Impact of Power Styles on Organization Risks

Power, we all want it. If we don’t have it, we associate with the powerful in the hope some of it rubs down to us. Being in the upper echelons of corporate world or the political corridors of the country’s parliamentary houses ensures that you are exempt from the rules applicable to the common person.

However, the way a person gets power and uses it reflects the person’s character, and its influence on others. In the corporate world, the power styles used by senior managers directly influence the risk levels of the organization. Unsurprisingly,  power and politics are undiscussable topics in the corporate world; hence, when risk managers do risk assessments, they ignore the two.

I personally recommend risk managers to understand the individual power styles of the senior managers and overall organization power style. To appreciate the connection between power and risk, let us first look at the power styles and their impact on the organization.

Power Sttyles

Depending on the situation, a leader needs to use various power styles. However, if a leader uses coercive style even when it is not required, then something is wrong. Leaders frequently use power styles of reward and punishment for fulfilling illegitimate requirements. Hence, the probability of followers being involved in unethical activities requiring compromise of personal values is higher. On the other hand, the expert style ensures that followers make informed judgments as the leader attempts to enhance their ethical values and knowledge level. The reward is not in the form of a bribe and is implicit; the leader is dedicated to improving the organization.

Another aspect that requires understanding is the need for creating perception of power. When a leader is undertaking illegitimate activities (watch any Hindi movie to see the underworld Don) he needs to create a strong perception of power by using threat and punishment. Else, his coercive tactics will be ineffective, as people will not cooperate. Therefore, he makes some sacrificial goats to demonstrate that he is above the law and normal rules don’t apply to him. Another tactic is to break the social norms, and not behave rationally and predictably. Both these methods focus on creating fear to ensure compliance. Without the perception of power and fear, the leader becomes vulnerable to revolt from the common person. The only way for him to retain his power is by increasing the number of sacrificial goats, threats, and punishments.

1.   Impact on Legal and Reputation Risks

A coercive leader is usually riding a tiger. The organization risks continue multiplying as more and more people become aware of the unethical practices. An elastic can be stretched up to a limit. Eventually, the concocted environment cocoon will burst and all hell will break loose. The leader cannot trust anyone after a point. Hence, his fear increases in direct proportion to his vulnerability. The leader takes more and more risks to protect his personal fiefdom. The organizations reputation risks and legal risks increase proportionately.

2.   Impact on Human Resource Risks

Overtime, the leader’s charisma wears off. As the layers peel off, disillusion sets in. Employees realize that the leader doesn’t behave with integrity and honesty. Even the loyalists recognize that whenever it suits the leader’s personal agenda, they can face the bullet without any fault of their own. This creates disquiet among employees, and employee disengagement increases. The human resource risks increase manifold with disengaged employees.

3.   Impact on Operational and Financial Risks

The disengagement starts effecting productivity and performance as everyone grasps that meritocracy has no links with rewards. This in turn impacts the bottom line as leader fails to deliver on targets. Failure to show profitability and results makes the leader’s position precarious. The leader starts feeling pressure from the top. As he is unable to improve productivity, he attempts to manipulate results and financial statements. In nutshell, leader’s power style influences operational risks and financial risks of the organization.

Closing Thoughts

No one can deny that success in life depends quite significantly on a person’s power and influence. The general opinion is that means to the end do not matter when we strive for power. On the contrary, how we get power and maintain power, is crucial for longevity in the powerful position. For a coercive leader, the end is tragic, as the hunter becomes the hunted. Moreover, if a leader gets power by paying bribes or giving rewards, his power ends when he stops doing so. His loyalists disappear with speed. Abusing power is no longer safe in the present world, as it increases the personal risks of the leader and the organization risks. Therefore, risk managers need to ensure for continued prosperity of the organization, that leaders get power by the rights means and use it for the right purposes.

India’s Failures In Disaster Management

Floods in North India have left over 70,000 people stranded and 550 dead. Loss to property will run in billions. The on-going rescue efforts are yielding results but very slowly.  The uncoordinated recovery response and efforts indicate lack of disaster management capabilities of the state.

India as a country does not have a properly implemented disaster management system. The Comptroller and Auditor General of India recent report - “Performance Audit Report on Disaster Management of India” highlights glaring deficiencies. Below are some of the key observations from the report. It is sufficient to make Indian citizens sleepless at night.

1.      An Introduction

India with its geo-climatic conditions, high density of population, socio-economic disparities,  politics and troubled relationship with neighboring countries, has high risk of natural and man-made disasters. In respect to natural disasters, it is vulnerable to forest fires, floods, droughts, earthquakes, tsunamis and cyclones. Man-made disaster risks are (1)war, bombing, terrorist attacks, and riots, (2) chemical, biological, radiological, and nuclear crises, (3) hijacks, train accidents, airplane crashes and shipwrecks, etc.

Government passed the Disaster Management (DM) Act in 2005. According to the act, National Disaster Management Authority (NDMA) was formed under the Prime Minister and the National Executive Committee (NEC) developed National Policy of Disaster Management, which was approved in 2009.

