Risk Management Version 3.0

The business world is changing so rapidly that companies are either not willing to publish growth predictions or they are getting it wrong. In this new world trends can’t be analysed from historical data. The best business analytic teams fail because the new business models have totally different risks. Moreover, now the risks are interconnected and can’t be addressed separately. An operations risk may have a huge impact on financial risks.  The old compasses are useless and most are walking on uncharted territory.

This is the ideal time for risk managers to shed their old avatars and  become new super heroes of business. First they have to get out of their comfort zone of addressing internal risks that are preventable. The compliance and control based approach leaves over 60% of the risks un-addressed. If we consider that Risk Management version 1.0, we need to rapidly move to Risk Management version 3.0.

So what does version 3.0 look like?

1. Focus on Strategic Risk Management

I consider Enterprise Risk Management frameworks approach as Risk Management version 2.0. Though they covered strategic risks the focus was on finance, processes and technology. Hence, in reality it has become a bottom-up approach though the initial purpose was to make it top down. Risk managers are still not involved at strategic level and it is the Chief Strategy Officers who are analyzing strategic risks.

My guess estimate is that we depute less than 10% of resources to strategic risk management. We need to put in processes and resources where approximately 25% of efforts are focused on strategic risk management. Strategy failure probability has increased in present business environment.  For managing strategic risks reduce  probability of occurrence of assumed risks and effectively manage them if they occur.

2. Focus on Human Behavioral Risks

Industrial age focused on mechanization and streamlining of processes. Products were produced on the assumption that human behavior can be straight jacketed. In the age of technology and social media, this assumption has proved false.  Social media and data analysis allows behavioral analysis of each individual.

Secondly, the bigger challenge the world is facing is of changing demographics. In the last few decades, the average age has changed from 60 years to 75-80 years. The older generation lives longer and works longer. The Gen Y is entering the workforce with different expectations. Women have not only broken ground in the corporate world, but have become main decision makers for household purchases. Emerging market customers and employees have different behavior patterns.  The leadership skill sets have changed drastically. Participative and consultative cultures are more successful now.

Therefore, whether an organization wishes to fight  war of talent or entice customers, understanding human behavior has become crucial. Each segment of employee, customer and other stakeholders present different risks which an organization needs to manage successfully. Without addressing these risks at strategic and operational level, an organization is unlikely to succeed.  Risk managers traditionally haven’t focused on people, leadership or culture risks. In this century they need to.

3. Integrate Risk Management Knowledge & Resources

The traditional approach of having different experts of financial, operational and other risks in separate departments and addressing each risk in a linear manner is redundant. Moreover, now businesses are significantly exposed to external risks, which was not the case before. The Vodafone and Nokia tax cases are prime examples of risks occurring due to change in government stance.

Risk Management version 3.0 requires integrated risk management where risk managers with diverse skills can assess inter-related risks – internal and external. Secondly, risk managers have to be available within the business and as a separate department. The risk managers operating as part of the business unit need to identify the business risks and update the risk management department. The department needs to devise holistic solutions.

The risk management tools, technology, processes and resources all need to restructured to operate in an integrated manner at all levels.

Closing Thoughts

I suspect, group think is prevailing among risk managers. No one wishes to be a bull in a china shop and say – “hey this isn’t working.” It is ironic that risk managers are not doing adequate risk management of their own role and function. Old habits die hard and getting out of the comfort zone is scary, but I think we need to do it. Else, business failures are going to increase at a high rate. In the current economic environment, we can’t afford those losses. Think about it and share your views.

Wishing all my readers a very Happy Holi.

India Inc. – Say Hello to Corporate Social Responsibility

The Lok Shabha approved the new Companies Bill and now it is pending with Rajya Sabha. After approval, companies will need to implement the new Sec 135 on Corporate Social Responsibility. The section applies to companies having:

a)     A net worth of Rs 500 crore or more, or

b)      A turnover of Rs 1000 crore or more, or

c)      A net profit of Rs 5 crore or more, during the financial year.

