Managing Systemic Risks in Organizations

The gross turnover of top 100 multinationals is higher than the gross domestic product of a few countries. As it was obvious from the financial crises, organizations employing a few hundred thousand employees can rock the global financial stability. From then on, a lot of discussion is occurring around systemic risks. However, I wonder about the actual momentum in addressing systemic risks.

As per my understanding, an inaccurate perception has formed that governments have the major responsibility to address systemic risks and not the organizations. The picture below depicts the increasing level of risks for human civilization or society as a whole and the increasing level of risks within an organization. Though we do not see linear relationships, they are interconnected. While an organization is a subset of the civilization, their large sizes have also made it a significant component of creating systemic risks.

 

Systemic risks

 

Another fallacy is that organization’s need to track systemic risks at the global level alone. From the financial crises, it was obvious that the Retail Housing Loan departments of US Banks shook the real estate industry. Various CDOs of banks investment divisions were the cause of collapse of major banks. Hence, something as small as the functioning of a department, process or product can destabilize the industry and economy when incorrect practices are followed in multiple organizations.

Moreover, senior management of organizations that have implemented Enterprise Risk Management (ERM) believe that systemic risks are automatically addressed. None of the ERMs is going beyond strategic risks. The focus is mostly on operational and tactical risk coverage. Unless the risk management department has taken concrete measures to identify systemic risks, in all probability they are unmitigated.

Lastly, for most of the systemic risks, the organization by itself can only partly mitigate the risks. Except for taking insurance, they cannot develop and implement full-fledged solutions to treat the risks. Though the impact of systemic risks is huge, the lack of understanding, information and solutions, make organizations negligent about identifying and addressing these risks. Hence, the question is – what should organizations do to manage systemic risks?

1. Global Systemic Risk Monitoring Group

Within the risk management department there should be dedicated resources tracking systemic risks from process to country level and reporting to the global group. In the interconnected world, the risks in one country impact other countries. For instance, consider the attack on Malaysian airplane by rebels in Ukraine. A geo-political risk of one country has brought an organization of another country down. Hence, now the risks have to be viewed from a global perspective. To do this organizations must incorporate the group within the organization structure, deploy funds and resources, use technology to connect and track risks at a global level.

2.  Connecting With National Risk Boards

The 2014 World Bank Risk Report suggests formation of National Risk Boards (Same name, could they have got inspired by this blog :)). This will be a huge plus, since risk identification and mitigation will be done at a national level. For instance, if a large country like India were connected at district, state, and national level through risk boards, the level of risk management would improve significantly.

Moreover, this will facilitate in addressing inter-state risks and cross border risks. For example, cyber security threats mitigation requires coordination within the country and significant amount of international collaboration. The national risk boards of countries become the focal point for international cooperation and collaboration for risk mitigation. Developing relationships with the board members and participating in the initiatives will help organizations in dealing with systemic risks.

3.  Connecting With Industry Risk Boards

The systemic risk group needs to connect with the industry risk boards and regulators to capture the industry level risks. For instance, Back of England conducts a half-yearly survey to determine systemic risks in UK financial sector and the confidence of the organizations in dealing with it.

If organizations facilitate in formation and management of industry risk boards, they can cooperate with the competitors to mitigate industry level risks. Relationships with international industry boards would be a huge plus in acquiring knowledge and formulating plans.

4.  Assessing Preparation at National Level

The World Bank report states that investment in risk mitigation and prevention is low, and most of the expenditure is done during and after a disaster to recover and continue operations. Therefore, the challenge is that risk identification may not result in developing and implementing risk mitigation plans. For example, various cities in India regularly suffer from floods during monsoons. ALthough the government knows the problem and solutions, it has not done much to resolve the issue. There are ongoing battles between city, state, and national level for risk prioritization.

That is, the same risk may have different impact and loss level due to national level preparation. Organizations need to assess the level of preparation of government and local communities to determine the impact and develop risk mitigation plans accordingly.

5.  Assessing Impact at Social Level

Previously, organizations were insulated from the society to some extent. The social networks have changed the scenario, and any incident can become an explosive issue. Hence, impact has to be calculated at social level rather than at an incident level. For instance, recently a six-year-old girl in Bangalore was gang-raped in school by her teachers. Last weekend, parents in Bangalore organized marches to demonstrate their anger against the schools lackadaisical attitude towards children security. Police has lodged complaints against the school and politicians are talking about closing the school.

Presently, rape, women, and child security are sensitive topics in India. India is fourth unsafe country in the world for women. Hence, a single incident can close down an organization. Therefore, risk managers need to identify sensitive issues related to systemic risks and extrapolate the impact at city, state, country, and global level to determine impact of various risks.

Closing Thoughts

Systemic risks impact is sometimes more than losses of earthquakes, tsunamis and nuclear disasters, hence they cannot be ignored. Higher level of focus is required within organizations, industry, community, and nations to build processes, institutions, and infrastructure to identify and mitigate systemic risks. Timely investment in this area can save billions of dollars. Hence, risk managers need to put their thinking caps on, develop concept notes, and influence senior managers to deploy funds in managing systemic risks.