2.      Failure in Formation of Disaster Recovery Plan

Until mid-2012, the National Executive Committee (NEC) had not prepared India’s National Plan for Disaster Management. Surprisingly, though India has faced a major disaster each year since development of DM Act, NEC has not met after May 2008. The Working Group it formed in 2007 never met after that.

Then the buck was passed to Ministry of Home Affairs (MHA) to prepare a National Response Plan (NRP). It directed National Institute of Disaster Management (NIDM) to prepare the NRP. NIDM submitted a draft plan in April 2012, which was circulated by MHA to other departments.

The other two components of the National Plan for Disaster Management are National Mitigation Plan and National Capacity Building Plan. While the latter is still under preparation, some departments have submitted the mitigation plans.

Things are equally bad at State level. Just 14 states have submitted their State Disaster Management Plan.  The lackadaisical attitude shows government’s complete disregard towards national and human safety.

3.      Performance of National Disaster Management Authority

The CAG report states that – “So far, no major project taken by NDMA has seen completion. It was noticed that NDMA selected projects without proper groundwork, and as a result either the projects were abundant midway or were incomplete after a considerable period of time.”

The projects included earthquake vulnerability risk assessment, micro zonation of major cities, landslide risk assessment, national flood risk mitigation, national school safety program, mobile radiation detection system, national disaster communication system, etc. The natures of the projects indicate their criticality and importance for disaster management. Even the hazard maps for earthquakes, landslides, cyclone, tsunami and floods are incomplete or unavailable. Without these maps, the government is not even in a position to identify the high-risk areas.

The main reasons for delays in disaster management project planning are lack of committed groups, failure in communicating and coordinating with various ministries, shortage of staff and insufficient knowledge and expertise in these fields. Though funds were approved and allocated for various phases, things just haven’t got beyond conceptualization stage.

4.      Mis-utilization of Funds

Government constituted National Disaster Response Fund and State Disaster Response Fund to deal with the disasters. The government approved Rs 33,580.93 crores for State Disaster Response Funds for a period of five years – 2010-2015. The report indicates that Ministry of Home Affairs is not receiving appropriate information from states on utilization of funds. Audit findings reveal that some states have misutilized funds for expenditures that were not sanctioned for disaster management. There was in a few cases significant delay in releasing funds. Additionally, some States didn’t invest the funds thereby incurring huge interest losses. This shows financial indiscipline in states management of funds.

Secondly, a separate National Disaster Mitigation Fund was to be constituted for reconstruction and restoration activities after the disaster. However, this has not been done till date. The States were required to form State Disaster Mitigation Fund and District Disaster Mitigation Fund. Quite a few states haven’t created the funds. Uttarakhand, the state reeling from floods, has just a State Disaster Mitigation Fund.

The situation is so bad, that the National Disaster Response Reserve of Rs 250 crores to buy relief material (blankets, tents, etc.) was not operational until audit time.

5.      Disaster Management Communication

Department of Space commenced a Disaster Management Support programme in March 2003. The main seven projects started between 2003 to 2007 are incomplete till 2012. These are namely – National Disaster Management Informatics System, National Disaster Communication Network, Doppler Weather Radars, Satellite Based Network for Disaster Communication, Disaster Management Synthetic Aperture Radar, Airborne laser Terrain Mapping and Digital camera System and National Disaster for Emergency Management. Presently, if a disaster strikes and regular communication networks go down, there are no contingency methods available for communication to a disaster-hit area.

6.      National Disaster Response Force (NDRF)

Ten Central Armed Police Forces battalions were formed of 1149 posts each. 27% of the posts were vacant in May 2012. The NDRF personnel don’t have sufficient training, facilities, equipment, and residential accommodation. With these constraints, it is difficult to imagine that they can effectively manage disasters.

Till recently, they didn’t even have deployment guidelines. In a few instances, they were deployed during elections. In one instance, they reached the disaster site without food, water, or tents for themselves. The local authorities had to give the same.

Up to June 2012, just seven states have constituted State Disaster Response Force. Even the local Regional Response Centres are ill equipped.

The impact can be seen at the local fire services level also. As per the Thirteenth Finance Commission, deficiencies in fire services are alarming. 97.54% of the country doesn’t have fire stations, 96.28% doesn’t have fire-fighting personnel, and 80.04% doesn’t have fire fighting and rescue vehicles. Shortage of trained manpower, vehicles, and equipment plague the existing fire service centers.

Locally, the states do have not mobile hospitals and trained trauma management doctors. There are no real medical facilities available for Chemical, Biological, Radiological and Nuclear disasters at national level. This is seriously a pathetic state of affairs. Government bodies are showing no concern for human life.

Closing Thoughts

After reading the report, I realized that Indians have just one option at present – pray to God that disaster doesn’t strike in their region. The governments at national, state and district levels have shown a negligent attitude towards disaster management. This is a classic case – funds are available but nothing has been done to implement the plan. Indian citizens can check with the local politicians and government bodies to assess the level of preparedness for disaster management. If required, local bodies can be formed in different constituencies and societies to act as disaster management task force. As it is a question of citizen safety, public activism will help in developing adequate disaster management capabilities.