The company needs to form a Corporate Social Responsibility (CSR) Committee at board level of three or more directors, of which at least one should be independent. The board has to ensure that the company spends at least 2% of net profits on CSR. The clause specifies the requirement of “comply or explain”. If the company does not adhere to the requirement, it has to explain the reason for doing so.

With the last quarter of the Indian companies, they need to plan the activities for the next financial year. Here are a few of the things that they can do now:

1.     Hire a dedicated team

 Most Indian corporates do CSR activities in an arbitrary manner with responsibility either falling in Communications department or Administration department. CSR is a specialised line that requires people with altruistic temperament well versed with the problems of the society.

2.     Develop a CSR policy

 The organization requires a CSR policy approved by the board along with the budgets. Reports suggest that social responsibility adds to the brand value of the company and improves customer perceptions about the products. In view of this, the CSR policy should be long-term and aligned to the business objectives. For example, financial services sector has high risk of fraud. Hence, it can think of sponsoring fraud prevention and business ethics training, which is in short supply in India.

3.     Identify the right partners

 Corruption has influenced non-profit organizations also. As per media reports, a number of organizations opened prima facie for doing social work are actually acting as fronts to collect illicit money and route it into different areas. Hence, choosing the right partners who are actually committed to doing social good is important.

Closing thoughts

 Besides the external benefits, CSR improves employee engagements. Employees feel good when their companies act in a socially responsible manner. Moreover, with the mad rush to achieve targets this acts as a great stress buster while giving meaning to live. Getting a bigger pay packet can be an objective but never the purpose of life. Hence, this law is a win-win situation for all involved – the customers, employees and public. It is up to us how we leverage it.

5 Things CFOs Should Do In Planning Process

In December, senior management focuses on formulating strategies. Department heads prepare business plans and budgets. Risk management departments define the next year’s agenda and plans. Everyone works hard at planning and preparing for the coming year. However, most of the efforts are in vain and result in failure. The problem is that generally people do these activities independently and make no attempt to align them. The ideal integrated sequence is below.

However, this does not happen. For instance, department heads do capital expenditures while ignoring the strategy. Business teams define performance indicators and risk managers establish risk indicators, without syncing the two indicators. Situations occur where desired performance is achieved at very high-risk levels. Business teams ignore the risk levels until disaster occurs. With the multitude of unsynchronized management information, boards make incorrect decisions with information overload. Hence, at the end of the year only a few organizations can claim that they achieved the strategy and targets.

The Chief Financial Officers (CFOs) can play a pivotal role in bringing the different facets together. CFOs sit on the board and participate in the strategy formation process. Department heads submit their plans and budgets to CFOs for review and consolidation. Generally, Chief Audit Executives (CAE) administrative reporting is to the CFO. Quite frequently, CFOs act as defacto Chief Risk Officers (CRO). Hence, CFOs can put the jigsaw puzzle together. The key things they need to look into to revamp the process are as follows:

 1.     Strategy Formulation

 The common misperception is that organizations have a proper strategy formation process. In reality, the ideas supported by the CEO and politically strong CXOs are adopted without much constructive discussion since no one wishes to rock the boat. Secondly, a formal strategy process is not in place in most organizations. Moreover, at the time of strategy formation upside and downside risks remain unidentified, as CXOs do not invite CRO to the discussion. The CFOs can influence the other CXOs to implement a formal strategy development process and conduct a strategic risk assessment in each phase of strategy formation.

2.     Business Plans

While strategies are for 3-5 year period, business plans are drawn annually. However, the changing business landscape makes business plans redundant on formation. Reason being that business plans are prepared on a set of assumptions on customer behavior  engagement and market situation. Real interaction with customers and entry into the market prove most of the assumptions incorrect. Additionally, department heads make independent business plans to show one up man ship. Hence, performance objectives are missed and risks remain unidentified. The need of the hour is for businesses to react fast and give cohesive messages in response to market changes. Therefore, CFOs must make the business planning process dynamic and integrated.

