Risk Management Failures in Kingfisher Airlines

Mr.Mallya with KFA Air hostesses

The king of good times is facing hard times. Launched in 2006, with much fanfare by its Chairman, Mr. Vijay Mallya, Kingfisher Airlines (KFA) is presently in dire financial straits. After the euphoria abated, KFA’s strategy, performance and financial health has been questioned from mid-2008. Now the company is facing major financial and operational problems. The press statement from KFA, on 12 March 2012, highlights the challenges:

“The flight loads have reduced because of our limited distribution ability caused by IATA suspension. We are therefore combining some of our flights. Also, some of the flights are being cancelled as a result of employee agitation on account of delayed salaries. This situation has arisen as a consequence of our bank accounts having been frozen by the tax authorities. We are making all possible efforts to remedy this temporary situation.” 

KFA is a good case to understand the impact of failure in risk management. The management ignored the warning signs of stormy weather and failed to navigate the company into safety.With hindsight, some of the important decisions made by the airline appear incorrect. Let us analyse the  top 5 risks.

1. Strategic Risk – Market Analysis 

 KFA was launched as a premium business class airline. That was the first mistake, a lack of understanding of customer requirements and basing a decision that luxury sells in airlines. Organizations focus on reducing costs and  usually just CXOs are allowed business class travel. Rest of the staff mostly travels by economy class. Moreover, buying most expensive business class tickets doesn’t go down well when seniors aim to project the image of walking the talk.

Even consultants, whose travel tickets are paid for by clients, hesitate to book KFA tickets. It appears that they are abusing privileges. Hence, the market size for business class tickets is small in India.

Secondly, internationally Southwest Airlines operating model has proven successful. It is a low-cost airlines, provides minimum frills to customers at reasonable rates. Mr. Mallya, highly successful in liquor business, didn’t comprehend the differences in customer preferences within the two industries. Customers may buy expensive alcohol, but not airline tickets, since the total cash outflow  is higher.  It is a price sensitive market. Therefore, KFA adopted an incorrect strategy from the start as it failed to understand the market dynamics.

2. Strategic Risk – Merger with Air Deccan 

KFA acquired Air Deccan, a low-cost airline in 2007. Five years of operations is a key criteria for an airline to fly internationally. Hence, KFA acquired Air Deccan’s international flying rights and simultaneously entered the cheaper market segment.  It made the following announcement in September 2008 financial results commentary:

“The merger of the two operating airlines into one corporate entity has also enabled savings on operating costs such as Engineering and Ground Handling, Insurance and Catering. Employee costs have also been addressed through an integrated organization which enabled the Company to terminate the contracts of most expatriate staff and impose a hiring freeze on new appointments.“

After the merger, first signs of trouble cropped up. As per a Business Today article, it became the largest Indian airline with 27.5% market share, and domestic travel increased by 30%, however it didn’t make profits. Despite the fact the its main rival – Jet Airways – continuously showed profitable quarters.

KFA showed growth in numbers while having lost the strategy. With the merger, it lost its brand image of a premium business class airline. It expanded with the speed of a jet without building a base and resolving the post merger challenges. This set the course for a bumpy ride.

3. Strategic Risk - Investment in Planes 

According to 31 March 2011 ending annual report, KFA flew 366 domestic flights and 28 international flights. It owned 67 aircraft.

“Aircraft Engine/Lease Rentals: Aircraft/engine lease rentals stood at Rs. 984 crore (USD 197 million) during the twelve month period from April 2010 to March 2011. Your Company operated 67 aircraft (scheduled and non scheduled) in the year under review, 13 of which are owned through finance leases and 54 are held under operating leases.”

Business Today article mentions that presently the airline owns 63 planes and a few have been returned to the lessors. However, the plane financing problem isn’t new. In September 2008, after the merger with Air Deccan,in financial results commentary KFA stated the following:

“Two aircraft have already been returned to Lessors with no additional cost, and the Company is in discussion for the return of a further eight aircraft. The impact of this capacity contraction will be visible during the second half of the Financial Year.”

After the merger, according to the Business Today article, the airline refused to take delivery of 5 Airbus A340-500. It had over 90 aircraft in Airbus books and no delivery was taken after 2008. This is a case of investment plans made under a cloud of unknowing.

4. Financial Risk - Excessive Debt  

In the December 2011 quarter unaudited financial results, signed by the Chairman Mr. Mallya, the following note is given:

The Company has incurred substantial losses and its net worth has been eroded. However, having regard to capital raising plans, group support, the request made by the Company to its bankers for further credit facilities, planned reconfiguration of aircrafts and other factors, these interim financial statements have been prepared on the basis that the Company is a going concern and that no adjustments are required to the carrying value of assets and liabilities.

KFA posted a loss of Rs 1027.39 crore (USD 205.95 million) in December 2011 quarter. As of 31 March 2011, its net worth was negative at Rs 3633.08 crore (USD 728.29 million). It was last positive in March 2008, and now the picture is dismal. Presently, KFA has a total debt of Rs 7057.08 crore (USD 1414 million) and total accumulated losses of Rs 6000 crore (USD 1202 million). The banks refuse to extend further  credit as the non-performing assets (NPA) will jeopardize the profitability and liquidity of the banks.

Here it is a clear case of excessive debt and poor cash flow management systems. The situation has gradually worsened from March 2008 and in three years the capital is completely eroded. A better financial risk management may have helped mitigate the problem. It appears no one in the company was monitoring the risk dashboard. Maybe they were flying high on optimism.

5. Operational Risk – Fuel Costs

It’s a well know fact in aviation industry that most airlines nosedive due to high fuel costs. The rise in fuel costs are an uncontrollable risks as the price of petrol is set internationally. Additionally, in India, states charge heavy sales tax on petrol. Hence, the fuel costs are much higher in India. KFA annual report of 31 March 2011 acknowledges this issue:

Aircraft fuel expenses: Expenditure on fuel stood at Rs. 2274 crore (USD 456 million) during the twelve month period from April 2010 to March 2011 accounting to 28% of the total costs. While the average fuel prices have come down from a high of Rs. 74 per litre in August 2008, prices have steadily risen through the year and ended 34% higher than prices at beginning of the year. 

As given in the commentary on the results for the half-year ended 30th September 2008, KFA was aware of the problem.:

The Aviation Industry is going through a challenging phase globally, driven primarily by spiraling fuel costs, which hit an un-precedent USD 147 per barrel in July 2008. The Indian industry was hit more adversely due to the cumulative impact of Customs Duty and Sales Tax on account of this sharp increase in international fuel prices. The average price of ATF in the six month period from April to September 2008 increased by about 60%. The impact on Kingfisher Airlines alone was to the tune of Rs.640 Crores (USD 128 million).

Most airlines to recover fuel costs increase the number of seats in the aircraft by better use of space. KFA couldn’t do it, as it projected itself as luxury class. Despite enjoying an occupancy rate of 75-85%, the company failed to break-even. Although the management was aware of the truculent factors in aviation industry it failed to take preemptive measures timely.

Closing Thoughts

A look at the 31 March 2011 year-end annual report reveals that KFA had 7-8 directors, with just one executive director. The audit committee had 3-4 directors and didn’t seem active, since there were just 4 meetings during the year. Since inception of the company, three CEOs have come and gone. Mr. Vijay Mallya, the Chairman, controls the company. The board of directors have not actively participated in charting the route of the company. Hence, pilot of the company is responsible for the downward spiral of KFA.  As the banks and government refuse to give a life jacket to KFA, the probability of safe landing is low.

References: 

1. Kingfisher Airlines - Media statement 12 March 2012
2. Kingfisher Airlines – 31 March 2011 Annual Report
3. Kingfisher Airlines – 31 December 2011 Unaudited results
4. Kingfisher Airlines – Commentary on results for half year ending 30 September 2008
5. Losing Color – Business Today article.

Program Change Management Risks

Organizations invest huge amounts in running numerous programs to improve operations, culture and profitability of the company. For instance, programs cover technology implementation, building social networks, improving employee engagement and corporate social responsibility initiatives. Some programs give good return on investment while others dwindle without much success.  The success and failure of a program appreciably depends on effective change management.