References:

CAG Report – Performance Audit Report on Disaster Management of India

 

Human Rights Risk Management Process

Bangladesh Building Collapse

The fire in a nine-story factory building in Bangladesh killed 400 people. More than 600 people remain unaccounted for. It housed five garment factories that supplied to international brands – J.C. Penny, The Children’s Place, Dress Barn, Primark, Wal-Mart etc. The workers were asked to come to work even when cracks appeared in the building the previous day.

Bangladesh is the second largest exporter of clothes and the workers get the lowest compensations. Just around USD 37-40 per month. The question arises why are the multinational organizations not following the UN Guiding Principles for Human Rights protection. The reason is simple; they want to show higher and higher profits to the investors.

In Delhi, in Munirka one will find numerous small factories full of workers making export garments. A friend of mine also ran one. I had bought a few shirts from her at cost price ranging from Rs 300-500 (USD 6-10). In one international visit, I found the same shirts selling in range of USD 15-30. The fivefold increase in price was because of the brand tag attached to the shirt.

The multinational buyers push the prices down and some supplier gives a rock bottom price. The others are forced to match that price to get the business. End result is that basic facilities are not provided to the workers and they work at really low wages. Unknown workers are paying with their lives in developing countries to satisfy the growth targets set by CEOs to earn their bonuses and keep investors happy.  It is the dark side of capitalism which organizations want to hide.

In most companies, human rights risk management is not a focus area. The 2013 Global Risk Management Survey conducted by RIMS identified seven risks related to human resources among the top fifty risks. Though worker injury and harassment were included there was no specific emphasis on human rights risk management.

The risk management team can conduct annually or bi-annually a human rights risk management assessment. It requires attention not only from human resources perspective but from operational, financial, legal and reputational risks perspective. Any breach can result in huge losses.

Here are some of the steps mentioned in the UN Guiding Principles on Human Rights and guide “Investing the Right Way” issued by Institute of Human Rights and Business.

1.     Review the Human Rights Policy Statement

Human rights risk management is emerging as an important issue, especially with multinationals entering emerging markets and developing countries. They are expected to protect and respect rights of workers, communities and society. Investors can play a crucial role by influencing companies to promote human rights relating to gender equality, child labor, rights of indigenous people, land acquisition, mineral processing etc.

Hence, companies need to publish Human Rights Policy Statement on their websites. The UN Guiding Principle 16 states –

 “As the basis for embedding their responsibility to respect human rights, business enterprises should express their commitment to meet this responsibility through a statement of policy that:

(a) Is approved at the most senior level of the business enterprise;

(b) Is informed by relevant internal and/or external expertise;

(c) Stipulates the enterprise’s human rights expectations of personnel, business partners and other parties directly linked to its operations, products or services;

(d) Is publicly available and communicated internally and externally to all personnel, business partners and other relevant parties;

(e) Is reflected in operational policies and procedures necessary to embed it throughout the business enterprise.”

As a first step risk managers need to check whether the organization has a human rights policy statement and the above mentioned steps have been adhered to.

2.     Human Rights Impact Assessment

The second aspect of UN Guiding Principles is for companies to establish human rights due diligence processes. Guiding Principle 17 states:

 “In order to identify, prevent, mitigate and account for how they address their adverse human rights impacts, business enterprises should carry out human rights due diligence. The process should include assessing actual and potential human rights impacts, integrating and acting upon the findings, tracking responses, and communicating how impacts are addressed. Human rights due diligence:

(a) Should cover adverse human rights impacts that the business enterprise may cause or contribute to through its own activities, or which may be directly linked to its operations, products or services by its business relationships;

(b) Will vary in complexity with the size of the business enterprise, the risk of severe human rights impacts, and the nature and context of its operations;

(c) Should be on going, recognizing that the human rights risks may change over time as the business enterprise’s operations and operating context evolves.”

Human rights risk management is complex and challenging. If ignored, they can increase political risks and deteriorate relationships of the organization with the government. For example, Tata Motors wished to establish Nano manufacturing plant in Singur, West Bengal. The government allocated agriculture land using 1894 land acquisition rule, meant for public improvement projects, to take over 997 acres farmland. The farmers protested with help of activists and the then opposition leader Mamta Banerjee. Tata Motors moved out of West Bengal and established the factory in Gujarat. Multinationals looking for large tracts of land to establish factories are facing similar challenges in India.

Another aspect to look into is that scrap, waste disposal, sewage, environment pollution etc. from factories can impact food, water and health of local communities.

Decision needs to be taken whether investments should be made in countries or states with poor human rights record. In India, the Naxalite area is extremely conflict prone and business operations can have severe human rights impact.

Risk managers should evaluate the strategy and operations of the company from human rights, environmental, social and governance factors. The companies can face operational risks (project delays or cancellation), legal and regulatory risks (lawsuits and fines) and reputational risks (negative press coverage and brand damage). The impact assessment should be done from investors, customers, employees, society and supplier perspective. Identify business owners for the risks and devise appropriate risk mitigation plans to address adverse impact.

3.   Grievance Mechanisms

UN Guiding Principles state that victims of corporate related human rights abuse should have access to judicial or non-judicial remedies. Companies should provide some remedies themselves and cooperate in the remediation process.

UN Guiding Principle 29 states –

“To make it possible for grievances to be addressed early and remediated directly, business enterprises should establish or participate in effective operational-level grievance mechanisms for individuals and communities who may be adversely impacted.”