3.     Budgets

More than 60% of the organizations are unsatisfied with their ability to link strategy to operating budgets. Additionally, organizations spend 4 to 6 months in preparing budgets with numerous iterations back and forth between departments. Meanwhile the business plans change due to the volatility in the market. Hence, organizations are feeling the need of speed in the budgeting and forecasting process. CFOs must adopt rolling forecasts rather than static budgets to improve planning and control. Rather than doing post facto variance analysis they can collaborate with business teams to give real-time analysis.

4.     Performance Indicators

Performance indicators measure the reward side of the strategy. Without the risk indicators, they give an incomplete picture of business status. Another aspect is that performance indicators and risk indicators for the same strategy or plan are not aligned together and are reported at different periods. Organizations sometimes continue to measure redundant parts and do not update the indicators with change in strategy and objectives. A prime example is the financial crises. A few banks achieved performance targets without understanding the risk levels. Hence, CFOs must use technology to create relevant dashboards to monitor indicators to keep a firm grasp on the business.

5.     Risk Indicators

 Risk managers fail to address the twin shortcomings in process of identifying key risk indicators. Firstly, risk managers do not ascertain strategic risk indicators. Secondly, a lot of meaningless indicators are created which do not really find out the overall business risks. Hence, CXOs fail to separate the noise from the inflection points. Moreover, Nassim Taleb’s point of view that most significant risks are unpredictable needs to be thought over. There might be too much data available and organizations might look at risk indicators they are comfortable with, until the bubble bursts. CFOs can identify key risk indicators for strategy and business plans, and synchronize them to performance indicators. That will close the loop and move the business in the right direction.

Closing Thoughts

Synchronizing multiple factors between strategy and indicators influences a company’s capacity to achieve goals. With predictions of recession and volatile business environment, dropping the ball is highly probable. Understanding which economic predictions to rely on, which market trends will impact long-term and what are the strategic inflection points, spells the difference between success and failure. Hence, CFOs must play the vital role of coordinating and aligning various steps between strategy formation and identifying indicators.

Kingfisher Airlines – Ethical Dilemmas of Mr. Vijay Mallya

Kingfisher Airlines was grounded last month. The agitating employees refused to come to work from 1 October 2012. Employees had been peacefully protesting earlier for payment of their salaries from February 2012. Management ignored the pleas and the plight of the employees increased. On 4 October 2012, Kingfisher’s store manager Manas Chakravarti’s wife Sushmita Chakravarti committed suicide. In her suicide note she stated – “My husband works with Kingfisher where they have not paid him salary for the last six months. We are in acute financial crisis and so I am committing suicide”.

The employees led a candlelight vigil in support of the grieving family. However, there was not even a word spoken about it by Vijay Mallya, the chairperson of the company on such a tragic incident. He did not mention anything on his twitter account until 23 October, and most of the month he was not available in India. Media reported that he flew out of the country in his personal Airbus. Check out the following tweets.

Vijay Mallya ‏@TheVijayMallya – 23 October 2012.

I travel 24×7 where my multiple work responsibilities take me. Sections of media call me an absconder because I don’t talk to them.

His Formula One team reportedly participated in Korea and he attended the race. He then attended the Indian Grand Prix and his twitter comments are below. They caused a storm in the twitter world.

Vijay Mallya ‏@TheVijayMallya – 26 October 2012.

 I have learnt the hard way that in India wealth should not be displayed. Better to be a multi billionaire politician dressed in Khadi

 Vijay Mallya ‏@TheVijayMallya – 27 October 2012.

Kingfisher is probably the most written about Airline in the World thanks to Indian media. Top of mind brand recall must be at its highest.

The comments don’t show true leadership qualities. He appears to be completely disengaged from the situation his employees are facing. A little bit of humility and sharing of pain would have gone a long way in appeasing the hurt feelings of his employees. Though he is not legally liable to pay salaries to employees from his personal wealth, he has to take moral responsibility for his actions that have caused so much tragedy in the lives of his employees. Some personal austerity would have sent a different message to the world. However, in an interview Vijay Mallya made the following statement and refused to take responsibility for the financial mess.

“In a Plc where is one man, who might be the chairman, responsible for the finances of the entire Plc? And what has it got to do with all my other businesses? I have built up and run the largest spirits company in the world in this country.”