Even for information technology programs, various survey reports show success-failure ratio as 50-50 percentage. Failure results in cost overruns and delay in project schedule besides low employee morale. A few reports indicate just around 20% of the programs are successful in the first effort in all respects. The differentiating factor, with technology and implementation capability being the same, is change management skills. Lack of focus on change management risks results in program failure.

Before discussing some key aspects of program change management risks, let us understand the reason for the same. Change causes insecurities to surface, hence sows the seeds of conflict and discord. On start of a program, people do not understand the reason for change. They are unable to assess what is at stake and what success looks like. Moreover, people respond differently to change. Idea of change gets supporting, skeptical and scornful reactions. If not handled carefully, different groups within the organization prepare battle plans to sabotage the program.

Hence, change management strategy is an essential component of program implementation. Given below are some of the risks on the same.

1.   Senior Management Involvement

For approval of the program, the program manager shakes hands with all the senior managers to get their buy-in.  Managers assume that the senior management commitment will continue after approval. However, this is rarely the case. With time, commitment will wane if senior managers do not understand the direction of the program and/ or start giving priority to other programs. Hence, program managers need to monthly/ fortnightly update the senior managers through review meetings and reports on the status and plans of the program.

Additionally, users and employees need to see senior managers demonstrate commitment to the program i.e. walk the talk. Program managers need to leverage opportunities to show senior management support for the program. Develop a leadership plan to ensure senior managers become champions of the program.

2.   User/ Employee Adoption

The program managers gear most of the programs activities towards adoption by the users. For example, in building a risk culture, adoption of risk assessment template is a milestone. The point is change agents view program activities in isolation for pre-go-live stage without considering the overall impact on the organization. Programs influence strategy, process, technology, and people. Without synchronizing the four aspects, even with user acceptance, the program will be unsuccessful in the long run.

Second aspect to consider is the handholding and support after the go live stage. After implementation of a program, the users may still face some challenges or new problems and risks may arise. For continued success of the program a team is required to support it, else it will fizzle out.

3.    Multiple Communication Channels

A program requires a good communication plan and failure in communication jeopardizes the program. Communication messages must be clear, straightforward and from the heart. The corporate jargon and meaningless mantras does not get buy in from senior management or users. For example, do not have a mission statement for an ethics program that sounds like this:

“The company’s mission is to be the most ethical organization in the world by adopting best practices, making it a great place to work and rewarding meritocracy”

Employees will roll their eyes on the above statement and consider it as management hyperbole. There is nothing actionable or measurable in the statement. Neither are the steps linked to ethics.

Another risk is failure of communication from senior management. Program managers assume that employees understand senior management commitment from strategy and other generic documents. However, adopters need to hear from senior management, their views and aspirations regularly.

Moreover, when programs run into problems, the initial reaction is to hide the bad news from the adopters. Clear concise communication on challenges being faced by program managers and support required, gets the program back on track. Communicate more often when program is running into trouble.

More importantly, change agents sometimes fail to listen to the adopters. Adopters’ feedback is critical for the success of the program. Understand their angry reactions, criticism and challenges. Develop plans to address them and not ignore them.

 4.    Training Plans

 Standard training material is the bane of most programs. Change agents believe that once the training is imparted, their job is done. Some pieces are overlooked in training plans and I have mentioned these before in a post. These are:

• People have different learning patterns.
• People are at different stages of learning – beginner, learner, manager, and expert.
• People do not remember the training for long unless they start using the information in practical work.
• Old habits are hard to break; hence, people revert to old patterns of working if not monitored.

Last but the not least, is the content of the training. For example, fraud awareness training is a double-edged sword. The users, who didn’t know a word about fraud, now have some idea on how frauds are conducted. The information can be misused. Moreover, an overload of information may create panic reactions in users. Hence, when to deliver training and what information to give are critical decisions for successful program implementation.

 5.     Reward & Recognition System

For a program to be successful, set up a clear system about reward and accountability for the adopters. Failure to establish a system will result in rewarding mediocrity rather than meritocracy. Further, without implementing a penalty criterion, there is no downside for wrongdoing. Hence, maintain a balance between reward and punishment.

For instance, in an ethics program, build a system of bonus points at time of appraisal for meeting business objectives in an ethical way. If a manager had the option of choosing an unethical means to achieve an objective faster but selected an ethical way though had to work harder, award him/her bonus points. On the other hand, award penalty points to a manager who chose unethical means.

6.    Dealing with Failure

Sometimes, despite best efforts the program team stares at the face of failure. People adopt inflexible approach and refuse to acknowledge the logical benefits of the program. They foresee their personal and political agendas negatively impacted, hence refuse to contribute to the shared purpose of the organization. The situation reminds me of an old joke.

A man bought a parrot as a pet. To his dismay, the parrot had a bad attitude and spoke foul language. The man tried to teach the parrot to behave but the parrot refused to change. One day in a fit of anger the man put the parrot in the freezer. He heard the parrot screaming and abusing for a couple of minutes, then there was silence. The man opened the door of the freezer, the parrot trotted out and said – “I beg your forgiveness for speaking rudely. I promise to behave properly.” The man was amazed at the transformation. Then the parrot said – “May I ask, what did the chicken do?”

To avert sudden failure periodically conduct organization surveys to understand the acceptability of the program and organization readiness for the next stage. Measure the behavior and sentiment change due to the program. Do not rush to the next stage without ensuring that adopters connect with the program in the existing stage.

 7.    Awareness of Retaliation

Situations can get out of hand when people start retaliating against the program manager and his/her team. Some programs are launched for appearances sake. For example, senior management may approve a program for business ethics, diversity or employee participation. However, when the change agents sincerely attempt to run the program to bring about a cultural change in the organization, they get mobbed by the employees. In this case, the junior employees start complaining that the change agents are pressurizing, bullying and forcing them to change. This impacts the heart of the program and the change agents spend most of the time defending their actions. The senior management doesn’t really want change, hence looks the other way or gives tacit approval to derail the program and mob the change agents.

In such cases, the change agents have to pay a high price, but the seeds of change are sown. People recognize that there is a better way of doing things, and gradually move towards light.

Closing Thoughts

 Change is difficult. We ourselves find it difficult to change, so getting others to change is an obstacle race. As Mahatma Gandhi said on leading the non-violent Indian independence movement – “First they ignore you, then they laugh at you, then they fight you and then you win.” Being a change agent is a test of stamina, perseverance, discipline and sacrifice. There are no low hanging fruits to pluck, no short-term rewards, no personal glory, however, in the end organization benefits.

 

Innovative Assurance and Advisory Services

The business teams mental picture of an auditor is of a guy focused on nitpicking financial accounts. The excessive focus from regulators on internal controls in finance processes has stereotyped auditors. However, in these dynamic economic conditions senior management expects internal auditors to break out of this image and become business partners. The question is – how can they do so? Let me share with you my story first.

My journey as an internal auditor changed in mid-nineties when I was an audit manager in an auditing firm. One day, I had a meeting with the client’s CAE to discuss the scope of work for the year. The client had in-house internal audit team and outsourced some areas of work. The CAE had mostly worked in UK and US, so was highly exposed to the international environment in comparison to the regular Indian CAEs at that time.

On starting the meeting, the CAE said – “Sonia, I think for the first quarter I would like you to cover marketing and customer service department.” I swallowed and nodded agreement.

He then continued – “Next quarter you can cover production”. I squeaked – “Production?” He replied – “Yes, shop floor audit would be interesting.” I tried to keep my expression under control and not show my shock, and again nodded in agreement.

He further added -”Last two quarters of the year, you can cover purchase department and inventory function”. I knew something about these two areas, so I tried to breathe. As the meeting closed, I started thinking how I am going to execute this scope of work. You see, there was a small hitch. I generally did service industry audit and this client manufactured cranes and forklifts. What does one audit in marketing of cranes? How are cranes produced? I was absolutely clueless.