India’s Political Risks in 2014

A fortnight back Aam Admi Party’s (AAP) magnificent political debut in Delhi pulled the rug under the feet of seasoned politicians. Old established politicians with dynastic lineage are scanning the environment to see which young inexperienced common person will oust them from their plush leather chairs. The AAP victory is a game changer, injecting fresh blood in Indian democracy. The citizens, sick and tired of corruption are demanding good governance. With national elections coming up in May 2014, the political risks of the country are changing.

A.      AAP’s Applecart

Arvind Kejriwal - The New Hero

Arvind Kejriwal – The New Hero

Gen X arrived on the political arena and won the first battle. The victorious 28 AAP MLAs are 26-49 years old. They do not have a political background, family connections, or money. They are regular middle class people who took their first baby steps in activism in the Anna Hazare Anti-Corruption Movement.

AAPs symbol, the broom, stands for cleaning the corrupt system. In one stroke, it has swept the old political system and established rules. Within a week, anti-corruption Lok Pal Bill was passed with Congress spearheading the passage of the bill. The bill had been pending for over five decades. While Arvind Kejriwal and Prashant Bhushan were the brains behind the moment, Rahul Gandhi was quick to take the credit.

The AAP leader Arvind Kejriwal, by taking public referendum to form the government, out manoeuvred BJP and Congress. By announcing that AAP will participate in national elections, Kejriwal has become a national leader with mass appeal. With people demanding change and a corruption free government, AAPs is a significant threat to established parties.

From business perspective, in AAP governed states cronyism and corruption will decrease. However, the number of raids and investigations might increase. One is likely to see some high level prosecutions with the implementation of Lok Pal bill. Hence, it will pay to keep high business ethics, and reduce illicit money transactions and bribes.

B.     BJP’s Bandwagon

 BJP Prime Ministerial candidate, showed his leadership mettle in the state elections. BJP win in four of the five states clearly showed that the tide is in its favour.  Modi is riding on the propagated success of Gujarat Model, Hindu middle class and business support.

Narendra Modi - The Callenger

Narendra Modi – The Callenger

However, though Modi is projecting himself as an agent of change, Kejriwal is outshining him in that sphere. In addition, AAP voters come from all income groups, religions, and regions. Hence, Modi presently has a smaller pie of the vote bank.

BJP is also showing that it is unable to walk the talk of change. It is entering into alliances with candidates and parties with a criminal track record. Secondly, to connect the youth across India, it has started the project to build Sardar Patel statue by organizing runs and collecting iron pieces across India. It is trying to attack Kejriwal’s youth following obtained through social activism reputation by this initiative. The Gen Y does not connect with freedom fighters; it wants the current issues addressed.

Hence, it will be an interesting battle to watch. Businesses in BJP ruled states could expect some speedy action on pending proposals, a superficial reduction in corruption, and a significant focus on business growth. BJP isn’t positively aligned towards US; hence, some tensions are envisaged. Moreover, if it comes to power at national level it is expected to gun for Congress leaders and the corruption cases.

 C.      Congress’s Circus

COngress - In Better Times

Congress – In Better Times

In the state elections, the Congress politicians came out looking like a pack of jokers. The Congress hubris, corruption cases, and Rahul Gandhi’s ill preparedness to don the leadership mantle resulted in its downfall.

Suddenly, the Gandhis’ are putting on the activist’s cloak. In the Supreme Court ruling of LGBT cases, they were on the forefront fighting for LGBT rights. After letting US walk all over for last ten years, in Khobragade case, it is drawing blood. At the last moment, support to pass the bill for allowing politicians with criminal records to contest was withdrawn. An attempt to change image and control reputation damage in the last six months isn’t going to work.

The Congress Prime Ministerial candidate is still unknown. A feeler was sent out about Nandan Nilekani being the Prime Ministerial candidate. He might sail through with business tycoons, but will appear as a US supported candidate. The US governments attempt to play big brother’s role in Indian democracy doesn’t go down well with Indian voters. Rahul Gandhi isn’t a people’s magnet. He has not proved his leadership capabilities. Hence, Congress might be facing some dilemmas in selecting a candidate with national appeal. Finally, Prime Minister Manmohan Singh has called it a day and isn’t seeking a third term.

Congress most probably is going to take a beating. In the states it survives, corruption is going to continue and it is going to take a while for them to introduce good governance. Leaders are going to be scrambling for cover, as AAP and BJP are both interested in investigating them to get mileage. In the states it loses, a few projects permissions might be withdrawn or closed. These are the states where business sector will face maximum political risks.

Closing Thoughts

The ABC of Indian politics is changing. It will be enthralling and heart-warming to watch the 2014 elections. Indian democracy is finally coming of age and voters have tasted their power to overthrow established models. With multi-party environment and many more parties in the ring, the competition is going to be keen.

