Risk Management Induction Training to Business Teams

I had joined a new company and was taking the induction training. I thought it would be a good idea to get fellow participants perspective.So I asked a young employee – “How did you find the risk management induction training?” He responded – “Was that training? It sounded more like a rulebook of corporate prison.” The training had bored me to death and I shared his opinion. I wondered whether risk management team took feedback seriously or were purposely designing trainings to turn off new employees.

Normally in India, a trainer reads out from the presentation the various dos and don’ts of the organization’s code of conduct, regulations impacting the organization and technicalities of business ethics. To enhance interest further some provide detailed information of GRC organization chart. The training comes to a dramatic end when in the last few slides, the trainer delivers the key message to the participants – We will fire you if you do not follow all this.

The newcomers already have butterflies in their stomachs. To add to their woes, we present a dry subject in a dull and boring manner. Then we expect them to imbibe the messages in their daily working life. Let’s face it, we are facing competition from Lady Gaga.  Gen Y is more likely to remember the lyrics of her song, than risk management training. To get their attention we need to reframe risk management training. There is no rulebook that says trainings must be without any rammatazz and unimaginative to the core.

Yeah, that's a HR Management book

I contacted Peter Cook, an unconventional and creative business author, speaker and consultant, to get his views. He is reinventing the art of human resource management. His recent book Punk Rock People Management is a winner. He innovatively connects human resource fundamentals with music. Unbelievable but true, you have to read one of his books to find out how he does it. His perceptive views on induction enormously impressed me. Here is my favorite paragraph from the book:

“Post-punk princesses Madonna and Lady Gaga unwittingly stumbled upon the problem of induction with their songs ‘Like a Virgin’ and ‘Bad Romance’ as did punk group The Boys with their minor hit ‘It’s my first time’. However good your hiring of people is,  failing to induct people properly can cost you in thelong run. Classical HR induction sessions emphasize all the statutory stuff, such as health and safety and getting your corporate identity badge (whilst losing your identity). But they generally fail to establish what is called a ‘psychological contract’ between the new recruit and the company, which leads to long-term performance and commitment. The costs of NOT doing this include rapid turnover, poor performance, corporate sabotage and mental sabbaticals (the lights are on but no-one’s at home) etc.”

Peter makes an excellent point about psychological connection. Risk management trainings fail to positively influence the participants. The lines below highlight the ridiculousness of expecting participants to be gung ho about the training.

“Imagine what would happen if this approach were adopted when you fell in love. You would have a ARRSE (Adviser – Romance Risk Strategy Executive) come along to show you some PowerPoint slides on the risks of falling in love,issuing you with badges to say you are officially in love, and so on. So, why does common sense go out the window when we enter the crazy world of work?”

 This prompted me to pick up three most applicable points for risk management induction training from Peter’s book and I requested him to share his views on the same.

1.    Understand the audience

The one-size fits all doesn’t work for risk management training. For instance, in Indian ITES sector, new employees join right after school. To them, terms like audit, fraud, ethics are practically incomprehensible. Their head will spin if we give them a download on various laws and regulations in the first training session.

The same applies in other industries also.The choice is ours – to be either amused or appalled at their naiveté.  The story below depicts the level of understanding of a fresh recruit.

An experienced purchase manager working in food and beverages industry was offended with a new junior. The junior had accepted a gift from a supplier in their first meeting. The purchase manager called the junior to his room and asked in Hindi –“Do you understand ‘AAchar’ (ethics)?“ The junior replied in English– “Of course sir, it means pickles (Achar).”

This is the risk managers’ starting point for training. Therefore, prepare a training calendar with various sessions over 6 months to bring them up to speed. Peter mentioned that there are 57 ways to train besides classroom training – workshops, e-learning, mentoring, storytelling,  etc. Identify the staff learning styles and develop the training accordingly.

2.    Make training fun

I know it is tempting to give a few thousand pages to read to the participants. That is what we, as risk managers had to do. But remember the training participants haven’t signed in for a risk management professional course. Don’t give them manuals in the name of e-learning. That’s only going to make them panic. Make it simple and fun. Peter succinctly put this point across in his book. He says create an environment where people are naturally engaged. For example, he wrote:

Pubs do NOT have mission statements that say:

 “We aim to encourage sociosexual networking and leverage mission critical knowledge, skills and wisdom through the use of addictive depressant substances in a relaxing lifestyle environment that encourages the suppression of societal norms of decency and so on”

If you read this statement while entering a pub, will you immediately fall in love with the pub or hesitate to enter? Same rule applies to induction training. Why not explain the statutory stuff without using the corporate and risk management jargon?