As I drove back I wondered whether my boss had intentionally skipped the meeting. He knew if he had accepted this scope of work, I would have had reasons to crib. Now as I had accepted the scope of work, I couldn’t crib. If I did, he would say – “Sonia, you should have negotiated better.” So I took a small diversion and stop, before reaching my office. My boss was eagerly waiting and from his expression I knew he had already spoken to the CAE. It was a setup! I presented him the scope of work letter, my bookstore bill and the five books I had purchased on marketing function on the way back. He smiled gleefully.

I knew I was in trouble. In those days there was no internet and google in India. I tried to figure out how I  could convince my team that I knew more about marketing cranes than spell it.

Later on I realized that these assignments were the turning points in my career. They shook me out of my comfort zone and taught me a lot. While I could earlier rattle off the financial numbers of my clients, I really didn’t understand their business. What did they do? How did they make money? What challenges do they face in the market place? Without understanding the business, one could hardly do any value add.

So the relevant question is how can auditors become business consultants? Primarily internal auditors are driven in scoping their work according to materiality in financial statements. If we change the focus from financial to business, the scope of work automatically changes. I am sharing with you some of my ideas.

Of course as you read some of the suggestions the question will come up, does it fit into the third line of defense (internal audit), second line of defense (risk management) or the first line of defense (business teams). My view is that first an organization should decide, is this what they require? If yes, then they need to find an appropriate fit in their structure. Though some of these services do not fit the traditional sense of audit, they add a lot of business value. Moreover, the skill set required to perform these services is the same as an auditor or risk manager. The mindset has to be different.

The argument against it is that these are management responsibilities as some of these either appear to be focused on preventive or detective controls, and moreover do not focus on financial processes. The question to ask is – is management fulfilling these responsibilities in other functions? Additionally, if business risks and controls are not addressed, doesn’t it impact financial processes and income? Maybe, senior management needs to come out of the SOX mindset and think differently. Read on and share your views with me.

1.  Job Work Review

I am sure you must be wondering here – what is she referring to? As a corporate citizen you must have heard of management saying that with so many resources the work is still not done. On the other hand employees lament that they are over worked due to insufficient bandwidth. One wonders, are they talking about the same organization? Let me explain in detail as to what we can focus on here.

I had a banking client where the management and employees were in this tussle. Since it was an Indian nationalized bank, the tussle was fast becoming a labor union issue. Management appointed our company to identify the real work issues at a sample branch to resolve the problems. The branch had 50 odd employees and as a first step we asked them to fill a detailed form listing out their activities on a daily, weekly and monthly basis along with the time. We also gave time sheets for the bank employees to fill for a fortnight to record actual work done with time spent.

Meanwhile we analysed job descriptions, processes, MIS and business applications to assess the real activities performed by various departments within the branch. Finally, we conducted interviews with the employees to discuss our observations relating to their job roles and work done. We were able to identify duplicate work done, opportunities for minimizing manual work by using technology, improving processes, reducing time spent on non-value add work, restructuring department functioning and changing job roles. This improved the efficiency of the branch operations besides resolving the management problems.

In another similar assignment for a law office, we analysed billable and non-billable time spent by attorneys. By transferring the non-billable activities to other job roles, the attorneys were able to increase their billable time, hence directly improve revenues.

Point is, all managers are told to prioritize work. Ever wondered, what percentage of managers to do it successfully. Additionally, what is the impact on revenues because of failure to do so? Isn’t it worth checking out. Shouldn’t organizations focus on employee risks? Employee risks are turning big and are mostly un-addressed.

2. Build Risk Assessment Tools

The business teams are primarily responsible for managing risks, however are not trained on risk management. The internal auditors and risk managers have vast knowledge of business risks. Then isn’t it worthwhile to bridge this gap. Here I will give you an example of what we did for a software development company.

The program managers were running million dollar software projects. As you know, the project risks impact cost, quality and time of the project. The software development teams focus more of running the project than doing project risk management. Hence, we developed an excel tool for them. The spreadsheet contained over 600 risks on various stages of a software development project. The project manager just had to assess whether a risk was applicable to the project and select a listed risk mitigation plan. S/he had to input the name of the person responsible for managing the risk and time schedule. In rare cases only, project teams identified a new risk, that we incorporated in the next version of the tool. An activity which took the project teams days of discussion could be completed within a day and project manager could review the risk status within an hour on a weekly basis. An overall organization count was available on risks occurrence, success/ failure of mitigation plans and risk losses.

Empowering the business teams with appropriate tools to conduct risk management is far more beneficial than a post facto audit. A reduction in risk loss directly improves profitability.

3.  Process Design Review

Internal audit and risk management functions generally are not involved in the process review at the designing and re-engineering stage. They audit the process after it is functioning and then identify control gaps and give recommendations for improvement. Doesn’t this sound like attempting to catch an elephant by its tail. I will share with you my ideas on this area.

When an organization is establishing its back offices, usually the processes are migrated with the same controls as were existing before. However, the risks and control requirement change considerably on process migration. If an auditor reviews the process and standard operating procedures at the process migration stage, not only business risks will be addressed it will save a lot of time in doing a subsequent audit. Additionally, management will be able to identify whether the process is high, medium or low risk and budget risk loss accordingly in the cost-benefit model.

The same applies when management is re-engineering processes according to six-sigma or lean or any other model. Sometimes on re-engineering processes, the existing control steps are removed to reduce work time and improve efficiency. However, no other compensating controls are put. This increases the risk of the process without management’s knowledge.

Reviewing processes proactively for controls and risks reduces probability of subsequent damage due to control failure. It significantly mitigates fraud risk also. Moreover, it reduces the audit time significantly.

4. Software Implementation Review

Again I see here that auditors review application controls at the time of SOX or financial audit. An assurance  needs to be given on the technology controls. However, the cost of changing an application program after implementation is 3-4 times the cost at the time of development. Hence, doesn’t it make sense to review the software program at the time of implementation, whether it is an ERP or customized application.

To demonstrate the value of the work, I am narrating my experience of doing an assignment for a government tax department in India. The department was implementing technology for the first time to improve tax collection. According to its estimates because of the manual systems and delay in collecting information, it was losing revenue in millions due to tax evasion. They had appointed a hardware vendor and software vendor, and then my organization for auditing. We worked with the department to review the technology implementation strategy, user and functional specifications for controls, network diagram for information security and conducted application controls testing. This saved the department from various problems that would have occurred after implementation.

Proactively addressing technology controls saves the organization subsequent cost of changing them and mitigates the risks occurring from control lapses. Conducting an ongoing review of implementation of critical business applications is beneficial.

 5. Policy Decisions Review

Now this is something that most auditors and risk managers do not go near as policy making is management responsibility. However, I am going to narrate an incident here, and let you decide whether it makes sense to re-look the policies.

I was conducting a financial statements audit of a consumer goods trading company. While checking the discounts given on a product, I realized that the total discount given was eroding the profit margin. The company had various discount categories, for instance – special discounts, festival discounts, dealer discounts etc.. However, it was not calculating the total of these discounts for each product. Hence, didn’t realize that though the sales were increasing the discount policies were faulty and eating away the profit margin. I did a marginal costing analysis, and assessed that if they continued with this policy the company will lose its “going concern” status in three years. Management was horrified on seeing my report and realizing that various discount policies cumulatively could have such an impact.

Look at it from another angle. If you see the banking sub-prime crises, maybe a review of the policies to give loans to financially weak or unstable income borrowers would have reduced the risk. If the banks had just disbursed loans to this category to a small percentage of the total retail lending, this situation may not have occurred. Conducting an audit after loan disbursement and commenting on the quality of loans hardly helps.

My suggestion here is that when policies are issued, they need to be reviewed for financial and risk impact. Issuing single policies doesn’t sound like a big deal, however when sum total impact of a group of policies in a specific area is analysed, the picture is quite different.

6. Fraud Risk Assessment

In a speech given by Governor, Reserve Bank of India to Institute of Chartered Accountants of India in December 2011, he said – “The profession has shied away from the responsibility for prevention and early detection of fraud.” This is a valid allegation, although fraud risk is increasing at a tremendous rate, most organizations lack focus. Banks have fraud risk functions, however they are more focused on investigations. The thrust on fraud prevention can be improved.

