Managing Systemic Risks in Organizations

The gross turnover of top 100 multinationals is higher than the gross domestic product of a few countries. As it was obvious from the financial crises, organizations employing a few hundred thousand employees can rock the global financial stability. From then on, a lot of discussion is occurring around systemic risks. However, I wonder about the actual momentum in addressing systemic risks.

As per my understanding, an inaccurate perception has formed that governments have the major responsibility to address systemic risks and not the organizations. The picture below depicts the increasing level of risks for human civilization or society as a whole and the increasing level of risks within an organization. Though we do not see linear relationships, they are interconnected. While an organization is a subset of the civilization, their large sizes have also made it a significant component of creating systemic risks.

 

Systemic risks

 

Another fallacy is that organization’s need to track systemic risks at the global level alone. From the financial crises, it was obvious that the Retail Housing Loan departments of US Banks shook the real estate industry. Various CDOs of banks investment divisions were the cause of collapse of major banks. Hence, something as small as the functioning of a department, process or product can destabilize the industry and economy when incorrect practices are followed in multiple organizations.

Moreover, senior management of organizations that have implemented Enterprise Risk Management (ERM) believe that systemic risks are automatically addressed. None of the ERMs is going beyond strategic risks. The focus is mostly on operational and tactical risk coverage. Unless the risk management department has taken concrete measures to identify systemic risks, in all probability they are unmitigated.

Lastly, for most of the systemic risks, the organization by itself can only partly mitigate the risks. Except for taking insurance, they cannot develop and implement full-fledged solutions to treat the risks. Though the impact of systemic risks is huge, the lack of understanding, information and solutions, make organizations negligent about identifying and addressing these risks. Hence, the question is – what should organizations do to manage systemic risks?

1. Global Systemic Risk Monitoring Group

Within the risk management department there should be dedicated resources tracking systemic risks from process to country level and reporting to the global group. In the interconnected world, the risks in one country impact other countries. For instance, consider the attack on Malaysian airplane by rebels in Ukraine. A geo-political risk of one country has brought an organization of another country down. Hence, now the risks have to be viewed from a global perspective. To do this organizations must incorporate the group within the organization structure, deploy funds and resources, use technology to connect and track risks at a global level.

2.  Connecting With National Risk Boards

The 2014 World Bank Risk Report suggests formation of National Risk Boards (Same name, could they have got inspired by this blog :)). This will be a huge plus, since risk identification and mitigation will be done at a national level. For instance, if a large country like India were connected at district, state, and national level through risk boards, the level of risk management would improve significantly.

Moreover, this will facilitate in addressing inter-state risks and cross border risks. For example, cyber security threats mitigation requires coordination within the country and significant amount of international collaboration. The national risk boards of countries become the focal point for international cooperation and collaboration for risk mitigation. Developing relationships with the board members and participating in the initiatives will help organizations in dealing with systemic risks.

3.  Connecting With Industry Risk Boards

The systemic risk group needs to connect with the industry risk boards and regulators to capture the industry level risks. For instance, Back of England conducts a half-yearly survey to determine systemic risks in UK financial sector and the confidence of the organizations in dealing with it.

If organizations facilitate in formation and management of industry risk boards, they can cooperate with the competitors to mitigate industry level risks. Relationships with international industry boards would be a huge plus in acquiring knowledge and formulating plans.

4.  Assessing Preparation at National Level

The World Bank report states that investment in risk mitigation and prevention is low, and most of the expenditure is done during and after a disaster to recover and continue operations. Therefore, the challenge is that risk identification may not result in developing and implementing risk mitigation plans. For example, various cities in India regularly suffer from floods during monsoons. ALthough the government knows the problem and solutions, it has not done much to resolve the issue. There are ongoing battles between city, state, and national level for risk prioritization.

That is, the same risk may have different impact and loss level due to national level preparation. Organizations need to assess the level of preparation of government and local communities to determine the impact and develop risk mitigation plans accordingly.

5.  Assessing Impact at Social Level

Previously, organizations were insulated from the society to some extent. The social networks have changed the scenario, and any incident can become an explosive issue. Hence, impact has to be calculated at social level rather than at an incident level. For instance, recently a six-year-old girl in Bangalore was gang-raped in school by her teachers. Last weekend, parents in Bangalore organized marches to demonstrate their anger against the schools lackadaisical attitude towards children security. Police has lodged complaints against the school and politicians are talking about closing the school.

Presently, rape, women, and child security are sensitive topics in India. India is fourth unsafe country in the world for women. Hence, a single incident can close down an organization. Therefore, risk managers need to identify sensitive issues related to systemic risks and extrapolate the impact at city, state, country, and global level to determine impact of various risks.

Closing Thoughts

Systemic risks impact is sometimes more than losses of earthquakes, tsunamis and nuclear disasters, hence they cannot be ignored. Higher level of focus is required within organizations, industry, community, and nations to build processes, institutions, and infrastructure to identify and mitigate systemic risks. Timely investment in this area can save billions of dollars. Hence, risk managers need to put their thinking caps on, develop concept notes, and influence senior managers to deploy funds in managing systemic risks.

Risk Management Version 3.0

RM tiger

The business world is changing so rapidly that companies are either not willing to publish growth predictions or they are getting it wrong. In this new world trends can’t be analysed from historical data. The best business analytic teams fail because the new business models have totally different risks. Moreover, now the risks are interconnected and can’t be addressed separately. An operations risk may have a huge impact on financial risks.  The old compasses are useless and most are walking on uncharted territory.

