10 Best Practices for Governance, Risk Management & Compliance

Indian economic progress has forever changed the role of risk functions within the organizations. The bespectacled serious-brow-furrowed auditor who goaded and badgered business teams was buried alive. The new-age risk manager took birth who handholds business teams.

The transformation has not been easy. Risk managers have more teeth now though they are still climbing the learning curve. While some have successfully changed the risk function within their organization, others are still struggling. The ten best practices mentioned below ensure risk managers win the race.

1.    Integrate Governance, Risk Management & Compliance (GRC) Departments

In the good old days, risk management entailed conducting financial and internal audits. In auditorville, cash, bank and journal vouching sufficed. With globalization, technology advancement and interdependent economies, the risk landscape has dramatically changed. Now risk managers address financial, strategic, operations, political, legal, reputation, continuity and emerging risks. It requires diverse domain knowledge to mitigate downside risks and leverage upside risks. Hence, breakdown the risk function silos and integrate them under one head.

2.    Appoint Executive Level Chief Risk Officer

The other aspect is that in the organization structure hierarchy, the risk management functional heads frequently have a skip level reporting to the CEO. As the risk function head is not a direct report of the CEO, the risk management issues do not come on the CEO radar. The problem magnifies where GRC department heads are reporting to different direct reports of the CEO. In such scenarios, the probability of risks remaining unaddressed is high as risk management function lacks authority. Thus, organizations benefit when an executive level Chief Risk Officer directly reports to the CEO.

3.    Empower Risk Oversight Committee

Presently, a few listed companies have formed risk oversight committees as only some have realized their importance. Risk oversight committees play a pivotal role in educating board members about risks and steering their thought process towards organizational risks. The committee members’ role is to discuss strategic risks, approve risk appetite, improve corporate governance etc.. The objective of a risk oversight committee is different from audit committee. Audit committees are a mandatory requirement for listed companies and are significantly focused on financial risks and irregularities. Risk oversight committee encompasses all organizational risks. Chief Risk Officers should request their boards to form risk oversight committees to get traction at senior level.

4.    Prepare a Risk Management Strategy

As Sun Tzu said – “Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat.” The problem is just around 50% of the organizations have a formal risk strategy. In quite a few cases, risk functions are conducting reviews, audits and analysis without a strategy. Risk managers navigate without a compass when they attempt to manage organization risks with just tactics

The senior management risk attitude falling in four categories– maximisers, conservators, pragmatists or managers – determines the risk strategy of the organization. Management may adopt a risk strategy of risk trading, loss controlling, diversification or risk steering depending on the risk attitude and economic environment. Therefore, develop a risk management strategy after understanding the management attitude and business strategy.

 5.    Focus on Strategic Risks

The strategic risk discipline is still developing as it gained focus in the last decade. Not surprisingly, in nearly half the organizations, risk managers are not involved in business strategy formulation stage. Hence, the strategic risks of the organization remain unaddressed in the initial stages.

Risk managers fail to understand the different perspectives of senior and middle managers. Middle managers focus on downside risks – on regulatory compliance, operating and tactical risks. Senior management is interested in exploiting upside risks to increase shareholder value – emerging market risks, financial market volatility and market demand. Therefore, risk managers need to assist senior management in addressing strategic risks.

6.    Build a Risk Culture

This is an often-ignored concept, though a risk culture can make or break an organization. Enron case showed that when organization culture is deviant or aggressive, there is significant impact on internal controls. Without a risk culture, risk assessments and audit reports are swept under the carpet.

A risk mindset is developed when each employee understands risks and thinks through them while taking daily business decisions. To make risk culture part of organization DNA, top management must walk the talk. In addition, to build a risk culture risk managers must continuously train, educate and communicate with employees.

7.    Measure Risk Appetite

Risk appetite, a relatively new concept, is defined as the quantity of risk the business owners are willing to take to get the desired rewards. Although it measures risk and reward, just a quarter of the organizations have properly calculated risk appetite.  The result is that sometimes excessive risks are taken while making business decisions, as there is no scale to measure against. On the other hand, sometimes organizations sit on a pile of cash and other assets and do not take the required level of risks for business growth. Secondly, sometimes organizations decide a ballpark figure of risk appetite by doing back of the envelope calculations. A better practice is to use models to calculate risk appetite and continuously monitor the same.

8.    Become a Business Partner

 Risk managers do not like to hear this, but let’s face the truth. The old auditor image is hard to shake off. Sometimes business teams think risk managers are nitpickers, watchdogs, critics etc.  Quite frequently business teams consider risk managers an obstacle to or irrelevant in achieving business goals. The reviews and reports set a negative tone and business teams become averse to risk managers instead of risk per se. Risk managers need to cut down the constant rhetoric and become business enablers. Rebrand risk management functions as transformation agents and business value contributors. Focus on providing competitive advantage to business.

9.    Improve Communication

In most organizations, risk reporting is a weak link. Although, engaging stakeholders is worth its weight in gold risk managers haven’t mastered the art. Senior management demands short and precise reports with material risks and concrete suggestions. Middle managers request risk observations alignment with business and a cost-benefit analysis for recommendations. However, board, senior and middle managers frequently complain that they do not receive sufficient risk information from risk managers.

Risk managers are unable to say it in one line -“The bottom line is…….or here is what is important”. Due to inadequate communication skills, risk managers are failing to demonstrate value. Hence, improve communication for enhancing internal selling.

