About Me

This blog carries a series of posts and articles, mostly written by Anthony Fitzsimmons under the aegis of Reputability LLP, a business that is no longer trading as such. Anthony is a thought leader in reputational risk and its root causes, behavioural, organisational and leadership risk. His book 'Rethinking Reputational Risk' was widely acclaimed. Led by Anthony, Reputability helped business leaders to find, understand and deal with these widespread but hidden risks that regularly cause reputational disasters. You can contact Anthony via anthony.fitzsimmons At cranfield dot ac dot uk

Monday, 16 December 2013

Speaking truth to power

Some parts of Government are in 'desperate failure' and across the whole of Whitehall there is 'an inability to learn the lessons of failure and speak openly and truthfully to each other'. That is what Bernard Jenkin, Chair of the Public Administration Select Committee in the UK’s House of Commons, believes according to a report by the journal Civil Service World (CSW).

For an example of what he means, we need look no further than the Department of Work and Pensions’ (DWP’s) flagship Universal Credit Scheme. Only last week, Secretary of State Ian Duncan-Smith was forced to defend implementation delays and admit that upwards of £40m has been lost on an abandoned IT system which was simply not fit for purpose.

The story didn’t begin there.  In September the National Audit Office (NAO) highlighted delivery problems on Universal Credit citing a 'fortress mentality' and 'a culture of good news reporting that limited open discussion of risks and stifled challenge'.

Dame Anne Begg, Chair of the Commons Work and Pensions Committee, has criticised the DWP for 'an inability of ministers to admit there was anything going wrong in the Department'. Asked by CSW whether it is possible for DWP civil servants 'to speak truth to power' she said 'I think it's difficult, and the attitude is set from the top'.

If true, such attitudes have very worrying implications for sound decision making and good governance. Adding to the concerns is a recent survey from CSW and the marketing firm Claremont which found that 'just 9% of civil servants surveyed believe that ministers and senior managers openly encourage challenge, debate and reporting of operational problems'.

A recent study from Reputability, 'Deconstructing Failure: Insights for Boards' determined that amongst the key root causes of corporate crises were risk blindness exhibited by those at the top and defective information flows throughout the organisation.

If difficult news is seen as unwelcome by managers, it is easy to understand how individuals might withhold particular unwelcome data or disguise unpalatable truths so as not to be seen to be rocking the boat. Unfortunately, the consequences of misreporting or being economical with the truth can have devastating results for the organisation and its corporate reputation.

Examples from the business world abound, but the debacle surrounding the delays to the EADS Airbus A380 and the Toyota 'accelerator surge' recall in the USA are particularly telling examples of delayed or inadequate reporting of problems which had severe adverse consequences. In both instances the financial cost of insiders holding back critical information from leaders ran to billions, bringing with them immense loss of reputational capital.

Regular readers will also recall what we have written about the effects of killing the bearers of unwelcome news and the importance of a culture of openness.

Fortunately there are signs that not all in Government are blind to these dangers. Speaking recently at the annual Civil Service Awards ceremony the Prime Minister encouraged his audience 'to talk truth to power and tell it like it is'. He added, 'That is really important. Don't stop doing it.'

Let's hope that his colleagues were listening.

Rob Haslam
Reputability LLP

Wednesday, 4 December 2013

Note to Board: Reputation is down to you

Thinking back over discussions with FTSE Chairmen about optimum board structures for effective governance, I was struck by how often the subject of “corporate reputation” recurs. 

This is not surprising.  Studies show that the bigger the organisation, the more value is contributed by reputation.  In the FTSE100, corporate reputations are contributing on average, 32 per cent of companies’ market cap. By comparison, reputations add an average 14 per cent of value to FTSE250 companies.  

Whatever the precise figure, few doubt that reputation is a significant business asset even though it doesn't appear in the balance sheet.  It is interesting therefore, to ask why more businesses do not organise themselves at board level specifically to protect and enhance their reputation.  A few have a “reputation” committee alongside those of “audit”, “remuneration” and perhaps “risk” but most do not.  Those that do often seem to see managing reputational risk as a PR issue.