However, a few messages are clearly coming out. Those aligning with corrupt leaders or leaders with criminal records are going to lose the public backing. Political battle plans and strategies need to be redrawn, as the old isn’t going to work. Fighting on religion and caste won’t ensure victory. The parties manifesto focus must be on good governance, economic and business growth, corruption free environment and empowerment of the masses.  The economy is expected to pick up only after the elections near the last quarter of 2014. Hence, be prepared for a slow year in business.

2014 Business Predictions Based On Bollywood Movies

In the age of big data, data mining, social media, market studies and customer feedback, it may sound surreal to analyse business trends from Bollywood movies. Strange as it may seem, Bollywood movies provide a wealth of information on cultural change, latest fads, and customer tastes. Agree, the movies aren’t intellectually stimulating or sensible; most of them are over the top but let us not be scornful about the hyperbole and read the real picture. Tell me what you make out this analysis.

1.      Women Rule

The male bastion crumbled this year;  in most of the movies the actress portrayed a strong character, frequently superior than the actor. In Ramleela, the heroine was a gun wielding female don’s daughter capable of pulling the trigger on betrayal. In Yeh Jiwani Hai Diwani, the female character, a nerd, beat the male character in academics. In Ashiqui 2, the female protagonist, a singer outperforms the male protagonist. Leading ladies are taking centre stage, they are no longer willing to play second fiddle and be decorative while the hero steals the show.

Ramleela

In business parlance, do not ignore the female customer or the female employees. Indian women are making the buying decisions, therefore ensure that the advertising pitch appeals to them and the sales process is women centric.

Additionally, after the changes in sexual harassment act and the companies act, women are gearing for a stronger role in corporate world. The Companies Act requires at least one woman to be on the board, hence develop the top talent. The sexual harassment act has empowered women and cases are making headlines. Change the work culture to ensure equality, educate staff on sexual harassment, and form legal recourse systems. Insure senior staff from sexual harassment claims and do a background check to determine propensity for sexual harassment.

2.      Think Local

Top actors and actresses made a beeline for roles with stories in rural villages and small towns. A few years back they would have turned up their noses on a project that wasn’t with a foreign country backdrop. Most of the blockbuster’s set in small towns – Chennai Express, Ramleela, Gori Tere Pyaar Mein, Ranjhana, Phata Poster Nikla Hero, etc. – had tremendous box office success.

The Indian directors’ cultural understanding of customers is excellent. The trend shows Indian customers awe for foreign brands and products is reducing. The customers want products Indianized to their taste. The burger and pizza sales give ample evidence. Over 50% of the revenues of multinational fast food chains are coming from vegetarian products. For instance, McDonald’s highest grosser, Aloo (Potato) Tikki Burger recipe was made in India.

Customize products to cater to small town customers rather than the metros to get higher turnovers. In local markets, value for money concept works and not fancy brand names.

Astoundingly, employees working in metros are moving to small towns for better work-life balance. The craze for big cities, fast life is disappearing due to high cost of living, traffic and infrastructure problems, and superficial social relationships.

3.      Complete India Story

Northern India and Southern India directors and stories intersected this year. Within India, state borders are reducing in meaning. For instance, in Chennai Express the hero is from Delhi, the heroine is from Chennai. In Gori Teri Pyaar Mein, the male protagonist is from Bangalore and female protagonist is from Delhi. Bollywood is no longer targeting just North Indian customers; they are making headway in South India. A few Hindi movies were remakes of South Indian movies . Astonishingly, South Indian directors are making Hindi movies.

In the last decade, Indians are crossing inter-state borders frequently. Caste, region, and religion differences are diminishing. Business needs to rethink the marketing strategy. Products made for North Indian customers may do well in South India and vis-a-versa. Tastes are changing and acceptability levels for different products are improving. For instance, previously consumer durable major market was in North India. However, the latest survey shows the top states are– Punjab, Kerala, Haryana, Karnataka and Tamil Naidu.

4.      Focus on Gen-Y

Sweet and nice, stereotypical and rehash doesn’t sell with Gen-Y. Unique, controversial, adventurous, and nonconformist sails through. In Ranjhana, the female protagonist organizes the death of a childhood admirer to avenge the death of her adult lover. In Gori Tere Pyaar Mein, the heroine is a social activist, older than the hero, working in a remote village. In Lunchbox, the male character is a 50-year-old man falling in love with a married woman he has never seen. In Krissh 3, super heroes and villains, half human-half animal battle it out. Sporting legends biopic (Bhaag Mikka Bhaag)  and historical political drama (Madras Café) entered the arena. The conventional isn’t making its mark.

krissh 3

Indian Gen Y have information of international products on the tips of their fingers. Secondly, their tastes are similar across country. Previously, there was a vast difference in tastes of the younger generation in metros and smaller towns due to limited information. Now Google Translate has removed those barriers.

Hence, business sector needs to invest in research and innovation, an area they haven’t focused on earlier. The products must be of international quality, fresh and new, at local prices. The business that has the courage to differentiate, leave traditional thinking behind will get massive returns. Businesses centering on adventure sports, exclusive hobbies, social entrepreneurship, video games, and technology apps are expected to do well.

