Derailment of Leaders- Profiling Steve Jobs

The corporate world citizens operate on two myths – “We all are great leaders” and “We all have bad bosses”. We cling to these two fallacies with our dear life, most probably because if we let it go, corporate life may become unbearable. These two paradoxical statements make us feel better about ourselves as the delusional views cushion us from harsh realities.

The problem arises due to corporate world’s obsession with leadership. Interviewers question a 21-year-old fresher in the first interview about his/her leadership skills. After six months, s/he will give an opinion how the CEO doesn’t have adequate leadership skills. An employee will risk his/her career if s/he admits that they are good managers and do not have adequate leadership skills. This is despite the fact that most leadership surveys show that 50% of the managers are ineffective leaders.

On the humorous side it reminds me of Scott Adams definition of leadership – “Leadership is an intangible quality with no clear definition. That’s probably a good thing, because if people being led knew the definition, they would hunt down their leaders and kill them.”

On a serious note, I couldn’t help contemplating about Steve Jobs, considered the most successful CEO in our times. He is one of the few CEOs who was thrown out of the company he formed and came back to succeed beyond anyone’s expectations. On the positive side, people viewed him as a visionary, innovator and a driving force. Moreover, his negative traits were equally prominent. His teams said he suffered from “distorted reality”, bullied them no end and was extremely insulting. His professional career shows that in some ways he was an insufferable bad boss and an incredibly good leader. The complexities of his character make an interesting case study to assess leadership derailment.

I read his biography by Walter Isaacson and mapped his leadership skills to the traits mentioned in Michael James Benson’s research paper titled “A Walk on the Dark Side of Personality & Implications for Leadership (In)Effectiveness.” Briefly, it states that derailed leaders have same traits as successful leaders. However, they have additional traits and personality flaws that cause derailment. In Isaacson’s book, initially Jobs showed most of the traits that result in leadership derailment. In his second coming at Apple, he showed more maturity and balanced it out. A mellow version of his intense personality made him more successful.

It is important for risk managers to understand the derailment traits for leadership. Enron, WorldCom, Satyam are prime examples of leadership gone wrong. Prevalence of derailment traits and major personality flaws cause leaders to take unnecessary business risks, create dysfunctional work cultures and have low focus on corporate governance. As top management drives the risk culture in an organization, it is worthwhile for risk managers to assess their derailment characteristics.

In the following paragraphs, I am discussing five derailment traits and am exemplifying it with Steve Jobs life. Before you start reading it, remember all leaders have these traits. Leaders possessing these traits in low to moderate qualities continue to be successful. However, excessiveness of these traits causes derailment.

1.       Ego-centered

People close to Steve Jobs thought that he felt a strong sense of abandonment due to his adoption. This propelled him to consider himself special,  i.e. not required to follow norms of regular people. His ex-girlfriend Redse even thought that he had narcissistic personality disorder.

An amusing story about his employee badge showed his false sense of entitlement. On Apple’s formation, Scott assigned employee badge number #1 to Woznaik and #2 to Jobs. Steve demanded badge #1 and when he didn’t get it, he asked for  badge #0. He kept the badge, though Bank of America still processed his salary as employee number #2.

 His personality flaws showed in other small things. For example, he didn’t want a “reserved for CEO” parking slot, however parked his car in slots reserved for handicapped people.

 His ego-centrism drove Apple in murky waters. He wished to project the image that he didn’t work for money and took a salary of $1 per year as CEO. In 2000 when the board offered him $14 million stock options, he refused and asked for a plane. Subsequently, he demanded $20 million stock options. He received backdated stock options and although he didn’t make any monetary gains from it, Apple got some negative publicity as SEC investigated the case. Walter commented that – “On compensation issues in particular, the difficulty of defying his whims drove some good people to make some bad mistakes.”

 2.    Manipulation

 Everyone thought Steve Jobs was a master manipulator.  Sometimes, for him there was no difference between truth and lies. Bud Tribble one of his teammates said Steve doesn’t accept facts, which do not fit, into his picture. He said, “Steve has a reality distortion field. In his presence, reality is malleable.”  

 Another colleague Andy Hertzfeld said that even if one knew that Steve was manipulating, a person still was influenced. He stated- “The reality distortion field was a confounding mélange of a charismatic rhetorical style, indomitable will, and eagerness to bend any fact to fit the purpose at hand.”  

 Adding to the trouble, his teams complained that if their idea were a good one – “he would soon be telling people about it as though it was his own.”

 Apple employees though knew they had a difficult boss, still considered themselves lucky to be working for him. He inspired people to do what they thought was unachievable. Most probably because manipulators are great at cajoling, persuading and flattering people into complying with their wishes.

However, this did create a dysfunctional culture in Apple. Due to his oscillating behavior, his staff handled him like fragile glass. Most probably, Apple lost quite a few top performers because of this treatment given to them.

He definitely lost his job as a CEO because his manipulations caused turmoil in Apple in 1985. Apple board ousted him out and Sculley remained.

3.    Micromanaging

In some ways, Jobs can be categorized as a control freak. He chose to integrate hardware and software of his products to control customer experience. At one point of time, he banned download of applications to iPad and iPhone that defame people, were politically explosive or pornographic. He morally policed his customers.  According to him, he was providing his customers – “Freedom from programs that steal your private data. Freedom from programs that trash your battery. Freedom from porn.”

Throughout his career, he was at war with Bill Gates on open versus closed platforms. Gates promoted open systems while Jobs ardently opposed it. Though he professed to belong to hacker counterculture, he didn’t want people to be able to use Apple’s platforms without permission.

Even in designing and developing products, Jobs controlled every aspect of the decision-making. His teams while appreciating his capacity to go into the details, did resent lack of authority to some extent. He had the final say even on the look of the cord and sockets of the products. He ran the organization at 10,000 feet and zero feet.

The awesome bit is that with his ideas and approach he managed to change six industries and developed path-breaking products. In this, his customers were not complaining, his competitors were. His control philosophy made the technological world sit up and take notice. One has to marvel at it, and contemplate whether micro managing has benefits in some situations.

4.     Intimidating

Steve Jobs learnt his most effective intimidation trick from Robert Friedland in college. He unblinkingly stared intensely at others and them kept silent for a long time to unnerve opponents.

Moreover, if some project or product didn’t meet his “insanely great” standard, the product was shit and the guy was a bozo. His colleagues referred it to as “hero/shithead dichotomy”. He voiced his unedited opinions without the normal social graces that caused many of his teammates to breakdown emotionally. . His frequent unfiltered scathing comments were hurtful and created a fear factor. Although, known to be emotionally intelligent, he was unrepentant of mistreating others.

Though his behavior looked like my way of highway, he succeeded as he appreciated the people who confronted him. His teams could push back and if Steve found the person capable, he would respect the person. His Mac team gave an annual award to the employee who did the best job of standing up to him. “Jobs knew about it and liked it.”

However, in the second stint as CEO, his intimidating nature negatively affected independence of the board. For instance, he invited former SEC chairperson Arthur Levitt to join the board. But, when he read Levitt’s speech on independence of board, he withdrew the invitation on phone.

5.    Passive Aggressive

 Jobs was blatantly aggressive; hence, this trait didn’t fit his personality. However, his partner Steve Woznaik did show this trait to an excessive level. For instance, Woznaik was hesitant of participating in Apple in a leadership position. He said he was happy that – “I could stay at the bottom of the organization chart as an engineer.” He never attempted to be a manager or leader. He played the good guy image to the hilt. While he appeared satisfied for Jobs to take up the mantle of bad guy and fight the corporate battles.

Woznaik claimed in his biography that he did a job for Atari to remove chips and Steve cheated him of the bonus. He claimed  - “Ethics always mattered to me, and I still don’t understand why he would’ve gotten paid one thing and told me he’d gotten paid another. But, you know, people are different.” He further added – “I would rather let it pass. It’s not something I want to judge Steve by.”

 Steve Jobs on the other hand denied the allegation and said that he has always been fair to Woz. He said in his defense – “In mean, Woz stopped working in 1978. He never did an ounce of work after 1978. And yet he got exactly the same shares of Apple stock that I did.” It showed Woz avoided confronting Steve though didn’t mind maligning his reputation. Woz projected an image of childlike innocence. I suspect, without Steve Jobs driving force and personality Apple would have collapsed if Woz had become the torch-bearer.

Closing thoughts

Leadership is a complex phenomenon and the more I read about it, the more I think Scott Adams definition is accurate. There is a lot of truth in it. However, as risk managers we cannot take leadership derailment traits lightly. Excessive derailment traits create a dysfunctional organization culture. They are a harbinger of unprecedented risk taking activities. Uncontrolled behavior can put organizations in peril. Hence, risk managers need to devise ways to monitor it. They must ensure proper checks are incorporated in succession planning for early detection of derailment traits.