This is the ideal time for risk managers to shed their old avatars and  become new super heroes of business. First they have to get out of their comfort zone of addressing internal risks that are preventable. The compliance and control based approach leaves over 60% of the risks un-addressed. If we consider that Risk Management version 1.0, we need to rapidly move to Risk Management version 3.0.

So what does version 3.0 look like?

1. Focus on Strategic Risk Management

I consider Enterprise Risk Management frameworks approach as Risk Management version 2.0. Though they covered strategic risks the focus was on finance, processes and technology. Hence, in reality it has become a bottom-up approach though the initial purpose was to make it top down. Risk managers are still not involved at strategic level and it is the Chief Strategy Officers who are analyzing strategic risks.

My guess estimate is that we depute less than 10% of resources to strategic risk management. We need to put in processes and resources where approximately 25% of efforts are focused on strategic risk management. Strategy failure probability has increased in present business environment.  For managing strategic risks reduce  probability of occurrence of assumed risks and effectively manage them if they occur.

2. Focus on Human Behavioral Risks

Industrial age focused on mechanization and streamlining of processes. Products were produced on the assumption that human behavior can be straight jacketed. In the age of technology and social media, this assumption has proved false.  Social media and data analysis allows behavioral analysis of each individual.

Secondly, the bigger challenge the world is facing is of changing demographics. In the last few decades, the average age has changed from 60 years to 75-80 years. The older generation lives longer and works longer. The Gen Y is entering the workforce with different expectations. Women have not only broken ground in the corporate world, but have become main decision makers for household purchases. Emerging market customers and employees have different behavior patterns.  The leadership skill sets have changed drastically. Participative and consultative cultures are more successful now.

Therefore, whether an organization wishes to fight  war of talent or entice customers, understanding human behavior has become crucial. Each segment of employee, customer and other stakeholders present different risks which an organization needs to manage successfully. Without addressing these risks at strategic and operational level, an organization is unlikely to succeed.  Risk managers traditionally haven’t focused on people, leadership or culture risks. In this century they need to.

3. Integrate Risk Management Knowledge & Resources

The traditional approach of having different experts of financial, operational and other risks in separate departments and addressing each risk in a linear manner is redundant. Moreover, now businesses are significantly exposed to external risks, which was not the case before. The Vodafone and Nokia tax cases are prime examples of risks occurring due to change in government stance.

Risk Management version 3.0 requires integrated risk management where risk managers with diverse skills can assess inter-related risks – internal and external. Secondly, risk managers have to be available within the business and as a separate department. The risk managers operating as part of the business unit need to identify the business risks and update the risk management department. The department needs to devise holistic solutions.

The risk management tools, technology, processes and resources all need to restructured to operate in an integrated manner at all levels.

Closing Thoughts

I suspect, group think is prevailing among risk managers. No one wishes to be a bull in a china shop and say – “hey this isn’t working.” It is ironic that risk managers are not doing adequate risk management of their own role and function. Old habits die hard and getting out of the comfort zone is scary, but I think we need to do it. Else, business failures are going to increase at a high rate. In the current economic environment, we can’t afford those losses. Think about it and share your views.

Wishing all my readers a very Happy Holi.

Auditors Criticise Without Value Addition

This is my 251 post and it feels good to have written so many. So I thought of dealing with a difficult and sensitive topic for auditors. The corporate world views auditors with jaundiced eyes and auditorville has a bad reputation. Scott Adams in his book “Thriving on Stupidity in the 21st Century” humorously described auditors in the following paragraph:

“Auditors get more respect and more bribes than accountants. That is because auditors are relatively more dangerous. Auditors are generally plucked from the ranks of accountants who had very bad childhood experiences. The accountants who don’t go on to become serial killers have a good chance of becoming successful auditors.”

The reputation comes from doing post mortems, writing long reports on deficiencies and criticizing the work of business teams. No one likes a critic and especially not those who do not do any value addition. So where are we going wrong?

1.  Criticizing Makes an Auditor Successful

The common perception is that more faults an auditor finds in an audit, the better is the quality of the audit. This is driven by the fact that some audit departments have a key performance indicator on number of observations. If there are no observations or weaknesses, the audit quality was not good. Let me mention an old story here.

A couple was riding a donkey to reach their village.

Two passer-by’s saw them and said – “Poor donkey, has to take the load of two humans.”

The husband heard the comment and got of the donkey. Further, two passer-bys saw them and said-“See, the wife is sitting comfortably on the donkey and the poor husband is walking on the road.” The wife got off the donkey and made her husband sit on it.

After a few kilometers  two spectators said – “See what the world is coming to, no chivalry. Man is riding the donkey and the poor woman is walking.” Now both husband and wife started walking along with the donkey.

Then another set of bystanders said – “See the idiots, both are walking and no one is riding the donkey”

The purpose of audit is to provide assurance on the process, not find faults with it. For instance, last year you conducted an audit of purchasing process and made ten observations. Will the audit of the same process be successful if you made 11 observations or nil observations? If auditee implemented previous year recommendations, then they should not re-appear. If without a change in process, you found new weaknesses, then it means the previous year audit was not done properly. Hence, criticism doesn’t make an audit a success or a failure. The quality of observations holds meaning.