Kingfisher’s net-worth was eroded last year. The banks have refused to grant further loans since the outstanding amount is Rs. 7000 crore (USD 1299 million). Accumulated losses amount to Rs. 6000 crore (USD 1114 million). You can read the details in my earlier post (link here).  Since March 2012, Directorate General of Civil Aviation has been asking for a revival plan to resolve the crises. However, Kingfisher management took no concrete actions. On 20 October 2012, the Directorate General suspended the license of Kingfisher Airlines.

The situation is that the bank, investors and employees are the biggest losers. Vijay Mallya’s personal shareholdings in the company is just 1.87%.  His group companies – United Breweries (Holdings) Limited, Kingfisher Finvest India Limited and UB Overseas Limited – hold 33.97%. Individual investors hold around 33%. Banks and other institutions hold the balance shares. Hence, Mr. Mallya will personally not be liable and may not suffer extensive damage to his personal wealth.

Though, recently Forbes has dropped him from Billionaire list and stated that now he is only worth USD 800 million now. He made a satirical comment on it

Vijay Mallya ‏@TheVijayMallya -26 October

Thanks to the Almighty that Forbes has removed me from the so called Billionaires list. Less jealousy, less frenzy and wrongful attacks.

 Closing thoughts

Mr. Mallya is blaming the media for inaccurately bashing Kingfisher Airlines. It is a strange reaction considering the dire state of the company. He has abdicated his professional responsibilities as leader of the group. He is also not taking any moral responsibility for the situation and the damage. I am amazed at his brand management team. The Kingfisher brand was worth a whole lot. Due to his personal negative reactions and his son’s Siddharth Mallya being oblivious to the churning controversies, the public is completely outraged. Besides the moral disconnection, there doesn’t appear to be any control on communications and brand management.

According to you what should be the appropriate reaction for the Chairman of a company in such a situation?

References

Vijay Mallya flies in to attend Indian GP, blasts media for Kingfisher coverage – Economic Times

 

IBM CEO Survey Insights On Customer Focus

The 2012 CEO survey conducted by IBM gives some interesting insights. Seventy-three per cent CEOs are gearing their organizations to gain meaningful insights from customer data. This is the area of highest investment.  The traditional approach to segment customer data to calculate statistical averages has been replaced with understanding the attitudes and tastes of individual customers.

The main aim of gathering holistic customer information is to devise services and products targeted at the customers and improve the response time. As stated in the report – “The challenge for organizations is two-fold: can they pick up on these cues, especially if the information comes from outside? And can the appropriate parts of the organization act on the insights discovered?” The graph depicts the main reasons for capturing customer information.

Further, the report mentions, that though most of the CEOs focus on capturing information, out-performers excel at acting on insights. The difference is innovation and execution. A quarter of the CEOs reported that their organizations are unable to derive value from the data. Speed of action is required to capture data, analyse, prepare strategies and respond to customers. As one CEO stated the most crucial characteristic is to “organize a major wake-up call.” The customer obsessed CEOs are driving the organizations to more contextual customer insights.  The graph below highlights the marked difference in under-performers and out-performers.

Risk managers can play a pivotal role in helping CEO’s achieve these objectives. They can focus on the following.

1.     Organization Culture and Process Change

A customer oriented organization culture is required to leverage the opportunities. Secondly, the organization needs to align the processes towards customer relationship management. Risk managers can conduct organization culture survey to assess customer orientation. Moreover, they can review processes to determine risks and controls to mitigate risks.

2.     Security of Data

The activity requires accumulation of extensive customer personal information. Generally, companies use separate data centres to collect and analyse the data. However, the risks of loss and theft of data is huge. As in the recent case of Facebook 1.1 million users’ data was sold for US $5. Therefore, it is a good idea to review security polices and test data centre security.

3.     Return on Investment

Data collection requires huge investments in technology and resources. As the CEOs are saying the failure rate is quite high. A review of projects, plans and strategy would identify the pain points and misdirected activity. Calculating return on investment on various programs might steer the investments in the right direction. Timely identifying failing projects and reasons for failure is critical to maintain cost effectiveness.