“One more thing”, what do you think it takes to become a Steve Jobs of risk management?

References:

1. New Explorations in the Field of Leadership Research: A Walk on the Dark Side of Personality & Implications for Leadership (In)Effectiveness - By Michael James Benson

2. Steve Jobs – Biography by Walter Isaacson

Risk Management Induction Training to Business Teams

I had joined a new company and was taking the induction training. I thought it would be a good idea to get fellow participants perspective.So I asked a young employee – “How did you find the risk management induction training?” He responded – “Was that training? It sounded more like a rulebook of corporate prison.” The training had bored me to death and I shared his opinion. I wondered whether risk management team took feedback seriously or were purposely designing trainings to turn off new employees.

Normally in India, a trainer reads out from the presentation the various dos and don’ts of the organization’s code of conduct, regulations impacting the organization and technicalities of business ethics. To enhance interest further some provide detailed information of GRC organization chart. The training comes to a dramatic end when in the last few slides, the trainer delivers the key message to the participants – We will fire you if you do not follow all this.

The newcomers already have butterflies in their stomachs. To add to their woes, we present a dry subject in a dull and boring manner. Then we expect them to imbibe the messages in their daily working life. Let’s face it, we are facing competition from Lady Gaga.  Gen Y is more likely to remember the lyrics of her song, than risk management training. To get their attention we need to reframe risk management training. There is no rulebook that says trainings must be without any rammatazz and unimaginative to the core.

Yeah, that's a HR Management book

I contacted Peter Cook, an unconventional and creative business author, speaker and consultant, to get his views. He is reinventing the art of human resource management. His recent book “Punk Rock People Management” is a winner. He innovatively connects human resource fundamentals with music. Unbelievable but true, you have to read one of his books to find out how he does it. His perceptive views on induction enormously impressed me. Here is my favorite paragraph from the book:

“Post-punk princesses Madonna and Lady Gaga unwittingly stumbled upon the problem of induction with their songs ‘Like a Virgin’ and ‘Bad Romance’ as did punk group The Boys with their minor hit ‘It’s my first time’. However good your hiring of people is,  failing to induct people properly can cost you in thelong run. Classical HR induction sessions emphasize all the statutory stuff, such as health and safety and getting your corporate identity badge (whilst losing your identity). But they generally fail to establish what is called a ‘psychological contract’ between the new recruit and the company, which leads to long-term performance and commitment. The costs of NOT doing this include rapid turnover, poor performance, corporate sabotage and mental sabbaticals (the lights are on but no-one’s at home) etc.”

Peter makes an excellent point about psychological connection. Risk management trainings fail to positively influence the participants. The lines below highlight the ridiculousness of expecting participants to be gung ho about the training.

“Imagine what would happen if this approach were adopted when you fell in love. You would have a ARRSE (Adviser – Romance Risk Strategy Executive) come along to show you some PowerPoint slides on the risks of falling in love,issuing you with badges to say you are officially in love, and so on. So, why does common sense go out the window when we enter the crazy world of work?”

 This prompted me to pick up three most applicable points for risk management induction training from Peter’s book and I requested him to share his views on the same.

1.    Understand the audience

The one-size fits all doesn’t work for risk management training. For instance, in Indian ITES sector, new employees join right after school. To them, terms like audit, fraud, ethics are practically incomprehensible. Their head will spin if we give them a download on various laws and regulations in the first training session.

The same applies in other industries also.The choice is ours – to be either amused or appalled at their naiveté.  The story below depicts the level of understanding of a fresh recruit.

An experienced purchase manager working in food and beverages industry was offended with a new junior. The junior had accepted a gift from a supplier in their first meeting. The purchase manager called the junior to his room and asked in Hindi –“Do you understand ‘AAchar’ (ethics)?“ The junior replied in English– “Of course sir, it means pickles (Achar).”

This is the risk managers’ starting point for training. Therefore, prepare a training calendar with various sessions over 6 months to bring them up to speed. Peter mentioned that there are 57 ways to train besides classroom training – workshops, e-learning, mentoring, storytelling,  etc. Identify the staff learning styles and develop the training accordingly.

2.    Make training fun

I know it is tempting to give a few thousand pages to read to the participants. That is what we, as risk managers had to do. But remember the training participants haven’t signed in for a risk management professional course. Don’t give them manuals in the name of e-learning. That’s only going to make them panic. Make it simple and fun. Peter succinctly put this point across in his book. He says create an environment where people are naturally engaged. For example, he wrote:

Pubs do NOT have mission statements that say:

 “We aim to encourage sociosexual networking and leverage mission critical knowledge, skills and wisdom through the use of addictive depressant substances in a relaxing lifestyle environment that encourages the suppression of societal norms of decency and so on”

If you read this statement while entering a pub, will you immediately fall in love with the pub or hesitate to enter? Same rule applies to induction training. Why not explain the statutory stuff without using the corporate and risk management jargon?

3.    Help participants succeed

The biggest obstacle in the successful implementation of risk management training, is the attitude of the risk managers. The managers sometimes focus more on the numbers covered so that they can tick off from their to-do list and report to compliance that training was conducted. The trainers are not accountable to make the business teams effectively manage risks.

Sometimes, when the classroom training is over the participants do not know whom to connect with if they have questions when they start working. In some e-learning courses the same problem is exists.

Peter gives some good advice here. He says - “Make sure that new people understand on the first day exactly what they can do to succeed. Connect the new members with the people who can help them do their best”

Closing thoughts

Use induction training as a starting point to develop risk awareness and culture within the participants. Don’t make it a big ruse to cover numbers. If the training is good, the new employees will become unofficial ambassadors of risk management. By creating the right chemistry, risk managers will have long term allies in business teams. Make the start a memorable and happy one for the new employees, and they will keep coming back for more.

Musings on Mahabharata in Business Context

“Not means but the determination of mind needs to be firm.’’ – Krishna in Geeta

The battle of Kurukshetr, as depicted in Mahabharata was fought between cousins Kauravs and Pandavs to restore the honor of Princess Dhraupadi, wife of Pandavs. Prince Duryodhan the eldest Kaurav, first son of King Dhitrashtra wanted to ascend the throne that rightfully belonged to Prince Yudhistra, the eldest Pandav. On the face of it, the war revolves around a woman, Dhraupadi. Viewing it from political perspective, it is a battle of power between two princes. From a spiritual standpoint, as Dhraupadi symbolizes desire, the battle is between godly and ungodly desires, the divine and devilish.

Again, in Ramayana, King Raavan kidnaps Prince Ram’s wife Princess Sita, for avenging the dishonor of his sister by Prince Ram’s brother. Overall, the story is the same, a battle between good and evil, with victory of good. Both stories depict the duality in human nature. Prince Yudhistra and Prince Ram, the heroes are portrayed as honorable men with high repute. Their momentary lapse of judgment causes crises in the life of their loved ones and their kingdom. They face adversity squarely in the eye and emerge victorious. History repeats the same story as human nature remained same throughout centuries.

The battle of ethics is fought in the mind. A roar of a lion can silence the jungle, but nothing stills the mind except self. In business, we face the same ethical dilemmas. Though, we attempt to separate spirituality from business, the two are inseparable as mind and soul cannot be delinked.

The Hindu holy book Geeta influences me, which is a subset of Mahabharata. In this book, Lord Krishna talks to Pandav Prince Arjun, to fight for goodness. The conversation is relevant in present day context and numerous business lessons can be learnt from them. I am presenting you some of my thoughts on it.

(I am not a Hindu; my musings are from spiritual and philosophical stance and not from a religious viewpoint. If I have unintentionally hurt sentiments of any of my readers, please forgive me.)

1.    The Power of Delusion

In Mahabharata, Bheeshm is the grandsire of Kauravs and Pandavs. In physical context, he has watched all the events unfolding leading to the war between cousins. He vowed to his father to protect the throne and is blessed with death on wish. In the philosophical context, Bheeshm is equated to delusion.

Prince Duryodhan commands his army chiefs before start of the war – “So, while keeping to your respective stations in the several divisions, all of you should doubtlessly protect Bheeshm alone on all sides.” He further says that his army invincible in every respect as long as Bheeshm lives. Bheeshm near the end of war lay on a bed of arrows and continued to live. The interpretation is that as long as delusion persists, ignorance cannot die, hence negative desires continue. With death of delusion, morality conquers.

In the business ethics context, this is an intriguing point. Delusion leads to negative behavior, compromise of ethics and white-collar crime. To illustrate – the difference between a fraud investigator and fraudster is not of technical knowledge, both are equally well versed on modus operandi of frauds. The ethics of fraud investigators ensures that they resist the temptation of material gain, whereas the fraudsters rationalize that making a quick buck by wrong means is worth it. The fraud triangle consists of opportunity, reward and rationalization. Deluded thinking enables rationalization of crime.