2. My Way or Highway

The other presumption is that audit can be done without much of business knowledge. Just high-level understanding is required. This is really an incorrect view. I recall in my training period I was assigned an internal audit client that flew helicopters. When I was doing bank vouching, I had said to my colleague doing cash vouching  -“Wish we were auditing a car maker, at least I know the cost of a car tyre.” I was checking the appropriateness of expenses including repair and maintenance of helicopters when I hadn’t seen a helicopter from a five feet distance, let alone sit in one. Your guess is as good as mine on the quality of observations and value addition provided.

The big problem comes, when after doing an audit without business knowledge we refuse to listen to the business teams that the observations are irrelevant or incorrect. We don’t appreciate the different perspective of business teams and high-handedly push down our recommendations. Times of India mentioned a nice joke on this last Sunday.

Why did the chicken cross the road?

Plato: For the greater good.

Aristotle: To actualize its potential.

Darwin: It was the next logical step after coming down from the tree.

Neitzsche: Because if you gaze too long across the road, the road gazes back at you.

Buddha: If you ask this question, you deny your own chicken-nature.

Closing Thoughts

In the 21st century, auditors can’t hold a stick to beat the business teams all the time. The role has changed. With it the skill set and approach needs to be changed. If auditors are not able to give a better solution or process change, they should consider whether their criticism makes sense or not. Maybe, business needs to live with the control weaknesses, take the risks because the costs of plugging them are very high. The observation and recommendation should provide value addition, either in the form of assurance or improvement. Else, a lot of expenses are made to cater to auditors’ egoistical viewpoints rather than seeing business viability.

All criticism and feedback on the blog is welcome. Please share your views. A big thank you to my readers for reading my 250 posts.

5 Things CFOs Should Do In Planning Process

In December, senior management focuses on formulating strategies. Department heads prepare business plans and budgets. Risk management departments define the next year’s agenda and plans. Everyone works hard at planning and preparing for the coming year. However, most of the efforts are in vain and result in failure. The problem is that generally people do these activities independently and make no attempt to align them. The ideal integrated sequence is below.

strategy

However, this does not happen. For instance, department heads do capital expenditures while ignoring the strategy. Business teams define performance indicators and risk managers establish risk indicators, without syncing the two indicators. Situations occur where desired performance is achieved at very high-risk levels. Business teams ignore the risk levels until disaster occurs. With the multitude of unsynchronized management information, boards make incorrect decisions with information overload. Hence, at the end of the year only a few organizations can claim that they achieved the strategy and targets.

The Chief Financial Officers (CFOs) can play a pivotal role in bringing the different facets together. CFOs sit on the board and participate in the strategy formation process. Department heads submit their plans and budgets to CFOs for review and consolidation. Generally, Chief Audit Executives (CAE) administrative reporting is to the CFO. Quite frequently, CFOs act as defacto Chief Risk Officers (CRO). Hence, CFOs can put the jigsaw puzzle together. The key things they need to look into to revamp the process are as follows:

 1.     Strategy Formulation

 The common misperception is that organizations have a proper strategy formation process. In reality, the ideas supported by the CEO and politically strong CXOs are adopted without much constructive discussion since no one wishes to rock the boat. Secondly, a formal strategy process is not in place in most organizations. Moreover, at the time of strategy formation upside and downside risks remain unidentified, as CXOs do not invite CRO to the discussion. The CFOs can influence the other CXOs to implement a formal strategy development process and conduct a strategic risk assessment in each phase of strategy formation.

2.     Business Plans

While strategies are for 3-5 year period, business plans are drawn annually. However, the changing business landscape makes business plans redundant on formation. Reason being that business plans are prepared on a set of assumptions on customer behavior  engagement and market situation. Real interaction with customers and entry into the market prove most of the assumptions incorrect. Additionally, department heads make independent business plans to show one up man ship. Hence, performance objectives are missed and risks remain unidentified. The need of the hour is for businesses to react fast and give cohesive messages in response to market changes. Therefore, CFOs must make the business planning process dynamic and integrated.

3.     Budgets

More than 60% of the organizations are unsatisfied with their ability to link strategy to operating budgets. Additionally, organizations spend 4 to 6 months in preparing budgets with numerous iterations back and forth between departments. Meanwhile the business plans change due to the volatility in the market. Hence, organizations are feeling the need of speed in the budgeting and forecasting process. CFOs must adopt rolling forecasts rather than static budgets to improve planning and control. Rather than doing post facto variance analysis they can collaborate with business teams to give real-time analysis.

4.     Performance Indicators

Performance indicators measure the reward side of the strategy. Without the risk indicators, they give an incomplete picture of business status. Another aspect is that performance indicators and risk indicators for the same strategy or plan are not aligned together and are reported at different periods. Organizations sometimes continue to measure redundant parts and do not update the indicators with change in strategy and objectives. A prime example is the financial crises. A few banks achieved performance targets without understanding the risk levels. Hence, CFOs must use technology to create relevant dashboards to monitor indicators to keep a firm grasp on the business.

5.     Risk Indicators

 Risk managers fail to address the twin shortcomings in process of identifying key risk indicators. Firstly, risk managers do not ascertain strategic risk indicators. Secondly, a lot of meaningless indicators are created which do not really find out the overall business risks. Hence, CXOs fail to separate the noise from the inflection points. Moreover, Nassim Taleb’s point of view that most significant risks are unpredictable needs to be thought over. There might be too much data available and organizations might look at risk indicators they are comfortable with, until the bubble bursts. CFOs can identify key risk indicators for strategy and business plans, and synchronize them to performance indicators. That will close the loop and move the business in the right direction.