Closing thoughts

Technology and social media has brought customers closure to companies. The face-to-face customer interaction is gradually shifting towards social media. The companies that are able to navigate this transition successfully will outperform their peers in the industry. Hence, risk managers should support this CEO initiative to enable the organization to leverage upside risks.

What is your organization doing in this respect? How do you think risk managers should facilitate CEOs in this initiative?

References:

Leading Through Connections – IBM CEO Survey

Is Doing Nothing A Reputation Risk?

Tim Cook, CEO of Apple, recently issued an open letter on Apple website, publicly apologizing for the shortcomings in the Apple maps. The first paragraph reads:

“To our customers,

At Apple, we strive to make world-class products that deliver the best experience possible to our customers. With the launch of our new Maps last week, we fell short on this commitment. We are extremely sorry for the frustration this has caused our customers and we are doing everything we can to make Maps better.”

The purpose was to pacify the angry customers who found inaccuracies in the Apple maps. The words of the CEO mattered.

Now let us assume that none of the customers knew who the CEO of Apple is. They have not heard of the CEO before. The CEO visibility was zilch in media, social networks, business conferences etc. Would the words have mattered then? Wouldn’t the customers say – “Who is this guy? We never heard from him before and now he is giving excuses for horrid products?”

Managing an organization’s reputation is part of CEO/CXO job. When reputation risks occur, their communication is part of the risk mitigation plan. Hence, the effectiveness of risk mitigation plan is dependent on the CEO/CXO profile. Until here, I think you will agree with me.

Now let me ask you the difficult question. If the senior management of the organization does nothing to add to the brand or reputation of the organization, is it a risk?

Here is my argument. Normally, we take the following criteria for reputation risks.

Source- ICAI ERM Training Material

This measures only the negative impact. We talk about negative coverage in the media, but what about no coverage in media. In India, most of the CEO/CXOs have no media visibility and unlike the west, 90% do not give interviews etc. in the media. They even don’t have a social media presence and one can hardly find them directly interacting with customers. That is, except for traditional advertising of products in newspapers, magazines and television, there is no coverage of the organization and the senior management in the media.

Now let us see from risk management perspective. One of the strategic objectives of the organization is to build brand and reputation of the organization. The purpose of enterprise risk management is to give an assurance to the board that the entity is moving in the right direction to achieve its objectives. As risk managers, we focus if something goes wrong, but what if, the company is not moving at all in any direction – positive or negative – in meeting its objectives. Should we capture that as a risk?

Closing thoughts

Negative viral messages in social media tarnish a reputation in a span of few hours. It takes just one tweet to go viral. It will be very difficult for a company to defend itself if a company does not have a twitter account and reputation management plan. The same applies to executives. Now the thought process is either develop a brand or get branded. Silence gives an opportunity to others to put labels and develop negative perceptions. Continuous positive messages at a personal level need to go out about the brand for customers to have a favorable opinion. Doing nothing may become a huge risk.

Industry Disruption Risks

The biggest risk of all is industry disruption risks. One fine day the competitive landscape of the industry transformed and it caught us by surprise. Ouch, the world changed while we were sleeping. It is a CEO’s recurring nightmare, and the risk managers do not focus on it much. Reason as I mentioned in my recent posts is that risk managers assume they do not have the right or duty to question the strategy or strategic objectives. Let us discuss this in detail.

Andrew Grove in his book “Only the Paranoid Survive” described the strategic inflection point. He said – “An inflection point occurs where the old strategic picture dissolves and gives way to the new, allowing the business to ascend to new heights. However, if you don’t navigate your way through an inflection point, you go through a peak and after the peak the business declines.” The strategic inflection point disrupts the industry completely and can wipe out old companies in a few years.