The power of delusion is such, that organizations are destroyed when it seeps into group psyche. Enron case exemplifies it. Most senior and middle managers were aware of the situation, however no one did anything to stop it and change tracks. An ethical employee even when led astray on realization will revert his/her course. Their self-control and self-awareness propels them to take the right decisions. However, a deviant employee will continue the behavior indulging his/ her narcissistic desires. Hence, “Delusion is the fountainhead of deviation from the ideal state.”

2.    The Conflicting Mind

On the battlefield of Kurukshetr, Pandav Prince Arjun is filled with despair when he sees that to win the battle he has to fight his teachers, mentors, relatives and friends. He narrates his dilemma to Lord Krishna thus- “Even to live in this world as a mendicant begging for alms is better than killing teachers, for if l kill them all my joys and riches and desires in this world will be drenched in (their) blood.” The battle raging in his heart is of familial love and attachment.

Arjun further questions what he will achieve by winning this war. He wonders whether it is better to lay down the arms and not fight at all. He says – “I hardly know which is better, their (the Kaurav’s) conquering us or our conquering them – even Dhritrashtr’s sons (Kauravs) – who are our enemies, and yet after killing whom we may not wish to live.”

 Business executives face these dilemmas daily while making decisions. The higher the level of the executive, more complex is the choice. The first questions which come up are – Is this really my fight? Should I be taking a stance on it?

Next, executives have personal equations, relationships and friendships within the organization. Therefore, should they report unethical behavior of their colleagues and friends?  Why should they destroy their relationships for organizational good?

Last but not the least, the most important question which comes up – Should I be risking my career on this? The senior executives have more at risk. Though it appears they have the authority to take the right action, but there is a lot at stake. The political aspects may affect their seniority, earnings, personal equations and reputation. Bigger the problem and longer it is brewing, the more is at risk.

Besides the political power, to take ethical decisions executives need to be mentally geared for a tough road ahead. There are no quick fixes to systemic risks and ethical issues. Depending the nature of the problem, implementing solutions can take six months to a year. Building an ethical culture requires dedicated commitment from senior management with a willingness to walk the talk. The decision-making becomes easier when viewed by removing our own identity from the corporate chessboard. When we see it dispassionately, our innermost conscience tells us the right answer. It takes courage to follow through.

3.    The Route to Victory

We all want to be victorious; however, in my view the term “victory” is an ambiguous word. Each person’s meaning of victory defers according to his/her ambitions. A sage wishes to conquer all worldly desires. A fraudster wishes to deceive the world to get material gains. A king wishes to rule the kingdom. A governor wishes to ensure prosperity and happiness of his people. The conflict continues at each level and decision in our life.

I personally get a straightforward answer when I answer one question – What is the legacy I want to leave behind? What do I want people to remember me for?

In the words of Krishna in Geeta – “Whereas the triple returns-good, bad, and mixed-of covetous people’s actions, issue forth even after death, the actions of people who have renounced all, do not ever bear any fruits.’’ According to Hindu philosophy, we get fruits of our deeds and actions, good and bad in the next life. Hence, our karmic cycle continues. Kings and sages deal with the same paradox of life if not spiritually awakened. The past doesn’t disappear, even if we wish so. We have to deal with it, and then only we can unify our mind, soul and heart. Else, the three remain in conflict and peace is elusive.

 Further, Krishna defines a person spiritually victorious when “Gifted with flawless moral excellence and freedom from doubt, one who neither abhors deeds that are unpropitious nor is enamored of those that are propitious is wise and self-denying”.

 In business context, it defines the attributes of a level 5 leader. S/he is a leader with strategic insight, mission and vision for the organization. The leader is able to get people committed for the cause, implement plans, execute flawlessly, drive results and make a lasting difference in the business world.  A level 5 leader leaves a good legacy for the organization.

Closing Thoughts

The journey from Kurukshetr (Land of Conflict) to Dharmkshetr (Land of Duty) is difficult. The stripping of layers of our worldly masks causes intense pain. We all wear masks. When the love of our life rejects us, we wear a mask of indifference. When we compromise our personal values to keep our jobs, we wear a mask of pragmatism. Our soul gets buried under the various masks we wear to survive the world

Disconnect between our mind, heart and soul leaves us unsatisfied, craving for something more. As we attempt to connect to our soul, the various demons inside us whom we have fed until now make a mockery of our resolutions. Trading the admiration of winning battles in the external world with the despair of fighting a spiritual battle doesn’t look like a wise decision.

But do we have a choice of not fighting this battle? How else do we achieve internal peace? Isn’t this the purpose we took birth?

Lastly, business is part of our life. So are these questions relevant for business decisions?

References: 

1. Geeta

Risk Managers Become Linchpins

Risk managers are under siege. They have to deal with various stakeholder expectations – regulators, investors, shareholders, board, CEO, CXOs and business teams. In most situations, they are outnumbered and overpowered. Most risk managers face some level of resistance. Some are mere cogs in the wheel to ensure organizational compliance to regulations. On the other hand, a few have mastered the art of becoming invaluable to the organization.  Accenture 2011 Global Risk Management Study segregates the best practices of “Risk Masters” from the general practitioners. The top 10% of the 400 respondents constitute risk masters group. The survey shows that the gap between the “best and the rest is increasing”. Check the graph below to understand the huge difference.

Accenture 2011 Global Risk Management Study

The interesting bit is that about 75% of the respondent organizations had revenues above USD 1 billion. That means the analysis of risk management functions is amongst the top performers of the industry. Hence, the question is – in the best of class organizations why there is a difference in focus and perception of risk management functions. What has made a few risk managers linchpins?

Seth Godin describes three categories of people in his book Linchpin – (1) Linchpins, (2) Supporters and (3) Leeches, devils advocates, pessimists and obstructionists. Don’t mind it, but frequently business executives think risk managers belong to the third category. They think risk managers as naysayers, problem creators, critics etc. The point to think is that at least 10% of the organizations consider risk managers as Linchpins. So what are these risk managers doing differently from the rest?

Accenture report highlights some of the best practices Risk Masters adopt.

1. Be a source of competitive advantage
2. Participate in key decision-making process and developing strategy
3. Use sophisticated analytic and modeling tools to predict risks.
4. Deliver business solution by going beyond compliance mindset
5. Integrate all GRC functions
6.  Appoint Chief Risk Officer reporting to CEO
7. Build risk culture within the organization
8. Invest in tools, technology and other risk resources.

 Now the above key points are not new to us. The difference is that some risk managers successfully implemented them, and others are still struggling. We can safely assume that most risk managers working in organization with over USD 1 billion turnover have the required domain knowledge and qualifications. If we do not take the victim mentality of blaming senior management and organization culture for lack of support to risk management functions, then we have to acknowledge that some soft aspects are at play.  Question is –what are these soft aspects which make them Linchpins?

According to Seth Godin – “Linchpins are the people who make a difference, the ones that ship, the rare ones that truly have an impact. This group of people, in that moment of time, change everything.” Linchpins are valuable as they are irreplaceable and indispensable. The Linchpin’s attributes are:

 1.    Provide a unique interface between members of the organization

 Seth Godin – Linchpins help lead and connect to people with finesse.

 Risk managers frequently are unable to connect to business executives’ mission, vision and plans. Although they are in a position to provide a unique interface, they compartmentalize the business problems according to business departments or risk departments. Hence, the business executives become resistant to suggestions of risk managers as they don’t give business solutions.

 2.    Deliver unique creativity

 Seth Godin – Unique creativity requires domain knowledge, a position of trust and the generosity to actually contribute.

 Most risk managers have the domain knowledge, however may lack the other two aspects for unique creativity. Gaining trust of business executives is difficult especially if risk managers are not handholding them through tricky business situations. Secondly, risk managers focus on going by the rulebook, audit programs and manuals. They may hardly indulge in creative thinking to provide competitive advantage.

3.   Manage a situation or organization of great complexity

 Seth Godin – Linchpins make their own maps and thus allow the organization to navigate more quickly.

 With globalization and technological advancement, organization complexity has increased. Risk managers need to address – financial, operational, legal, reputation, political, business, strategic, market, credit, liquidity and emerging risks. Since risks are inter-connected, working in silos results in unaddressed risks. Old approaches are redundant and new maps are needed to address risks in a more holistic, integrated and strategic manner. GRC functions need to be integrated under a Chief Risk Officer.

  4.    Lead customers

 Seth Godin- As markets fragment and audiences spread, consumers are seeking connection more than ever.

 Risk managers stakeholder demands are increasing and they are facing challenges due to lack of internal selling capability. The compliance mindset with tick in the box mentality is restricting them from providing strategic guidance to Board/ CEO/ CXOs. They are waiting to take orders from senior management instead of influencing them by presenting good business cases. Hence, risk managers are failing to connect with senior management.

 5.    Inspire staff

 Seth Godin – Understanding that your job is to make something happen changes what you do all day. If you can cajole, not force, if you can lead, not push, then you make different choices.