3.    Help participants succeed

The biggest obstacle in the successful implementation of risk management training, is the attitude of the risk managers. The managers sometimes focus more on the numbers covered so that they can tick off from their to-do list and report to compliance that training was conducted. The trainers are not accountable to make the business teams effectively manage risks.

Sometimes, when the classroom training is over the participants do not know whom to connect with if they have questions when they start working. In some e-learning courses the same problem is exists.

Peter gives some good advice here. He says – Make sure that new people understand on the first day exactly what they can do to succeed. Connect the new members with the people who can help them do their best”

Closing thoughts

Use induction training as a starting point to develop risk awareness and culture within the participants. Don’t make it a big ruse to cover numbers. If the training is good, the new employees will become unofficial ambassadors of risk management. By creating the right chemistry, risk managers will have long term allies in business teams. Make the start a memorable and happy one for the new employees, and they will keep coming back for more.

Storytelling for Risk Managers

When I started writing this blog, a few writers and fellow bloggers gave me an ego deflating feedback – “Your posts read like research papers, you should write more stories.” My reaction was – “Write stories! I am a chartered accountant and a risk manager. We are data addicts, not storytellers.” I consoled myself, since I was loathe to move out of my comfort zone and didn’t really know how to write stories. Excuses work best under these situations and I happily created a protective bubble about me. To top it, the research posts were getting very good hits. Things couldn’t be better. I choose to ignore that some other risk management bloggers were doing a fantastic job at writing stories.

My happy delusional state got a reality jolt when I read the book – “Too Big To Fail” authored by Andrew Ross Sorkin. It is a mind-blowing account depicting the events that lead to the financial crises.  The narration of the spectacular fall of the wizards of Wall Street and monumental institutions is awesome. I had to admit, one could write financial stuff as a good story without the technical lingo. Then I decided to delve a little bit deeper into the subject. Naturally, I was curious as how can risk managers use storytelling to influence business teams.

As usual, to get a feel on whether I am on the right track, I relied on my finely ingrained habit of checking relevant data.   I read the McKinsey survey – How social technologies are extending the organization? Just to indulge my penchant for data, the survey states 50% of the organizations are using social networking sites and 41% are using blogs. The icing on the cake is that it increases speed of access to knowledge and experts, while reducing communication costs. The business case is solid, as one can assess from seeing the graph below.

McKinsey Report - How social technologies are extending the organization

So why are risk managers languishing behind? Laws don’t change mindset. A compliance audit just gives bare minimum assurance. Internal blogs, videos and social networking sites are a good medium to tell risk management stories. Interesting stories will capture the imagination of the audience and stay with them. Through storytelling, risk managers can develop a strong risk culture. Hence, here are some situations in which risk managers can use storytelling.

1.     To get buy-in

One of the major constraints for risk managers is to get senior management and business teams support for their projects. Senior management is unable to see the big picture as most of the information presented is about weaknesses detected in earlier reviews and audits. Risk managers rely on data and numbers to build their business case. They don’t narrate the story to project the overall future state or benefit to business. As senior managers don’t get the connections, the idea is lost.

With business teams, the scenario is more difficult. Due to the negative role of risk managers, business teams don’t trust them and are quite wary of involving risk managers. The situation sometimes becomes us versus them political football game.

By using a past event as a base, risk managers can develop a story to give the big picture to senior management and build camaraderie with business teams. Stories help connect with people on an emotional and mental level. Despite all the advantages of relying on data, managers make 60-70% of the decisions on emotions. With storytelling, risk managers can tap positive emotions to get support.

2.     To train staff

The challenge with most corporate training is that within a couple of weeks the participants forget the training and start operating at the same level as before. The formal training for compliance, business ethics etc. is a whole lot about do’s and don’ts. Risk managers use a number of regulations, laws and charts to convey the messages. Humans don’t have long-term memory of such stuff. On the other hand, they remember the stories that connect with them.

Risk managers can use stories to train staff in many ways. For one, in classroom training, they can focus on the story rather than law. For instance, in training staff of US FCPA requirements, build the story around previous bribe cases on how the organization suffered and the impact on employees. Narrate good stories with negative stories to make them understand the scope of the act.

Secondly, to ensure that participants do not forget classroom training, risk managers can use internal blogs, videos and social networking sites to continuously provide information. Think of it, in India Gen Y constitutes majority of the workforce in service sector. Can one realistically expect them to remember the code of conduct and make appropriate ethical decisions based on it? Unless they continuously get stories on blogs that ask them to make choices, they won’t get the experience.  Hence, risk managers can leverage this tool effectively at low cost.