10. Invest in Tools & Technology

 While technology adoption is high in business users, risk managers still are not leveraging it properly. Except for few who are early adopters of GRC software, most are still relying on excel worksheets for their work. The prevailing mindset is to put more boots on the ground to cover increased scope. Risk managers must invest in tools and technology to proactively and continuously manage risks. This not only improves resource utilization and allocation, it arms the organization to timely address uncertainties.

Use the following scorecard to evaluate your companies status in respect to best practices.

Best Practices Scorecard Sample

 Conclusion

In the present business world, a well-developed risk function gives competitive advantage to an organization. Besides improving compliance and governance, it contributes to profitability by enabling management to leverage upside risks. Hence, get the right people, tools and structure in place to develop the risk function. Then formulate a risk management strategy aligned to business strategy, derive risk appetite of the organization and inculcate a risk culture within the organization.  These steps will minimize losses and provide an opportunity for business growth. As risk managers, you will reach the goal post faster.

Business Enterprise Magazine is publishing this article in September 2011 issue.

Implement Anti-Bribery Policies to Stop Supply Side of Corruption

The human chain on Sarjapur-ORR junction

Fashionistas traded their mascaras for a layer of emissions from exhaust pipes. Employees replaced their jackets with white tees imprinted with “India Against Corruption” slogan. On 24 August 2011, Bangroleans formed a 17-kilometer human chain on outer ring road to protest against corruption. Finally, the middle class Indians have discarded their cloak of apathy. Passion, enthusiasm and commitment to change the system is replacing cynicism, skepticism and disillusionment.

Indian public supports Anna Hazare’s fight for a strong Lokpal Bill. The bill when implemented will hopefully reduce demand side of corruption. In the din, we are forgetting that demand and supply are two sides of the same coin in corruption. We need similar efforts to curb supply i.e. stop the bribe givers, specially the corporate world. If organizations are willing to give bribes, there will always be politicians who are willing to take bribes. Hence, we need an equal focus on supply side.

Business world’s greed to grow bigger is feeding the corrupt appetite of politicians and bureaucrats. Management and employees compromise business ethics to climb the ladder of success. Corporate world must remember that materialism is not equal to fame and success. The torch bearers in corporate world ardently support ethics.

This week two corporate icons resigned/retired and they became so without the desire to be the top of the charts of world rich person’s list. Steve Jobs retired as CEO of Apple and in 1993 he had said in an interview -  

“Being the richest man in the cemetery doesn’t matter to me … Going to bed at night saying we’ve done something wonderful… that’s what matters to me.”  

In India, Narayan Murthy retired as Infosys Chairman, a company he had created that became a leader in corporate governance. He showed the Indian middle class that one could be successful with ethics. His ideology on business ethics is beautifully articulated in the following lines –

“In the end it is always about ethics and all about personal values. That is why it is very important for every society to create checks and balances. That is why it is very important for every society not to create incentives for people to become greedier. That is why it is very important for all of us in the corporate world to create incentives for long-term performance rather than short-term performance. When you create systems that focus on short-term performance, when you create a system that reveres money rather than decency, honesty and respect, when you make it a fashion for youngsters to revel in the power of their wealth, it is inevitable.”

Escalating corruption is severely damaging India’s growth story. The Corruption Perceptions Index 2010 published by Transparency International rates India at 3.3 level at 87^th position from the 178 countries in the population. The financial loss due to corruption is huge. Financial Times reported last year that in 2010, the value of scams (2G Telecom, CWG, IPL, Adarsh etc.) could well be over Rs 200,000 crore (USD 43. 24 billion). As the investigation reports show the private sector was hand-in-glove with the politicians and bureaucrats. Hence, implementing anti-bribery policies is the need of the hour.

Concepts of Anti-bribery Policy

Some of the key concepts and aspects an anti-bribery policy must address are:

a) Competitors: How does the company compete in the market? Does the company give excess hospitality or kickbacks to obtain contracts? Does the organization loan out company assets to officials to get contracts?

b) Suppliers: How does company give contracts and make payments to suppliers?  Does management or employees receive excess hospitality or kickbacks to give contracts and payments to suppliers?

c) Employees:  Has the organization set limits for employees to receive/give gifts and entertainment from customers and suppliers? Are employees allowed to give commissions and discounts to relatives and friends purchasing organization products without disclosing?

d) Senior Management/ Board: Do senior managers and board members disclose conflict of interest when organization enters into contracts with related parties? Does the code of ethics apply to senior management and board members in law and spirit? Are there limits to senior managers’ personal expenses being borne by the organization? Are there checks in place to ensure senior managers expense accounts are within their entitlement levels?

e) Legal Compliance: How does the organization handle law enforcement agencies and regulators? Does it respects the law and follows the spirit of the law? Does the organization give excessive entertainment or facilitation and grease payments to authorities?

 f) Foreign Officials: How does the organization conduct business in other countries? Does it offer grease and facilitation payments to obtain licences, premises and approvals for setting up operations? Do the subsidiary companies follow a strict code of conduct on dealing with foreign officials?