 Risk managers are relying on bureaucracy to get their job done. With the old mindset of an auditor, they wish business executives to comply. They don’t realize that business executives cannot comply when they don’t know what to do next. With new products, markets and technology, risks are forever changing and new ones appearing. Risk management is no longer a cut and dried checklist driven task. Hence, risk managers fail to build a risk culture within the organization.  

 6.    Provide deep domain knowledge

 Seth Godin – Mapmakers often have the confidence to draw maps because they understand their subject so deeply.

 The complex economic environment requires a deeper understanding of systemic and emerging risks. The financial crisis has shown that financial institutions failed as they launched products with inadequate understanding of risk components. Domain knowledge coupled with strategic direction gives business team great advantage. The superficial regulatory compliance adds limited business value.   

 7.    Possess unique talent.

 Seth Godin – When you meet someone, you need a superpower. The ‘super” part and ‘power” parts come not from something you’re born with but something you choose to do and, more important, from something you choose to give.

Risk management is a fast changing discipline. Twenty, ten and fiver year old qualifications, procedures and knowledge are passé. Those relying on excel worksheets and out-dated software will fail. It is a world of analytics, data mining, risk business intelligence reporting, software solutions etc. Upgrading skills and domain knowledge is a necessity to address current day risks. Without the talent, knowledge and insight, there are no takers for risk manager’s advice.

Conclusion

 In nutshell, while the best practices for risk management functions are known, quite a few risk managers are failing to meet the required performance level. Hence, take a deeper look to assess the reasons for failure and decide whether different soft strategic approaches will benefit the organization more.

So, can you become a Linchpin risk manager? Up to you.

References:

• Accenture 2011 Global Risk Management Study
• Seth Godin’s book Linchpins

Leading Risk Management Function with Emotional Intelligence

Have you ever felt as a risk manager that business teams don’t want you around them? Behind your back business teams in three words describe you as “critical slimy burger”, in two words “painful preacher” and in one word “#@$&^@#$”. Your ideas and opinions are strongly opposed and good ones too sink due to death-by-association syndrome.

Sometimes, from top to bottom levels of the organization business executives stonewall risk managers’ efforts and the risk management team faces this antagonistic attitude.

Ascending the Maturity Curve - Economist Intelligence Unit

Even the Chief Risk Officer (CRO) and other risk managers fail to cut ice with senior management. A recent report “Ascending the Maturity Curve” published by Economist Intelligence Unit shows that just 28% of business executives consider CRO and other risk oversight members as usually helpful in achieving business objectives. The adjoining graph reflects that thought process of business executives about risk managers.

In light of this, it is clear that risk managers face a challenging and conflicting relationship with business executives. These issues make risk managers’ jobs notoriously frustrating and thankless. Hence, risk managers need a solution to be effective.

 I thought it might be a good idea to study why business teams react negatively and how to make then think positively about risk managers. I read Daniel Goleman’s book – The New Leaders, which covers ways to use emotional intelligence in leadership. It sheds light on disastrous leadership outcomes when leaders deal with teams without sufficient emotional intelligence. There are a number of lessons for risk managers to learn from the book and here are some of them.

Briefly, Goleman has described resonant and dissonant leadership styles. Resonant leaders attune to other people’s feelings and communicate emphatically to move their feelings in a positive direction. While dissonant leaders fail to recognize feelings of the people they are dealing with and create negative emotions – anger, frustration, fear – in them. He has defined six leadership styles, four are resonant and two are dissonant. In my view, risk managers reflect these leadership styles and a better understanding of it will help them in building relationships with business executives and within the team.

1.   Visionary style

According to Goleman, visionary leaders articulate the purpose that rings true for themselves, and attune to the values shared by the people they lead. This also initiates transparency by removing barriers and smokescreens within the organization. However, the downside is that visionary leaders sometimes sound pompous and overbearing.

In my view, when CROs and other risk management seniors adopt visionary leadership they facilitate business teams in seeing the bigger picture. The risk management functions are perceived negatively as they adopt a check box mentality and highlight small regulatory issues as major problems. They sometimes do not spend adequate time with business teams articulating how risk management will benefit them in achieving business objectives. Hence, business executives are resistant to suggestions, as they have limited idea on how their risk management ties up to the overall corporate mission, vision and strategy.

Here, the takeaway is that risk managers need to sell the bigger picture of risk management functions and trust the business teams to identify and mitigate risks. Understand the need of business teams to feel important that their work matters.

2.   Coaching style

Goleman states coaching style builds rapports and deep emotional relationships; however, most leaders tend to ignore it. It is a resonant style if done properly. When executed poorly coaching looks like micromanaging or excessively controlling. He further adds managers are inept at giving performance feedback that builds motivation and not fear and apathy. Hence, give coaching that makes the employee feel that it is in their best interest rather than feel manipulated and attacked.

According to me, this is the crux of the problem. Risk manager’s role – especially the compliance and governance – demands identifying weaknesses in business operations. Frequently, risk managers issue draft and final reports to senior management without really explaining the details to the middle and junior level executives. This causes anxiety and fear in business teams. 

Psychologically, mild anxiety results in attention and energy to the job, prolonged distress hampers work performance.  Secondly, chronic anger, anxiety and sense of futility cause emotional hijacking.  Considering this aspect, it isn’t surprising that in long-term audit or investigation assignments, the business teams are distressed. If risk managers do not provide periodic updates on their observations, the continuous anxiety results in negative reactions. Here regular coaching becomes essential.

Therefore, risk managers must attune themselves to the emotions created by their work and communications in the business teams.  Give feedback in a way that doesn’t diminish the value of work being done by the business team.  Not in a manner where the person feels that, s/he is the problem.

3.   Affiliative  style

In Goleman’s view, affiliative style represents collaborative competence in action. This style is good for relationship building as it promotes harmony and friendly interactions. It allows a person to be kind along with being candid. However, the negatives of this style are that it can drive down performance if constructive feedback is not given or if used in a disaster scenario, the person may appear clueless.    

 In my opinion, risk managers can use this style to build relationships with CEO, CXOs and Board. The risk managers are not getting a seat at the board level or do not have sufficient visibility with the CEO. Hence, a few organizations have a slip-shod approach to risk management.

The messages given by senior management on risk management build the risk culture within the organization. According to Goleman’s study – “Roughly 50% to 70% of how employees perceive their organization’s climate can be traced to the actions of one person: the leader”. Hence, CEO’s actions and sentiments towards risk management get reflected throughout the organization. Therefore, relationship building is critical at this level for risk managers. Become a friend of the CXOs.

4.    Democratic style

Daniel Goleman says that democratic style is generally the most successful resonant leadership style. Leaders discuss issues, listen to others, take feedback and then make a collective decision. The advantage is that there is limited backlash for harsh decisions as it builds trust, respect and commitment. The disadvantage is that over-reliance on this approach results in endless meetings without firm direction.

My outlook is that auditors and compliance officials cannot adopt a democratic style for conducting an assignment, as it will hamper independence.

Nonetheless, democratic style should be adopted for recommendations and improvements in business. For example, if process re-engineering or additional controls are being suggested, it is useful to listen to business teams and discuss the solutions to them. The business teams are closest to the problems. Hence, the style benefits when risk managers perform advisory or consulting assignments. It is also a useful tool to understand the business executives concerns and anxiety points. Let the business teams take decisions about risk management and ownership for the same.

5.   Pace-setting style

Goleman says that in modern times pacesetters are thought of as good leaders since the leadership style adds to the bottom-line in short-run. Pacesetters focus on performance and excellence. However, if the leader drives employees too hard the morale plummets. Pace setting only works when employees are self-motivated, highly competent and need little direction. Meeting high standards of excellence has a cost, as it is task focused and not people focused approach.

There are two key insights to be gathered from Goleman’s analysis. The first one is that if CEO and board are driven by quarterly results and showing good performance, in the long run the organization is likely to pay a huge price. Hence, CROs need to monitor this form of leadership and culture, and guide the senior management.

The second aspect is the CROs and other risk managers need to ensure that they themselves do not become aggressive pacesetters in their functions. Sometimes the targets on number of reports, project timings, and quality of work become so critical that CROs ignore other aspects. In these situations, the star techie gets promoted who may not have adequate leadership and people management skills. Hence, there is burnout in the risk management team and conflicts with business teams. This is a dissonant style of leadership hence use it with care.

6.    Command style

The command style though frequently used is the most dissonant style as per Goleman. It is a coercive style – do it because I say so – being the message that makes employees feel threatened and intimidated. It is least effective as an intimidating cold leader contaminates everyone’s mood and the quality of overall climate spirals down. Employees think of it as a reign of terror so stop bringing bad news as the bearer is killed. The upside is that in crisis this style is effective.

A risk manager may claim that their role is recommendatory in nature and they do not have line authority over business teams. Hence, this kind of situation would not result from their actions.