Let me give you an example here. In India either banks are shifting back office operations or outsourcing it to vendors. Now these back offices have multiple processes, mostly run by people who are service delivery experts. The teams sometimes lack banking industry knowledge and are clueless on fraud risks of the process. At the time of process migration, training is provided to detect transaction level fraud. However, if you ask the process owners whether the processes they are running are – high, medium or low fraud risk, they will be unable to answer that.

I had once with my team developed a fraud risk assessment tool for banking back office operations. A weight was given to each data item that could result in fraud. For example, an employee having access to customer information can conduct account takeover fraud in a call center. The information normally required is name of the customer, account number, address, date of birth and debit/credit card number. If this data is available, the probability of fraud increases. Hence, the tool captured the data availability for each process and calculated the level of fraud risk for the process. Management and process owners knew the high fraud risk processes and could allocate more resources to fraud prevention to these processes. Incorporating controls in these processes reduced the overall fraud risk of the organization.

As mentioned in an earlier post, Kroll Fraud Report of 2011 states that globally organizations reported on an average 2.1% of earnings loss due to fraud and nearly 1/5 of the organizations had 4% earnings loss. In case of senior management involvement, for instance – Satyam, Enron, WorldCom, – organizations are nearly wiped out. Fraud risk additionally impacts financial, reputation and legal risks. Hence, organizations definitely need to focus on it.

 7. Review of Management Programs

Management initiates various programs, namely for – innovation, research, quality improvement, leadership development, etc. There is a lot of time and money spent on these programs as these enable the organizations to gain a competitive advantage. Risk managers talk about competitive advantage risks, however these programs do not come under the review radar of either internal auditors or risk managers. They check that the cost of programs is booked correctly, and are unconcerned about the success of the program and/or reasons for failure. Reason being, no obvious risk is seen.

My view is that if a program is developed to gain competitive advantage, then obviously its failure results in increasing competitive disadvantage. That increases business risks. These risks might not be immediately quantifiable, but have long-term impact. However, the reasons for program failure are not obvious and results in sunk costs for the program.

For instance, in a company I had run an organization survey to get feedback on implementation of a quality framework. Normally, negative feedback identifies the following problems – lack of senior management support, insufficient training, lack of implementation support, no hand-holding done in first project etc. In the feedback given, the respondents stated that these issues were addressed well and they had no complaints on these fronts. However, they were not motivated to use the framework because their was no reward or recognition system in place for doing well in this area. After implementing an employee bonus scheme for adopting the framework and using it well, participants commitment levels for the program improved.

As I had mentioned in an earlier post “Creativity@Risk“, organizations innovation programs may not be effective because creativity is not valued. I had given steps to audit creativity levels in the organization. Think of it, if innovation and research is failing, don’t the competitive advantage risks increase. How are organizations calculating and addressing these risks?

8. Brand Building Programs Review

Organizations are investing heavily in building brand names to gain competitive advantage and customer loyalty. They run advertising, social media and corporate social responsibility programs geared towards it. However, some are succeeding in their efforts, while others are reaching nowhere, specially Indian companies. For example, the global Brand Keys Customer Loyalty Leader report of 2011 in the top 100 brand names doesn’t even mention one Indian company. Hence, the question is where are all the advertising and brand building budgets going?

A review of the effectiveness of these programs helps to build better customer relationships. For example, some banks to get Gen Y customers have launched games on their website. If a customer logs in and does some transaction or activity on the website, s/he gathers points. After accumulating certain number of points, the customer is given a small gift. It is targeted towards building customer retention and loyalty. The cost of the program is low, impact is high.

Another aspect now facing organizations is social media risks. Any negative information that goes viral can damage the company reputation. Hence, the probability of reputation risks has increased. To ensure that these are properly mitigated and the programs are effective, these programs can be periodically reviewed.

9. Strategy Review

In an earlier post I had mentioned a point from a McKinsey report. It states that just 8% of the respondents said that their organizations review strategies on an ongoing basis. In 42% cases, the organizations were not conducting annual reviews of strategy. Now without reviewing the strategy, how do organizations really know where they are heading.

In another recent report of Economist Intelligence Unit  titled “The Long View” the key observation was that – “The time horizons for strategy and risk are often misaligned. Some companies are making longterm strategic plans without a proper consideration of the associated risks.” The main reason is that risk management is considered an operational activity rather than a strategic function. This is highlighted by the fact that just 24% organizations think that risk analysis is vital for strategy development.

To illustrate the need for strategy review, I am narrating an incident. I was pitching for work to a CEO. He handed me his strategy documents for building 100 collection centers. I analysed the numbers, and realized that though the revenue numbers and assumptions were correct, the costing was not so. I visited a few collection centers, developed an operational plan and costing analysis and submitted the revised numbers. When the CEO saw the numbers, he asked me for my recommendation. I said in a straight forward manner – “If I was in your position I wouldn’t implement this project. Though revenue numbers are good, the break even point is at 75%. There are no quick earnings and failure probability is high.” The CEO agreed to my observation and project was not undertaken.

As I persistently continue to make this point, strategy review is essential for success. A lot of funds are wasted on wrong strategies. Start with focusing on the strategy formation process and reviewing business strategies to move up the value chain.

10. Business Continuity Plan Review

Most organization dependent on information technology have disaster recovery plans and/or IT recovery strategies. Few have developed and implemented full-fledged business continuity plans envisaging various  natural and man-made disasters. Although, with the increasing frequencies of floods, earthquakes, hurricanes and terrorist attacks this would be an obvious move. Last year the earthquake in Japan and floods in Thailand caused problems for companies worldwide whose vendors were located in these countries. The supply chain broke down.

Conducting a business impact analysis requires breaking each activity in the business process as critical, necessary and optional in case of a disaster. These activities might be required in normal business functioning but not in a disaster scenario. For example, for a bank having credit card operations running 24/7 is critical, however a loan application approval process can be delayed without a big problem for a couple of days. A solution is required for all critical activities. For instance, in 9/11 attacks in US, the Amex center in Delhi acted as the back up center for US offices. It was one of the few companies whose customers didn’t feel any impact on customer service due to the incident. Hence, ensuring that all critical activities have a backup facility with trained resources operable in a short time span is critical for business continuity.

A review of the plan and testing documents ensures that there are no gaps and all possible disaster scenarios are covered. A periodical review is required as sometimes processes and business change, while the business continuity plan is not updated.

Closing Thoughts

To provide value add to business, auditors and risk managers need to focus on these services. Big 4 earn most of their revenues providing these services to clients as few companies have developed in-house capability.  Though some organizations have shown progressive thinking and renamed internal audit departments as business assurance and advisory function. One arm of the department focuses on regulatory requirements of internal audit and the other arm focuses on providing assurance and advisory services to various stakeholders within the enterprise. The cost of setting up the function is low, the rewards are high.  Senior managers just have to re-imagine audit and risk management functions. It will be worthwhile.

References:

1. The long view - Getting new perspective on strategic risk by Economist Intelligence Unit
2. Brand Keys Customer Loyalty Leaders 2011
3. Challenges to the Accounting Profession Some Reflections – Speech of  Dr. Duvvuri Subbarao, Governor of Reserve Bank of India on 16 December

Comments on COSO revised Internal Control – Integrated Framework

COSO released the draft exposure of “Internal Controls – Integrated Framework” in December 2011 for public comments. The new framework still focuses on the five components of control described in the previous 1992 framework. The major change in the new framework is the explicit description of 17 principles. These describe the fundamental concepts related to the five controls.

The good aspect of the revised framework is that it has incorporated changes in business environment due to globalization, technology and governance regulations. It is more detailed than the original, hence gives a better understanding on a broad level. However, I still felt that some of my pet peeves with the previous framework remain unaddressed. Secondly, there are a couple of concerns regarding the practical application of the principles. I am covering some of my concerns below. Share your opinion with me, whether you agree or disagree and what changes would you suggest?