Moreover, organizations to attract and retain Gen Y need to transform the bureaucratic and hierarchical culture. Build a culture on openness, transparency, creativity, risk taking, and empowerment.

 5.      Foray Globally

The top grosser of the year – Dhoom 3 did good business in the international market. Now the Indian movies have rap music with Hindi lyrics, use latest technology (Krissh 3), and have glitzy action. Indian award shows have built Bollywood brand abroad. A few Indian actors and directors have gained international repute.

According to a McKinsey report, 30% of the revenues of top 100 companies in India is coming from international business. Indian companies are either taking over foreign companies or establishing their own in other countries. Hence, time has come to venture abroad keeping in mind the international tastes. Don’t sell the Indian product in its standard form. Customize it according to the international tastes by using their knowledge and technology.

Closing Thoughts

Risk managers’ check out the business strategy and plans for 2014. If the products pipeline, advertisements, sales processes, customer interactions, research and development, and talent management, isn’t considering the above-mentioned aspects, there might be some risks. Lastly, be adventurous and try out new approaches.

Wishing all my readers a very happy and prosperous new year.

Leadership of Dead Bodies, Stones and Flowers

leadership imprint1

In April, two Air India pilots handed over the controls in auto-pilot mode to two female cabin attendants to take a short nap. They decided that their sleep was more important at 33,000 feet while flying the 160-passenger flight from Bangkok to Delhi. They returned to the cockpit after 40 minutes when one of the cabin attendants accidently knocked off the auto-pilot mode.

The angry Twitterate asked for pilot’s license suspension, removal from job and legal charges for culpable homicide. Everyone questioned their work ethics and shock at their irresponsible behavior. Air India investigated the incident, suspended the pilots and sated that passengers’ safety was never compromised. Unbelievable, how can passengers be safe without any pilots at the helm?

1.     Double Standards in Evaluating Corporate Leaders

 The pilots were crucified for risking the lives of passengers. However, surprisingly the pilots of the corporate world do not suffer the same fate. The wizards and titans of the banking industry crash landed the world economy, but they didn’t lose their CXO seats.

Look from another lens. Did any senior in Supplier Company or the multinationals lose their job in the Bangladesh factory fire? In Foxconn, the Apple contractor, 11 employees committed suicide, four died in an accident and one collapsed after continuously working for 36 hours. However, Steve Jobs was rated as the second most popular leader by the CEOs in a survey conducted by Price Waterhouse Coopers. The first and third were Winston Churchill and Mahatma Gandhi respectively.

Now this is going to rattle my readers but let me say it. Steve Jobs was a great inventor, designer, strategist and marketer. However, when it came to people, his employees considered him rude and manipulative, and his competitors found him uncivil. Though Apple achieved great heights, he paid low salaries to the employees in the Apple stores, paid no dividends to the shareholders, pushed down suppliers to manufacture at lowest possible rate and didn’t believe in charity or corporate social responsibility. His behavior and actions weren’t people centric or humanity oriented. So my question is – do we consider him a great leader because he managed to put Apple on top? That makes him a great CEO, not necessarily a great leader.

2.     Misconceptions of Leadership

 The problem arises due to the definition of leadership. Read the dictionary meaning:

Leadership is “organizing a group of people to achieve a common goal”.

- We don’t focus on how the group of people were gathered; by inspiring them or arm-twisting them.

-  We don’t focus on the nobility of the goal; was it to exploit others or liberate them.

-  We don’t focus on the method adopted to achieve the goal; was it by breaking the rules or a journey of virtue.

In the present world we see leaders leaving dead bodies in their path, walking over people as if they were stones and sucking the life out of them. Great leaders create leaders not followers, they make others blossom like flowers.

Be it a corporate leader or political leader, we don’t wish to question the leadership methods. Our thinking is, how it matters to us, we have nothing to lose. We have everything to lose, and Martin-Niemöller-Foundation words at Hitler’s time still resonate:  

“First they came for the communists,
and I didn’t speak out because I wasn’t a communist.

Then they came for the socialists,
and I didn’t speak out because I wasn’t a socialist.

Then they came for the trade unionists,
and I didn’t speak out because I wasn’t a trade unionist.

Then they came for me,
and there was no one left to speak for me.”

Our own silence will kill us and the society we live in. When humanity is at stake, can we close our eyes and say nothing is at stake.

3.     Leadership Training

The Institute of Strategic Change reported that – “the stock price of ‘well-led‘ companies grew by over 900% over 10 years, compared with 74% for poorly led companies”. Warren Bennis in 1998 said – “The Truth is that no one factor makes a company admirable. But if you were forced to pick the one that makes the most difference, you’d pick leadership.” However, how many companies train on leadership or do a performance evaluation on leadership qualities?

Quite a few would be saying we do it. So let me clarify. In organizations bosses tell the juniors what to do and how to do it. They give rave reviews to the employee who completes the task as they had stated. They promote that employee and now he becomes a boss. At best, he will be a good manager, not a leader.