Closing Thoughts

Synchronizing multiple factors between strategy and indicators influences a company’s capacity to achieve goals. With predictions of recession and volatile business environment, dropping the ball is highly probable. Understanding which economic predictions to rely on, which market trends will impact long-term and what are the strategic inflection points, spells the difference between success and failure. Hence, CFOs must play the vital role of coordinating and aligning various steps between strategy formation and identifying indicators.

IBM CEO Survey Insights On Customer Focus

The 2012 CEO survey conducted by IBM gives some interesting insights. Seventy-three per cent CEOs are gearing their organizations to gain meaningful insights from customer data. This is the area of highest investment.  The traditional approach to segment customer data to calculate statistical averages has been replaced with understanding the attitudes and tastes of individual customers.

The main aim of gathering holistic customer information is to devise services and products targeted at the customers and improve the response time. As stated in the report – “The challenge for organizations is two-fold: can they pick up on these cues, especially if the information comes from outside? And can the appropriate parts of the organization act on the insights discovered?” The graph depicts the main reasons for capturing customer information.

Further, the report mentions, that though most of the CEOs focus on capturing information, out-performers excel at acting on insights. The difference is innovation and execution. A quarter of the CEOs reported that their organizations are unable to derive value from the data. Speed of action is required to capture data, analyse, prepare strategies and respond to customers. As one CEO stated the most crucial characteristic is to “organize a major wake-up call.” The customer obsessed CEOs are driving the organizations to more contextual customer insights.  The graph below highlights the marked difference in under-performers and out-performers.


Risk managers can play a pivotal role in helping CEO’s achieve these objectives. They can focus on the following.

1.     Organization Culture and Process Change

A customer oriented organization culture is required to leverage the opportunities. Secondly, the organization needs to align the processes towards customer relationship management. Risk managers can conduct organization culture survey to assess customer orientation. Moreover, they can review processes to determine risks and controls to mitigate risks.

2.     Security of Data

The activity requires accumulation of extensive customer personal information. Generally, companies use separate data centres to collect and analyse the data. However, the risks of loss and theft of data is huge. As in the recent case of Facebook 1.1 million users’ data was sold for US $5. Therefore, it is a good idea to review security polices and test data centre security.

3.     Return on Investment

Data collection requires huge investments in technology and resources. As the CEOs are saying the failure rate is quite high. A review of projects, plans and strategy would identify the pain points and misdirected activity. Calculating return on investment on various programs might steer the investments in the right direction. Timely identifying failing projects and reasons for failure is critical to maintain cost effectiveness.

Closing thoughts

Technology and social media has brought customers closure to companies. The face-to-face customer interaction is gradually shifting towards social media. The companies that are able to navigate this transition successfully will outperform their peers in the industry. Hence, risk managers should support this CEO initiative to enable the organization to leverage upside risks.

What is your organization doing in this respect? How do you think risk managers should facilitate CEOs in this initiative?

References:

Leading Through Connections – IBM CEO Survey

Industry Disruption Risks

The biggest risk of all is industry disruption risks. One fine day the competitive landscape of the industry transformed and it caught us by surprise. Ouch, the world changed while we were sleeping. It is a CEO’s recurring nightmare, and the risk managers do not focus on it much. Reason as I mentioned in my recent posts is that risk managers assume they do not have the right or duty to question the strategy or strategic objectives. Let us discuss this in detail.

Andrew Grove in his book “Only the Paranoid Survive” described the strategic inflection point. He said – “An inflection point occurs where the old strategic picture dissolves and gives way to the new, allowing the business to ascend to new heights. However, if you don’t navigate your way through an inflection point, you go through a peak and after the peak the business declines.” The strategic inflection point disrupts the industry completely and can wipe out old companies in a few years.

1.      The Intel Story

Fascinatingly, Intel itself missed the strategic inflection point of mobile computing. Intel controls 80% of the world’s PCs chip market. It failed to make a timely dent in the handheld devices. Nvidia, Texas Instruments, Qualcomm and Samsung rule the ARM chips market for smartphones and tablets. Intel is now positioning itself in this market with its x86 chips. With the shrinking in the PC, laptop and server market, let us see whether Intel can re-position itself as the smartphone and tablet chipmaker. IPhones and IPads disrupted the technology industry; and surprisingly the giants of the industry – Intel and Microsoft – both missed the boat.

2.      The India FDI Retail Story

Closer home, the opening up of foreign direct investment in retail industry has shaken the complacent industry from its roots. Expected entry of Wal-Mart is causing havoc in the minds of established players. Most of the food retail sector in India comprises of Mom-Pop local stores that supply at low costs. Some organized chains as Reliance, Bharti, Nilgiri’s etc. have started catering to the upper middle class requirements; however have not wiped out the smaller stores. The opening of the retail sector to foreign investment is indicative of industry disruption. The industry is gearing itself to deal with the new risks to retain the competitive advantage.

3.      The ERM Perspective

COSO ERM –Integrated Framework, 2004 defines ERM as:

Enterprise Risk Management is a process, effected by an entity’s Board of Directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide a reasonable assurance regarding the achievement of entity objectives.

 Going by the definition, identifying industry disruption risks comes under risk managers’ purview. However, we tend to take strategy as given and don’t challenge the strategy and strategic objectives. We need to change our perspective. Building and retaining competitive advantage is a strategic objective. The industry disruption events can wipe that out. Hence, include identifying disruption risks as part of risk assessment.

Closing thoughts

Industry disruptions occur due to external forces – regulators, competitors, suppliers, customers and society. To identify strategic inflections points risk managers must meticulously track the external environment. Understanding external environment is difficult and requires extensive industry knowledge. Therefore, I know, some of you would be wondering whether it is part of our job. Let us check with the readers.