On the contrary, if risk managers start playing political games and use their negative findings to downgrade a business executive’s career, the same results will ensue. Hence, they definitely have responsibility to ensure that their actions do not intimidate business teams or make them feel threatened.

However, if they are doing a million dollar fraud investigation or detecting a data theft situation, this style will work. It will reduce panic in the business teams since someone is in command and is showing direction.

Closing thoughts

As I read the book, one message was clear – risk managers need a range of leadership styles to be effective.  Risk managers emotional intelligence determines their success and failure in building relationships with business executives.  In Goleman’s words –

“The triad of self-awareness, self-management and empathy all come together in the final emotional intelligence ability: relationship management. Managing relationships skillfully boils down to handling other people’s emotions.”

Here is a clue. Psychologically laughter is the easiest way to create positive emotions. So risk managers leave your serious-brow furrowed look and smile.

References

Book: The New Leaders – Transforming the art of leadership into a science of results – Author Daniel Goleman

Report: Ascending the maturity curve -Effective management of enterprise risk and compliance – A report from the Economist Intelligence Unit Sponsored by SAP

Good to Great Risk Management

In the aftermath of the financial crises, it would seem fair to presume that risk management functions now have higher visibility, authority and influence. However, a recent report “Too good to fail” issued by Economist Intelligence Unit covering financial institutions and insurance companies shows contrary results. The report indicates that only one-half of the respondents say that risk management function has gained authority. The other half state it has remained the same or declined. Nearly 35% state poor communication between departments as one of the key barriers to risk management. Lastly, progress on revamping and strengthening risk management departments has slowed down. The graph below points out the problem areas:

Too Big To Fail - A report by Economist Intelligence Unit

This graph to me shows that risk managers didn’t properly leverage the lessons learnt from the economic crises and have failed to make a long-term improvement. Risk managers in financial institutions are the best of the breed and still failed to cut ice with business teams. While CFOs have entrenched themselves in the boardrooms, CROs still face a daunting road ahead. Hence, the most difficult question that most risk managers face today is – how to build a risk management function valued by board and business teams.

I was reading Jim Collins book “Good to Great” in which he has developed a framework for transforming good to great companies. I contemplated on ways to apply the framework to risk management function. It was worthwhile exploring the idea and here are some of my thoughts on it. Hope you find them useful.

1.    Level 5 Leadership

The book mentions that at the time of transition of a company from good to great category, the CEO was a level 5 leader. Two main traits – personal humility plus professional will – identify a level 5 leader. The level 5 leader puts organization goals before personal agendas. In contrast the level 4 leader shows the big dog syndrome; an egocentric drive for personal greatness with the organization becoming a monument to their ego.

In my view, in most organizations risk management function is in a transition stage. It needs to make that big leap to become a primary business partner. To do so, CROs and other heads of risk management department need to become Level 5 leaders. Secondly, to be successful they need to have their second-in-commands and/or successors also to have level 5 leadership skills. In short, replace the “I” with “We” to collaborate with business teams.

2.    First Who, Then What

Jim Collins has aptly summarized the importance of right people – “If we get right people on the bus, the right people on the right seats and the wrong people off the bus, then we will figure out how to make it someplace great”.

I think most of the risk management functions suffer because of lack of appropriately skilled resources. For example, in India risk managers are technically good however lack communication skills. In the EIU report, Neil Owen regional director at Robert Half Financial Services Group, a recruitment consultancy, hit the nail on the head by saying – “A high-performing risk team will be made up of individuals with different strengths—both commercial and technical”

 The message is clear, get the right skill set mix in the team and structure the department appropriately. Break the silos between different risk management functions to give accurate, timely and summarized information to business teams.

3.    Confront the Brutal Facts

Risk managers crib list is quite long. It goes – CEO doesn’t give us time, board ignores us, business teams don’t listen to us and on and on. The gist of it is risk managers are blaming everybody else and are not looking in the mirror for their own shortcomings. The irony is that while risk managers find shortcomings and problems in business, they are unable to see their own reality. The graph below depicts the barriers to risk management.

A graph from Too Good to Fail - A report by Economist Intelligence Unit

Risk managers must initiate dialogue and debates to identify brutal facts without playing a blame game. As mentioned in the book, adopt “The Stockdale Paradox – Retain faith that you will prevail in the end, regardless of difficulties and at the same time confront the most brutal facts of your reality, whatever they might me.”

4.  Hedgehog Concept

 In the next step Collins wrote -“The fox knows many things, but the hedgehog knows one big thing.” According to him, people with hedgehog traits “simplify a complex world into a single organizing idea, a basic principle or concept that unifies and guides everything” He has further defined the hedgehog strategy as intersection of three circles –“ what are you deeply passionate about, what drives your economic engine and what can you be the best in the world at.”

 In my view, this is the crucial bit where risk managers are missing the point. As the EIU report states, just 60% of the respondents have a clearly defined risk management strategy. Now these may or may not be addressing the strategic risks of the organization.

 Hence, risk management functions need to develop a hedgehog strategy with everything else falling in place around one simple idea. To give a clue, they are passionate about risk management, need to align the strategy to economic drivers of the business and identify the risks to ensure that the organization is best in the world in its area.

 5.    Culture of Discipline

Collins explained the culture of discipline using the analogy of an airline pilot. A pilot has freedom and responsibility within a framework of highly developed system. Regardless of the information and guidance from ground control room, the pilot has the ultimate responsibility for the safety of the passengers.

 Developing a risk culture within the organization is similar. As Professor Board of Henley Business School stated in the EIU report – “The business should be in a position where it’s not taking gratuitous risks and doesn’t want to do so. Ideally, there should be an autonomous, risk-aware culture in the business that requires only limited intervention from the risk function.”

 I have said before and am repeating it again, building a risk aware culture within the organization is of paramount importance. Risk managers need to train business teams to have the discipline to formally identify risks for each decision and mitigate the same. If it is outside business teams experience or bandwidth, the risk managers must hand hold the teams.

 6.    Technology Accelerators

I really appreciate Collins insight on use of technology in organizations. He summarized it as follows – “How a company reacts to technological change is a good indicator of its inner drive for greatness versus mediocrity. Great companies respond with thoughtfulness and creativity, driven by a compulsion to turn unrealized potential into results, mediocre companies react and lurch about, motivated by fear of being left behind.”

 On the other hand, the EIU report states the following – “Despite this continuing investment in data and IT, the problems are far from being addressed. Most institutions have a patchwork of systems, often as a legacy of mergers and acquisitions, which are incompatible with each other.”

The CROs problem is clearly identified – with multiple platforms and systems it is hard to get accurate data to identify risks in a timely manner. The alternative is that CROs invest in risk management software and systems that facilitate in identifying and managing risks. Some CROs are still slow in investing in technology and this mindset needs to be changed.

 Closing thoughts

Collins captured the transformation of good to great companies in the following words –

“No matter how dramatic the end result, the good-to-great transformations never happened in one fell swoop. There was no single defining action, no grand program, no one killer innovation, no solitary lucky break, no wrenching revolution. Good to great comes about by cumulative process- step by step, action by action, decision by decision, turn by turn of the flywheel – that adds up to a sustained and spectacular results.”

In one line, risk managers need to adopt this motto to transform risk management function from good to great.

References:

1. Report – Too good to fail? - New challenges for risk management in financial services A report from the Economist Intelligence Unit
2. Book: Good to Great – Author Jim Collins

Interview of Charles Lundelius, Author of Financial Reporting Fraud

Read the interview of Charles Lundelious, author of the book – Financial Reporting Fraud: A Practical Guide to Detection and Internal Control conducted by Nadine Sebai, blogging at Sleight of Hand. Mr.Lundelious book provides a detailed analysis of the role of senior management and the CPA in preventing financial reporting fraud. The interview below is re-blogged from Sleight of Hand. The interview provides excellent insight to financial fraud, and the challenges and limitations for detecting the same. A must read for those passionate about financial frauds and risk management.

Charles Lundelius

Mr. Lundelius is the author of the book, Financial Reporting Fraud: A Practical Guide to Detection and Internal Control, published by the American Institute of Certified Public Accountants. He has also published articles on accounting, valuation, insurance and corporate governance. Charles Lundelius is a senior managing director in the FTI Forensic and Litigation Consulting practice and is based in Washington, D.C. Mr. Lundelius specializes in financial institutions consulting, with expertise in International Financial Reporting Standards (IFRS), US Generally Accepted Accounting Standards (US GAAP) and insurance statutory accounting practices (SAP). With 20 years of experience in the securities, investment banking and insurance industries, Mr. Lundelius provides expert testimony and advice on securities valuation, investment management and insurance matters, having testified in over 30 matters. To read his full profile click here.