However, this isn’t followed by the companies in true spirit. “A Vigieo analysis of human rights records of 1500 companies listed in North America, Europe and Asia revealed that, in the previous three years, almost one in five had faced at least one allegation that it had abused or failed to respect human rights.”

Ideally the investors in the company should ensure that grievance mechanisms exist and address human rights issues. The transparency and disclosure of the same in annual reports would highlight the financial, legal and reputational risks. However, the investors don’t seem to be bothered by it.

See the case of Apple. It reported  Gross Profit Margin – 42.5%, Net Profit Margin – 26.7%, Revenue Per Employee – $ 2,149,835 and Net Revenue Per Employee – $ 573,255. It has 43000 employees in US and 20,000 outside US. However, Apple contractors hire an additional 700,000 people to engineer, build and assemble iPads, iPhones and Apple’s other products.

An Apple supplier in Taiwan, Foxconn was recently in the news for its workers attempting suicide. As per reportsWorkers are required to stand at fast-moving assembly lines for eight hours without a break and without talking. Workers, sharing sleeping accommodations with nine other workmates, often do not know each other’s names. They do not have much time to get to know each other. The basic starting pay of 900 RMB($130) a month – barely enough to live on – can be augmented to a more respectable 2,000RMB ($295) only by working 30 hours overtime a week.”

See the difference the company earns per employee and the payment made to the supplier’s employees. Apple shows profits at the expense of lives of Taiwanese workers.  The workers don’t have much of a grievance mechanism in China as the government stated that the suicides are within the normal suicide rate. Can Apple investors sacrifice some profit margin for safety and security of the contractual workers?

Another old example is the class action suit since 2001 on Wal-Mart Stores that involved 1.5 million current and former Wal-Mart female employees. It is the largest workplace bias case in US history.

 4.    Human Rights Reporting

 The biggest challenge is that most of the human rights abuses are not reported. The victims of human rights exploitation hold little power in comparison to the exploiters. They can hardly take up the might of powerful businesses when they are struggling to get basic food and shelter. Secondly, in the developing and emerging countries, corruption levels are generally high. Hence, media, law enforcement agencies etc. are bribed by the power players to silence the victims. However, with internet and social media, things are gradually changing. People have a voice and collectively they can fight.

UN Guiding Principle 21 lays out the requirement for companies to communicate human rights impact externally. It states -

 “In order to account for how they address their human rights impacts, business enterprises should be prepared to communicate this externally, particularly when concerns are raised by or on behalf of affected stakeholders. Business enterprises whose operations or operating contexts pose risks of severe human rights impacts should report formally on how they address them. In all instances, communications should:

(a) Be of a form and frequency that reflect an enterprise’s human rights impacts and that are accessible to its intended audiences;

(b) Provide information that is sufficient to evaluate the adequacy of an enterprise’s response to the particular human rights impact involved;

(c) In turn not pose risks to affected stakeholders, personnel or to legitimate requirements of commercial confidentiality.”

 As per the UN principles, the reports must cover appropriate qualitative and quantitative indicators, feedback from internal and external sources including affected stakeholders.

Risk managers can evaluate the reports and the reporting process to ensure that all risks are properly addressed. They should evaluate whether cautionary steps are taken and nothing is being done to exacerbate the situation. They should highlight severe or irreversible risks to the management to ensure appropriate decisions are taken.

Closing Thoughts

 Inequalities in income are the main cause of human rights abuse. The rich want to get richer at the expense of blood and sweat of the poor, and sometimes life. The diamond manufacturers and sellers took the right step to publish that they do not source blood diamonds. Since 2003, the Kimberley Process Certification Scheme (KPCS), supported by national and international legislation, has sought to certify the legitimate origin of uncut diamonds. Trade organizations – International Diamond Manufacturers Association (IDMA) and the World Federation of Diamond Bourses (WFDB) – representing virtually all significant processors and traders – have established a regimen of self-regulation.

Other industries, be it technology, electronics or textile manufacturers,  need to come out with similar steps to stop human rights abuse. The risk managers have a vital role to play in it. If we do not do anything, we are cheating this and the next generation of their right to live happily.

References:

  1.  Investing the Right Way – A Guide for Investors on Business and Human Rights – By Institute of Human Rights and Business
  2. Singur farmland-  Tata Motors conflict
  3. Apple financial ratios
  4. Foxconn Case Study
  5. Diamond industry sales clauses
  6. 2013 RIMS Global Risk Management Survey

 

Role of Positivity in Risk Management Communication

locking horns

Can something as simple as appreciation make business teams more willing to accept a risk manager’s viewpoint?

———————————————————————————————–

The Conflict

Proverbially risk managers are locking horns with business managers. Of course business managers out number risk managers, hence more often than not risk managers are licking wounds and complaining that business managers don’t listen to them. Business managers claim that they are running the show, so an interfering risk manager who is perpetually criticizing their hard work  should be shown the door.

Then risk manages lament that it is their job to high light risks which means negatives, so why go after them for being messengers of bad news. The conflict brews and sometimes reaches boiling point. No one wishes to see eye to eye because they wish to get eye for an eye. End result, the business suffers in this battle.