Perhaps boards believe that they have an innate ability to manage this most valuable asset.  Maybe they think that reputation management is covered by existing processes.   They shouldn’t.  The 2011 report from a high level workshop, 'Policy and Governance for Risks to Reputation',  led by Airmic and Reputability concluded that boards should take ‘deliberate responsibility’ for risks to reputational capital, highlighting that standard risk management wouldn’t systematically find the risks that cause reputational damage.

Recent research shows that nearly half - 48 per cent - of in-house communications directors do not think that their boards take responsibility for the organisations’ reputation.  If the ethics and tone, the aspirations and the heritage of an organisation are not set and proactively managed by the board, who has the authority to lead on them?

It’s not only communication professionals who see this lack of credible leadership.  Results from the Edelman Trust Barometer show that public trust in what CEOs say has never been lower.  When asked: “If you heard information about a company from one of these people, how credible would that information be?” the number citing a CEO as reliable rose to 40% in 2013, having only been higher once in the last 5 years.  It is no consolation that government officials and regulators were even less trusted.

In our transparent, internet-accelerated world, reputation and risks to it need to be taken out of the traditional silos of risk, Human Resources, Public Relations and Investor Relations.  It is time for boards to take responsibility for reputation, that most valuable yet vulnerable of assets.  It's too precious to be delegated.

Jane Howard
Reputability LLP

Saturday, 9 November 2013

Cover-up at Colchester

Targets create incentives to behave in ways that will achieve a particular result.  Sometimes the incentives are hidden - such as when staff fear to report bad news.

The latest example, explained in more detail in the Guardian, is that National Health Service managers at Colchester hospital  now "fear that at least 6,000 patients may have had their records falsified to meet treatment targets".

We humans are versatile. Face with a target, we can see many paths to the appearance of success. We can embrace the principles behind the target-setter’s good intention; or we can cover up poor performance or cheat. Culture also plays an important role in how we behave. 

It’s not as simple as a matter of how targets are designed and enforced. Human characteristics include behaviours such as creativity, guile and dishonesty. That is why targets, and the incentives they create, should also be seen - and managed - as risks. This creates a vital independent feedback loop that can deal with the risk of self-delusion by leaders and managers.

Risks from unintended or poorly designed incentives regularly bring big organisations to their knees. If you need evidence, read the case studies in ‘Roads to Ruin’, the Cass Business school report for Airmic. Subsequent research, ‘Deconstructing failure – Insights for boards’ found that 40% of the 40 major crises dissected had incentives emanating from board level  as one of their root causes.

It may be that the targets saved lives overall.  But if it did so at the cost of developing a culture of lying and covering-up at the hospital, that is dangerous.  The studies in 'Roads to Ruin' show how easily a small lie turns into a huge one, with disastrous consequences.  Patient safety depends on an open learning culture.  That only works if the truth is welcomed however unpleaseant.

Mike Bell
Reputability LLP

Wednesday, 16 October 2013

Values in the City

Bankers were painted in varying shades of amorality and incompetence after the banking crisis.  The City Values Forum has spent two years trying to re-set and restore standards of integrity among London bankers.

The Forum's conference, on 15 October, publicised their progress. They have plenty to say on what integrity might look like.  With help from the City HR Association, they have produced a 'Gold Standard' for 'Performance linked to values'.

But they have ducked two important issues, raised by Anthony Hilton. The first has to do with implementation.  How do you ensure that the desired values are lived consistently from top to bottom of the organisation?

Andrew Hill in the FT has highlighted the importance of behavioural change programmes, but a vital part of the answer is leadership: as John Griffith-Jones of the FCA commented, "If [tone] comes from  halfway down… it just doesn’t have the same impact”.  It is even worse if the leaders set the tone but don't live by it - what Philippa Foster Back pithily calls the "say-do" gap.  Who has the means or authority to bring top leaders back into line - assuming that their double standards are recognised for what they are?

The second problem has to do with bonuses, a complex and poorly understood subject.  It is easy to announce that incentives will reflect not only success but also how success was achieved. But there is an important information asymmetry.  It is hard for leaders reliably to know how success was actually achieved - whereas it is easy for peers to know the truth.  Thus a high achiever, known by his peers to be cutting corners, may be rewarded by leaders who think he is 'doing the right thing'.  The effect will be as corrosive as leaders' double standards.