Reflections on Reputation Risks

Indians think more highly of themselves than they are. I am not making this up, it is a factually correct statement according to the Country report of Reputation Institute. Respondents ranked India 25th with 51.93 RepTrak score. According to its own evaluation, India deserved a score of 75.67 with 11th ranking. It is ranked 5th for having perception differences between internal and external reputation. A 25th rank among 50 countries ranked isn’t anything to talk about.

In the Companies Reputation report, there was no Indian company in the top 100. Yes, my ex-company Intel was ranked 16th, though its ranking has fallen from previous years.  BMW, Sony and Walt Disney are the top three. Though reputation has a huge impact, most companies do not focus on it. Below is a chart from the Reputation Institute report on the impact of good and negative reputation of various factors.

Reputation Institute Company Report 2012

Customers, society, employees and investors – all are influenced by the reputation of the company. While companies may enjoy a good local reputation, as is the case for many Indian companies, maintaining a global reputation is a different ball game altogether. From the above chart it is clear, investing in a good reputation pays off and adds to the profit margin. Question is what all is required to build a good reputation. Another chart from the report highlights the main aspects:

Seven factors - leadership, performance, products/services, innovation, workplace, governance and citizenship are required to build a global reputation. For instance, Intel was among the top ten for – governance, workplace, performance, and products and services.

On the other hand, in respect of reputation damage, risk managers mostly focus on reputation damage due to misstatement of financial statements and governance. That accounts to just 28% of reputation.  The impact on reputation of other aspects are generally ignored. The question is how can these be built into a risk assessment framework? Besides reducing downside risks, this gives a good option to leverage upside risks. Here are a few things that risk managers can look into:

1. Reputation map – Does the company have a reputation map covering these parameters and defining its progress through the years?

2. Integration level – Is reputation aspects integrated into all the functions of the organization, or is it left to the advertising and communications department?

3. External perceptions – Is the organization depending on advertisements to build its reputation or is it undertaking CSR and other activities also?

4. Participation in industry competitions – Does the organization participate and win industry competitions, for instance “great place to work”, “most innovative company” etc. ?

5. Social Media – How is the company using social media to build its reputation and manage the negative feedback?

6. Risk assessment – Is a risk assessment for reputation conducted to highlight the risks in all the seven areas and mitigation plans prepared?

Closing thoughts

Reputation damage is difficult to quantify and often the risks are not categorically listed. In social media environment, it is far easier to lose the reputation and more difficult to build a good one. In the present environment, they old age thinking  – no news is good news – has become redundant. Just because the organization name hasn’t made headlines for the wrong reasons, it doesn’t mean all is well. The negative under currents slowly erode the good name of the organization. Hence, risk managers need to actively address reputation risks on all seven parameters.

References:

Reputation Institute reports

PS: I changed the background and added a little color to the blog. How is it looking? Please give feedback.

Risk Assessment of Marketing Function

The global economy is facing turbulent times with US in recession, Europe in economic crises and emerging markets growth slowing down. Frequently organizations panic on hearing forecasts of looming recession. They cut down marketing budgets, innovation of products and capital investments. The reaction further adds to the woes, and accelerates the downward trend in sales. Risk managers normally do not focus on marketing department activities and generally are not called upon to share their views on marketing strategies. A look on these areas may prevent the company from going in red and thrive in chaotic times. Here are a few suggestions for risk managers.

1. Bench-mark Marketing Function

The complexities of business world are escalating marketing risks. For survival and growth organizations need resilient marketing and sales functions. They have to identify strategic inflection points in the market and adapt accordingly. In recession customers interest, values and budgets change. With new competition and changing regulations, organizations need to reinvent business models. Hence, as a first step risk managers  need to bench-mark the organization’s marketing function.

Philip Kotler and Johan A. Caslione in their book “Chaotics – The business of managing and marketing in the age of turbulence” have presented a table on marketing function attributes. Out of the 14 attributes, below are 5 critical ones distinguishing between poor, good  and great marketing functions.

Srl    Poor                                        Good                                              Great

1. Product driven                    Market driven                                    Market driving

2. Product offer                       Augmented product offer                 Customer solutions offer

3. Price driven                        Quality driven                                     Value driven

4. Reacting to competitors    Bench-marking competitors             Leapfrogging competitors

5. Function oriented               Process oriented                                Outcome oriented

McDonalds marketing strategies reflect these attributes. In India, McDonalds is opening a purely vegetarian restaurant near Vaishu Devi ( a renowned Hindu temple) and Golden Temple (Sikh’s foremost gurdwara). It is catering to the Indian sentiments; in most religions Indians do not eat non-vegetarian food in a place of worship. Near the temples, generally local vegetarian eating joints thrive and there are no global food chains. The huge number of devotees provide a large market.

A few years back, McDonalds customized its menu according to Indian tastes and introduced vegetarian burgers. The McAloo Tikki (a potato burger) contributes to 25% of the total sales.  It may shock the Americans, but no beef burgers are served in India.