 3.     To share knowledge

 Risk managers face twin problems. Firstly, they have a reputation of doomsayers; hence, business teams are hesitant to involve them. Secondly, sometimes business teams make decisions without understanding the risks. Hence, managers make faulty decisions thinking it is a no/low risk business whereas it might be high-risk business. Prime example is the CDOs in the financial crises. Most of the players in the financial industry didn’t understand the complex nature and couldn’t calculate the risk.

Another aspect to consider is that audit, compliance and fraud investigators can’t share confidential reports with the whole staff to educate them. Sharing such information becomes a double-edged sword.

On the other hand, risk managers can use stories to educate business teams and share information without the risks. For example, clean up a fraud report by changing names and other confidential information to build a story. Put these stories on the internal knowledgebase or share on social networking sites. Business teams would automatically check on them when they have a similar case or situation. Hence, losses from risks will reduce.

 Closing thoughts

One final thought for risk managers, while it is good to use storytelling for business teams don’t do it without having adequate data backing your main points. When I read ‘Too Big To Fail”, by the end of the book one thought entered my mind. What if, Senator Paulson Hanks, the ex-Secretary of the Treasury, orchestrated the financial crises to help his banking colleagues? He made it mandatory for good banks to accept bailout money so that public couldn’t identify vulnerable banks. Isn’t that fooling the public with their own money and covering it with frail logic? . Now I will be able to clear this doubt only when I go through financial statements of each of the financial institutions that got bailout money.Various interpretations can make the best stories go wrong That is the problem with storytelling; hence, maintain a fine balance between data, facts and stories.


How social technologies are extending the organization- McKinsey Quarterly

Risky Selection of Leaders

Everybody in the business world has a litany of woes about leaders. There are many causes attributed to it, but the pertinent question is- are we choosing the right leaders or is this a case of blind choosing the blind? I found some flabbergasting research highlighting that leadership selection is mostly done on attributes perceived to make a person successful. More often than not, the actual traits required for leadership are ignored.  Read on to assess for yourself whether organizations are doing risky selection of leaders.

1.    What attributes are organizations looking for?

The “2009 Best Companies for Leadership” report of Hay Group with Bloomberg identified 20 companies globally that were best in developing leadership talent. The results indicated that these companies gave better shareholder returns in short-term and over a 10-year period than the S&P 500. Infosys Technologies was the only Indian company in the listed 20. The graph below shows the traits top 20 companies value in leaders. Strategic thinking, execution and soft skills rate above technical skills.

2.    What is the percentage of effective leaders?

On the face of it, the above-mentioned attributes seem to be present in most of the staff. However, another survey -“The Global Leadership Forecast 2011” conducted by DDI  “found that only 33 percent of HR leaders are highly confident in their frontline leaders’ ability to ensure the future success of their organization.”  Now these frontline leaders are critical to the growth of the business as they interact with the customers. Hence, their leadership is crucial for increasing profitability of the organization

Secondly, in the long run these frontline managers are most likely to become business unit heads and hold other critical positions in the organization. We assume that with experience the leadership capabilities improve. This is an incorrect assumption. A research conducted by Hogan and Curphy (2004) asserts that managerial incompetence base rates are as high as 50% of all managers. So where are we going wrong? Dolitch & Cairo succinctly described the problem in the following words:

It’s instructive that an individual as ideally suited to a job as Pitt (former SEC chairman) could ultimately fail.  Too often, we assume that someone whose professional background is a perfect fit for a job—who has the ideal combination of intellectual acumen, experience, and expertise—cannot fail.  The lesson:  Never underestimate the power of personality in undermining the success of even the most brilliant and well-suited leader. (Dotlich & Cairo, 2003, p. 62)

3.    How are managers doing on personal attributes?

A 2010 survey of HayGroup- Emotional Intelligence at the heart of performance – identified the crux of the problem. It showed that out of 12 competencies for measuring emotional intelligence20% of the respondents had no strengths, 52% had 3 or fewer and just 16% had 9 or more. This means, that just 16% of the respondents are emotionally capable of being good leaders.

ESCI scores further analysis indicated that – the competencies typically seen as strength include achievement orientation, teamwork and organizational awareness. Whereas, those that typically require most development include emotional self-awareness, conflict management, influence and inspirational leadership. Think of it, without the emotional intelligence to understand one’s own and other people’s behavior, – can an individual positively influence others, lead teams and inspire people?

This means two things. First, that society doesn’t have a high percentage of emotionally intelligent people. Second, people without the emotional intelligence get leadership positions on technical and execution skills. Beyond a point, this results in failed leadership and causes damage to the organization. Leaders with low emotional self-awareness de-motivate 60% of the staff. The staff is disengaged, suffers in a toxic work environment and organization faces retention problems.