1.      The Intel Story

Fascinatingly, Intel itself missed the strategic inflection point of mobile computing. Intel controls 80% of the world’s PCs chip market. It failed to make a timely dent in the handheld devices. Nvidia, Texas Instruments, Qualcomm and Samsung rule the ARM chips market for smartphones and tablets. Intel is now positioning itself in this market with its x86 chips. With the shrinking in the PC, laptop and server market, let us see whether Intel can re-position itself as the smartphone and tablet chipmaker. IPhones and IPads disrupted the technology industry; and surprisingly the giants of the industry – Intel and Microsoft – both missed the boat.

2.      The India FDI Retail Story

Closer home, the opening up of foreign direct investment in retail industry has shaken the complacent industry from its roots. Expected entry of Wal-Mart is causing havoc in the minds of established players. Most of the food retail sector in India comprises of Mom-Pop local stores that supply at low costs. Some organized chains as Reliance, Bharti, Nilgiri’s etc. have started catering to the upper middle class requirements; however have not wiped out the smaller stores. The opening of the retail sector to foreign investment is indicative of industry disruption. The industry is gearing itself to deal with the new risks to retain the competitive advantage.

3.      The ERM Perspective

COSO ERM –Integrated Framework, 2004 defines ERM as:

Enterprise Risk Management is a process, effected by an entity’s Board of Directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide a reasonable assurance regarding the achievement of entity objectives.

 Going by the definition, identifying industry disruption risks comes under risk managers’ purview. However, we tend to take strategy as given and don’t challenge the strategy and strategic objectives. We need to change our perspective. Building and retaining competitive advantage is a strategic objective. The industry disruption events can wipe that out. Hence, include identifying disruption risks as part of risk assessment.

Closing thoughts

Industry disruptions occur due to external forces – regulators, competitors, suppliers, customers and society. To identify strategic inflections points risk managers must meticulously track the external environment. Understanding external environment is difficult and requires extensive industry knowledge. Therefore, I know, some of you would be wondering whether it is part of our job. Let us check with the readers.

Should Risk Managers Re-use Last Year’s Strategy?

Let me ask you a question. For 2013 planning, are you thinking of updating the 2012 annual audit plan or risk management plan? Alternatively, do you think major changes are required, and you need to start from scratch? While preparing 2013 strategy of plan, you cannot afford to just tweak your previous plan and get by. You need to do the whole works and start with a plain sheet of paper.

Exactly why am I making such a bold statement? Let me explain. You must have read various surveys in which business teams state that risk managers and auditors are not addressing the business concerns. The thing is risk management practice is changing at a much slower rate than the external and internal business environment.

Below is a simple graph. The lines in real world would not be straight; I have just used it for the sake of convenience to illustrate my point.

1.   External environment

The external environment is going through a rapid change. This includes the social, cultural, political, legal, economic, technological, financial and competitive environment. The speed of change is so high, that most organizations are failing to keep up to speed. Hence, there are a numerous upside and downside risks in the external environment that organizations are clueless about.

2.    Internal environment

Organizations attempt to make sense and adapt to the changes, however at a slower rate than the external environment. During a year, many organization changes take place. Changes occur in business strategy, objectives, policies, procedures, organization structure, roles and responsibilities, governance models, products, knowledge, processes, systems and technology. Due to these changes, the risks within the organization change. Numerous risks remain un-addressed when we do not consider the changes for preparing a risk management strategy.

3.    Risk management function

The risk management disciple as such is changing at a slow pace. If you recall, COSO issued “Internal Controls – Integrated Framework” in December 2011 for public comments. The internal control definition had not changed and only some areas were improved though this was the first revision issued after 1992. COSO received so many comments, that now it plans to issue the final version in 2013.

Within the organizations, the situation is the same. Risk management and audit functions are the last to change. While CEOs are demanding that they advise on strategic risks, very few are rising to the occasion. Even with five-year of financial crises and slow down of economy, the surveys show limited improvement in performance of risk management and audit functions. They haven’t leveraged the opportunity, leaped forward or made great strides. They are cribbing about the same old issues of lack of top management support instead of focusing on the changing business landscape.

Hence, the gap in knowledge of risk managers and auditors of business risks is huge. If they are not tuned into the internal business environment, they leave some risks unaddressed. If they haven’t focused on the external environment, they are a number of unknown risks that can affect the organization any time. Therefore, the annual risk management strategy and/or plan is ineffective if these aspects haven’t been considered.