 Implementation of Policies

 Covering the above-mentioned aspects, an organization should prepare an Anti-Bribery Policy. India presently has a Prevention of Corruption Act, which prohibits government officials from receiving bribes. US and UK have Foreign Corrupt Practices Acts (FCPA), which prohibit making payments to foreign officials to obtain business advantage. Hence, if the Indian organization is a subsidiary of a multinational, the policy should cover FCPA requirements.

 Secondly, the organization must implement the policy by establishing procedures, internal control checks and reporting mechanisms. Employee training must be done to educate them about policy and procedures for adherence and report questionable conduct of colleagues. Lastly, establish investigative procedures to investigate violations and take appropriate action.

 Closing thoughts

 In nutshell, address the supply and demand side of corruption to eradicate it from the roots. India’s longer growth and prosperity is dependent on it. Hence, we need commitment at all levels to root out this evil. While Lokpal bill provides a firm foundation for this effort, we need to build the whole structure to fight corruption. Indians have taken the first few steps by supporting Anna Hazare’s efforts to get a Lokpal Bill with teeth. The road ahead is long and tough. Let us join hands and give long-term commitment to this battle.

Last but not the least, congratulations to all Anna Hazare supporters for forcing the government to discuss Hazare’s version of Lokpal bill in the parliament. As Gandhi ji said – Be the change you wish to see in the world.

References:

1. Photograph : Courtesy Nandita Sharma
2. Bribery & Corruption Take Centre Stage: An Overview of Key Laws & Practical Steps to Manage Risk by ELT
3. Transparency International
4. 2010 scams: India takes Rs 2,00,000 cr hit

Risk Management Failures

What if I say – “Effective risk management doesn’t provide guarantee against failure”? Doesn’t it raise questions on the premise and use of risk management function? The question is from a research paper by Cornerstone Research titled “Risk Management Failures – What are they and when do they happen?”

The risk management premise is that it mitigates risks thereby reduces losses. Hence, the opinion is that good risk management will ensure success. The fallacy lies in this thinking itself.

For example, everyone questioned the risk management function of banks during the financial crises. The concerns were - Has risk management functions of the financial institutions failed? Is enterprise risk management a useful tool? To look from an Indian perspective, why are risk managers somewhat ineffective in influencing senior management? The questions are worth exploring and here are some insights on reasons of risk management failures.

1.    Impact of Risk Attitude on Risk Management

Risk attitude at the top management determines the success and failure of risk management. The paper – The Full Spectrum of Risk Attitude – By Alice Wonderwood and David Ingram -defines four risk attitudes – maximizer, conservator, pragmatist and manager. Briefly the people perspectives towards risks are:   

a)    Maximizers: They do not consider risk important and are willing to take large risks to increase profits.

b)   Conservators: They consider risks extremely important and focus on avoiding all risks. Profitability opportunities are sacrified if risks are high.

c)    Pragmatist: They do not think that future is predictable; hence assume that risks cannot be forecasted with accuracy. They prefer to keep options open and deal with risks as they occur.

d)   Managers: They balance risks and rewards. Respect expert advice on risk to maintain safety will exploiting upside risks to improve profitability.

The risk management strategy adopted by the four risk attitudes are – risk trading, loss controlling, diversification and risk steering respectively. Hence, in a way risk management will be effective when top management has “Managers” risk attitude.

Table from the paper - The Full Spectrum of Risk Attitude

For example, if economic environment is uncertain and the organization has maximizer attitude towards risks,  probability increases of incurring large losses. The risk management decision rests with top management. Senior management with high risk taking attitude is likely to ignore risk managers advise. Therefore, even the best risk management functions can fail if the right attitude doesn’t exist at senior level.

2.   Inaccurate Risk Assessment and Measurement

In normal course, qualitative risk assessments are assumed to suffice. For example, risk managers identify high risks by likelihood of occurrence and value of loss. They generally group loss under five categories –

• 0 – $10,000,
• $10,000- $50,000,
• $50,000-$100,000,
• $100000-$500,000  
• Greater than $500,000.

However, in such cases the selection of estimated loss is not based on either past data or any detailed statistical analysis. The risk assessor’s subjective judgment comes into play. This results in incorrect measurement of known risks.

The Cornerstone Research paper mentions an interesting viewpoint. Normally risk predictions are done at certain confidence level. For example, risk managers take 99%, 95% or 90% confidence level for estimating losses. The value at risk is determined based on confidence level. Thus, if value at risk exceeds the risk appetite of the organization by a small amount, it may not be significant. However, if it exceeds risk appetite by a large amount, then it may destabilize or endanger the organization.

The problem is magnified, as the impact of a risk occurring outside of the confidence level is not calculated. For example, if assessments were done at 95% confidence level, the loss amount for the balance 5% is not known or predicted.

Another often ignored aspect is correlation between risks and the impact of one if another occurs. For example, if a competitor files a patent case, it influences brand reputation. The impact may also be on sales. However, reputation, legal and operation risks are calculated independently, without analyzing their inter-relationships. This results in underestimation of risk loss. A combination of negative events occurring simultaneously may cause a larger loss, though the separate risk calculations indicate smaller losses.

Insufficient statistical analysis, unreliable past data and too much reliance on subjective information may result in inaccurate risk analysis. In such a situation, the risk attitude may be right, however risk management may not be.

3.   Lack of Risk Information and Knowledge

Risk assessments are done based on the knowledge of the assessor. Risk managers use historical precedents to guide them. The probability of a risk event occurring is decided based on past data.