Nadine Sebai

Ms Sebai is the author of the blog Sleight of Hand.  Her blog provides insightful information on white-collar crime, corporate governance, business ethics, and legal psychology.  She is an accountant aspiring to help protect the investment community from white-collar criminals. She has completed her Bachelors of Business Administration in Accounting from the University of Miami. She is working on obtaining her CPA and CFE licenses. Click here to visit her blog.

Interview of Charles Lundelius conducted by Nadine Sebai

In Chapter 1, you present the legal and regulatory standards that were put in place to prevent fraud such as the FCPA Act of 1997, the Federal Sentencing Guidelines Manual, SAS No. 53, 82, and 99, and Sarbanes Oxley Act of 2002. Do you think these regulations are effectively deterring fraud considering it hasn’t been successful in the past two years?

Well I think they are a good start. It always comes down to enforcement and actual applications. You may have seen that I was involved in helping the SEC’s Inspector General in trying to find out why they failed to catch Madoff and that is a vivid illustration of what happens when enforcement fails to do its job. It was very clear that there were lots of warning signs to the SEC that there was a problem here. The various groups within the SEC failed to act and to put proper measures to rein this operation in and they could have done so well before it fell apart. I think that the SASs and the laws that you mentioned were all good steps. In terms of the SASs, they give guidance to auditors. Sarbanes Oxley and other laws helped institute within companies various mechanisms by which they can monitor activities and transactions in much greater deal and I think that is a very positive step. It comes down to the companies and the auditors to implement them. I think we’ve made some progress there.

The new COSO studies (they come out with a big research report every ten years) shows that the magnitude of fraud is increasing. Since the previous COSO study done 10 years ago, the magnitude of fraud has increased about 4 to 6 times. CFOs and CEOs are still heavily involved in those frauds. Around 89% of frauds involved a CEO, a CFO or both. So it certainly is just as serious as it’s been in the past, but this last study period really just picked up the first few years of implementation of Sarbanes Oxley so we really haven’t seen a full blown comprehensive study of its effect or its impact. I think we’ll just have to wait for the next COSO study.

You mentioned that the issues presented in the 1987 Treadway Report are still prevalent in the most recent reports, like Sarbanes Oxley. Why do you think that is?

I wish I could. My best educated guess is that until you get to Sarbanes Oxley, you don’t have any motivator that gets companies to take and implement all the fine concepts and to take preventive measures needed as identified in the Treadway Report. You’ve got a long period of time where fraud was identified. I gave you the statistic for the number of CEOs and CFOs involved in fraud. The original Treadway Report stated that 69% of frauds involved a CEO or CFO, and that number now is close to 89%. So the problem only got worse really during this time period. However, auditors were starting to move in the right direction. An auditor can only catch so much. It really takes people at the company and the tone set by those at the top to really make a change. And it’s only after you see the full-board implementation of Sarbanes Oxley, do you really get a framework that is setup that is designed to try to catch these issues at an early stage. It still doesn’t succeed all the time. I’ve seen from some of the public information that’s available and some of the work I’ve done over the last few years with some of the mortgage companies that went belly-up.  They have fine internal control structures. Obviously, they weren’t able to catch all of the issues. I don’t necessarily think fraud brought them down, it was risk. You have a number of companies that have implemented much more robust internal control systems that hopefully will start to turn some of these trends downward and we’ll see some improvement.

In regards to switching to IFRS, do you think it may lead to more fraud?

Well, I don’t think that a switch to IFRS necessarily means more fraud. It depends on how it’s done. If regulators took a fairly hands off approach and said, ‘Oh, well here we have a set of standards that allows for more judgment and interpretation on the part of a SEC registrant. We’ll let them go and do whatever they want to do.’ I think that would be problematic. I don’t think that’ll be the case though. The SEC came out with kind of a work plan (that’s the best way to describe it) in late October. They’ve got a number of milestones and requirements in there before they actually start to accept the broader implementation of IFRS. For a broader implementation of IFRS, the SEC will require considerably more.

What I am pushing in the book, on that chapter that deals with IFRS, is the concept that we need to have. If you’re going to have more generalized standards, let’s say in regards to revenue recognition where revenue recognition will not be as meticulously spelled out as it is currently with U.S. GAAP. If that’s the case, then what you do need is very good comprehensive disclosure. Disclosure as to what your revenue recognition policies are will help readers of financial statements compare your company with what’s going on with companies in that industry and maybe peer group companies. Company ‘A’ recognizes revenue at an accelerated pace and Company ‘B’ is closer to the U.S. model and defers recognition. Then at least you, the reader, can make some adjustment and compensate for that and hopefully make some sense out of it. With disclosure that’s possible. I think auditors (and this will be an interesting challenge for them), will start paying a lot more attention to peer group reporting. When they go in to audit Company ‘A’ they’re probably going to look at Company ‘B’,’C’, and ‘D’ in the same industry, take their revenue recognition policies, and see if Company ‘A’ is significantly different than that, and to the extent that it is, I suspect auditors will strongly recommend to Company ‘A’ to disclose any diversions from peer group.

Maybe with these steps we won’t see an increase in fraud as IFRS is implemented. IFRS is important. We’ve got to get a system set up so that analysts in one country can analyze companies in another country because the free flow of capital is absolutely essential to our global economy and for the U.S. to pull out of the recession we’ve been in.  This is coming, it’s just how it’s coming is a bit of an issue. Hopefully with some careful implementation and some diligence on part of auditors and audit committees this will not result in a huge increase of fraud.

In regards to revenue recognition, the ASB concluded that the auditors should consider it as a presumption of fraud…”Therefore, the auditor should ordinarily presume that there is a risk of material misstatement due to fraud relating to revenue recognition”. Shouldn’t an auditor think like this in every instance? Taking the “guilty until proven innocent” approach?

I think that particular requirement on auditors means then that they must do testing of revenue recognition. It doesn’t say necessarily that they can’t rely on the company’s books per se but that they will test the books. What it said is, frankly, tied very much to the COSO findings. In every single COSO study, revenue recognition is an element that has shown up in over 50% of the fraud cases in each and every study; and I think it’s up to 60% in the most recent study. It is an area that has been clearly identified as a problem. As such, I think it makes sense for auditors to be more skeptical. What it’s telling auditors is that they can’t rely just on the internal controls of the company. As you know, auditors first test internal controls to see if they’re operating correctly and then, based upon that testing, they design their program to go forward.

The results of the internal control testing help determine how much testing is done in these various areas of the income statement and balance sheet of the company. This guidance is telling auditors the internal controls for revenue recognition may test out and be just fine but you, the auditor, still need to go back and test individual transactions. Then your question is, should they go back and implement that for everything else? It would be pretty difficult to do. Testing of internal controls is a good guide to auditors to tell them where they are more likely to encounter fraud than where they are not. Internal controls in other areas, lets say in recording asset values, they should be allowed to rely on them and utilize the knowledge that the controls are in place to help guide how much testing they do of individual accounts. With that said, I would like to see COSO identify some other areas that are also very commonly found problem areas among companies engaged in fraud. Perhaps they could perform some additional testing in areas dealing with the understatement of expenses and liabilities or overstatement of assets. Those could also be areas where I’d like to see auditors encouraged to do a little more testing.

The Big Four accounting firms have been under much scrutiny lately for failing to effectively perform audits. In your experience at the Big Four, what are the problems that are being faced by these firms to perform?

I don’t think that there’s an answer that applies only to the Big Four that’s any different to any non-Big Four firm. There have been problems all up and down a range of auditing firms in various points in time. I’ve got a lot of confidence in the audit profession that they manage well most of the audits performed. Realize that we have over 5,000 or 6,000 publicly traded companies in the U.S. Given those companies routinely go through audits every year, everything is okay, they’re not involved in fraud. COSO identified, for each 10-year period, approximately 350 companies (plus or minus) were fraud companies. That’s only 350 out of a population of 6,000. We’re not seeing fraud on such a scale that we can call on the audit profession and say ‘You guys have failed’. It’s quite the opposite. They’ve come through in a fine fashion. There have been some isolated failures but I don’t see anything that is widespread.

Do you see a bright future for the SEC and other regulatory bodies who “missed the boat” more times than necessary (e.g. Bernie Madoff)?

I’m not sure what a bright future is for a regulator [laughter]. I can tell you what I do see at the SEC. After we completed the analysis of what went wrong in terms of their failure to detect Madoff’s Ponzi scheme, I and my colleagues at FTI put forward a set of recommendations to the SEC for corrective measures. Particularly the Office of Compliance, Inspection, and Examinations which is the area we looked at most carefully, was agreeable to all of our recommendations. I know the Inspector General said that sometime in the very near future he will come back and make sure they did implement the recommendations as we listed them. So I think that there we’re going to see some fairly serious corrective changes.