Closing thoughts

The business environment risks can be best described in the words of Donald Rumsfield, the former US Defence Secretary. He had stated at a press briefing relating to the increasingly unstable situation in post-invasion Afghanistan: “There are known knowns. There are things we know that we know. There are known unknowns. That is to say, there are things that we now know we don’t know.  But there are also unknown unknowns. There are things we do not know we don’t know.” Risk managers and auditors are in the same situation. Hence, strategy and plans have to be devised keeping this in mind. Start from scratch for 2013 strategy.

Watch this video and share with me, will your old strategy work?

Risk Assessment of Marketing Function

The global economy is facing turbulent times with US in recession, Europe in economic crises and emerging markets growth slowing down. Frequently organizations panic on hearing forecasts of looming recession. They cut down marketing budgets, innovation of products and capital investments. The reaction further adds to the woes, and accelerates the downward trend in sales. Risk managers normally do not focus on marketing department activities and generally are not called upon to share their views on marketing strategies. A look on these areas may prevent the company from going in red and thrive in chaotic times. Here are a few suggestions for risk managers.

1. Bench-mark Marketing Function

The complexities of business world are escalating marketing risks. For survival and growth organizations need resilient marketing and sales functions. They have to identify strategic inflection points in the market and adapt accordingly. In recession customers interest, values and budgets change. With new competition and changing regulations, organizations need to reinvent business models. Hence, as a first step risk managers  need to bench-mark the organization’s marketing function.

Philip Kotler and Johan A. Caslione in their book “Chaotics - The business of managing and marketing in the age of turbulence” have presented a table on marketing function attributes. Out of the 14 attributes, below are 5 critical ones distinguishing between poor, good  and great marketing functions.

Srl    Poor                                        Good                                              Great

1. Product driven                    Market driven                                    Market driving

2. Product offer                       Augmented product offer                 Customer solutions offer

3. Price driven                        Quality driven                                     Value driven

4. Reacting to competitors    Bench-marking competitors             Leapfrogging competitors

5. Function oriented               Process oriented                                Outcome oriented

McDonalds marketing strategies reflect these attributes. In India, McDonalds is opening a purely vegetarian restaurant near Vaishu Devi ( a renowned Hindu temple) and Golden Temple (Sikh’s foremost gurdwara). It is catering to the Indian sentiments; in most religions Indians do not eat non-vegetarian food in a place of worship. Near the temples, generally local vegetarian eating joints thrive and there are no global food chains. The huge number of devotees provide a large market.

A few years back, McDonalds customized its menu according to Indian tastes and introduced vegetarian burgers. The McAloo Tikki (a potato burger) contributes to 25% of the total sales.  It may shock the Americans, but no beef burgers are served in India.

2. Evaluate Cost-cutting Measures

The attitude frequently is to cut costs across board. For instance, if marketing budget is XXX dollars, the total budget will be reduced by 25% without assessing the details and profitable products. Here risk managers need to assess the soundness of decisions taken to reduce costs. Below are a few examples to look for:

a) Advertising : Is the total advertising budget reduced? This would be a wrong move. During recession, the core products that contribute to revenue need aggressive advertisement. The advertising budget spent non-core products and loss making products can be dropped. Moreover, explore cheaper advertising models – social media, internet etc. and reduce budgets on paper and television media.

b) Discounts : Another option adopted to increase sales is to discount all products by a certain percentage. This is a self-destructive strategy as discounts on core premium products would damage the revenue stream in the long-run. If customers require cheaper products, cut the frills in the premium products and introduce a bare minimum model. This will maintain the brand and revenue.

3. Assess Strategy and Systems

Risk managers must assess the marketing strategy and systems to ensure that the risks are systematically identified in a timely manner. Here are a few examples of the same:

a) Core products: Does the strategy focus on core products? Are there systems in place to show the winners and losers? If the systems are inadequate profitability, market spend and customer behavior cannot be captured accurately. Hence, the organization will be unable to adapt strategy to the changing marketing trends and customer behavior. Moreover, companies cannot  reduce costs without identifying inefficient spending.

b) New products : Has the organization delayed the launch of new products during recession? The customers require cheaper products during hard times. Hence, the strategy should be to delay expensive products but focus on products that cater to the new customer requirements and changes in behavior.