2. Evaluate Cost-cutting Measures

The attitude frequently is to cut costs across board. For instance, if marketing budget is XXX dollars, the total budget will be reduced by 25% without assessing the details and profitable products. Here risk managers need to assess the soundness of decisions taken to reduce costs. Below are a few examples to look for:

a) Advertising : Is the total advertising budget reduced? This would be a wrong move. During recession, the core products that contribute to revenue need aggressive advertisement. The advertising budget spent non-core products and loss making products can be dropped. Moreover, explore cheaper advertising models – social media, internet etc. and reduce budgets on paper and television media.

b) Discounts : Another option adopted to increase sales is to discount all products by a certain percentage. This is a self-destructive strategy as discounts on core premium products would damage the revenue stream in the long-run. If customers require cheaper products, cut the frills in the premium products and introduce a bare minimum model. This will maintain the brand and revenue.

3. Assess Strategy and Systems

Risk managers must assess the marketing strategy and systems to ensure that the risks are systematically identified in a timely manner. Here are a few examples of the same:

a) Core products: Does the strategy focus on core products? Are there systems in place to show the winners and losers? If the systems are inadequate profitability, market spend and customer behavior cannot be captured accurately. Hence, the organization will be unable to adapt strategy to the changing marketing trends and customer behavior. Moreover, companies cannot  reduce costs without identifying inefficient spending.

b) New products : Has the organization delayed the launch of new products during recession? The customers require cheaper products during hard times. Hence, the strategy should be to delay expensive products but focus on products that cater to the new customer requirements and changes in behavior.

Closing thoughts

With economies slowing down, the marketing functions are facing many challenges. Customers are better informed through social media and internet, competitors copy products faster, and price of the product is a driving factor. Risk managers can contribute by conducting risk assessments of the marketing function and helping the teams in identifying the upside and downside risks to their strategies. This is a good place to add to  profitability.

References:

  1. Chaotics – The business of managing and marketing in the age of turbulence – Philip Kotler and Johan A. Caslione
  2. Beefy McDonald’s to Open Veg-Only Outlet in Katra – Economic Times

Risk Management Failures in Kingfisher Airlines

Mr.Mallya with KFA Air hostesses

The king of good times is facing hard times. Launched in 2006, with much fanfare by its Chairman, Mr. Vijay Mallya, Kingfisher Airlines (KFA) is presently in dire financial straits. After the euphoria abated, KFA’s strategy, performance and financial health has been questioned from mid-2008. Now the company is facing major financial and operational problems. The press statement from KFA, on 12 March 2012, highlights the challenges:

“The flight loads have reduced because of our limited distribution ability caused by IATA suspension. We are therefore combining some of our flights. Also, some of the flights are being cancelled as a result of employee agitation on account of delayed salaries. This situation has arisen as a consequence of our bank accounts having been frozen by the tax authorities. We are making all possible efforts to remedy this temporary situation.” 

KFA is a good case to understand the impact of failure in risk management. The management ignored the warning signs of stormy weather and failed to navigate the company into safety.With hindsight, some of the important decisions made by the airline appear incorrect. Let us analyse the  top 5 risks.

1. Strategic Risk – Market Analysis 

 KFA was launched as a premium business class airline. That was the first mistake, a lack of understanding of customer requirements and basing a decision that luxury sells in airlines. Organizations focus on reducing costs and  usually just CXOs are allowed business class travel. Rest of the staff mostly travels by economy class. Moreover, buying most expensive business class tickets doesn’t go down well when seniors aim to project the image of walking the talk.

Even consultants, whose travel tickets are paid for by clients, hesitate to book KFA tickets. It appears that they are abusing privileges. Hence, the market size for business class tickets is small in India.

Secondly, internationally Southwest Airlines operating model has proven successful. It is a low-cost airlines, provides minimum frills to customers at reasonable rates. Mr. Mallya, highly successful in liquor business, didn’t comprehend the differences in customer preferences within the two industries. Customers may buy expensive alcohol, but not airline tickets, since the total cash outflow  is higher.  It is a price sensitive market. Therefore, KFA adopted an incorrect strategy from the start as it failed to understand the market dynamics.

2. Strategic Risk – Merger with Air Deccan 

KFA acquired Air Deccan, a low-cost airline in 2007. Five years of operations is a key criteria for an airline to fly internationally. Hence, KFA acquired Air Deccan’s international flying rights and simultaneously entered the cheaper market segment.  It made the following announcement in September 2008 financial results commentary:

The merger of the two operating airlines into one corporate entity has also enabled savings on operating costs such as Engineering and Ground Handling, Insurance and Catering. Employee costs have also been addressed through an integrated organization which enabled the Company to terminate the contracts of most expatriate staff and impose a hiring freeze on new appointments.

After the merger, first signs of trouble cropped up. As per a Business Today article, it became the largest Indian airline with 27.5% market share, and domestic travel increased by 30%, however it didn’t make profits. Despite the fact the its main rival – Jet Airways – continuously showed profitable quarters.

KFA showed growth in numbers while having lost the strategy. With the merger, it lost its brand image of a premium business class airline. It expanded with the speed of a jet without building a base and resolving the post merger challenges. This set the course for a bumpy ride.

3. Strategic Risk - Investment in Planes 

According to 31 March 2011 ending annual report, KFA flew 366 domestic flights and 28 international flights. It owned 67 aircraft.

“Aircraft Engine/Lease Rentals: Aircraft/engine lease rentals stood at Rs. 984 crore (USD 197 million) during the twelve month period from April 2010 to March 2011. Your Company operated 67 aircraft (scheduled and non scheduled) in the year under review, 13 of which are owned through finance leases and 54 are held under operating leases.”

Business Today article mentions that presently the airline owns 63 planes and a few have been returned to the lessors. However, the plane financing problem isn’t new. In September 2008, after the merger with Air Deccan,in financial results commentary KFA stated the following:

“Two aircraft have already been returned to Lessors with no additional cost, and the Company is in discussion for the return of a further eight aircraft. The impact of this capacity contraction will be visible during the second half of the Financial Year.”