This highlights a broader problem of implementation missed by the Forum.  All organisations run on people power, and it is the behaviour of people, collectively and individually, that typically makes and breaks organisations.  However, few if any organisations systematically capture, let alone manage, people risks whether from the leadership or elsewhere.  This is a clearly identified hole in risk management systems.  As Anthony Hilton put it, "The ... issue for boards having set a culture is how to know with confidence that its values really are being lived throughout the organisation. What does success look like and how do they measure it?"

The City Values Forum's latest proposals are blind to this fundamental problem of implementation even though it was drawn to their attention two years ago.  That is a missed opportunity.

Anthony Fitzsimmons

Anthony Fitzsimmons is Chairman of Reputability LLP and, with the late Derek Atkins, author of “Rethinking Reputational Risk: How to Manage the Risks that can Ruin Your Business, Your Reputation and You

Thursday, 3 October 2013

Bonuses and Beyond

Are bonuses damaging economic growth?  Anthony Hilton suggests they are.  We think this is part of a much larger, and pernicious, problem.

We have been pioneers in showing how unintended incentives can destroy companies.  In 'Deconstructing failure - Insights for boards' we went on to discover that it was a root cause of failure in 40% of cases, 60% in the financial sector.

But Anthony Hilton's latest column discusses how bonuses can distort national and corporate growth and probably will.   The piece is based on based on Andrew Smithers' latest book "The Road to Recovery: How and Why Economic Policy Must Change".  If you haven't heard of Smithers, he is one of the rare economists who "can reasonably claim to have predicted the financial crisis in its full gruesome detail long before it happened".

The central point is that the design of most bonus schemes has two effects on the C-team's behaviour.

  • First, sacrificing greater long-term growth by not investing now produces bigger and more certain bonuses in the short term.  So that is what too many C-Suite teams do.  
  • Second, if you have a cash pile, the most reliable way to a bigger bonus short-term is buying back shares in an attempt to increase earnings per share - though it doesn't always work.

This behaviour makes sense to CEOs who understand about discounting cash flows on large future bonuses - and the grim statistic that the average CEO tenure is usually below 4 years.    It is the obvious route to the probability of larger bonuses under many bonus schemes.

But don't blame the C Suite.  They are only human and are behaving just as all humans can be expected to behave.  The risk that they will respond to bonuses in this way is a ubiquitous, if largely unrecognised, board vulnerability.

So who is to blame?  The answer lies between Remuneration Committees, who set the bonuses, the professional remuneration advisers who advise Remuneration Committees and Institutional Investors who fail to challenge Remuneration Committees that set flawed incentives.  (I have left Chief Risk Officers and Risk Directors off the list because whilst they might have the know-how to see the risk, their hierarchical status below the C-suite makes it impossible to raise the subject without putting their careers in jeopardy.)

The largest part of the blame, however, probably attaches to remuneration consultants.  How many have taken the time to explain to Remuneration Committees how short term bonus schemes risk generating short termism in the C-Suite?  And which remuneration consultant has explained how larger bonuses actually seem to work.  As Dan Ariely has discovered, bigger bonuses seem to produce worse performance, not better, when it comes to mentally demanding work (as opposed to mechanical or manual tasks).

This is part of a bigger problem, the hole in the "three lines of defence" approach to risk control.  The name has a reassuring ring about, but the concept isn't designed systematically to find, let alone deal with, risks related to how humans actually behave.  Nor is it a remotely suitable concept to deal with board-level vulnerabilities.  No-one below board level can deal with them.

Anthony Fitzsimmons

Reputability LLP

Anthony Fitzsimmons is Chairman of Reputability LLP and, with the late Derek Atkins, author of “Rethinking Reputational Risk: How to Manage the Risks that can Ruin Your Business, Your Reputation and You


Sunday, 29 September 2013

Civil service competence revisited

Two years ago, I asked whether the Civil Service's top mandarins are competent.  I discussed two pieces of evidence suggesting that they have a reputation for incompetence among those who deal most closely with them. A third suggested that this reputation is deserved.

Two recent books have brought the subject back into focus. Both consider the role of politicians as well as mandarins.  Both are on my reading list on the strength of the experience of the authors and the reviews.  Here is a taster based on the reviews.  I'll write again when I've read the books. 

The first book is 'Conundrum: Why Every Government Gets Things Wrong and What We Can Do About it" by Richard Bacon MP and Christopher Hope.  It's a good team:  Bacon is the longest serving member of the Public Accounts Committee and Hope is senior political correspondent at the Daily Telegraph.