Corporate world determines success rate by title and salary.  Neither guarantees leadership skills. Employees aim to become a boss, not a leader. The terms are not synonyms.

According to Malcolm Gladwell,  all outliers practiced their talent for over 10,000 hours to achieve greatness.  In the corporate world, how many hours are dedicated by each employee to learn leadership? Learning leadership is a by-product of the main job, till CEO level. Then isn’t it surprising that we do not have many great leaders in the corporate world.

 Closing Thoughts

Maximum damage in the world was caused by people who got powerful positions without good leadership qualities, be it Hitler, Jeff Skilling, Bernie Madoff or Lance Armstrong. The biggest risks in the corporate world are leadership risks. It is the leaders who make the decisions, so unless we have a system of putting the right people in leadership positions we will continue to have these disasters. Hence, our job is to develop good leaders, select good leaders and continuously monitor the leaders.

 Wishing my readers a Happy Mother’s Day. Being parents is the toughest job in the world,. They are responsible for raising the next generation of leaders.

References:

  1. Air India Pilots Story  
  2. Deaths in Foxconn
  3. Price Waterhouse Coopers report on best leaders

 

Risk Management Version 3.0

RM tiger

The business world is changing so rapidly that companies are either not willing to publish growth predictions or they are getting it wrong. In this new world trends can’t be analysed from historical data. The best business analytic teams fail because the new business models have totally different risks. Moreover, now the risks are interconnected and can’t be addressed separately. An operations risk may have a huge impact on financial risks.  The old compasses are useless and most are walking on uncharted territory.

This is the ideal time for risk managers to shed their old avatars and  become new super heroes of business. First they have to get out of their comfort zone of addressing internal risks that are preventable. The compliance and control based approach leaves over 60% of the risks un-addressed. If we consider that Risk Management version 1.0, we need to rapidly move to Risk Management version 3.0.

So what does version 3.0 look like?

1. Focus on Strategic Risk Management

I consider Enterprise Risk Management frameworks approach as Risk Management version 2.0. Though they covered strategic risks the focus was on finance, processes and technology. Hence, in reality it has become a bottom-up approach though the initial purpose was to make it top down. Risk managers are still not involved at strategic level and it is the Chief Strategy Officers who are analyzing strategic risks.

My guess estimate is that we depute less than 10% of resources to strategic risk management. We need to put in processes and resources where approximately 25% of efforts are focused on strategic risk management. Strategy failure probability has increased in present business environment.  For managing strategic risks reduce  probability of occurrence of assumed risks and effectively manage them if they occur.

2. Focus on Human Behavioral Risks

Industrial age focused on mechanization and streamlining of processes. Products were produced on the assumption that human behavior can be straight jacketed. In the age of technology and social media, this assumption has proved false.  Social media and data analysis allows behavioral analysis of each individual.

Secondly, the bigger challenge the world is facing is of changing demographics. In the last few decades, the average age has changed from 60 years to 75-80 years. The older generation lives longer and works longer. The Gen Y is entering the workforce with different expectations. Women have not only broken ground in the corporate world, but have become main decision makers for household purchases. Emerging market customers and employees have different behavior patterns.  The leadership skill sets have changed drastically. Participative and consultative cultures are more successful now.

Therefore, whether an organization wishes to fight  war of talent or entice customers, understanding human behavior has become crucial. Each segment of employee, customer and other stakeholders present different risks which an organization needs to manage successfully. Without addressing these risks at strategic and operational level, an organization is unlikely to succeed.  Risk managers traditionally haven’t focused on people, leadership or culture risks. In this century they need to.

3. Integrate Risk Management Knowledge & Resources

The traditional approach of having different experts of financial, operational and other risks in separate departments and addressing each risk in a linear manner is redundant. Moreover, now businesses are significantly exposed to external risks, which was not the case before. The Vodafone and Nokia tax cases are prime examples of risks occurring due to change in government stance.

Risk Management version 3.0 requires integrated risk management where risk managers with diverse skills can assess inter-related risks – internal and external. Secondly, risk managers have to be available within the business and as a separate department. The risk managers operating as part of the business unit need to identify the business risks and update the risk management department. The department needs to devise holistic solutions.

The risk management tools, technology, processes and resources all need to restructured to operate in an integrated manner at all levels.

Closing Thoughts

I suspect, group think is prevailing among risk managers. No one wishes to be a bull in a china shop and say – “hey this isn’t working.” It is ironic that risk managers are not doing adequate risk management of their own role and function. Old habits die hard and getting out of the comfort zone is scary, but I think we need to do it. Else, business failures are going to increase at a high rate. In the current economic environment, we can’t afford those losses. Think about it and share your views.

Wishing all my readers a very Happy Holi.