After the merger, according to the Business Today article, the airline refused to take delivery of 5 Airbus A340-500. It had over 90 aircraft in Airbus books and no delivery was taken after 2008. This is a case of investment plans made under a cloud of unknowing.

4. Financial Risk – Excessive Debt  

In the December 2011 quarter unaudited financial results, signed by the Chairman Mr. Mallya, the following note is given:

The Company has incurred substantial losses and its net worth has been eroded. However, having regard to capital raising plans, group support, the request made by the Company to its bankers for further credit facilities, planned reconfiguration of aircrafts and other factors, these interim financial statements have been prepared on the basis that the Company is a going concern and that no adjustments are required to the carrying value of assets and liabilities.

KFA posted a loss of Rs 1027.39 crore (USD 205.95 million) in December 2011 quarter. As of 31 March 2011, its net worth was negative at Rs 3633.08 crore (USD 728.29 million). It was last positive in March 2008, and now the picture is dismal. Presently, KFA has a total debt of Rs 7057.08 crore (USD 1414 million) and total accumulated losses of Rs 6000 crore (USD 1202 million). The banks refuse to extend further  credit as the non-performing assets (NPA) will jeopardize the profitability and liquidity of the banks.

Here it is a clear case of excessive debt and poor cash flow management systems. The situation has gradually worsened from March 2008 and in three years the capital is completely eroded. A better financial risk management may have helped mitigate the problem. It appears no one in the company was monitoring the risk dashboard. Maybe they were flying high on optimism.

5. Operational Risk – Fuel Costs

It’s a well know fact in aviation industry that most airlines nosedive due to high fuel costs. The rise in fuel costs are an uncontrollable risks as the price of petrol is set internationally. Additionally, in India, states charge heavy sales tax on petrol. Hence, the fuel costs are much higher in India. KFA annual report of 31 March 2011 acknowledges this issue:

Aircraft fuel expenses: Expenditure on fuel stood at Rs. 2274 crore (USD 456 million) during the twelve month period from April 2010 to March 2011 accounting to 28% of the total costs. While the average fuel prices have come down from a high of Rs. 74 per litre in August 2008, prices have steadily risen through the year and ended 34% higher than prices at beginning of the year. 

As given in the commentary on the results for the half-year ended 30th September 2008, KFA was aware of the problem.:

The Aviation Industry is going through a challenging phase globally, driven primarily by spiraling fuel costs, which hit an un-precedent USD 147 per barrel in July 2008. The Indian industry was hit more adversely due to the cumulative impact of Customs Duty and Sales Tax on account of this sharp increase in international fuel prices. The average price of ATF in the six month period from April to September 2008 increased by about 60%. The impact on Kingfisher Airlines alone was to the tune of Rs.640 Crores (USD 128 million).

Most airlines to recover fuel costs increase the number of seats in the aircraft by better use of space. KFA couldn’t do it, as it projected itself as luxury class. Despite enjoying an occupancy rate of 75-85%, the company failed to break-even. Although the management was aware of the truculent factors in aviation industry it failed to take preemptive measures timely.

Closing Thoughts

A look at the 31 March 2011 year-end annual report reveals that KFA had 7-8 directors, with just one executive director. The audit committee had 3-4 directors and didn’t seem active, since there were just 4 meetings during the year. Since inception of the company, three CEOs have come and gone. Mr. Vijay Mallya, the Chairman, controls the company. The board of directors have not actively participated in charting the route of the company. Hence, pilot of the company is responsible for the downward spiral of KFA.  As the banks and government refuse to give a life jacket to KFA, the probability of safe landing is low.

References: 

  1. Kingfisher Airlines - Media statement 12 March 2012
  2. Kingfisher Airlines – 31 March 2011 Annual Report
  3. Kingfisher Airlines – 31 December 2011 Unaudited results
  4. Kingfisher Airlines – Commentary on results for half year ending 30 September 2008
  5. Losing Color – Business Today article.

Program Change Management Risks

Organizations invest huge amounts in running numerous programs to improve operations, culture and profitability of the company. For instance, programs cover technology implementation, building social networks, improving employee engagement and corporate social responsibility initiatives. Some programs give good return on investment while others dwindle without much success.  The success and failure of a program appreciably depends on effective change management.

Even for information technology programs, various survey reports show success-failure ratio as 50-50 percentage. Failure results in cost overruns and delay in project schedule besides low employee morale. A few reports indicate just around 20% of the programs are successful in the first effort in all respects. The differentiating factor, with technology and implementation capability being the same, is change management skills. Lack of focus on change management risks results in program failure.

Before discussing some key aspects of program change management risks, let us understand the reason for the same. Change causes insecurities to surface, hence sows the seeds of conflict and discord. On start of a program, people do not understand the reason for change. They are unable to assess what is at stake and what success looks like. Moreover, people respond differently to change. Idea of change gets supporting, skeptical and scornful reactions. If not handled carefully, different groups within the organization prepare battle plans to sabotage the program.

Hence, change management strategy is an essential component of program implementation. Given below are some of the risks on the same.

1.   Senior Management Involvement

For approval of the program, the program manager shakes hands with all the senior managers to get their buy-in.  Managers assume that the senior management commitment will continue after approval. However, this is rarely the case. With time, commitment will wane if senior managers do not understand the direction of the program and/ or start giving priority to other programs. Hence, program managers need to monthly/ fortnightly update the senior managers through review meetings and reports on the status and plans of the program.