As for the other regulators, I don’t know if we can always rely on regulators to catch everything but I’m hoping to see more enforcement activity in general from the SEC with regard to the accounting and the other (potentially) fraud related issues in regards to public companies. I’m hoping to see more activity on the part of self-regulatory organizations like FINRA that look after the affairs of securities brokers. I’m hoping that we do see more enforcement actions brought by regulators. I think if that’s the case, then the regulators will be doing their job and they should have a bright future, if that’s what you want to call it. I think that’ll help all of us because there are certainly still problems out there that need to be rooted out.

Can you describe the recommendations you provided to the SEC when you went in to investigate their wrongdoings for Madoff’s Ponzi scheme?

Oh, sure. It’s a matter of public record. It was published on the Inspector General’s website. It sites to me and my team a lot in that report and then we at FTI came out with a separate report about a month later with recommendations. Our recommendations were generally to address a number of different areas, say the competence the personnel that they have hired. Since then I know that the SEC has reached out and engaged in a much more aggressive hiring plan. They’re taking advantage of the recession by picking up some good talented people who’ve had experience with various trading programs and understand say, options and derivates trading, and areas like that. Those were issues that tended to hold up SEC examination of Madoff because he had an options strategy (or he allegedly did) and so some of the examinations of Madoff’s operations were being held up because they didn’t have enough people that had options trading experience. So yeah, we’ve got recommendations that go along those lines. Pretty much every major area that we identified as a problem for the SEC we made recommendations for.

My next question is in regards to the Dodd-Frank bill. You stated that the best preventative measures for fraud are good internal controls and a functioning internal audit mechanism that allows employees to raise issues confidentially with the audit committee and have those issues thoroughly investigated. Many are worried that employees will skip their internal audit committee and go straight to the government for their reward. What are your thoughts on this?

I think that is a legitimate concern about the Dodd-Frank whistle-blowing provision because it sets a very sizable monetary award that is meaningful. What you’re reporting on is a large problem and can have a large financial impact. Dodd-Frank sets out very large reward to the tipper. It will encourage people to pick up the phone and call the SEC directly as opposed to going up through the internal control procedures at the company. That said, the SEC is trying to implement this list of things they will do. One of the things they will mention is to encourage anyone calling in to go up through the various internal control procedures or processes that get the company to make the appropriate people aware of the problem. I think that is an issue. I think it was an unintended consequence of the law not having thought it through. I think that does pose a problem for internal control at companies if you’re having everyone pick up the phone and first calling the SEC. The SEC has just a few people that can respond at any point in time. They are stretched in terms of the investigations and the enforcement activities they are able to conduct. They just have a finite set of personnel so if they are flooded with calls that would ordinarily have gone to the whistleblower hotline at a publicly traded company, this could pose a real serious enforcement problem from the SEC’s perspective. I suspect that something needs to be done here as a correction to the legislation.

The regulations between private and public companies are quite different. For example, private companies are not required to have an audit committee and are only encouraged (not demanded) to have directors. Also the small company can choose between cash or accrual basis. The transition from going from private to public can encourage fraud. How do you propose to bridge this gap so that private companies statements are more reliable?

My advice to a venture capitalist or private equity type of person, and they’re looking at a portfolio company and they’re looking at management trying to get that company ready to go public or get it to a position, if it’s not going public, to merge into a public company, then the best advice is to start planning as soon as possible. It requires retaining good personnel who understand internal controls in a way that audit committees should function and getting those folks on board as early as possible. It can’t be something that you wait until the last minute.

The problems I talk about in my book really are problems that tend to occur when everybody waits till the last minute and then they say, ‘Oh my goodness, we need to bring this into compliance with Sarbanes Oxley’. They realize that they’ve got something to do and they’re in a rush to do it. If that’s the case, then that is a bad set of circumstances, which tends to lead to some very bad fraudulent actions that are meant to deal with old problems that haven’t been dealt with. That’s a problem that arises here. That’s why I encourage early implementation. Lets say a CFO is on board who understands how to set up appropriate controls and the control mechanisms, and you’ve got an audit committee that’s up and functioning and they’re asking good questions, pushing back. Before the company actually rolls out and gets ready to go public, if these issues arise, they would get flagged early and get dealt with and that’s the best of all worlds. We’re not talking about a lot of expense here; we’re just looking for good qualified personnel. That’s the best advice I’d give to those folks.

The pressure to perform is probably the most prevalent reason why companies commit fraud. The pressure of a private company to meet their numbers in order to go public or the pressure of a public company to meet analyst’s expectations every quarter. Do you think that the expectations of these firms are too high? Do you think that the market is too focused on short-term profits?

I think that, yes, short term pressure to meet quarterly performance targets does present problems and give rise to some of the motives for fraud. A lot of this ties back to compensation. If you have compensation that is setup so that it looks to longer-term performance, that helps to mitigate quarterly pressure. It’s undeniable, but if you tell your senior management and your employees, ‘Look we can ride through some bad quarters. If we get to a point where a year or two or maybe three years down the road we’re at a certain milestone that will trigger some bonus payments we can get some people compensated that way’, then there’s a different orientation.

There was an interesting finding in the COSO study, and it was quite unexpected. I was reading through it and almost skipped over it. There is a statistically significant finding that fraud companies in this latest batch tended to not have a separate compensation committee more so than the non-fraud companies. Companies without a separately constituted compensation committee had a higher probability of getting involved in something that was fraudulent. That was interesting and surprising to me because the focus, of course, before was on the audit committee. Now they’re coming over and telling us that we should pay attention to this compensation committee. I can only speculate as to why but my best guess is that if you don’t have a separate compensation committee, this job of setting out company targets falls to the Board as a group.  

The Board has a lot of things to deal with, and if they are busy doing other stuff they may not give as much attention to the mechanisms to compensation as they should.  It then defaults to say quarterly or yearly bonus targets or bonus plans that are at the center of these fraud issues because such short-term targets essentially reward people for trying to come up with ways to fudge the numbers to meet these targets. I think it tells auditors and all of us involved in consulting companies that they ought to have a separately constituted compensation committee, and that committee ought to be as vigilant about the fraud potential of any compensation plan that they set up as say the audit committee. So hopefully that will be something that gets a little more public consideration and we’ll hopefully start focusing on that. But compensation is definitely at the center of this. Yes it’s embarrassing if you can’t hit your numbers for a quarter but if you know that your compensation is set up so that you have time to make up for a bad quarter, that time will allow you to get your bonuses, and that’s the way bonuses will be determined in some multi-year period. I think that is very helpful and will go a long way in taking away the incentive to fudge the numbers.

Welcome your feedback on the interview and book. You can contact Charles Lundelious at charles.lundelius@fticonsulting.com and Nadine Sebai at sleightfraud@gmail.com .

Nassim Taleb’s Interview

Nassim Nicholas Taleb’s new book “The Bed of Procrustes, Philosophical and Practical Aphorisms” New York Times review is excellent. Watch his recent interview to know more about the book and his views of Bernanke’s understanding of risk.

Lessons in Ethics from Richard Branson

Richard Branson’s autobiography “Losing My Virginity” is a candid portrayal of his life, business and passion for sports. It reflects his adventurous spirit, risk philosophy and appetite in business world and while breaking records for flying balloons. His entrepreneurial quest started at age fifteen and today he is one of the most known faces of the corporate world. Definitely a man who went from strength to strength to build a successful organization!

 Two incidents narrated of his young age, show that he compromised his ethics and suffered because of it. I think we all are prone to make similar mistakes. His story teaches us some lessons.

1.       Evading Tax

When Richard Branson left school in 1967, his headmaster’s parting words were: “Congratulations  Branson. I predict that you will either go to prison or become a millionaire.”  He landed up in the prison before he became a millionaire.   

In the early days of Virgin Music in 1971 he made bogus trips to Dover pretending to sell records. He was running a scam to avoid paying customs and excise duty. His thought process was” rules are meant to be broken. He was playing a great game with the authorities and not to be taken seriously”. After his last trip, customs and excise officials raided his shops and warehouse. They identified the marked records for which taxes were evaded, though he had shifted the records between shops on receiving a friendly tip-off. The officials arrested him and he spent a night in a prison cell. He was released after his mother deposited bail money and he agreed to pay a hefty fine to the customs and excise department.   

During the night he spent in the prison cell he made a vow to himself – “I would never again do anything that would cause me to be imprisoned, or indeed do any kind of business deal by which I would ever have cause to be embarrassed.”

Some people still consider it being smart if they are able to escape various taxes levied by the government.  Attitude is that it is a good thing to do as long as one doesn’t get caught. The realization that it is unethical and foolish to break the law doesn’t dawn till one is punished or penalized for it.

2.       Paying Bribes

In 1974, Richard Branson’s first marriage with Kristen was falling apart. They went on a holiday to Cozumel of the coast of Mexico to patch things up. They decided to go for deep-sea fishing at Yucatán peninsula. There was a broadcast of bad weather and the fishermen were hesitant about sailing that day. The Branson’s and another couple lured the fishermen by offering to pay double their usual rate. The fishermen took the bait and they went out to the sea.