 4.    Why do organizations choose ineffective leaders?

 In light of the above facts, we assume the organizations should be doing a better job at selecting leaders. However, they are failing because psychologically humans chose leaders with negative traits. I am highlighting a couple of aspects on it.

Strategic thinking is the most important skill organizations are looking for amongst leaders. To develop a good strategy, leaders need to be creative thinkers. However, as I wrote previously in the article Creativity @ Risk” based on the Jenniger S. Mueller’s research paper – people don’t chose leaders with creative ideas. When a person with creative ideas is pitted against a standard thinker who follows established norms, the standard thinker wins the leadership selection battle. People select the creative thinker only when specifically asked to choose a charismatic leader. Therefore, people by themselves may not choose an inspiring leader.  That means, people chose leaders based with whom they are comfortable with, rather than the intellectual capability of the leader. The clear message is that organizations will get strategic thinkers and inspiring leaders only when they specifically focus on identifying, developing and promoting them.

The second aspect is the soft skills or emotional competencies of the leaders. A research paper by Robert W. Livingston, Taya R. Cohe, & Nir Halevy titled – Empowering the wolf in sheep’s clothing: Why people choose the wrong leaders – highlights that people tend to chose leaders with harmful attributes and lacking emotional skills.  The research indicates that there is stark difference in what people say that they value as leadership traits and the people they select as leaders. People chose leaders who are socially appealing but may not be interested in the welfare of the group. Social individuals are perceived as high status. Although they may be more self-serving, power seeking and self-promoting, people prefer them to an altruistic person.

This means, paradoxically people chose a person as a leader who is domineering and competitive  rather than an empathic team player concerned over the welfare of his team mates. Nice guys lose the battle of leadership. Therefore, we shouldn’t be surprised that organizations have such aggressive cultures with backstabbing and backbiting being the norm.

The quandary is, that in a drive to achieve targets and growth, competitive people rule. The thinkers, team players, influencers and change agents are not preferred choice for leadership roles. The excessive focus on achieving numbers itself reduces profitability due to destructive corporate culture.

Organizations need to maintain balance while selecting leaders. The right mix is required. A sales team leader needs to be more emotionally aware of customer reactions and be sociable. On the other hand, to develop and train resources a learning and development leader needs to be altruistic and empathetic. Hence, organizations will reduce leadership selection risks by identifying various emotional capabilities and soft skills required by a leader to fulfill a job description.

 Closing thoughts

 When one does the math for ineffective leaders, the failure rate is remarkable. While most organizations are focusing on developing leadership talent, a root cause analysis for failure of leadership and selection of ineffective leaders is not done. Realization dawns normally when organization is on the brink of a catastrophe.

Therefore, it is a good idea to build in an emotional competency evaluation system for selecting leaders. A fine balance has to be maintained between technical and emotional competency of the individual and organization objectives and culture. Without plotting the data on a matrix and evaluating it objectively, organizations might not get the right leaders. While leadership is a soft skill organizations require hard data to select a good leader. Leaders can make or break an organization; hence, huge risks occur when wrong leaders are selected. Risk managers must call management attention for selecting good leaders by conducting a leadership skill assessment.


1. Better Leaders, Better Outcomes The Power of Selection Tools to Drive Business Results – A research paper by DDI

2. 2009 Best Companies  for Leadership -The future of leadership: a spotlight on the best -Hay Group Webinar Feb 18, 2010

3. EI at the heart of performance -The implications of our 2010 ESCI research – Hay Group

4. Empowering the wolf in sheep’s clothing: Why people choose the wrong leaders – Robert W. Livingston, Taya R. Cohen, & Nir Halevy- Kellogg School of Management, Northwestern University

2011 Kroll Global Fraud Survey Report- An India Perspective

2010-2011 Annual Global Fraud Survey report of Kroll conducted by Economist Intelligence Unit gives expected results. Fraud continues to be a big problem worldwide and more so in India. Of the companies surveyed, globally 75% reported experiencing fraud during the year. Though the figure has reduced in comparison to previous year’s 88%, the situation is still dismal.

In India, the situation is disastrous, with 84% organizations reporting that they suffered from fraud during the year. It is wake-up call for India, as it is ranked second worldwide after Africa and shares the position with China

The chart below compares the top six fraud categories at global level with India. In most of the cases, India is doing much worse than its global counterparts are.  Worldwide management conflict of interest, internal financial fraud, corruption and bribery and vendor procurement related frauds have increased. Physical theft of assets and information theft decreased.  Indian business crucial pain points are corruption and bribery, information theft, internal financial fraud, financial mismanagement and vendor procurement.