1. Definition of Internal Control

This is an old grouse, I am not in complete agreement with Internal Control definition given by COSO. In the current version I was hoping some changes would be made, but the definition remains the same. COSO defines internal control as

“Internal control is a process, effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following areas:

• effectiveness and efficiency of operations
• reliability of reporting
• compliance with various laws and regulations“

My concern is about the first bullet “effectiveness and efficiency of operations”. Before I give my view, let me further share the COSO definition of operations objectives.

“Operations Objectives – These pertain to effectiveness and efficiency  of the entity’s operations, including operational and financial performance goals and safeguarding assets against loss.“

This according to me excludes the major portion of management issues. In an organization, the flow in linear form is as follows:

Top Management > Strategy > Culture (People) > Finance > Process > Technology.

Most business failures and large-scale frauds occurred – Enron, Swiss Air, Olympus, Satyam – due to failure of top management, incorrect strategies or deviant/ aggressive cultures. In rare cases only, a major fraud occurred solely due to process or technology failure.

Additionally the framework states in Risk Assessment section “However, identifying and assessing potential opportunities is not part of internal control.” Hence, the upside risks are excluded from the assessment. In present day organizations, processes established for strategy, innovation, research and creativity give them competitive advantage. Without these organizations cannot be said to be operating effectively as they are leaving a lot of cash on the table. Hence, isn’t it misleading to give an assurance of effectiveness and efficiency of operations based just on assessing coverage of downside risks in finance, business and technology processes. Would it be more appropriate to replace “effectiveness and efficiency of operations”  with “adherence to established operation processes”?

2. Impact of Organization Culture

The COSO framework mentions the focus on internal control culture under “control environment.” It states:

“Control environment is sometimes seen as synonymous to internal control culture, in that  elements that make one strong, such as integrity and ethical values, oversight, accountability,  and performance evaluation, make the other strong as well.”

My concern is that internal control culture cannot be considered in isolation of organization culture. Aggressive, passive-aggressive, consultative, etc. organization cultures have an impact on internal control environment. For example, in a deviant organization culture management override is significant. Hence, an internal auditor or a risk manager cannot assess the risks without understanding the overall organization behavior and attitudes.

Therefore, in my view, the framework should cover on a broad level the types of organization culture, the risks associated with it and the methods to assess it. Though, this may come under organization behavioral psychology, a high-level understanding is required to conduct a proper assessment of internal control environment.

3. Strategic Risks

The COSO framework is focused on risks that threaten operations and regulatory requirements. It does not cover strategic risks unlike the ERM framework. Moreover, it does not even cover the process of strategy formation. As I had mentioned in earlier posts on strategic risks, strategies frequently fail due to the organization having inadequate strategy formation processes.

The issue becomes debatable more so, considering the following statements given in the framework

“Objectives - how management will create, preserve and realize value for its stakeholders”

“Setting objectives is a key part of management and a perquisite to strategic planning“

“Operations objectives relate to achievement of entity’s basic mission – the fundamental reason for its existence”

A good strategy basically protects the capital and generates earnings. Hence, evaluating internal controls on strategic planning process is critical to ensure management is maximizing value for its stakeholders. The fundamental question to ask is – without a strategy, can management do so?

The framework further mentions -

“Internal control cannot prevent bad decisions or judgments being made. It can only ensure management is aware of the direction entity is following.”

Hence, to me this sounds more like an assurance being given that “nothing is majorly wrong” instead of “everything is working properly”. To highlight my concern, let me give an example of Infosys. The company has recently entered into an agreement with an Australian company Portland Group Pty to acquire it for Rs 180 crore (USD 34 million ). However, investors have complained previously that Infosys management is extremely conservative on acquisition and mergers as it has cash reserves of Rs 18,601 crore (USD 3509 million ) as on 30 Sep 2011. In this scenario, can one say that Infosys is efficiently using its cash resources and maximizing shareholder value? May be a broader outlook is required for business management.

4. Miscellaneous

Some other aspects that I felt the framework needs to focus on are:

1. Linkages and relationship with Internal Control and Enterprise Risk Management Framework

2. Linkages and relationship with the technology controls mentioned in COSO framework with COBIT framework.

3.  Though now there is some coverage on calculating benefits of internal control and conducting a cost-benefit analysis, more details on benefits would be useful.

4. A chapter on the process to be followed for designing and implementing internal controls would be helpful. Presently, the major focus is on evaluating and assessing internal controls.

5. Principle 4 of control environment – Demonstrates commitment to competence, may be difficult to evaluate for an internal auditor. Can an internal auditor really evaluate competence of senior managers and be taken seriously when CAE’s don’t even get a seat on the board? Hence, though it sounds good on paper, it may not be practical.

Closing thoughts

The framework is a step in the right direction and definitely an improvement over the previous one as it addresses the existing business environment risks. However, as the revision has come in after twenty years one would expect to be more progressive by projecting the trends in the business environment, and guiding on internal controls issues envisaged in future. My question is – do you think with the changing business environment this framework will be relevant five years down the line?

References: 

1. Internal Controls - Integrated Framework
2. Infosys News

Risks in Budgeting and Forecasting Process

When I go shopping more often than not I blow my budget. You see, in the shopping mall my requirements far exceed the forecast. My three finance qualifications come to naught in this simple expenditure planning. So I understand why budgets of organizations go wrong. But the risks associated with an organization’s inaccurate budgeting and forecasting process are far higher.

For instance, the CAG report on Air India states that airplanes were purchased based on an estimated huge market growth and share. The government airlines is now nearly bankrupt. More recent is the case of Kingfisher Airlines. The company is facing a huge liquidity crunch and may go bust if banks do not bail it out. Though I haven’t analyzed the financial statements, the question does come up – didn’t they see this coming? What kind of cash flow forecasting was the finance team doing? The airlines grew quite fast, where there any checks kept on expenditure and how was it linked back to revenues?

These are basic questions, and show the impact on the organization when proper techniques are not used for budgeting and forecasting. In the next quarter, Indian organizations will commence their budgeting process for the financial year 2011-2012. I thought it is a good time to study the best practices of budgeting and forecasting, and share with you my understanding of the risks associated with it. I delved into the SAP CFO forum research papers and here are some interesting points.

1. Business Drivers for Budgeting and Forecasting

According to Aberdeen and SAP report the top three drivers for budgeting and forecasting in 2011 were to help organizations deal with market volatility, aligning strategy and doing cost control. As these three have been major drivers for the past three years, one can safely assume considering the global economy that in 2012 also, these three will prevail.

 Moreover, Indian economy year-end scenario is turning bleak. As per recent reports GDP is expected to show just around 7.25-7.75% growth in 2011, instead of the initial 9% growth forecast. Sensex has fallen one fifth in the year and presently India is among the worst performing stock markets in the world. Organizations have cut down on capital expenditure to maintain profitability. Hence, in the coming financial year, Indian organizations will face all the five pressures mentioned in the graph above. Therefore, it has become more critical to do accurate budgeting and forecasting.

2.   Risk Adjusted Forecasting

In another SAP white paper titled “Increasing Competitiveness through Closed Loop Performance Management” I came across an interesting point. It emphasized on implementing integrated financial performance management processes that “comprise strategy planning, budgeting and operational planning, forecasting, management reporting, profitability and cost management, and risk management.” It further added that in most organizations the “various performance management systems remain disconnected specially risk management.”

Now the question that begs an answer is – are risk managers having a look at the budgeting process to ensure all management systems are linked together? Secondly, are they reviewing the budgets, facilitating the business teams in identifying risks and adjusting the budgets accordingly?

In my view if risk managers are taking a hands off approach during the budgeting process, then they are doing the organization a major disfavor. They should proactively participate in the process, identify the problem areas and discrepancies, highlight the risks and inaccuracies, and facilitate management in preparing flexible budgets.

The benefits of this approach can be seen in the Infosys case. The company was recently in the news for asking its employees to sacrifice two Saturdays in this quarter to meet the budgets. Though I have different views on the action taken by Infosys to call employees on weekends, it does show that they are proactive in managing their forecasts. The management assessed the risk of failure of forecast and took action. Hence, there is a lesson to be learned here for all organizations. Organizations should build in internal and external events triggers for internal and external  events to adjust forecasts timely.