In case of emerging and new risks, there is no information available. The lack of risk information may be due to the following reasons:

a)  Change in market conditions – For example, when internet became a business tool, no information was available on the risks. Most had not predicted the dotcom bubble burst.

b)   Doing business in emerging markets – One cannot predict emerging market countries risks with accuracy, though economists and sociologists attempt to draw a relative picture from experience in other countries. For example, India and China are both emerging markets, but political, social and market dynamics are unique. Future trends cannot be predicted with high confidence levels.

 c)   Internal silos and communication problems – Although it is assumed that with enterprise risk management systems all risks are captured, it is far from the truth. Department heads may not update risk registers properly. Secondly, even identified risks may not be communicated to senior management . In cases where the organization does not have a proper risk culture, failures can occur.

Collecting risk information and taking appropriate action is key to effectiveness in risk management. Without the supporting and governing structure, the best of the functions can fail.

Closing thoughts

Sometimes management has the mindset that setting up the risk management function sufficiently absolves them of responsibility. The thought process is all risks are taken care of and addressed. However, setting up the risk organization structure is the first step. To make it effective there are several other components that need to work together smoothly. A periodic review of the same is useful. The Chinese proverb succinctly portrays the state:

“To be uncertain is to be uncomfortable, but to be certain is to be ridiculous.”

References:

1. Risk Management Failures – What are they and when do they happen? By Cornerstone Research
2. The Full Spectrum of Risk Attitude – By Alice Wonderwood and David Ingram

Bangaloreans Against Corruption – Supporting Anna Hazare’s Fight for Lokpal Bill

The Gen X and Gen Y of Bangalore thought as cosseted and pampered employees are out on the streets protesting against corruption. A few days back if anyone would have asked  whether the Bangaloreans working in world’s largest organizations will leave their air-conditioned offices, laptops, ipads and blackberries to fight for corruption, the answer would have been no. The unimagined has occurred. One has to see it to  understand the magnitude. Employees working in multinationals are standing on the main roads with posters and pamphlets educating the public about Anna Hazare’s fight for Lokpal Bill.

 

Bangloreans Protesting on Outer Ring Road

 Normally, people who wouldn’t think of getting out of their air-conditioned cars in the Bangalore traffic , are braving the pollution and traffic to get their voices heard.  The tech savvy are using personal resources to build the momentum.  Local leaders have created groups and fan pages to build awareness, discuss issues and plan out events. The street protests have a huge turnout. The whole of last week, people started at around 9 a.m and continued late in the evening. I live near Outer Ring Road that has offices of Accenture, Intel, JP Morgan to name a few. Employees are coming out of their offices in lunch hour to support the initiative.. Here are some of my group members India Against Corruption – Bellandur (IAC- Bellandur yahoo group) protesting.

 

Employes Protesting Outside Offices

 Women are participating in huge numbers. The ever-protective Indian moms have forgotten their fears and the kids are taking part in the movement. Nobody wants to miss out on history being made. The fight against corruption started by Hazare has united India. For once class, creed, religion and caste are forgotten and everyone wants to do their bit.

 

Bangalore School Children Against Corruption

 

 Of course, not all are sold on the cause. The cynics are predicting that all will die down soon. The dissenters are saying there isn’t sufficient critical mass to bring about a change, public living in a democratic country shouldn’t protest like this and some more similar statements.  My view is every drop in the ocean counts. Even if 10% of Indian population participates, society can change.

The impact is significant. Delhi police reported a 35% drop in crime rate in last week with no murders. The city has around 6-7 murder reports on a daily basis, and in the last week there have been none. This is when Indian public is at its most vulnerable and are soft targets.  Though many may view the data skeptically, in my view there is hope. Indian youth turns to crime due to high level of poverty and corruption. When there is no ethical way to earn a living, they resort to crime. Maybe, just maybe, the hardcore criminals are also giving the Hazare movement support to succeed. Even their conscience says that it is the right fight. Everybody wants to lead a dignified life and here is a chance for humanity to succeed.

I know as an ethics and risk manager, in India fighting against corruption is a damn though fight. It is very rare that one can win a popularity contest. In most cases, even in organizations the ethics manager is a lone warrior. Frequently, the business executives consider ethics managers as idealistic impractical fools. Ethics managers simply become paper pushers and their viewpoints a few times in life are in majority of one. But maybe it all is changing. We can curb the demand and supply side of corruption. The ethics managers can don the caps of organization change agents and educate staff on anti-bribery policies and practices. This is the right time to build an ethical culture within the organization.

 For me, it is a time to start dreaming again. If a few weeks back someone would have asked me that – can corruption be eradicated from India? I would have responded –not in this lifetime. Now what I thought was a futile dream, may turn into reality.

 I invite you to join us on 24^th August 2011 at Outer Ring Road, Bellandur, Bangalore between 11 am to 2 pm to participate in the protest. Let’s make a difference while we have the opportunity.

DNA e-paper published this post under a different title“Tech Talk to Topi Talk” on 29 August 2011 on page 7.