1.    Cost of Fraud

The report answers the most relevant question relating to fraud – what is the loss caused by fraud? The estimated figure given in the report is that globally organizations suffered 2.1% revenue loss due to fraud. For India, the percentage is higher at 2.4%.  

Further analysis available in the report says that 18% of the companies reported an earnings loss of more than 4%. A quarter of these most affected companies suffered losses more than 10%.  These companies are reporting corruption, bribery, money laundering and regulatory breaches frequently. However, they are doing nothing about it. The lack of fraud prevention and investigation measures is causing huge losses in these companies.

Indian companies are ill prepared to the fight fraud menace. Just 50% companies have background screening, third-party due diligence and other fraud prevention measures in place. In my view, India does not have adequately trained fraud investigators as part of the risk management teams. Overall, the focus is on financial statements audits and internal audits. These audits are not done to detect frauds.

2.    The Inside Job

Management finds it hard to accept this fact that internal employees and related parties conduct most frauds. The report mentions that insiders conducted 60% of the frauds globally. That is, 28% junior employees, 21% senior employees and 11% third-party agents conducted frauds. In India, 59% of the frauds were conducted by internal sources.

The frauds conducted by senior employees cause more damage to the company. Not only are the financial figures larger, the reputation damage is huge. However, the companies in India still do not have adequate focus on internal controls and management controls.

However, government has initiated some steps to address the high level of frauds in Indian private sector. In my view, the Indian government’s decision to give more power to the Serious Fraud Investigation Office (SFIO) in the new Companies Bill is a step in the right direction. SFIO will be in a position to conduct more investigations, arrests, raids and seizures. This would put some brakes on the escalating financial fraud cases in India.

3.   Corruption & Bribery in India    

The report has a special coverage on corruption in India. It shows that the 2010-2011 corruption and fraud cases in India – 2G telecom scam, Adarsh Society scam, CWG fraud, various land scams etc. – have negatively impacted India’s reputation internationally.

Last decade depicted India’s growth story. The government and private sector post independence never had it so good. Huge investments were planned to improve infrastructure. With liberalization foreign investment flows increased. The sudden spurt in economy also resulted in higher greed and corruption soared. The cases show how senior level politicians and business heads who were much revered and respected compromised their ethics.

As per the report, 78% of the Indian organizations have stated that they are highly/moderately vulnerable to corruption. In my view, this is an understatement; around 90-95% of the companies are exposed to corruption.

The multinational subsidiaries in India are also significantly affected by corruption. Though the FCPA and/or UKBA are applicable to them, the acts do not have much teeth in Indian scenario. In my view, the US/ UK authorities will be able to follow through only on the bigger cases, and the smaller ones will be ignored. Hence, the effectiveness of these acts is limited. Secondly, the developed countries have a one sided view of corruption. They prohibit their own country’s companies from paying bribes. However, accept the bribe money deposits from Indian (and other countries) politicians and businesspersons in their country’s banks.  This encourages money laundering rather than curtailing corruption.

Although, India has a Prevention Against Corruption Act, it hasn’t reduced corruption. As per the act, government officials cannot receive any form of bribes or grease payments. However, receiving 2-10% bribe of total contract value assigned is quite prevalent. The India Against Corruption moment led by Anna Hazare has forced government to issue a strong Lokpal Bill. The bill expected to be passed in this winter session of parliament. The implementation of the bill may curb the demand side of corruption to some extent.  

 Recently in October 2011, the Prime Minister announced, “that his government was working on proposals to criminalize private sector bribery and to also make illegal gratification of foreign public officials an offence.” This is in line with United Nations Convention Against Corruption, which India had signed off earlier in the year. The government is also planning to issue a bill to protect whistle blowers. The two bills jointly would have significant impact on curbing supply side of corruption.

Closing thoughts

India to maintain its growth story needs to reduce fraud and corruption in government and private sector. As previously mentioned corruption and fraud stop multinationals from investing in the country. The decrease in foreign direct investment in 2011 and the international financial institutions outflow of funds from stock markets are clear indicators of the negative impact of  fraud and corruption.

Therefore, Indian government must improve governance and take strict action against the offenders.  Comptroller Auditor General is showing the way forward, the need of the hour is for political parties to have the spirit to clean up the mess. The private sector must implement fraud prevention measures and focus on ethics to reduce frauds. Both sectors have to collaborate to minimize fraud risks in India.


1.  Kroll Global Fraud Survey 2011

2. Private sector graft may be made crime too: PM