3. Flexible Forecasting

A new report of SAP with CFO Research Services highlights the risks of having fixed budgets based on historical data. It states that due to the changing business environment forecast numbers are “continually measured against real-world results and recalibrated to meet new threats and take hold of new opportunities as they arise. “ Further on it adds that “The time-honored tradition of beating the budget by surpassing revenue targets is no longer a reason for celebration; it’s one sign that the budgeting process took so long that the assumptions underlying it grew stale.”

The CFOs interviewed in the report state that building flexibility into planning assumptions and processes is of paramount importance. With Mobiles and Tablets, realtime information on sales, expenses etc. is available. Hence, now forecasts require regular examination of the underlying assumptions. The market dynamics ensure that one has to go back to the drawing board periodically to study the movement and re-strategize. Annual fixed budgets are becoming a thing of the past and CFOs are in favor of rolling budgets.

In light of this aspect, the points I mentioned in my earlier post that risk managers need to actively participate in strategic risk management holds true. In this scenario, risk managers must review the budgets assumptions and risks on a monthly/ quarterly basis to ensure smooth sailing. A once in a year periodic review doesn’t hold much water. They must make sure that organization’s strategy, operations plans, and budgets are continuously aligned.

Closing Thoughts

Budgets are no longer just the domain of finance department. In the present environment budgets must be developed with a combination of top down and bottoms up approach. While the strategy is developed at senior management level, the execution plans are developed down the lines. They have the real information on market dynamics, numbers and risks. The views of various departments -sales, human resources, purchases etc. need to be incorporated to form realistic assumptions and understand associated risks. Hence, risk managers have a significant role to play in this process.

Share your opinion here. Do you think Indian organizations have robust budgeting and forecasting processes?

References:

1. Economy in Distress as Factory Output Slumps : Economic Times 13 Dec 2011
2. Financial Planning, Budgeting & Forecasting in the New Economy : Aberdeen Group with SAP
3. Increasing Competitiveness through Closed Loop Performance Management – SAP
4. Accelerating the Speed of Intelligence for Fast and Flexible Forecasting – SAP with CFO Research Services

You can find the reports at http://www.sapcfo.com/

This article was published in The Business Enterprise Magazine January 2012 issue.

Fraud Symptom 8- Breaches of Internal Controls

The Enron case highlighted that inadequate internal controls cause huge damage to the organization. Subsequently, the Sarbanes Oxley Act section 404 focused on making it mandatory for organizations to implement good internal controls. However, don’t view internal controls in isolation of the organization culture. As I had mentioned before that internal controls of an organization are as good as the culture. The probability of breach of internal controls is higher in negative cultures. (Read Impact of Organization Culture on Internal Controls). Though, in this post I am totally focusing on internal controls without linking to the organization culture.

While the organization expanded and grew, the focus on internal controls reduced. When we consider the bigger fraud cases, Enron, WorldCom, Barings etc., the organizations management committed one or a combination of the following mistakes.

a) Management stopped old control systems without introducing new control systems.

b) In some cases, continued to use old systems without conducting a review to assess their reliability and usability.

c) On the other hand, in some companies management relied on new systems without assessing their accuracy and timeliness.

d) Lastly, assigned roles and responsibilities without segregating duties and defining clear reporting lines.

In nutshell, one can say that management lacked focus on implementing internal controls. Due to these weaknesses in the internal control systems, management and auditors failed to detect frauds done by employees.  KPMG 2010 India Fraud Survey stated 75% of Indian organization experienced fraud. It further mentioned:  

“Supply chain fraud (procurement, distribution and revenue leakage) is the single most exposed area. Weak internal control systems, eroding ethical values and a reluctance on the part of the line managers to take decisive action against the perpetrators are cited as the most vital underlying reasons for frauds being on the rise.”

 So let me start with the ways lapses in internal controls in the purchasing process can result in huge fraud. The Common Wealth Games fraud depicts the methods that are used to tamper with the purchasing process. Here are some examples, which apply to organizations:

1.    Contracts awarded without ensuring reasonableness of requirements – The basic premise of issuing purchase contract is that there is a business requirement for a specific good or service. Breaches of internal controls occur when employees create unnecessary requirements to favor a certain vendor. To illustrate, in India terrorist threat is high, however there haven’t been any major incident of an office premises being targeted. Now let us say, the physical security team plays on the nerves on the senior management, since security is essential and creates many unnecessary requests for equipment. For example, request for automobile blocking ramps at gates, which may not be used in any other offices. Now each installation is in lacks and the physical security team gets kickbacks from the vendor for the contract.  

 Another way of circumventing the controls is to order in excess of requirement. For example, the organization needs 100 units of X product and the order is given for 200 units. Now since the business requirement is met, the excess stock will be ignored. Either the concerned employee can get the excess stock delivered outside the office for personal use or if delivered in office steal the stock later on.

2.    Contracts awarded without ensuring reasonableness of rates - Normally the bidder with the lowest rates and best quality gets the contract. Multiple vendors are invited to submitted quotes. However, the purchasing team can easily breach the internal controls by doing false paperwork. Let us say, that X vendor quoted the most reasonable price for a product. However, purchasing team has tied up with Y vendor. Hence, it just discards the documents submitted by X vendor and produces two additional set of bidding documents in which Y vendor is reflected in the best light.

 3.    Payments made without receiving goods and services – The purchase contract terms state the payment terms. Advance payments amount to 10-20% of the total purchase price. The payments team in the finance section can contravene this control by making advance payments for 70-80% of the contract without receiving any goods or services. This affects cash flows and the company loses interest income. The other risk is that if subsequently if the vendor gives sub-standard goods or services, the company does not many tactics for negotiating fair terms with the vendors.

4.    Contracts terminated on flimsy grounds – Most organizations invest significantly in vendor relationships since good relationships result in lower costs and better quality. However, to meet personal agendas employees can get the contracts terminated on flimsy grounds.  To illustrate, let us say the physical security team evaluates the security contract for the premises, inclusive of guarding services. Now, if the same security vendor provides services in all office locations of the organization, the cost will be lower since the vendor has economies of scale. However, the physical security team approves contracts of different vendors for different locations and terminates the contract on a yearly basis without renewing the same. The reason behind it is that the physical security team gets a kickback for every fresh contract.

 5.    Fake purchase contracts issued – In the worst-case scenario, employees can issue fake purchase contracts to vendors for meeting personal expenses. For example, let us say a physical security team has an XXX amount of budget for securing the organization. On the face of it, the team issues the contract to a guarding agency to protect an office premises. However, in reality the contract is given to spy on other employees for harassing them. In such cases, the organization suffers huge costs, as it is difficult to identify the true purpose of the contracts.

Recommendations

There are some key lessons to learn for senior management from these corporate disasters.

a)    Firstly, review process controls on acquisition of a new company, business or process. Conduct an independent review of controls to assess the vulnerability.

b)    Secondly, create new job descriptions with clear lines of responsibility and accountability. Remember that segregation of duties is essential for effective control. If employees are in the same positions for a longtime, rotate them to ensure they don’t get too comfortable in their positions.

c)    Monitor results through key performance indicators, exception reports and budget variances.

d)    Appoint independent external auditors (big four or other reputed concern) to evaluate the controls.

e)    In case of purchase contracts, audit the suppliers to see determine their authenticity of the contracts

f)     Conduct interviews with employees, consultants, contractors and subcontractors to assess whether kickbacks are being paid or received while entering into contracts.

 

References:

KPMG India Fraud Survey Report 2010

To read more of the Fraud Symptoms series, click here.

Reducing Recruitment Costs

I checked out Seth’s Blog global Alexa traffic analysis and it states – “Visitors to the site spend approximately two minutes per visit to the site and 84 seconds per page view.” I checked out my blog’s analysis and it states- “Visitors to the site spend roughly two minutes per visit to the site and two minutes per page view.” My readers spend more time per site visit (2 minutes) than Seth Godin’s (84 seconds) do. Yippee!Obviously I am ignoring the traffic ranking, as there is a few hundred thousand difference.  Now you must be wondering how this data relates to reducing recruitment costs. Read on.