Risk Managers Become Linchpins

Risk managers are under siege. They have to deal with various stakeholder expectations – regulators, investors, shareholders, board, CEO, CXOs and business teams. In most situations, they are outnumbered and overpowered. Most risk managers face some level of resistance. Some are mere cogs in the wheel to ensure organizational compliance to regulations. On the other hand, a few have mastered the art of becoming invaluable to the organization.  Accenture 2011 Global Risk Management Study segregates the best practices of “Risk Masters” from the general practitioners. The top 10% of the 400 respondents constitute risk masters group. The survey shows that the gap between the “best and the rest is increasing”. Check the graph below to understand the huge difference.

Accenture 2011 Global Risk Management Study

The interesting bit is that about 75% of the respondent organizations had revenues above USD 1 billion. That means the analysis of risk management functions is amongst the top performers of the industry. Hence, the question is – in the best of class organizations why there is a difference in focus and perception of risk management functions. What has made a few risk managers linchpins?

Seth Godin describes three categories of people in his book Linchpin – (1) Linchpins, (2) Supporters and (3) Leeches, devils advocates, pessimists and obstructionists. Don’t mind it, but frequently business executives think risk managers belong to the third category. They think risk managers as naysayers, problem creators, critics etc. The point to think is that at least 10% of the organizations consider risk managers as Linchpins. So what are these risk managers doing differently from the rest?

Accenture report highlights some of the best practices Risk Masters adopt.

1. Be a source of competitive advantage
2. Participate in key decision-making process and developing strategy
3. Use sophisticated analytic and modeling tools to predict risks.
4. Deliver business solution by going beyond compliance mindset
5. Integrate all GRC functions
6.  Appoint Chief Risk Officer reporting to CEO
7. Build risk culture within the organization
8. Invest in tools, technology and other risk resources.

 Now the above key points are not new to us. The difference is that some risk managers successfully implemented them, and others are still struggling. We can safely assume that most risk managers working in organization with over USD 1 billion turnover have the required domain knowledge and qualifications. If we do not take the victim mentality of blaming senior management and organization culture for lack of support to risk management functions, then we have to acknowledge that some soft aspects are at play.  Question is –what are these soft aspects which make them Linchpins?

According to Seth Godin – “Linchpins are the people who make a difference, the ones that ship, the rare ones that truly have an impact. This group of people, in that moment of time, change everything.” Linchpins are valuable as they are irreplaceable and indispensable. The Linchpin’s attributes are:

 1.    Provide a unique interface between members of the organization

 Seth Godin – Linchpins help lead and connect to people with finesse.

 Risk managers frequently are unable to connect to business executives’ mission, vision and plans. Although they are in a position to provide a unique interface, they compartmentalize the business problems according to business departments or risk departments. Hence, the business executives become resistant to suggestions of risk managers as they don’t give business solutions.

 2.    Deliver unique creativity

 Seth Godin – Unique creativity requires domain knowledge, a position of trust and the generosity to actually contribute.

 Most risk managers have the domain knowledge, however may lack the other two aspects for unique creativity. Gaining trust of business executives is difficult especially if risk managers are not handholding them through tricky business situations. Secondly, risk managers focus on going by the rulebook, audit programs and manuals. They may hardly indulge in creative thinking to provide competitive advantage.

3.   Manage a situation or organization of great complexity

 Seth Godin – Linchpins make their own maps and thus allow the organization to navigate more quickly.

 With globalization and technological advancement, organization complexity has increased. Risk managers need to address – financial, operational, legal, reputation, political, business, strategic, market, credit, liquidity and emerging risks. Since risks are inter-connected, working in silos results in unaddressed risks. Old approaches are redundant and new maps are needed to address risks in a more holistic, integrated and strategic manner. GRC functions need to be integrated under a Chief Risk Officer.

  4.    Lead customers

 Seth Godin- As markets fragment and audiences spread, consumers are seeking connection more than ever.

 Risk managers stakeholder demands are increasing and they are facing challenges due to lack of internal selling capability. The compliance mindset with tick in the box mentality is restricting them from providing strategic guidance to Board/ CEO/ CXOs. They are waiting to take orders from senior management instead of influencing them by presenting good business cases. Hence, risk managers are failing to connect with senior management.

 5.    Inspire staff

 Seth Godin – Understanding that your job is to make something happen changes what you do all day. If you can cajole, not force, if you can lead, not push, then you make different choices.

 Risk managers are relying on bureaucracy to get their job done. With the old mindset of an auditor, they wish business executives to comply. They don’t realize that business executives cannot comply when they don’t know what to do next. With new products, markets and technology, risks are forever changing and new ones appearing. Risk management is no longer a cut and dried checklist driven task. Hence, risk managers fail to build a risk culture within the organization.  

 6.    Provide deep domain knowledge

 Seth Godin – Mapmakers often have the confidence to draw maps because they understand their subject so deeply.

 The complex economic environment requires a deeper understanding of systemic and emerging risks. The financial crisis has shown that financial institutions failed as they launched products with inadequate understanding of risk components. Domain knowledge coupled with strategic direction gives business team great advantage. The superficial regulatory compliance adds limited business value.   

 7.    Possess unique talent.

 Seth Godin – When you meet someone, you need a superpower. The ‘super” part and ‘power” parts come not from something you’re born with but something you choose to do and, more important, from something you choose to give.

Risk management is a fast changing discipline. Twenty, ten and fiver year old qualifications, procedures and knowledge are passé. Those relying on excel worksheets and out-dated software will fail. It is a world of analytics, data mining, risk business intelligence reporting, software solutions etc. Upgrading skills and domain knowledge is a necessity to address current day risks. Without the talent, knowledge and insight, there are no takers for risk manager’s advice.