What is the cause of the stormy relationship? Criticism and negative feedback! No one likes it, so why blame the business managers.

What if risk managers change the approach? With the criticism they give a lot of positive reinforcement? Will the behavior of business managers change?

Research on Role of Positivity in Performance

Marcial Losada and Emily Heaphy conducted a research titled – “The Role of Positivity and Connectivity in the Performance of Business Teams – A Nonlinear Dynamics Model”. They studied the dynamics of team interaction in relation to approving and disapproving verbal feedback statements. Researchers coded the verbal communication among team members along three bipolar dimensions, positivity/negativity, inquiry/advocacy, and other/self. Sixty teams developing annual business strategy were analysed.

The results of the study have extremely important implications  from business performance aspect and for risk managers. The table below defines the ratios of various dimensions.

team ratio1

The positivity/ negativity ratios indicate that high performing teams give 5.6 positive comments to 1 negative comment. In contrast the low performing team give three negative comments to one positive comment. The medium performing teams give approximately two positive comments to one negative comment.

Similarly, under inquiry/advocacy ratios, the high performance teams are more balanced in their approach towards inquiry and advocacy. The team members question in an exploratory way. On the other hand, low performance teams are highly unbalanced and members advocate their own viewpoint. The medium performance teams are little bit tilted in favor of advocacy.

Again, high performance maintained a balance in discussing internal and external aspects. Whereas, low performance teams focus on internal inquiry. The medium performance are slightly more focused on internal than external aspects.

Thus, the high performance team have higher levels of connectivity, which results in better performance.

Overall, high performing teams show buoyancy throughout the meeting. They appreciate, compliment and encourage their team members. This expands the emotional space for team to function. In contrast, in low performance teams sarcasm and cynicism rules which restricts the emotional space. There is lack of mutual support, enthusiasm and a high degree of distrust.  The medium performance team don’t show distrust or cynicism but neither are they openly supportive and enthusiastic about their team members.

team dynamics

Implications for Risk Managers

The results are very important from a risk manager’s perspective. As the author states – “to do powerful inquiry, we need to put ourselves sympathetically in the place of the person to whom we are asking the question. There has to be as much interest in the question we are asking as in the answer we are receiving. If not, inquiry can be motivated by a desire to show off or to embarrass the other person, in which case it will not create a nexus with that team member.”

Hence, from the time we approach the business team, we need to ensure that we are inquiring about the business. We should not be advocating any quick recommendations based on high-level interactions.

Another point to note is that the questions should cover both the internal and external environment of the business. This would motivate the business team into a more open discussion.

The most important point is about positive feedback. In our verbal communication and written reports we focus on highlighting the negatives.

The research showed that positive comments (that is a terrific idea) create emotional space within the listener, hence the listener is more willing to take the feedback. The emotional space created by positive comments in high performing teams is twice the size of medium performing teams and three times that of low performing teams.

Negative reporting restricts the emotional space of the business team. To build a positive environment for acceptance of our views, recommendations and report, we need to give 6 positive comments for each negative comment.

The researchers have given equations to assess the emotional space based on various dimensions. It might be a good idea to calculate the same before issuing a report.

Closing thoughts

One of the incorrect assumptions that risk managers make is that there is a linear relationship between the observations and recommendations in the report. However, the study showed the impact of non-linear relationships on functioning of teams. Hence, the fault may lie in the straight forward cause and effect attitude taken by risk managers to get buy-in from business managers.

We generally discuss that in reports we should highlight the positives first to balance out the negatives. This research clearly points out the importance of doing so and the reasons why we are failing. We have to change our approach to be effective. We need to be part of the business team, develop a positive feedback system before giving any negative observations

References:

The Role of Positivity and Connectivity in the Performance of Business Teams: A Nonlinear Dynamics Model - Marcial Losada and Emily Heaphy

Indian Banks Give Customer Service for Money Laundering

money laundering

Recently a string operation exposed money laundering services provided by some Indian private banks. The employees and bank managers were caught on camera advising the disguised reporter on ways and means he can convert his illicit money into legal money.

1. Caught in the act

Some of the helpful advice given by bankers included:

  1. Open multiple accounts so that the amount remains below the reporting limits. Do not deposit over Rs 10 lakhs (Rs 1 million) in a single instance.
  2. Obtain a demand draft from a Cooperative Bank and deposit the draft with us. Cooperative Banks do not require an account hence it will be easy to obtain a draft. Since cash would not be directly deposited and private banks do not have to check the source of funds, the deposit will not raise any alerts.
  3. Route the cash money through another bank to avoid detection.
  4. The Income Tax act prohibits keeping cash in bank lockers. However, if you do not inform the bank staff, they can look the other way.
  5. Open an NRI account and slowly transferring the money offshore. We need a passport and visa for opening an NRI account. No pan card required.  Deposit Rs 25 lakhs per month. Better still start by opening a NRO account.

The bankers offered to visit the client’s residence to open an account and collect the money. One has to watch the video clippings to see the level of customer service provided by the bankers. No one can say they were not being helpful.