Additionally, users and employees need to see senior managers demonstrate commitment to the program i.e. walk the talk. Program managers need to leverage opportunities to show senior management support for the program. Develop a leadership plan to ensure senior managers become champions of the program.

2.   User/ Employee Adoption

The program managers gear most of the programs activities towards adoption by the users. For example, in building a risk culture, adoption of risk assessment template is a milestone. The point is change agents view program activities in isolation for pre-go-live stage without considering the overall impact on the organization. Programs influence strategy, process, technology, and people. Without synchronizing the four aspects, even with user acceptance, the program will be unsuccessful in the long run.

Second aspect to consider is the handholding and support after the go live stage. After implementation of a program, the users may still face some challenges or new problems and risks may arise. For continued success of the program a team is required to support it, else it will fizzle out.

3.    Multiple Communication Channels

A program requires a good communication plan and failure in communication jeopardizes the program. Communication messages must be clear, straightforward and from the heart. The corporate jargon and meaningless mantras does not get buy in from senior management or users. For example, do not have a mission statement for an ethics program that sounds like this:

The company’s mission is to be the most ethical organization in the world by adopting best practices, making it a great place to work and rewarding meritocracy

Employees will roll their eyes on the above statement and consider it as management hyperbole. There is nothing actionable or measurable in the statement. Neither are the steps linked to ethics.

Another risk is failure of communication from senior management. Program managers assume that employees understand senior management commitment from strategy and other generic documents. However, adopters need to hear from senior management, their views and aspirations regularly.

Moreover, when programs run into problems, the initial reaction is to hide the bad news from the adopters. Clear concise communication on challenges being faced by program managers and support required, gets the program back on track. Communicate more often when program is running into trouble.

More importantly, change agents sometimes fail to listen to the adopters. Adopters’ feedback is critical for the success of the program. Understand their angry reactions, criticism and challenges. Develop plans to address them and not ignore them.

 4.    Training Plans

 Standard training material is the bane of most programs. Change agents believe that once the training is imparted, their job is done. Some pieces are overlooked in training plans and I have mentioned these before in a post. These are:

  • People have different learning patterns.
  • People are at different stages of learning – beginner, learner, manager, and expert.
  • People do not remember the training for long unless they start using the information in practical work.
  • Old habits are hard to break; hence, people revert to old patterns of working if not monitored.

Last but the not least, is the content of the training. For example, fraud awareness training is a double-edged sword. The users, who didn’t know a word about fraud, now have some idea on how frauds are conducted. The information can be misused. Moreover, an overload of information may create panic reactions in users. Hence, when to deliver training and what information to give are critical decisions for successful program implementation.

 5.     Reward & Recognition System

For a program to be successful, set up a clear system about reward and accountability for the adopters. Failure to establish a system will result in rewarding mediocrity rather than meritocracy. Further, without implementing a penalty criterion, there is no downside for wrongdoing. Hence, maintain a balance between reward and punishment.

For instance, in an ethics program, build a system of bonus points at time of appraisal for meeting business objectives in an ethical way. If a manager had the option of choosing an unethical means to achieve an objective faster but selected an ethical way though had to work harder, award him/her bonus points. On the other hand, award penalty points to a manager who chose unethical means.

6.    Dealing with Failure

Sometimes, despite best efforts the program team stares at the face of failure. People adopt inflexible approach and refuse to acknowledge the logical benefits of the program. They foresee their personal and political agendas negatively impacted, hence refuse to contribute to the shared purpose of the organization. The situation reminds me of an old joke.

A man bought a parrot as a pet. To his dismay, the parrot had a bad attitude and spoke foul language. The man tried to teach the parrot to behave but the parrot refused to change. One day in a fit of anger the man put the parrot in the freezer. He heard the parrot screaming and abusing for a couple of minutes, then there was silence. The man opened the door of the freezer, the parrot trotted out and said – “I beg your forgiveness for speaking rudely. I promise to behave properly.” The man was amazed at the transformation. Then the parrot said – “May I ask, what did the chicken do?”

To avert sudden failure periodically conduct organization surveys to understand the acceptability of the program and organization readiness for the next stage. Measure the behavior and sentiment change due to the program. Do not rush to the next stage without ensuring that adopters connect with the program in the existing stage.

 7.    Awareness of Retaliation

Situations can get out of hand when people start retaliating against the program manager and his/her team. Some programs are launched for appearances sake. For example, senior management may approve a program for business ethics, diversity or employee participation. However, when the change agents sincerely attempt to run the program to bring about a cultural change in the organization, they get mobbed by the employees. In this case, the junior employees start complaining that the change agents are pressurizing, bullying and forcing them to change. This impacts the heart of the program and the change agents spend most of the time defending their actions. The senior management doesn’t really want change, hence looks the other way or gives tacit approval to derail the program and mob the change agents.

In such cases, the change agents have to pay a high price, but the seeds of change are sown. People recognize that there is a better way of doing things, and gradually move towards light.

Closing Thoughts

 Change is difficult. We ourselves find it difficult to change, so getting others to change is an obstacle race. As Mahatma Gandhi said on leading the non-violent Indian independence movement – “First they ignore you, then they laugh at you, then they fight you and then you win.” Being a change agent is a test of stamina, perseverance, discipline and sacrifice. There are no low hanging fruits to pluck, no short-term rewards, no personal glory, however, in the end organization benefits.