Conclusion

 In nutshell, while the best practices for risk management functions are known, quite a few risk managers are failing to meet the required performance level. Hence, take a deeper look to assess the reasons for failure and decide whether different soft strategic approaches will benefit the organization more.

So, can you become a Linchpin risk manager? Up to you.

References:

• Accenture 2011 Global Risk Management Study
• Seth Godin’s book Linchpins

Reducing Recruitment Costs

I checked out Seth’s Blog global Alexa traffic analysis and it states – “Visitors to the site spend approximately two minutes per visit to the site and 84 seconds per page view.” I checked out my blog’s analysis and it states- “Visitors to the site spend roughly two minutes per visit to the site and two minutes per page view.” My readers spend more time per site visit (2 minutes) than Seth Godin’s (84 seconds) do. Yippee!Obviously I am ignoring the traffic ranking, as there is a few hundred thousand difference.  Now you must be wondering how this data relates to reducing recruitment costs. Read on.

I further analyzed the ranking of Tata Consultancy Services, Infosys and Wipro Technologies; the three technology and business process outsourcing  giants of India. Now look at the table below:

Company Website	Global Rank	Audience Age	Total time on site	Time per page view
Tcs.com	12,405	Mostly under 25	6 minutes	44 seconds
Infosys.com	17,672	Mostly under 25	5 minutes	41 seconds
Wipro.com	12,706	Mostly under 25	6 minutes	46 seconds

What am I getting at? Most of the site visitors are young males looking for a job. Each site has a career section that allows candidates to register and submit their resume. Look at the table from a recruitment cost lens. If the organization focuses on career webpage, it can reduce recruitment costs.

The Business Case

Overall, recruitment costs include job advertising costs, recruitment company fees, employee referral, interview travel expenses, relocation expenses and human resource recruitment department operating costs.

Let me take the example of IT and BPO sector recruitment costs. According to the NASSCOM Strategic Review 20011 report, the IT and BPO sector will employ 2.5 million employees in 2011. In comparison to 2010, the total employee strength will increase by 240,000 employees. Secondly, the attrition rate is ranging from 20-40% in the sector. This means that approximately one-third of the employees will change jobs. Back of the envelope calculations show that BPO and IT sector organizations will hire roughly one million employees in 2011.

Most of the demand is for employees with 1-3 years of experience. Their monthly salary ranges between Rs. 20,000 – Rs. 50,000 and the recruitment companies’ fees range between 1-2 months of employee monthly salary costs.

Hence, if I take 10% of annual salary cost to company as recruitment fee and Rs 300,000 as annual salary, nearly Rs. 30 billion will be spent on recruitment fee alone by the sector. Definitely, a line item worth looking at for reducing organization recruitment costs. Especially in case of BPO and IT sector as the profit margins are decreasing with the recession in US and Europe economy.

The Solution

Simply put the organizations need to drive traffic to their websites to ensure prospective candidates submit their resumes on the website. Any percentage increase of hire through website will decrease agency recruitment fee costs.

As in the case of BPO and IT sector the audience age is less than 25. The Gen Y is technologically savvy and looks for the same in websites. Hence, some of things that organizations can look into are:

> Post a video message from CEO or other CXOs explaining the vision and mission of the organization.  Gen Y prefers flat structures, access to senior management and enjoys watching videos. This will increase their enthusiasm to submit their resumes.

> Aptitude tests – IT and BPO sector generally request recruitment agencies to do preliminary screening by giving candidates written aptitude tests. The tests can be web-enabled on the career page to enable candidates to complete it while submitting their resumes.

> Voice and language tests – BPO sector in call center business conducts voice and language tests. The organizations can provide a facility for prospective candidates to upload audio and video recordings for voice tests. Secondly, administer written language tests through web.

> Pre-employment background verification – Provide a facility to candidates for uploading relevant certificates required for background screening. In India, roughly 25% of the resumes are fake or inaccurate. The background screening costs are high if done after appointment. Hence, organizations can conduct a preliminary verification before interview by reviewing the scanned certificates.

> Application processing system – Organizations can provide an application  tracking mechanism to the candidates, either to update them through automated emails or showing the application status on the website.

I was amazed that technologically advanced companies that provide technology and business consulting services have not focused aggressively on developing the career page and attracting candidates through them. Maybe the technology costs are higher, though to me it does not seem so. Maybe the thinking is that putting boots on the ground will reduce the recruitment pressure on the human resource teams. In my opinion, since in BPO and IT sector the recruitment numbers and costs are high, the human resource teams should have all technological advantages to do their jobs better. What is your opinion?

References:

NASSCOM: The IT+ BPO Sector in India – A Strategic Review 2011

Political Minefield Created By Karnataka Lokayukta Report On Illegal Mining

Last week the release of Karnataka Lokayukta Report on Illegal Mining by Justice Hedge’s team caused a political leadership crises in Karnataka government. The BJP national party leaders forced Chief Minister B.S. Yeddyurappa to resign. The quick exit of Chief Minister to save further embarrassment to BJP strengthens the credibility of the report.

I admire Justice Santosh Hedge and his team – Mr. K.R. Chamayya, Dr. U.V. Singh, Mr. Bishwajit Mishra, Mr. Vipin Singh and Mr. K. Uday Kumar – for conducting such an extensive investigation and courageously reporting the same. I read the report and here are some mind-blowing extracts.