Closing thoughts

With economies slowing down, the marketing functions are facing many challenges. Customers are better informed through social media and internet, competitors copy products faster, and price of the product is a driving factor. Risk managers can contribute by conducting risk assessments of the marketing function and helping the teams in identifying the upside and downside risks to their strategies. This is a good place to add to  profitability.

References:

1. Chaotics - The business of managing and marketing in the age of turbulence - Philip Kotler and Johan A. Caslione
2. Beefy McDonald’s to Open Veg-Only Outlet in Katra – Economic Times

Lessons From Olympics for GRC Professionals

The London 2012 Olympics opening ceremony will be remembered for the Queen’s act of Bond girl. While reflecting on Olympics, I realized that risk managers, compliance and ethics officers can learn a few lessons from it. I know, most of us are watching the games and hoping our country’s athletes win a few medals. But just take a look at these points, and think whether they apply to your role.

1. Planning & Execution

Olympics are remembered for the awesome opening and closing ceremonies. The games run smoothly without a hitch for two weeks with thousands of athletes participating. The grand scale of the game requires years of preparation. Organization committees plan and implement each detail, and synchronize all cogs in the wheel. The stadiums are developed, the ceremonies are rehearsed several times, traffic planning is done in advance, etc.  Different teams collectively dedicate themselves to ensure a spectacular performance.

Risk managers, compliance and ethics officers, fraud investigators and internal auditors sometimes tend to work in silos to protect their own turf. Additionally they make annual plans and most do not have a 3 to 5 years plan. To build an ethics culture and/or risk culture, the foundation has to be laid and each brick put in its place to deal with the present day complexities of the business environment. Hence, organizations will give a spectacular performance only with the long-term planning and hard work of the risk teams.

2. Coaching & Training

Athletes train for years to become national and international champions. Their coaches train and guide them continuously to improve their performance. GRC professionals have two takeaways from this. First, to dedicate themselves to learning continuously. Risk management is a dynamic field, with new risks emerging everyday. GRC professionals cannot rest on their laurels and must learn new disciplines.

The second aspect is from business teams perspective. Ethics or risk management training isn’t a one time job. Psychologists state that once the moral compass shifts downward, a person starts losing moral judgment on most things in life.  Business teams must be trained and coached regularly to stay ethical and effectively manage risks. When athletes need so much physical training to win, business managers require an equivalent amount of moral training to operate effectively.

3. Importance of Fair Play

Britishers coined the term “fair play” and its importance in sports is such that all athletes, coaches and referees take an oath to play by the rules. Breaking of the rules is severely punished and dopers are banned.

On the other hand, the recent scandals of the corporate world show that the value of fair play is lost. The reports are damaging; clearly indicating that all rules and laws were disregarded to make money, achieve targets and get the upper hand. It is tragic that corporate citizens believe that nice guys finish last. Ethics officers must inculcate a sense of fair play within the corporate culture. Performance must be measured on merit and skills,  and not on capability for foul play.

Closing thoughts

The games reflect the changing times. For instance, China and US are competing for the top slot. In the last century, the developed world took the top three slots and the BRICS were hardly a group to be reckoned with. However, now they win a significant portion of the medals.

In this Olympics, gender equality took center stage. It is the first time in Olympic history that each country has a woman athlete and 49% of the total athletes are women. It is an amazing change, because when Olympics started women weren’t allowed to participate. Simultaneously, the growing power of women was reflected in the corporate world. A CEO and a pregnant woman were two mutually exclusive terms. Marissa Mayers appointment as CEO of Yahoo showed that a woman can be both.

Watch the games and let us hope the better sportsperson wins.

Parts of this post were selected by Company Secretary magazine (US) for posting in their article Olympics coverage: earning a gold medal in ethics” on 3 August 2012.