2. Standard response from senior management

As expected the senior management of the banks denied all knowledge, claimed they maintained highest ethical standards, suspended the branch managers and the staff, and commenced an internal investigation. But this is an open secret. Every business person in India knows that the banks will help them convert black money into white and transfer illegal money. If it was not so, how can a parallel black money economy exist in India for so long. Did the expose really shock anyone?

3. Lip service by regulators

Of course Reserve Bank of India has given detailed guidelines on Know Your Customer and submission of suspicious transaction reporting. There is only theoretical application of guidelines of Financial Action Task Force (FATF) on Anti Money Laundering (AML) standards and on Combating Financing of Terrorism (CFT). The Financial Intelligence Unit of India received just over 30,000 suspicious transaction reports in 2011-2012. It received 100,00,000 cash transaction reports. If you read these numbers in reference to the size of banking business in India, it would not be even .01% of the total yearly transactions.

In February 2012, the director of the Central Bureau of Investigation had said that Indians have $500 billion of illegal funds in foreign tax havens, more than any other country. Some reports estimate the amount over a trillion.

Hence, can we actually believe that regulators and bankers are serious about preventing money laundering in India? The annual report 2011-2012 of Financial Intelligence Unit doesn’t really mention any investigations done that would make the bankers uncomfortable. In India the detection and investigation capabilities of financial regulators is still in nascent stages.  Unlike US which has full-fledged organizations and systems to check money laundering.

Closing Thoughts

In the pursuit of growth numbers bankers are willing to compromise ethics and legal requirements. However, in Indian society because of the high level corruption, most businesses are doing the same. In such a scenario, it amounts to pot calling the kettle black. Unless we really get serious about removing corruption, as a society we can’t succeed. Some things required are – public to withdraw support from companies using unethical practices to succeed, regulators take organizations to task, and government prosecutes politicians and other individuals for dealing with illicit money. Till this happens only media will benefit by doing exposes to improve their ratings.

References:

  1. Cobra Post Expose
  2. Financial Intelligence Unit India
  3. Black Money Market in India

Risk Management Version 3.0

RM tiger

The business world is changing so rapidly that companies are either not willing to publish growth predictions or they are getting it wrong. In this new world trends can’t be analysed from historical data. The best business analytic teams fail because the new business models have totally different risks. Moreover, now the risks are interconnected and can’t be addressed separately. An operations risk may have a huge impact on financial risks.  The old compasses are useless and most are walking on uncharted territory.

This is the ideal time for risk managers to shed their old avatars and  become new super heroes of business. First they have to get out of their comfort zone of addressing internal risks that are preventable. The compliance and control based approach leaves over 60% of the risks un-addressed. If we consider that Risk Management version 1.0, we need to rapidly move to Risk Management version 3.0.

So what does version 3.0 look like?

1. Focus on Strategic Risk Management

I consider Enterprise Risk Management frameworks approach as Risk Management version 2.0. Though they covered strategic risks the focus was on finance, processes and technology. Hence, in reality it has become a bottom-up approach though the initial purpose was to make it top down. Risk managers are still not involved at strategic level and it is the Chief Strategy Officers who are analyzing strategic risks.

My guess estimate is that we depute less than 10% of resources to strategic risk management. We need to put in processes and resources where approximately 25% of efforts are focused on strategic risk management. Strategy failure probability has increased in present business environment.  For managing strategic risks reduce  probability of occurrence of assumed risks and effectively manage them if they occur.

2. Focus on Human Behavioral Risks

Industrial age focused on mechanization and streamlining of processes. Products were produced on the assumption that human behavior can be straight jacketed. In the age of technology and social media, this assumption has proved false.  Social media and data analysis allows behavioral analysis of each individual.

Secondly, the bigger challenge the world is facing is of changing demographics. In the last few decades, the average age has changed from 60 years to 75-80 years. The older generation lives longer and works longer. The Gen Y is entering the workforce with different expectations. Women have not only broken ground in the corporate world, but have become main decision makers for household purchases. Emerging market customers and employees have different behavior patterns.  The leadership skill sets have changed drastically. Participative and consultative cultures are more successful now.

Therefore, whether an organization wishes to fight  war of talent or entice customers, understanding human behavior has become crucial. Each segment of employee, customer and other stakeholders present different risks which an organization needs to manage successfully. Without addressing these risks at strategic and operational level, an organization is unlikely to succeed.  Risk managers traditionally haven’t focused on people, leadership or culture risks. In this century they need to.

3. Integrate Risk Management Knowledge & Resources

The traditional approach of having different experts of financial, operational and other risks in separate departments and addressing each risk in a linear manner is redundant. Moreover, now businesses are significantly exposed to external risks, which was not the case before. The Vodafone and Nokia tax cases are prime examples of risks occurring due to change in government stance.

Risk Management version 3.0 requires integrated risk management where risk managers with diverse skills can assess inter-related risks – internal and external. Secondly, risk managers have to be available within the business and as a separate department. The risk managers operating as part of the business unit need to identify the business risks and update the risk management department. The department needs to devise holistic solutions.

The risk management tools, technology, processes and resources all need to restructured to operate in an integrated manner at all levels.