5 Things CFOs Should Do In Planning Process

In December, senior management focuses on formulating strategies. Department heads prepare business plans and budgets. Risk management departments define the next year’s agenda and plans. Everyone works hard at planning and preparing for the coming year. However, most of the efforts are in vain and result in failure. The problem is that generally people do these activities independently and make no attempt to align them. The ideal integrated sequence is below.

strategy

However, this does not happen. For instance, department heads do capital expenditures while ignoring the strategy. Business teams define performance indicators and risk managers establish risk indicators, without syncing the two indicators. Situations occur where desired performance is achieved at very high-risk levels. Business teams ignore the risk levels until disaster occurs. With the multitude of unsynchronized management information, boards make incorrect decisions with information overload. Hence, at the end of the year only a few organizations can claim that they achieved the strategy and targets.

The Chief Financial Officers (CFOs) can play a pivotal role in bringing the different facets together. CFOs sit on the board and participate in the strategy formation process. Department heads submit their plans and budgets to CFOs for review and consolidation. Generally, Chief Audit Executives (CAE) administrative reporting is to the CFO. Quite frequently, CFOs act as defacto Chief Risk Officers (CRO). Hence, CFOs can put the jigsaw puzzle together. The key things they need to look into to revamp the process are as follows:

 1.     Strategy Formulation

 The common misperception is that organizations have a proper strategy formation process. In reality, the ideas supported by the CEO and politically strong CXOs are adopted without much constructive discussion since no one wishes to rock the boat. Secondly, a formal strategy process is not in place in most organizations. Moreover, at the time of strategy formation upside and downside risks remain unidentified, as CXOs do not invite CRO to the discussion. The CFOs can influence the other CXOs to implement a formal strategy development process and conduct a strategic risk assessment in each phase of strategy formation.

2.     Business Plans

While strategies are for 3-5 year period, business plans are drawn annually. However, the changing business landscape makes business plans redundant on formation. Reason being that business plans are prepared on a set of assumptions on customer behavior  engagement and market situation. Real interaction with customers and entry into the market prove most of the assumptions incorrect. Additionally, department heads make independent business plans to show one up man ship. Hence, performance objectives are missed and risks remain unidentified. The need of the hour is for businesses to react fast and give cohesive messages in response to market changes. Therefore, CFOs must make the business planning process dynamic and integrated.

3.     Budgets

More than 60% of the organizations are unsatisfied with their ability to link strategy to operating budgets. Additionally, organizations spend 4 to 6 months in preparing budgets with numerous iterations back and forth between departments. Meanwhile the business plans change due to the volatility in the market. Hence, organizations are feeling the need of speed in the budgeting and forecasting process. CFOs must adopt rolling forecasts rather than static budgets to improve planning and control. Rather than doing post facto variance analysis they can collaborate with business teams to give real-time analysis.

4.     Performance Indicators

Performance indicators measure the reward side of the strategy. Without the risk indicators, they give an incomplete picture of business status. Another aspect is that performance indicators and risk indicators for the same strategy or plan are not aligned together and are reported at different periods. Organizations sometimes continue to measure redundant parts and do not update the indicators with change in strategy and objectives. A prime example is the financial crises. A few banks achieved performance targets without understanding the risk levels. Hence, CFOs must use technology to create relevant dashboards to monitor indicators to keep a firm grasp on the business.

5.     Risk Indicators

 Risk managers fail to address the twin shortcomings in process of identifying key risk indicators. Firstly, risk managers do not ascertain strategic risk indicators. Secondly, a lot of meaningless indicators are created which do not really find out the overall business risks. Hence, CXOs fail to separate the noise from the inflection points. Moreover, Nassim Taleb’s point of view that most significant risks are unpredictable needs to be thought over. There might be too much data available and organizations might look at risk indicators they are comfortable with, until the bubble bursts. CFOs can identify key risk indicators for strategy and business plans, and synchronize them to performance indicators. That will close the loop and move the business in the right direction.

Closing Thoughts

Synchronizing multiple factors between strategy and indicators influences a company’s capacity to achieve goals. With predictions of recession and volatile business environment, dropping the ball is highly probable. Understanding which economic predictions to rely on, which market trends will impact long-term and what are the strategic inflection points, spells the difference between success and failure. Hence, CFOs must play the vital role of coordinating and aligning various steps between strategy formation and identifying indicators.

IBM CEO Survey Insights On Customer Focus

The 2012 CEO survey conducted by IBM gives some interesting insights. Seventy-three per cent CEOs are gearing their organizations to gain meaningful insights from customer data. This is the area of highest investment.  The traditional approach to segment customer data to calculate statistical averages has been replaced with understanding the attitudes and tastes of individual customers.

The main aim of gathering holistic customer information is to devise services and products targeted at the customers and improve the response time. As stated in the report – “The challenge for organizations is two-fold: can they pick up on these cues, especially if the information comes from outside? And can the appropriate parts of the organization act on the insights discovered?” The graph depicts the main reasons for capturing customer information.

Further, the report mentions, that though most of the CEOs focus on capturing information, out-performers excel at acting on insights. The difference is innovation and execution. A quarter of the CEOs reported that their organizations are unable to derive value from the data. Speed of action is required to capture data, analyse, prepare strategies and respond to customers. As one CEO stated the most crucial characteristic is to “organize a major wake-up call.” The customer obsessed CEOs are driving the organizations to more contextual customer insights.  The graph below highlights the marked difference in under-performers and out-performers.