The Telegraph's reviewer,
"Conundrum pitches itself as an examination of the failures of government, but it is primarily about the failures of government procurement....One of the most interesting areas they cover is the relationship between civil servants and the politicians who, nominally, oversee them. In my experience, the majority of career civil servants regard politicians as meddling dilettantes, while politicians regard most civil servants as obstructive bureaucrats. It’s pleasing to find Hope and Bacon confirming that view"
The second book is 'The Blunders of our Governments' by Anthony King and Ivor Crewe.  The authors are eminent professorial political scientists of an age to have allowed each of them many decades observing the machinery of government.

According to the The Financial Times review by Philip Stephens, the book shatters the delusion of UK public administrators that British government is of 'Rolls Royce' quality.  Rather, through a "sometimes grimly entertaining" catalogue of public policy disasters over the past several decades, the authors show that Britain's public administration is characterised by "predictable and predicted blunders".

Not content with that, the authors explain that blunders are not the same as mistakes. "Mistakes count as blunders when they are stupid and careless – driven by some combination of hubris, laziness, wilful ignorance or sheer incompetence."

Both books appear to assert not only the incompetence of senior civil servants but also of the their political masters of all colours and persuasions.  It is no consolation that private sector failures display similar weaknesses, as was demonstrated by 'Roads to Ruin', the Cass Business School report for Airmic.

Is it too much to expect that the Civil Servants' leaders address weaknesses such as these?  Sadly, yes.   Cognitive biases make it hard for us all to see our own shortcomings, and civil servants and politicians are as human as you and I.  Overcoming this weaknesses requires a new attitude.

Until mandarins appreciate that they 'may' - the above authors would say 'do' - lie at the root cause of unacceptable behavioural and organisational risks, they will not allow investigation of their own weaknesses.  The signs are that mandarins are still in denial.  And it is far too dangerous for their subordinates to enlighten them of their weaknesses.  That is why suggestions that the Treasury's Orange Book on risk management needs revision to include behavoural and organisational risks have been ignored.

Once they have achieved acceptance that they may be part of the problem, mandarins will need a new tool.  In 'Deconstructing failure - Insights for boards', a report by Reputablity, we proposed a new tool to deal with the parallel weakness in company boards: the Board Vulnerability Evaluation.  Adapted to the Civil Service departmental leadership teams, this would help civil service leaders and their political masters to:
  • identify sources of risk within and outside the leadership that may impair leadership effectiveness, including risks from inadequate information flows to and from the leadership;
  • analyse the potential consequences of these risks and weaknesses individually, in combination and in combination with other risks;
  • prioritise action to mitigate these risks;
  • set risk appetite, and
  • gain insights as to the extent to which behavioural and organisational risks elsewhere in the organisation need investigation.
It is too often an unnecessary tragedy when a government project fails and the cost falls on the public purse.  But it will only be when influential insiders come to recognise the nature and scale of the problem, and their central role in it, that these apparently widespread weaknesses will be addressed.

Anthony Fitzsimmons
Reputability LLP

Anthony Fitzsimmons is Chairman of Reputability LLP and, with the late Derek Atkins, author of “Rethinking Reputational Risk: How to Manage the Risks that can Ruin Your Business, Your Reputation and You

Wednesday, 11 September 2013

'Three lines of defence': A dangerous delusion

A 'Three lines of Defence' risk management model sounds reassuring, but it contains a flaw.

The model was implicitly endorsed by the UK's now defunct Financial Services Authority in 2003 and is still characterised as “sound operational risk governance” by the Basel Committee on Banking Supervision, failed to prevent the recent financial sector crisis.

‘Three lines of defence’, ubiquitous in financial services and widespread elsewhere, actually has four layers.  Line managers deal with risks as they take them.  Centralised teams monitor and report on risk to the CEO’s team and to the board.  Internal and external auditors should bring an independent view.  And the whole is overseen by non-executive directors, typically the Audit or Risk Committee.

The Parliamentary Commission on Banking Standards recently criticised the model, for promoting a ‘wholly misplaced sense of security’, blurring responsibility, diluting accountability and leaving risk, compliance and internal audit staff with insufficient status to do their job properly.  They thought much of the system had become a box-ticking exercise.