Closing Thoughts

I suspect, group think is prevailing among risk managers. No one wishes to be a bull in a china shop and say – “hey this isn’t working.” It is ironic that risk managers are not doing adequate risk management of their own role and function. Old habits die hard and getting out of the comfort zone is scary, but I think we need to do it. Else, business failures are going to increase at a high rate. In the current economic environment, we can’t afford those losses. Think about it and share your views.

Wishing all my readers a very Happy Holi.

IBM CEO Survey Insights On Customer Focus

The 2012 CEO survey conducted by IBM gives some interesting insights. Seventy-three per cent CEOs are gearing their organizations to gain meaningful insights from customer data. This is the area of highest investment.  The traditional approach to segment customer data to calculate statistical averages has been replaced with understanding the attitudes and tastes of individual customers.

The main aim of gathering holistic customer information is to devise services and products targeted at the customers and improve the response time. As stated in the report – “The challenge for organizations is two-fold: can they pick up on these cues, especially if the information comes from outside? And can the appropriate parts of the organization act on the insights discovered?” The graph depicts the main reasons for capturing customer information.

Further, the report mentions, that though most of the CEOs focus on capturing information, out-performers excel at acting on insights. The difference is innovation and execution. A quarter of the CEOs reported that their organizations are unable to derive value from the data. Speed of action is required to capture data, analyse, prepare strategies and respond to customers. As one CEO stated the most crucial characteristic is to “organize a major wake-up call.” The customer obsessed CEOs are driving the organizations to more contextual customer insights.  The graph below highlights the marked difference in under-performers and out-performers.


Risk managers can play a pivotal role in helping CEO’s achieve these objectives. They can focus on the following.

1.     Organization Culture and Process Change

A customer oriented organization culture is required to leverage the opportunities. Secondly, the organization needs to align the processes towards customer relationship management. Risk managers can conduct organization culture survey to assess customer orientation. Moreover, they can review processes to determine risks and controls to mitigate risks.

2.     Security of Data

The activity requires accumulation of extensive customer personal information. Generally, companies use separate data centres to collect and analyse the data. However, the risks of loss and theft of data is huge. As in the recent case of Facebook 1.1 million users’ data was sold for US $5. Therefore, it is a good idea to review security polices and test data centre security.

3.     Return on Investment

Data collection requires huge investments in technology and resources. As the CEOs are saying the failure rate is quite high. A review of projects, plans and strategy would identify the pain points and misdirected activity. Calculating return on investment on various programs might steer the investments in the right direction. Timely identifying failing projects and reasons for failure is critical to maintain cost effectiveness.

Closing thoughts

Technology and social media has brought customers closure to companies. The face-to-face customer interaction is gradually shifting towards social media. The companies that are able to navigate this transition successfully will outperform their peers in the industry. Hence, risk managers should support this CEO initiative to enable the organization to leverage upside risks.

What is your organization doing in this respect? How do you think risk managers should facilitate CEOs in this initiative?

References:

Leading Through Connections – IBM CEO Survey

Is Doing Nothing A Reputation Risk?

Tim Cook, CEO of Apple, recently issued an open letter on Apple website, publicly apologizing for the shortcomings in the Apple maps. The first paragraph reads:

“To our customers,

At Apple, we strive to make world-class products that deliver the best experience possible to our customers. With the launch of our new Maps last week, we fell short on this commitment. We are extremely sorry for the frustration this has caused our customers and we are doing everything we can to make Maps better.”

The purpose was to pacify the angry customers who found inaccuracies in the Apple maps. The words of the CEO mattered.

Now let us assume that none of the customers knew who the CEO of Apple is. They have not heard of the CEO before. The CEO visibility was zilch in media, social networks, business conferences etc. Would the words have mattered then? Wouldn’t the customers say – “Who is this guy? We never heard from him before and now he is giving excuses for horrid products?”

Managing an organization’s reputation is part of CEO/CXO job. When reputation risks occur, their communication is part of the risk mitigation plan. Hence, the effectiveness of risk mitigation plan is dependent on the CEO/CXO profile. Until here, I think you will agree with me.

Now let me ask you the difficult question. If the senior management of the organization does nothing to add to the brand or reputation of the organization, is it a risk?

Here is my argument. Normally, we take the following criteria for reputation risks.

Source- ICAI ERM Training Material

This measures only the negative impact. We talk about negative coverage in the media, but what about no coverage in media. In India, most of the CEO/CXOs have no media visibility and unlike the west, 90% do not give interviews etc. in the media. They even don’t have a social media presence and one can hardly find them directly interacting with customers. That is, except for traditional advertising of products in newspapers, magazines and television, there is no coverage of the organization and the senior management in the media.

Now let us see from risk management perspective. One of the strategic objectives of the organization is to build brand and reputation of the organization. The purpose of enterprise risk management is to give an assurance to the board that the entity is moving in the right direction to achieve its objectives. As risk managers, we focus if something goes wrong, but what if, the company is not moving at all in any direction – positive or negative – in meeting its objectives. Should we capture that as a risk?

Closing thoughts

Negative viral messages in social media tarnish a reputation in a span of few hours. It takes just one tweet to go viral. It will be very difficult for a company to defend itself if a company does not have a twitter account and reputation management plan. The same applies to executives. Now the thought process is either develop a brand or get branded. Silence gives an opportunity to others to put labels and develop negative perceptions. Continuous positive messages at a personal level need to go out about the brand for customers to have a favorable opinion. Doing nothing may become a huge risk.