Risk managers can play a pivotal role in helping CEO’s achieve these objectives. They can focus on the following.

1.     Organization Culture and Process Change

A customer oriented organization culture is required to leverage the opportunities. Secondly, the organization needs to align the processes towards customer relationship management. Risk managers can conduct organization culture survey to assess customer orientation. Moreover, they can review processes to determine risks and controls to mitigate risks.

2.     Security of Data

The activity requires accumulation of extensive customer personal information. Generally, companies use separate data centres to collect and analyse the data. However, the risks of loss and theft of data is huge. As in the recent case of Facebook 1.1 million users’ data was sold for US $5. Therefore, it is a good idea to review security polices and test data centre security.

3.     Return on Investment

Data collection requires huge investments in technology and resources. As the CEOs are saying the failure rate is quite high. A review of projects, plans and strategy would identify the pain points and misdirected activity. Calculating return on investment on various programs might steer the investments in the right direction. Timely identifying failing projects and reasons for failure is critical to maintain cost effectiveness.

Closing thoughts

Technology and social media has brought customers closure to companies. The face-to-face customer interaction is gradually shifting towards social media. The companies that are able to navigate this transition successfully will outperform their peers in the industry. Hence, risk managers should support this CEO initiative to enable the organization to leverage upside risks.

What is your organization doing in this respect? How do you think risk managers should facilitate CEOs in this initiative?

References:

Leading Through Connections – IBM CEO Survey

Is Doing Nothing A Reputation Risk?

Tim Cook, CEO of Apple, recently issued an open letter on Apple website, publicly apologizing for the shortcomings in the Apple maps. The first paragraph reads:

“To our customers,

At Apple, we strive to make world-class products that deliver the best experience possible to our customers. With the launch of our new Maps last week, we fell short on this commitment. We are extremely sorry for the frustration this has caused our customers and we are doing everything we can to make Maps better.”

The purpose was to pacify the angry customers who found inaccuracies in the Apple maps. The words of the CEO mattered.

Now let us assume that none of the customers knew who the CEO of Apple is. They have not heard of the CEO before. The CEO visibility was zilch in media, social networks, business conferences etc. Would the words have mattered then? Wouldn’t the customers say – “Who is this guy? We never heard from him before and now he is giving excuses for horrid products?”

Managing an organization’s reputation is part of CEO/CXO job. When reputation risks occur, their communication is part of the risk mitigation plan. Hence, the effectiveness of risk mitigation plan is dependent on the CEO/CXO profile. Until here, I think you will agree with me.

Now let me ask you the difficult question. If the senior management of the organization does nothing to add to the brand or reputation of the organization, is it a risk?

Here is my argument. Normally, we take the following criteria for reputation risks.

Source- ICAI ERM Training Material

This measures only the negative impact. We talk about negative coverage in the media, but what about no coverage in media. In India, most of the CEO/CXOs have no media visibility and unlike the west, 90% do not give interviews etc. in the media. They even don’t have a social media presence and one can hardly find them directly interacting with customers. That is, except for traditional advertising of products in newspapers, magazines and television, there is no coverage of the organization and the senior management in the media.

Now let us see from risk management perspective. One of the strategic objectives of the organization is to build brand and reputation of the organization. The purpose of enterprise risk management is to give an assurance to the board that the entity is moving in the right direction to achieve its objectives. As risk managers, we focus if something goes wrong, but what if, the company is not moving at all in any direction – positive or negative – in meeting its objectives. Should we capture that as a risk?

Closing thoughts

Negative viral messages in social media tarnish a reputation in a span of few hours. It takes just one tweet to go viral. It will be very difficult for a company to defend itself if a company does not have a twitter account and reputation management plan. The same applies to executives. Now the thought process is either develop a brand or get branded. Silence gives an opportunity to others to put labels and develop negative perceptions. Continuous positive messages at a personal level need to go out about the brand for customers to have a favorable opinion. Doing nothing may become a huge risk.

Industry Disruption Risks

The biggest risk of all is industry disruption risks. One fine day the competitive landscape of the industry transformed and it caught us by surprise. Ouch, the world changed while we were sleeping. It is a CEO’s recurring nightmare, and the risk managers do not focus on it much. Reason as I mentioned in my recent posts is that risk managers assume they do not have the right or duty to question the strategy or strategic objectives. Let us discuss this in detail.

Andrew Grove in his book “Only the Paranoid Survive” described the strategic inflection point. He said – “An inflection point occurs where the old strategic picture dissolves and gives way to the new, allowing the business to ascend to new heights. However, if you don’t navigate your way through an inflection point, you go through a peak and after the peak the business declines.” The strategic inflection point disrupts the industry completely and can wipe out old companies in a few years.