When the boat was in the middle of the sea, the weather turned stormy. The waves rose high and the boat was smashed. The Branson’s jumped the boat while the others remained on the boat. They swam for three hours in icy cold sea water before they reached the beach. They informed the rescue team on the beach about the others still on the boat. The rescue ferry went in search however returned shortly as the sea was too dangerous to conduct a search operation. The fishing boat and its passengers were never found.

After the incident, Richard Branson described his thoughts – “I had to learn to live with the question of whether the fishermen would have gone out to the sea if it hadn’t been for us. Two fishermen and two tourists had drowned, and a fishing boat was lost. I wondered if we and the other two tourists should have waved a handful of dollars in front of them.”

In our excitement and desire to get our own way, we often ignore the risks attached to a situation. Paying bribes to oil the wheels and receiving bribes to get things done blinds us to the risks. The lure of money is such that it gives a sense of invulnerability and invincibility. However, this thought process can cause serious damage to the individual concerned and unsuspecting others.

Richard Branson’s autobiography is a must read for risk managers. The ups and downs of his business, the risks which he took, his thought process and philosophy while taking such risks provide a rare insight of the mindset of a successful entrepreneur. Read it cover to cover, it gives more knowledge than a regular risk management book.

Narcissistic Mindset in Financial Institutions

Financial institutions are again grabbing headlines for the wrong reasons. This time it is because of the foreclosure of mortgages without adequate due diligence.  As Senator Robert Menendez wrote to the heads of JPMorgan Chase and Co, Bank of America Corp and Ally Financial Inc- “It is simply inexcusable that proper oversight proceedings were not in place, especially when dealing with matters as monumental as the seizure of a family’s home.”  While receiving bailout from tax-payers money, the leadership teams in the banks had promised more responsible behavior. The question which needs an answer is –“Why are the US financial institutions blatantly contravening regulations again and did they not learn anything from the previous debacle?”

In contrast, in India, in the recently held round table forum organized by Economic Times, the chief players in financial institutions reiterated that regulation and growth can co-exist together. Extract from the Economic Times article – “State Bank of India chairman Om Prakash Bhatt and ICICI Bank non-executive chairman KV Kamath told the founder of the world’s biggest buyout firm, Stephen A Schwarzman of Blackstone Group, that regulation and growth are not mutually exclusive”. Indian financial institutions have always been heavily regulated and have simultaneously shown tremendous growth. This indicates that there is a significant difference in culture and approach in banking sector between USA and India.

In the financial institutions crises many thinkers had blamed the narcissistic mindset of the financial institutions. The thinkers stated that the banks management teams are arrogant and believe the banks –“is too big to fail”. With the recent foreclosure issue, the narcissistic thinking is again reflected.

I decided to do some research to determine what healthy narcissism is and what are the attributes of a narcissistic personality disorder (NPD)? Is it possible to analyze the attributes of NPD in respect to organization leaders, culture and society? I am providing here the results from my analysis after reading Sam Vaknin’s book “Malignant Self Love- Narcissism Revisited”   

In the book Sam Vaknin has stated nearly that “According to the DSM-IV-TR, between 2% and 16% of the population in clinical settings (between 0.5-1% of the general population) are diagnosed with Narcissistic Personality Disorder (NPD). Most narcissists (50-75%, according to the DSM-IV-TR) are men.” According to him the gender difference is because the narcissistic traits (aggression, ego, competition etc.) are generally appreciated in males. This indicates that actual number of employees suffering from NPD in an organization would be less than 1%. Hence, the organization may not be at risk because of individual behavior but may be at risk of narcissistic tendencies due to collective behavior and organization culture.

The second aspect is difference between healthy and unhealthy narcissism.  The definition as per the book is –“Healthy narcissism is a mature, balanced love of oneself coupled with a stable sense of self-worth and self-esteem. Healthy narcissism implies knowledge of one’s boundaries and a proportionate and realistic appraisal of one’s achievements and traits.” Unhealthy or NPD is defined as- “Pathological narcissism is a life-long pattern of traits and behaviors which signify infatuation and obsession with one’s self to the exclusion of all others and the egotistic and ruthless pursuit of one’s gratification, dominance and ambition.” Well, these are traits which we have seen in our present day leaders sometimes or the other. Interestingly, Sam Vaknin has stated that narcissists can hide themselves in a crowd and it is extremely difficult to identify a narcissist without a proper psychological evaluation and diagnosis. Hence a layperson can only say that he/she has a toxic leader or bad boss, at best. So is it possible for an organization to develop a culture of pathological narcissism?  

The next aspect is the analysis of the attributes in detail and determining how this impacts the organization culture and society. I am listing the nine criteria’s used to assessing NPD as given in Sam Vaknin and determining their applicability in our current business environment.

1. Feels grandiose and self-important (e.g., exaggerates accomplishments, talents, skills, contacts, and personality traits to the point of lying, demands to be recognized as superior without commensurate achievements);
2. Is obsessed with fantasies of unlimited success, fame, fearsome power or omnipotence, unequalled brilliance (the cerebral narcissist), bodily beauty or sexual performance (the somatic narcissist), or ideal, everlasting, all-conquering love or passion; 
3. Firmly convinced that he or she is unique and, being special, can only be understood by, should only be treated by, or associate with, other special or unique, or high-status people (or institutions);  
4. Requires excessive admiration, adulation, attention and affirmation – or, failing that, wishes to be feared and to be notorious (Narcissistic Supply);
5. Feels entitled. Demands automatic and full compliance with his or her unreasonable expectations for special and favorable priority treatment;  
6.  Is “interpersonally exploitative”, i.e., uses others to achieve his or her own ends;  
7. Devoid of empathy. Is unable or unwilling to identify with, acknowledge, or accept the feelings, needs, preferences, priorities, and choices of others; 
8. Constantly envious of others and seeks to hurt or destroy the objects of his or her frustration. Suffers from persecutory (paranoid) delusions as he or she believes that they feel the same about him or her and are likely to act similarly; 
9. Behaves arrogantly and haughtily. Feels superior, omnipotent, omniscient, invincible, immune, “above the law”, and omnipresent (magical thinking). Rages when frustrated, contradicted, or confronted by people he or she considers inferior to him or her and unworthy.

 Some of the examples which come to mind regarding the financial crises and corporate behavior are:

1.  The financial crises occurred because basic business ethics were compromised on the assumption that nothing will be detected and the products will sail through. Risk management guidelines were contravened as the banks considered themselves beyond failure. The senior management did not give much thought to the morality of their actions. The suffering caused to the general public, customers and employees was not considered relevant in decision making.
2. There number of cases post recession, where the CXO’s have allocated huge salary increments and bonuses to themselves from tax payers money after creating the financial crises, definitely indicates the sense of entitlement they feel. The senior management cut jobs of middle and junior employees, and retained their own. They also felt entitled to hiring planes for personal and business trips while the common folks were reeling under the crises. They did not hold themselves responsible and accountable for their poor decisions nor demonstrated remorse for damaging the economy.
3.  The foreclosure debacle shows that the employees and management of the banks did not feel any empathy for their customers when causing trauma to customers. A loss of one’s home is an extremely traumatic experience. It shows a significant level of ruthlessness and insensitivity to others circumstances for achieving one’s own objectives.
4.  Definitely, the employees below the CXO level have realized that syncopate behavior guarantees rewards and criticism is not without risks. Some organizations have become so dominant that employees do not have the freedom to voice their opinion and jobs have become a refined form of slavery. Anyone who is unwilling or objects to tow the management line is severely punished, as has been seen in various whistleblower cases.    
5.  Employees are working towards material objectives which are in dissonance with their inner beings. In this society, a person’s worth is being evaluated by material success and public appearances, the employees are developing and projecting a ‘false self’ image. Employees hide their true self and project a false self to obtain promotions, hikes and bonuses.
6.  The survey reports for workplace aggression, violence, bulling, and sexual harassment are showing an increasing trend. In most cases the percentages are ranging between 20-50% of the employees reporting experiencing such incidents. These reports indicate that organizations are turning exploitative and abusive in nature.
7.  Organization culture survey reports indicate that financial institutions have an aggressive and competitive culture. Ask a regular employee and he/she will respond- “It is a dog eat dog world, extremely competitive and cut throat”. The general opinion is that to succeed using some unfair practices to destroy internal and external competition is acceptable.

 Considering the above mentioned aspects and other media reports, it looks like there is a trend towards narcissistic behavior in organizations. The question which comes up is that can anything be done about it when top management may be showing narcissistic behavior? Who will give a reality check to the organization when employees themselves participate in the same behavior? Is the public going to witness one debacle after another as has been the case in the last decade? How will the breaks be put and the trend reversed?

Well your guess is as good as mine. What do you think is going to happen? Please drop in a comment and share your opinion with me.