The Background

In March 2003, the Karnataka government de-reserved 11,620 square kilometer land for private mining that was before marked for state mining/ exploitation. The beneficiaries of this order were a few politically connected private companies. In the last 3-4 years iron ore mining turned profitable as the cost of mining is around Rs. 150 per ton and the royalty paid to government is Rs 16.25 per ton.  

Quantum of Illicit Mining

According to the investigation findings 2,986,0647 Metric Tons of illicit iron ore was exported during the period 2006-07 to 2010. The export value as mentioned in the table below is Rs 1,22,28,14,22,854/- ( Rs 12,228 crores approximates to USD 2.52 billion at current rates).

The total iron ore exported from Karnataka  state during the said period was 125,792,238 Metric Tons. This indicates that nearly 23% of the iron ore was exported illicitly.

 Hence, the question comes up as to how it was done and who were involved?  I am giving below some awesome facts that will shock a hardened cynic too.

 Bribes, Corruption & Collusion

Reading the report the question that comes to mind is- are government officials aware of Prevention of Corruption Act existence? Over the span of five years each department and every level of officer received bribes and turned a blind eye to illegal transport of iron ore. Below is an extract from Chapter 2- Export of Illicit Iron Ore from Belekeri Port (page 51):

“15) In regard to Port Department, it is stated that the payments were made on Ship-wise basis and different rates were fixed for different level of officer…. Further, the general mode of payment were, PD – Port Director, 50,000/- per ship sailed; PO-Port Officer, 25,000/- per ship sailed; DPC-Deputy Port Conservator, 5,000/- per shipment and Port staff 5,500/- per ship sailed.

 In regard to Customs Department, it is stated that the payments to Custom officials was done on the basis of number of shipments, as well as, quantity exported. The general mode of payment to Customs Department was, before 26/5/2006, 12,000/- per ship; between 26/5/2006 and 11/1/2008, 6,000/- per ship plus 0.50 per MT; and from 11/1/2008 and onwards, 0.50 per MT plus 1,00,000/- quarterly to AC-Custom.

 16) In regard to Police, it is very interesting to note that Superintendent of Police receives 1,00,000/- bi-monthly; Addl. Superintendent of Police, receives 25,000/- monthly; Deputy Superintendent of Police receives 10,000/- monthly; Circle Inspector of Police receives 14,000/- monthly and Outpost receives 2,000/- monthly.”

 With port authorities, customs officers and police department colluding, is it a surprise that noone raised an  alarm for such a long period?

Transporters’ Involvement

In transporters and private companies were well aware of the scam and breached road transport rules for financial benefit. While the common tactic used was overloading trucks, a huge amount of illicit iron ore was transported without permits or forged permits. An extract below from the section 3 – Analysis of Transport of Illicit Iron Ore for Export of chapter -2  , depicts the situation.

 “17) As per the data seized from computers of M/s Adani Enterprises Ltd and M/s Shree Mallikarjun Shipping Pvt Ltd, the average per truckload quantity received in Adani plots and Shree Mallikarjun plots in Belekeri port was 20.26 MT as against permitted load of 16 MT. The data pertains to 2,99,255 trips to Belekeri port between the period October 2009 to May 2010. The team has assessed that the total 2.986 Crores of MT of illicit iron ore that was transported to ports in excess of permitted quantity, significant quantity of illicit ore might have been transported through vehicles overloading. It is pertinent to note that the computed figures point towards large scale transport without any permit or with forged permit in the two years of 2009 and 2010.”

 In chapter 7- Associated Mining Company – A pool of Illegalities another event indicates the blatant methods used to contravene law:

 “6)  After perusing stock verification certificates given by Engineers of Dy. Director of Mines, Hospet office, Dr. Singh has noted that total quantity of 6,28,032 MT have been dispatched from the mining head from 21/1/2010 to 23/3/2010. Taking 16 MT as the load of a single rear axel recovery vehicle, Dr. Singh concludes that about 39,252 trucks would have to be used to transport the iron ore from mine head to various destinations to lift the said quantity.

 7) It is further stated here that the quantity of 3,20,000 MT permits have been issued from 18/03/2010 to 22/03/2010 by the Deputy Conservator of Forests, Bellary, which is humanly not possible to dispatch such a large quantity in such a short period.”

 To cover up previous illegal transport, private companies obtained new permits to equate total transport figures to permits issued. On the face of it, they wished to show that all transport was with permits.

Exporters’ Role

The exporters of iron ore blatantly contravened government orders issued on 28/7/2010. On page 23 in chapter 1 a table is given mentioning the names of exporters who have disregarded government orders. To name a few – Dream Logistics, Sesa Goa, ILC, Bharat Mines & Minerals, PEC etc. Here is an extract of the report:  

 “19) According to the investigating team, there were 83 exports of iron ore after the ban on issue of permits for destinations for exports. It is pertinent to note here that due to large scale of exports of illicit iron ore the State Government took a decision

on 28/07/2010 to ban issue of permits to destinations for exports. In that context, exports after this date have been obtained from all the ports and it is found that there were 83 exports with a total quantity of 17,58,336 MT of iron ore.”