1.      The Intel Story

Fascinatingly, Intel itself missed the strategic inflection point of mobile computing. Intel controls 80% of the world’s PCs chip market. It failed to make a timely dent in the handheld devices. Nvidia, Texas Instruments, Qualcomm and Samsung rule the ARM chips market for smartphones and tablets. Intel is now positioning itself in this market with its x86 chips. With the shrinking in the PC, laptop and server market, let us see whether Intel can re-position itself as the smartphone and tablet chipmaker. IPhones and IPads disrupted the technology industry; and surprisingly the giants of the industry – Intel and Microsoft – both missed the boat.

2.      The India FDI Retail Story

Closer home, the opening up of foreign direct investment in retail industry has shaken the complacent industry from its roots. Expected entry of Wal-Mart is causing havoc in the minds of established players. Most of the food retail sector in India comprises of Mom-Pop local stores that supply at low costs. Some organized chains as Reliance, Bharti, Nilgiri’s etc. have started catering to the upper middle class requirements; however have not wiped out the smaller stores. The opening of the retail sector to foreign investment is indicative of industry disruption. The industry is gearing itself to deal with the new risks to retain the competitive advantage.

3.      The ERM Perspective

COSO ERM –Integrated Framework, 2004 defines ERM as:

Enterprise Risk Management is a process, effected by an entity’s Board of Directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide a reasonable assurance regarding the achievement of entity objectives.

 Going by the definition, identifying industry disruption risks comes under risk managers’ purview. However, we tend to take strategy as given and don’t challenge the strategy and strategic objectives. We need to change our perspective. Building and retaining competitive advantage is a strategic objective. The industry disruption events can wipe that out. Hence, include identifying disruption risks as part of risk assessment.

Closing thoughts

Industry disruptions occur due to external forces – regulators, competitors, suppliers, customers and society. To identify strategic inflections points risk managers must meticulously track the external environment. Understanding external environment is difficult and requires extensive industry knowledge. Therefore, I know, some of you would be wondering whether it is part of our job. Let us check with the readers.

Misunderstanding of Risks Between Business Teams and Auditors

PWC Internal Audit survey highlighted one critical shortcoming of Chief Audit Executives and Internal Audit Department. The risks that business teams consider critical are being ignored. I have been covering some of the risks on the blog, namely – people risks, competitive advantage, innovation and creativity, marketing, country risks, etc. According to the survey, more than 20% of the stakeholders reported that internal audit paid too little attention on these risks. Hence, the question is why are internal auditors and risk managers not looking at them. Take a look at this chart first.

PWC Internal Audit Survey 2012

From the survey results, two assumptions can be made. First, the internal audit function is still focused on auditing the processes that link to the financial numbers. Second, they are not understanding the business aspects of the organization. As given below, three things need to be done.

1. Understand business requirements

The situation reminds me of an Archie-Veronica joke. Veronica is trying out a new pair of jeans in a store. She looks in the mirror and says – “The jeans are tight, I wonder what could be the problem.” Archie promptly replies – “You might have gained a few pounds”. Veronica gives one whack on Archie’s head and again makes the same statement. This time Archie replies – “The store may have marked a wrong size on the jeans”. If the internal audit reports were hard hitting, business teams may give the internal auditors a rosy picture. They may not be sharing the true concerns in respect to various business risks. Hence, internal auditors would focus their energies on some unsubstantial risks.  Improve the communication with business teams to understand the risk environment. Create an environment where truthful interactions occur.

2. Add in next year business plan

Last quarter of the year has started today, and most of the organizations will prepare 2013 plans in this quarter. This is a good time to understand the business risks and prepare the 2013 annual audit plan and budgets accordingly. Coordinate with the business teams to understand their annual plans. Identify the risks relating to the plans. Discuss with the teams on how internal audit function can help them. Attempt using collective intelligence and crowd sourcing techniques to develop your plan. Where required, take a call to provide advisory services rather than assurance services. Business managers expect much more from the internal audit function. Hence, gear yourself to meet if not exceed those expectations.

3. Develop talent and skills

In the 20th century internal auditors audited the same financial numbers as external auditors. In the 21st century, the function requires revamping. In my previous article – “New Risks and Uncertainties in 21st Century” – I had conducted a poll. I had asked respondents whether they thought present day risk managers were equipped to deal with 21st century risks. Out of 17 total votes, 15 had responded that less than 50% of the risk managers can manage the new business risks. The verdict was by the risk managers about risk managers. Don’t be a dinosaur and learn new skills to survive in the market. In another 5 years when Gen Y become middle managers, Gen X may become redundant.

Closing Thoughts

With the turmoil in various economies, the 2013 risk landscape will be drastically different. Organizations that are well geared in risk management, have a higher probability of sailing through. Internal auditors and risk managers need to incorporate the impact of globalization, technology and social media in their annual plans. There is no purpose in serving stale bread and expecting business teams to swallow it. Rejuvenate in the new business age.

Wishing all my readers a Happy Gandhi Jayanti. Let us pray that each person believes a little more in non-violence and work towards a peaceful world.

References: 

PWC Internal Audit Survey 2012