I further analyzed the ranking of Tata Consultancy Services, Infosys and Wipro Technologies; the three technology and business process outsourcing  giants of India. Now look at the table below:

Company Website	Global Rank	Audience Age	Total time on site	Time per page view
Tcs.com	12,405	Mostly under 25	6 minutes	44 seconds
Infosys.com	17,672	Mostly under 25	5 minutes	41 seconds
Wipro.com	12,706	Mostly under 25	6 minutes	46 seconds

What am I getting at? Most of the site visitors are young males looking for a job. Each site has a career section that allows candidates to register and submit their resume. Look at the table from a recruitment cost lens. If the organization focuses on career webpage, it can reduce recruitment costs.

The Business Case

Overall, recruitment costs include job advertising costs, recruitment company fees, employee referral, interview travel expenses, relocation expenses and human resource recruitment department operating costs.

Let me take the example of IT and BPO sector recruitment costs. According to the NASSCOM Strategic Review 20011 report, the IT and BPO sector will employ 2.5 million employees in 2011. In comparison to 2010, the total employee strength will increase by 240,000 employees. Secondly, the attrition rate is ranging from 20-40% in the sector. This means that approximately one-third of the employees will change jobs. Back of the envelope calculations show that BPO and IT sector organizations will hire roughly one million employees in 2011.

Most of the demand is for employees with 1-3 years of experience. Their monthly salary ranges between Rs. 20,000 – Rs. 50,000 and the recruitment companies’ fees range between 1-2 months of employee monthly salary costs.

Hence, if I take 10% of annual salary cost to company as recruitment fee and Rs 300,000 as annual salary, nearly Rs. 30 billion will be spent on recruitment fee alone by the sector. Definitely, a line item worth looking at for reducing organization recruitment costs. Especially in case of BPO and IT sector as the profit margins are decreasing with the recession in US and Europe economy.

The Solution

Simply put the organizations need to drive traffic to their websites to ensure prospective candidates submit their resumes on the website. Any percentage increase of hire through website will decrease agency recruitment fee costs.

As in the case of BPO and IT sector the audience age is less than 25. The Gen Y is technologically savvy and looks for the same in websites. Hence, some of things that organizations can look into are:

> Post a video message from CEO or other CXOs explaining the vision and mission of the organization.  Gen Y prefers flat structures, access to senior management and enjoys watching videos. This will increase their enthusiasm to submit their resumes.

> Aptitude tests – IT and BPO sector generally request recruitment agencies to do preliminary screening by giving candidates written aptitude tests. The tests can be web-enabled on the career page to enable candidates to complete it while submitting their resumes.

> Voice and language tests – BPO sector in call center business conducts voice and language tests. The organizations can provide a facility for prospective candidates to upload audio and video recordings for voice tests. Secondly, administer written language tests through web.

> Pre-employment background verification – Provide a facility to candidates for uploading relevant certificates required for background screening. In India, roughly 25% of the resumes are fake or inaccurate. The background screening costs are high if done after appointment. Hence, organizations can conduct a preliminary verification before interview by reviewing the scanned certificates.

> Application processing system – Organizations can provide an application  tracking mechanism to the candidates, either to update them through automated emails or showing the application status on the website.

I was amazed that technologically advanced companies that provide technology and business consulting services have not focused aggressively on developing the career page and attracting candidates through them. Maybe the technology costs are higher, though to me it does not seem so. Maybe the thinking is that putting boots on the ground will reduce the recruitment pressure on the human resource teams. In my opinion, since in BPO and IT sector the recruitment numbers and costs are high, the human resource teams should have all technological advantages to do their jobs better. What is your opinion?

References:

NASSCOM: The IT+ BPO Sector in India – A Strategic Review 2011

Creativity @ Risk

We presume with the world singing paeans of Steve Jobs, Mack Zuckerberg and Larry Page, people appreciate individuals with creative ideas. CEOs who made it big through their creative thinking are glamorized.  Hence, a perception has formed that organizations reward innovative thinkers.

This myth broke in a study conducted by Jennifer S. Mueller, Jack A. Goncalo and Dishan Kamdar. Their research paper titled – “Recognizing creative leadership: Can creative idea expression negatively relate to perceptions of leadership potential?” states, “the expression of creative ideas may diminish judgments of leadership potential unless the charismatic leadership prototype is activated in the minds of social perceivers”. This indicates that people prefer leaders who follow the status quo and provide useful solutions. People choose a creative thinker as a leader only when they asked to select a charismatic leader.

Hence, creativity is at risk unless organizations specially focus on valuing innovative thinkers as leadership potential. Business Week article reports that due to increasing complexity in business and globalization CEOs want creative thinkers. “According to a new survey of 1,500 chief executives conducted by IBM’s Institute for Business Value, CEOs identify “creativity” as the most important leadership competency for the successful enterprise of the future.” CEOs value employees who disrupt status quo, existing business models and organizational paralysis. However, according to the Jennifer Mueller’s study creative thinkers may not be considered as good leadership potential as employees view them as quirky, weird, non-conformists.

Therefore, in the current economic environment the organization risk is huge if organization culture doesn’t promote creative thinkers into leadership roles. For example, the Business Week article mentions “CEOs say one-fifth of the revenues will have to come from new sources.” Hence, loss of revenue due to lack of creative thinkers in an organization can be significant. In my view, most of the risk managers haven’t considered this risk. Interestingly, this is an upside risk, if addressed can yield significant benefits to the organization. So the question is how does a risk manager check creativity levels in the organization?

Before risk managers collectively say that I am being weird and it is not a risk manager’s job to check creative thinking in the organization, here are some of my CREATIVE ideas on ways to do it.

1.   Culture

With management rhetoric on innovation on public platforms, one can mistakenly believe that the organization culture supports creative thinking. However, as Jennifer Mueller points out – “By definition, people will say creativity is positive. It is almost impossible to get people to say they don’t want creativity. But when someone actually voices a creative idea, there is a response of, ‘Wow — What is that?’ This issue really comes to life at the moment the idea is voiced. There is discomfort when people encounter creativity.”

Hence, DNA of the organization should encompass creative thinking. As Jack Anderson and his team states in the paper, “Developing Systemic Innovation in an IT Organization” state- “The systemic innovation initiative allows us to manage innovation as a culture in the same way that we manage quality and safety.”

Therefore, risk managers should check whether the organization culture is giving lip service to creativity or is it ingrained in the psychology and attitudes of the employees.

2.   Reward

The key point brought out by Jennifer Mueller is that people do not perceive creative thinkers to have leadership potential. Therefore, they miss the career path. She mentions – “The fact is, some people are selected for a leadership [track], while others are not. So companies need to think about this issue, and their performance appraisal systems should be changed accordingly. Managers need help in understanding what stereotypes they might have in their minds and how to overcome them.“

Hence, the performance appraisal system should be built to recognize the creative thinkers and reward them appropriately. For example, when I was working in Intel, the organization recognized employees who contributed to innovation, even if the business idea or product was not viable or usable by Intel.

Risk managers need to do a quick assessment on the performance appraisal system to evaluate whether the organization has a process for rewarding creative thinkers. Secondly, conduct an analysis of the number of promotions of creative thinkers to the total. The ratios will reflect whether any bias exists against promoting creative thinkers to leadership positions.

3.   Engagement

The tone at the top matters for ensuring commitment to creative thinking. Jack Anderson mentions that at Intel –“Managers play a key role in enabling an environment that supports innovative behavior. We engaged senior managers and employees as innovation champions, allocated adequate budget for the initiative, and set up a management-based steering committee for innovation and research” I remember in my business group at Intel senior management allocated 1 hour every month of their weekly meetings for juniors to present new ideas. They would evaluate the idea, and if it was useful give the go ahead to the team to submit a concept note.

Risk managers can check the existence and working of management committees dedicated to the task of nurturing creative thinking within the organization. Secondly, analyze the time committed by senior managers for mentoring creative thinkers.

4.    Agents

Management appoints agents or champions to transmit the creative thinking message across the organization. Agents are responsible for the transformation. Agents develop strategy, implement, monitor and measure creative thinking initiative within their business unit. At Intel in a business unit, there were innovation sponsors and agents who acted as contact points for the business unit staff. They aligned the global process with the business unit and provided regular guidance to the team.

