Global Convention on Corporate Ethics and Risk Management
Corporate Ethics and Risk Management in an Uncertain World
Bombay Stock Exchange, Dalal Street, Mumbai, India
Plenary Session III, 17th February, 2017
Enterprise Risk Management: Board Perspectives (Questioning Risk Management)
Prof. Colin Coulson-Thomas*
Directors and boards should make sure that policies and governance arrangements are in place to ensure ethical decision making and effective risk management. Record losses announced this week by Rolls Royce illustrate the consequences of ethical misconduct and risk mismanagement.
In relation to risk, should we be taking a hard look at ourselves and whether our approaches and board practices are creating an unnecessarily high degree of risk? Why is risk management not just management? Surely risk is an integral element of business, management and life.
Risks present both challenges and opportunities. The taking of reasonable and calculated risks is at the heart of entrepreneurship. It is essential for innovation and progress. Innovation may be risky, but not innovating is even more risky and can lead to stagnation.
Uncertainty abounds – From the unpredictability of political and economic events to the relentless pace of innovation, discovery and scientific advance – From the impacts of disruptive technologies to the emergence of new business models and markets. We have come to expect the unexpected. We are no longer surprised by surprises.
There are consequences for risk managers and risk management. Are our existing approaches still valid and up-to-date? Do risk management and governance practices need to be refined, or do they have to be re-invented? Are our outdated models and practices a major risk factor?
Twenty five years ago, in my book Transforming the Company I argued that organisations should not be viewed as structures with hard shells, or as machines to be re-engineered. I suggested they are living networks of inter-connected relationships and collaborations that can grow organically.
The subtitle of Transforming the Company was ‘bridging the gap between management myth and corporate reality’. Is the notion that we are managing various risks a myth or a reality? Are risks under control, or in many cases are are we groping for ways of handling them? Where in our changing world is the innovation in our thinking about risk management and governance practice?
Are we just going around in circles like the feedback loops in our tidy models? Why do we still undertake annual reviews? Why do we measure performance against objectives that were set when different market conditions, priorities, even business models applied? Why do we devote time to ritualistic exercises whose outputs are quickly forgotten or over-taken by events?
Are aspects of corporate governance rhetoric a con? Are directors providing strategic direction, or are they keeping their fingers crossed and hoping for the best? With companies de-listing, and in an era of crowd-funding and co-creation, why is corporate governance so obsessed with shareholders? Why are customers still regarded as outsiders?
How relevant are concepts such as vision, mission, values, goals, objectives and strategy in uncertain contexts in which disruptions abound? How useful are practices such as monthly board meetings, corporate planning and annual reporting where change is relentless and intervals between reinventions dramatically shorten?
Thirty years ago I wrote an article entitled Strategic Vision or Strategic Con? It was published in a journal optimistically called Long Range Planning. Why do boards perpetuate planning myths? Why don’t they embrace intelligent steering, confidence accounting and real time information?
Why do so many boards treat employees as dependants and targets for their one-way messages? Is this why so few employees report ethical and/or risk concerns? Why do whistle-blowers invariably suffer for speaking up? Is protection promised to whistle-blowers another con?
How many boards are truly innovation driven? Is their commitment to innovation rhetoric rather than reality? Do boards only adopt innovations that match existing policies, strategies, values, cultures and capabilities? Would they be prepared to review any or all of these in the light of exciting opportunities created by a disruptive technology?
High risks in certain areas can sometimes be balanced within a portfolio of activities and/or products by other items with lower risk profiles. Is an anti-diversification bias and the fashionable strategy of focusing upon a core business increasing risk by putting “all eggs in one basket”?
The nature and source of risks can change. Processes, systems, business models and governance arrangements need to be flexible and adaptive as well as robust and resilient. They also need to reflect the inter-connected nature of contemporary corporations.
Risk management and governance should extend to a company’s customers, business partners, supply chain and other stakeholders. So should cyber-security measures. They should embrace corporate data held externally, corporate systems operated by third parties, mobile devices and people working from connected homes.