 The confidence in business ethics of the exporters is further deteriorated by the cases of under invoicing of iron ore export sales mentioned in Chapter 4 of the report.

 “(2) The enquiry has revealed that some exporters exported iron ore at sale rates (US $/MT) that were considerably lower than the prevailing international rates or comparative rates at which other exporters were exporting iron ore during the period. It is also found that these under-invoicing have been made by some selected companies/firms and it is also found that some of the preferred overseas buyers are suspected to be “front companies”. The transactions of the exporters with these “front companies” are convoluted transactions devised for the purpose of evading paying taxes, duties etc. in India. These under invoices are being done largely on the basis of sham/make believe agreements with the “front companies” in order to camouflage their act of suppression of their real income.

(4) There are 478 suspected cases of under-invoiced exports during the period 2006-2010. The total under-invoiced portion of sales in US $ is computed to be US $ 55,55,65,234. In rupee, this amount comes Rs. 2222,26,09,375/- @ Rs 40 per US $. Further it is found that in many cases exporters had a preferred consignee for under invoiced exports.”

 Considering the above-mentioned information, it appears that exporters are evading taxes and may also be participating in money laundering.

 Banks’ Negligence

 On reading all the above facts, you may conclude that all the money transactions were done in cash. This is not so, the money was transferred through bank accounts in well-reputed banks. In Chapter 6- Benami Accounts of Sri Bhaktha Markandeshwara Minerals Hospet, the banking operations are mentioned. It is hard to believe that with the value of transactions in these bank accounts that bank managers and staff were unaware of the issues. The extracts below are eye-opening:

 “(1) The bank accounts namely, (i) A/c No.0298358000000XXX of Lakshmivilas Bank,Hospet, (ii) A/c No. 618010200006XXX of Axis Bank, Hospet and (iii) A/c No. 909020039582XXX of Axis Bank, Bellary, pertaining to M/s Sri Bhaktha Markandeshwara Minerals (M/s SBMM) and A/c No. 298358000000XXX of Lakshmivilas Bank, Hospet pertaining to Sri Jambunatheshwara Minerals, Hospet are the benami accounts operated on proxy.

 (2)The money from the above said accounts proceeds to “G.J. Reddy Sir” (Bellary Risk Amount and others as per the electronic data record of IT department) and also to Associated Mining Company (as per bank accounts details) should be forfeited to State Government with other legal actions.”

 The value of transactions is mind-boggling and it is against Reserve Bank of India (RBI) rules to accept large cash transactions without reporting the same. Hence, it is hard to fathom how these were conducted and reported to RBI.

“While examining the Account No. 0298358000000XXX of Lakshmivilas Bank, Hospet of M/s SBMM, an amount of Rs.11,19,29,656/- have been credited in cash and the same is proceed to debit in the account of M/s Jambunatheshwara Minerals on 5/6/2010”

The lack of reporting to RBI and governance by RBI is still being investigated. In my view, the banks need to take a hard look whether the business is worth it and their liability for the same. The senior management at banks need to ensure better controls and supervision of branch operations.

 Political Nexus

 Last but not the least, the report has caused a political upheaval by implicating ministers and their relatives. The role of Reddy brothers mentioned in chapter 7- “Associated Mining Company – A Pool of Illegalities” shows abuse of political power for personal benefits.

 Associated Mining Company seems to have operated without mining lease permits between 1994 and 2000. In 1994 it asked for renewal of permits which was granted in 2003. The investigator’s contention is as the permits had lapsed, it cannot be considered renewal. The report states that “the then Hon’ble Minister of Mines Sri. V. Muniyappa had overruled the noting and approved for 10 years corresponding to the approval given under the FCA 1980.”  Some interesting extracts show the ownership of ministers in the companies.   

 “(6) The new management has taken over mining lease since 01-08-2010 (Smt G. Lakshmi Aruna and Sri G. Janardhan Reddy). The new managing partners have opened a new account no. 31000313003 in SBI, Bellary. This account number has not been informed to Commercial Taxes Department for collection of VAT purpose. Instead the old account no. 1425201000179 of Canara Bank, Bellary has been reported to the Department while having new registration for VAT. Action should be taken against the new managing partners.”

 (8) The then Director, Mines Sri M.E. Shivalinga Murthy has approved the issuance of MDP without taking approval of Central Government for transfer of rights or interest to new managing partners. He is not a Competent Authority to do so. It is in violation of Rule 46(2) and 37 of MCR 1960. Action should be initiated against him as per law.

 (9) In the new account of AMC in SBI Bellay a/c no. 31000313003, there is a debit Rs 269,15,73,602.00 and credit of Rs. 270,60,93,762.00 after 01-08-2009 to 08-02-2011. There are many huge transactions in the said account. The transaction gives the linkages between the Associated Mining Company and other companies/firms/individuals.”

 This is definitely damaging information and in my view if the allegations hold in court, the politicians are in for a rough ride.

Conclusion

The report is simply incredible and a must read for all risk managers. The report mentions nearly every nature of fraud and adds to the knowledge of fraud investigators. Of course, the government and courts need to take action and I will follow this case closely. It might be a game changer if courts take strict action against over 700 names mentioned in the report. It may seriously curtail the nefarious activities of politicians, bureaucrats and entrepreneurs.

References:

Karnataka Lokayukta Report On Illegal Mining ( If the link doesn’t work, please post a comment to email you the report)