Industry Disruption Risks

The biggest risk of all is industry disruption risks. One fine day the competitive landscape of the industry transformed and it caught us by surprise. Ouch, the world changed while we were sleeping. It is a CEO’s recurring nightmare, and the risk managers do not focus on it much. Reason as I mentioned in my recent posts is that risk managers assume they do not have the right or duty to question the strategy or strategic objectives. Let us discuss this in detail.

Andrew Grove in his book “Only the Paranoid Survive” described the strategic inflection point. He said – “An inflection point occurs where the old strategic picture dissolves and gives way to the new, allowing the business to ascend to new heights. However, if you don’t navigate your way through an inflection point, you go through a peak and after the peak the business declines.” The strategic inflection point disrupts the industry completely and can wipe out old companies in a few years.

1.      The Intel Story

Fascinatingly, Intel itself missed the strategic inflection point of mobile computing. Intel controls 80% of the world’s PCs chip market. It failed to make a timely dent in the handheld devices. Nvidia, Texas Instruments, Qualcomm and Samsung rule the ARM chips market for smartphones and tablets. Intel is now positioning itself in this market with its x86 chips. With the shrinking in the PC, laptop and server market, let us see whether Intel can re-position itself as the smartphone and tablet chipmaker. IPhones and IPads disrupted the technology industry; and surprisingly the giants of the industry – Intel and Microsoft – both missed the boat.

2.      The India FDI Retail Story

Closer home, the opening up of foreign direct investment in retail industry has shaken the complacent industry from its roots. Expected entry of Wal-Mart is causing havoc in the minds of established players. Most of the food retail sector in India comprises of Mom-Pop local stores that supply at low costs. Some organized chains as Reliance, Bharti, Nilgiri’s etc. have started catering to the upper middle class requirements; however have not wiped out the smaller stores. The opening of the retail sector to foreign investment is indicative of industry disruption. The industry is gearing itself to deal with the new risks to retain the competitive advantage.

3.      The ERM Perspective

COSO ERM –Integrated Framework, 2004 defines ERM as:

Enterprise Risk Management is a process, effected by an entity’s Board of Directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide a reasonable assurance regarding the achievement of entity objectives.

 Going by the definition, identifying industry disruption risks comes under risk managers’ purview. However, we tend to take strategy as given and don’t challenge the strategy and strategic objectives. We need to change our perspective. Building and retaining competitive advantage is a strategic objective. The industry disruption events can wipe that out. Hence, include identifying disruption risks as part of risk assessment.

Closing thoughts

Industry disruptions occur due to external forces – regulators, competitors, suppliers, customers and society. To identify strategic inflections points risk managers must meticulously track the external environment. Understanding external environment is difficult and requires extensive industry knowledge. Therefore, I know, some of you would be wondering whether it is part of our job. Let us check with the readers.

Ernst & Young Insight For Internal Audit Transformation

The last post – ‘Coal Gate Scam – Should Auditors Comment on Policy Decisions’ ignited a thought-provoking discussion on LinkedIn. The major debate was on role of internal auditors on evaluating strategic decisions and strategy per se. The message is – transform the internal audit department and leave behind the old thinking of verifying compliance to existing processes. Hence, I thought of sharing some great insights from the Ernst & Young report – The Future of Internal Audit is Now.

Before we discuss the details, check out transformation process depiction below.

The key aspects of the transformation process are:

1.      Align with organization strategy

According to the study, 61% of the internal audit departments did not have a documented mandate aligned to business. One can question then, exactly what are they working on. The way forward is to understand the business strategy – sales, operations, human resources, products, etc. and identify the strategic and business risks of the same.

2.      Formulate the internal audit strategy

Based on the understanding of business strategy and strategic risks, devise an internal audit strategy. Developing an internal audit annual plan isn’t sufficient. Take the time period of the business strategy, and formulate the internal audit strategy for the same period or a three to five year period.

3.      Acquire the right talent

Execution of a strategy is as good as the people deployed to the task. Upgrading skills is a must. Besides technical and functional knowledge, auditors now need business acumen. Rotate resources from operations to get in-depth business knowledge. To highlight the importance of business skills, according to the report just 47% of the IA departments have a training plan for leadership and business management.

4.      Operate as a business function

Internal audit should stop viewing itself as a support function and take a leaf out of line functions. It should measure itself against the same standards as business functions. Have the right strategy, execute it effectively, provide value add and measure against key performance indicators. As it is mostly a cost centre, it doesn’t mean it should let itself go.

Closing thoughts

Survival of business in this global economic crisis is hugely dependent on effective risk management. Internal audit plays a vital role in improving the financial performance of the organization. Hence, transforming the department functioning from old mind-set to fit the 21st century requirements is must.

Before closing, here is something to start your week on a good note. An old man for the first time saw moving walls. While he was standing in front of them, he saw an old woman enter the walls, and in a second a young woman came out. He said to his grandson – Son, hurry home and get your grandmother.

References:

The Future of Internal Audit is Now – Ernst & Young report