Corporate systems and processes should be sufficiently resilient to withstand the simultaneous materialisation of multiple risks. Boards should be aware of dependency upon collaborations, utilities, public services and banking, legal, regulatory, transportation and other systems. In cyber-warfare many of you will be in the front line. There will be people trying to shut you down.
A board should establish, communicate and regularly review its risk appetite. The level of risk it is prepared to accept in different areas should reflect changing challenges and opportunities. Which collaborators and stakeholders should be involved and how often should they be engaged?
Does risk management have to just be about our problems and those of our companies? Should it also be about what our companies could do to help customers and wider society confront the risks they face? Should it be more about turning challenges into opportunities?
Wider society faces many challenges. Large numbers of jobs are at risk from disruptive technology. Repetitive jobs and those requiring logic and structure are particularly at risk. Yet opportunities abound to enable people to live healthier and more rewarding lives. Entrepreneurship in creative arts that are less resistant to automation can deliver cultural, social and economic benefits.
Performance support represents an affordable, quicker and less disruptive approach to high performance and the simultaneous delivery of multiple objectives. It could end traditional trade-offs between risk and return. As well as enabling people to be current and to excel in key roles, performance support can both increase returns and reduce certain risks.
How many risk management professionals have been held to account for the CDOs that threatened to explode and bring down the international financial system? Were they looking the other way? Did they know and understand the risks that banks were running? Did their warnings not reach bank boards? Should they have persisted in ringing alarm bells and ensuring their messages got through?
Thirty years ago I was writing a report that was published as The New Professionals. It set out my views on how professionals and professional practices and bodies needed to change to remain relevant and deliver positive value as opposed to being a cost. Since then many of the changes I have observed have been about avoiding liability, accountability and responsibility.
The focus of some professionals is too often upon themselves and the needs of their firms rather than upon ethical and responsible conduct, their clients and wider society. Too many professionals have become a vested interest, advocating changes, approaches and practices that create more work for themselves and impose additional requirements and extra costs on others.
Thirty years ago, although I had enjoyed a stimulating visit to Xerox PARC, I had left my role at Rank Xerox. I felt the priority the company put on top-down policy deployment, immediate objectives, meeting plan and compliance would undermine its strategy to move into integrated office systems. It did not surprise me when Xerox subsequently outsourced its own systems.
Prevailing corporate practices can represent a significant risk. Xerox rested on its American Samurai laurels. It celebrated quality awards for heritage activities rather than create a business model, capabilities and new ways of operating that would make the visions of the Xerox PARC community a reality. Past achievements in a different situation are no guarantee of future success.
Top-down approaches can stifle creativity. The risk of unfulfilled potential and missed opportunities is especially high where there is inflexibility, limited challenge and a lack of freedom and diversity of thinking. Direction is about thinking as well as doing. Directors can play a key role in challenging traditional assumptions, conventional wisdom and prevailing practices.
Today’s directors are expected to exercise individual judgement and take a wider range of interests into account. They should also avoid self-interest, resist vested interests and focus on what is best for the companies on whose boards they serve. The last 30 years have taught me that one of the surest ways of building trust and reducing strategic risk is to encourage challenge and diversity of thinking and build an effective board of competent directors.
*Prof. Colin Coulson-Thomas has helped directors in over 40 countries to improve board and corporate performance. He leads the International Governance Initiative of the Order of St Lazarus, is Chancellor and Professorial Fellow at the School for the Creative Arts, Director-General, IOD India, UK and Europe, chair of the Risk and Audit Committee of United Learning and Honorary Professor at Aston University. Author of over 60 books and reports he has served on corporate boards and local and national UK public sector boards, and held professorial appointments in Europe, North and South America, Africa, the Middle East, India and China. Colin was educated at the London School of Economics, London Business School, UNISA and the Universities of Aston, Chicago and Southern California. He is a fellow of seven chartered bodies and obtained first place prizes in the final exams of three professions.
23 Feb 2017