Risk managers must check the process of delivering creative thinking message to employees lower down the ladder. If agents are appointed, risk managers need to check their role, performance and effectiveness.

5.    Training

Sometimes we believe that creative thinkers are born or it is a mindset. However, creative thinking can be taught to all. Organizations have commenced creative thinking classes that provide basic training on how to do it and merge it in daily working environment. For example, in a recent article of Businessweek Chief Technology Officer Ananth Krishnan of Tata Consulting Services (TCS) says – “TCS has made innovation a component of training programs, from its leadership institute, to which 50 senior managers are sent every year, to its four-day “Technovator” workshop, at which its programmers are taught to think creatively.”

Risk managers should review the training strategy for creative thinking. Then check the delivery, coverage and content of the training. Review training feedback forms and performance evaluation forms if available. This will facilitate in measuring effectiveness of training.

6.    Investment

Investment means budgets allocated for tools, technology, training and processes to make creative thinking mainstream in the organization. As TCS Chief Technology Officer Ananth Krishnan says – “If I come up with an innovation, whether it’s an incremental or a disruptive idea, I need to know whom to go to with it, and there needs to be an organizational process for moving it forward.” TCS launched IdeaMax, a Digg-like social network that allows employees to submit, comment and vote on ideas. They are applying collective intelligence techniques for harnessing creative ideas.

Risk managers must review the budgets to ensure that organization allocates appropriate amounts and uses them correctly.

7.    Value

Organizations invest in creative thinking to get business value. Business value can be assessed by calculating the amount of cost savings and revenue generated from creative ideas. New ideas, innovations and process changes result in new/modified products, patents and business models, which add to the profitability of the organization.

A cost-benefit analysis of investing in creative thinking helps to determine success of the initiative. Risk managers can either prepare or review the cost-benefit analysis of creative thinking to assess business value derived from the program.

8.    Evaluation

A periodic evaluation of the program is a must to measure its effectiveness otherwise one is moving without a compass. The creative thinking initiative evaluation can be done by conducting an organization survey to take employee feedback. The purpose is to measure change in behaviors. Another aspect to look at is the key performance indicators. Some key performance indicators are number of rewards and recognitions,  number of people trained in creative thinking, number of new ideas etc.

Risk managers need to verify the results of the organization survey and review key performance indicators to evaluate the success of the program.

Conclusion

In my view, neither size nor good reputation ensures success unless the organization has a competitive edge. Innovation is the key component for ongoing prosperity of a company. Hence, most organizations need creative thinkers. To hire and retain creative thinkers’ organizations must promote them to visible leadership positions. In short, organizations require a culture that encourages creative thinking. Risk managers can contribute by periodically assessing organization commitment to creative thinking and value received from the investment.   To end:

“Go round asking a lot of dam fool questions and taking chances, only through curiosity can we discover opportunities, and only by gambling can we take advantage of them” – Clarence Birdseye

References:

1. Recognizing creative leadership: Can creative idea expression negatively relate to perceptions of leadership potential? By Jennifer S. Mueller, Jack A. Goncalo and Dishan Kamdar
2. What Chief Executives Really Want- IBM Study
3. How to Build a Culture of Innovation- TCS- Bloomberg Businessweek
4. Developing Systemic Innovation in an IT Organization – by Jack Anderson, Luis Gimenez, Deanna Nunley, and Esther Baldwin, Intel Corporation

Risk Managers – Change Mindset For Strategic Risk Management

In the previous post, I discussed the role risk managers can play in Strategic Risk Management (SRM). In my view to enter into the SRM arena, risk managers need to change their own mindset first. Presently the risk management function focuses on mitigating operational risks at micro level and hedging financial risks. To add to the confusion people equate SRM to Financial Risk Management. In my view SRM is more than hedging of risks, as this is risk mitigation where risk is viewed as a threat. Business strategy covers market, operations, finance, resources and products. Hence, SRM encompasses exploiting the upside and protecting the downside of business strategies across functions to increase business value

Risk managers are nowhere near addressing the strategic risks.  As per the survey “Fall guys : Risk management in the front line – A report from the Economist Intelligence Unit Sponsored by ACE and KPMG”  - just 41% of the organizations involve risk management function in formulating and implementing corporate strategy. The gap is huge and risk managers need to restructure and reframe their departments to focus on strategic risk.  I am giving here three suggestions for risk managers to bring about this change.

 1.    Fragmented risk management departments

Risk management function in a large organization constitutes of internal audit, compliance, information security, disaster recovery, fraud risk and physical security departments. Sometimes these departments are integrated and reporting to one Chief Risk Officer. In some organizations, these departments are reporting to different functional heads, namely Chief Financial Officer, Head of Shared Services, Chief Technology Officer etc.

These departments are all focused on addressing the financial and operational issues of the business. None of them has the objective to provide a strategic level understanding of business risks to CEO and board. When the department structuring and key performance indicators are incorrect, it is not possible to address larger issues of the business. The first step is to restructure the risk management function and prepare an annual plan incorporating time for addressing strategic risks. Risk management function should integrate embed itself in the organization framework.  

2.    Risk managers focus on negative aspects

Generally, on checking risk registers one will find negative aspects –  threats and weakness with a “what can go wrong” analysis.  Risk registers do not contain the opportunities business managers can exploit to increase business value. The positive aspects or the upside of risk is not evaluated by risk managers. Without it, how can they contribute to strategy? According to Economic Intelligence Unit survey, senior managers think risk management function top three objectives are- identifying new and emerging risks,  enabling managers to make better business decisions and ensuring corporate survival.

Sit back and think about it, how many risk managers have effectively contributed towards these objectives in the last year. Risk managers need to start working towards being business partners and enablers. That is, focus on the constructive aspects and become solution providers.

3.    Supply not meeting demand

According to the Economist Intelligence Unit survey, the top three activities, which risk managers focus on, are – conforming to regulatory requirements, securing corporate reputation and image, and stemming financial loss. The top three risks which senior management are concerned about – weak demand, instability in one of the major markets, and financial market instability. In the analysis of top ten, some of the risks mentioned in senior management demand and risk managers supply chart are common. However, it is clear that there is variance is senior management requirements and risk managers’ fulfillment. What is demanded is not supplied.

Hence, it shouldn’t surprise risk managers that senior management is frustrated and does not see value add from their role. Risk managers need to get a better understanding of senior management expectations to become involved at strategic level. Leave the risk management jargon at your desk and focus on understanding business strategy.

Closing thoughts

Risk managers need to develop a holistic view, look at the big picture and understand macro level risks. The focus should shift from identifying micro level financial and operational weaknesses in the business to strategic level. Risk management functions need to rebrand themselves from being problem creators and nitpickers to business partners and positive contributors. The doors to the CEO and board cabins will only open when risk managers effectively address strategic business risks and demonstrate to board their business understanding and usefulness

References:

1. Fall guys : Risk management in the front line – A report from the Economist Intelligence Unit Sponsored by ACE and KPMG

Sonia Gandhi Acknowledges Corruption Problem In India



Sonia Gandhi

Mrs Sonia Gandhi, Congress President during her speech at Teen Murti House on the 10th Indira Gandhi Conference titled ”An Indian Social Democracy : Integrating Markets, Democracy and Social Justice acknowledged the problem of corruption and the moral challenges facing Indian society. Her two significant statements are given below:

“Graft and greed are on the rise. The principles on which independent India was founded, for which a generation of great leaders fought and sacrificed their all, are in danger of being negated.”

“Our economy may increasingly be dynamic, but our moral universe seems to be shrinking. Prosperity has increased, but so has social conflict. Intolerance of various kinds is growing… We are right to celebrate our high rate of economic growth. We must do all that we can to sustain it. However, let us not forget that growth is not an end in itself.”

She stated that India cannot hide behind the growth story. Corruption needs to be addressed to have a balanced growth. If not addressed, it may turn into the biggest blockage in progress of India.

A candid admission on the challenges of Indian economy and society. A significant change in stance. Looks like there is still hope for India.