlenecks would have on businesses and consumers; and whether return-to-office plans for next year would still hold firm. Therefore, this is a time for private equity firms to take stock of internal and external business environment to evaluate evolving and emerging risks and the potential impact on their goals.

The private equity industry is currently experiencing expansive deal flow, with deal activity at an all-time high, making it increasingly important to have a portfolio governance model that is capable of putting capital to work while maximizing the risk-and-return balance. Given the uncertainty in the marketplace where the current business risks are amplified, an integrated approach to risk management and resilience can support informed decision-making throughout the investment life cycle, including due diligence and strategic planning.

The evolving risk profile

Today’s private equity firms must be adept at addressing risks far beyond unpredictable business cycles and volatile markets. From geopolitical, regulatory and policy risks to disruptive technology, cyberattacks, fraud and workplace violence and lawsuits, firms must have embedded capabilities to address threats that vary in scope and severity, as well as velocity of impact. Highlighted below are examples of risks that are prevalent across multiple industries but are creating specific challenges for certain industry sectors.

  • Data breaches have risen sharply in the healthcare sector, which so far accounts for the most breaches in 2021. A significant number of these incidents emanate from third-party vendors that are increasingly the target of cyberattacks. Organizations that fail to properly vet third-party business associates face millions of dollars in response costs if a breach exposes private information.
  • In the technology sector, companies are under significant pressure to bolster their organizations’ compliance capabilities, as regulators and lawmakers intensify their crackdown on data privacy violations and anticompetitive behavior. Major fines, loss of customers, decline in market share, and damage to brand reputation are just a few of the consequences for unprepared companies.
  • In the manufacturing and consumer products space, businesses continue to struggle with global supply chain bottlenecks, forcing many to restructure their procurement operations. An urgent need exists for a due diligence tool that will enable quick identification and management of supply inefficiencies. The survival of many organizations in this space will depend on their ability to take a broad range of supply chain risk management actions, including strategic sourcing.

The case for an integrated portfolio governance model

Firms with diversified, multi-sector portfolios can no longer afford the siloed, fragmented risk management approach of the past. An integrated portfolio governance model increases board engagement and also provides investors with a deeper understanding of each portfolio company, as well as an overall view of the portfolio. This integrated model offers a common standard to assess threats and opportunities, including evaluating and anticipating future disruptive events.

The governance model can help private equity owners to:

  • Increase transparency – create openness around the performance of underlying assets by leveraging risk diagnostic tools and analytics.
  • Embed risk awareness – make risk awareness a core focus across all decision-making processes, including project risk, contract negotiation, pricing and sourcing.
  • Identify owners of risks – establish accountable ownership of risk review across the portfolio.
  • Determine risk capacity – allow organizations to set their level of tolerance or appetite for various risks.
  • Streamline evaluation and due diligence processes – evaluate inefficiencies and integrations using due diligence tools to prepare portfolio companies for a potential sale, acquisition or public offering.

Finally, for many firms, an environmental, social and governance (ESG) program, as well as operational resilience concepts and practices, are important parts of this integrated model.

Embedding ESG into the model

Driven by a confluence of factors, including strong institutional investor interest in sustainable investing, rising public consciousness fueled by the pandemic and social unrest, as well as various regulatory actions, ESG has become an accelerating imperative. By integrating ESG into the portfolio governance model, private equity owners can manage ESG risks and compliance requirements at the portfolio level while also strengthening their internal control environment.

This approach requires owners to stay abreast of cultural shifts so they can minimize reputational risk as public demand for corporate social and environmental responsibility grows. Many companies are developing ESG programs and reporting utilizing the Sustainability Accounting Standards Board (SASB) standards. As one major private equity owner explained recently, private equity firms have long focused on governance risks and the value in cutting costs through sustainability, however, increasingly, they recognize that environmental, social and governance issues are highly interrelated and that the biggest benefits over time accrue to companies that balance efforts among all three.

Things private equity firms should assess now

The programs and practices considered above can have considerable marketplace impacts if implemented thoughtfully, including investments in time and resources. Here are some questions that private equity firms and portfolio managers can ask to better understand their current ability to identify risks and act on opportunities.

  • Do current risk assessment/management activities assess from both the vertical and horizontal perspective?
  • Does the organization have appropriate processes and tools in place to assess risk at the firm-wide and portfolio company levels, beyond financial measures?
  • Have ESG objectives been developed and/or defined in line with SASB standards to kickstart the firm’s sustainability journey?
  • Is adequate time allocated on the board agenda to challenge the firm’s risk profile, and are portfolio company managers incorporating across the portfolio learnings from recent disruptions and emerging risks in various sectors?
  • Are risk management roles clearly defined at the firm and portfolio company levels?

For more information about Protiviti’s problem-solving capabilities and solutions for private equity, visit

Jason Easteadt, Associate Director with Protiviti’s Internal Audit and Financial Advisory practice, contributed to this content.

Add comment