The Commission has correctly identified a failure in implementation of the model, but the model has a deeper, more dangerous flaw because it takes no account of the evidence on the real root causes of failures.  

Most major institutional disasters lead to an inquiry. But as Anthony Hilton, the City commentator sagely remarked:-

“Inquiries are rarely the answer because it is in the nature of inquiries to stop just at the point when they get interesting; in other words they stop when they have found someone to blame. Not for nothing did the late management guru Peter Drucker say that too often the first rule in any corporate disaster was to find a scapegoat. So inquiries focus on the processes within an organisation until they find some hapless individual or group who departed from the manual.”

We have been deeply involved in two recent studies of the root causes of major crises and failures.  We were two of the four authors of ‘Roads to Ruin’, the Cass Business School report for Airmic.   More recently, we doubled the scale of the study, publishing our conclusions as Reputability’s report ‘Deconstructing failure – Insights for boards’.  Taken together these seminal reports dig to the root causes of over 40 major crises and failures, spread across the financial and non-financial sectors and involving companies with collective pre-crisis assets beyond the GDP of the USA.  The reports bring a new, and fundamentally different, insight into why large, respected companies fail.  The patterns of failure revealed show that the ‘three lines of defence’ model failed because of a fundamental gap in risk management.

Our breakthrough is the recognition that the root causes of almost all the crises and failures we studied emerge from normal human behaviour and the way in which humans are organised and led within firms.  We call these previously unrecognised risk areas ‘Behavioural’ and ‘Organisational’ risks, collectively ‘People’ risks. (Since we wrote this article Andrew Bailey, then Chief Executive of the Bank of England's Prudential Regulation Authority, put this robustly in his speech on 9 May 2016.)

People risks lie at the root of all the failures studied for ‘Deconstructing failure’ both in the financial sector and outside it.  But ‘three lines of defence’ provides no defence against people risks in general, still less against people risks within or emanating from the board, because risk management systems don’t go there.  Risk management hasn’t yet evolved systematically to take in people risks, so few risk professionals understand them; and the most important risks are also too hot to handle because they emanate from boards. 

With these insights it is no surprise that the doctrine failed to prevent the last banking crisis.  Nor will it prevent the next one – or crises in other sectors.

These gaps have to be filled if boards and regulators are to be able to sleep at night.  Two developments are required. The first is to develop a cadre of risk professionals with skills in people risks, the main drivers of reputational damage and corporate collapse.

But that will not deal with the issue of vulnerabilities in or emanating from boards that regularly bring organisations to their knees.  For that, a second development is essential.  Boards need new tools that will both assess risks in and caused by the board; and help boards to overcome the cognitive biases that make it hard for all of us to see ourselves as others can.

In ‘Deconstructing failure’ we recommend a new tool to meet this need.  We call it the ‘Board Vulnerability Evaluation’ (and we have now done the work to develop it).  The tool is designed to help chairmen and their Boards to:-

  • Systematically understand and identify potential sources of corporate vulnerability within and outside the board, including people risks and risks from inadequate information flows to and from the board;
  • analyse the potential consequences of these risks and weaknesses individually, in combination and in combination with other risks;
  • prioritise and galvanise action where needed to mitigate these risks;
  • set risk appetite, and
  • gain insights as to the extent to which people risks elsewhere in the organisation need investigation.

It is a tragedy when a respected company fails and the cost can be catastrophic.  Board Vulnerability Evaluation will give Boards the opportunity to find, prioritise and where appropriate deal with these unrecognised but potentially devastating risks before they cause serious harm.  

Professor Derek Atkins
Anthony Fitzsimmons
Reputability LLP

Anthony Fitzsimmons is Chairman of Reputability LLP and, with the late Derek Atkins, author of “Rethinking Reputational Risk: How to Manage the Risks that can Ruin Your Business, Your Reputation and You

Friday, 2 August 2013

The Care Quality Commission takes a step in the right direction

My despair at reading that the CQC had spent hundreds of thousands of pounds on new spin doctors struck a chord, to judge from the response that my earlier blog on NHS safety culture produced.

However, I’m pleased to report that the CQC has taken a bold step in the right direction, in carrying out and now publishing a highly critical review of their organisation, 'Exploring bullying and harassment at the CQC’

"Exploring bullying and harassment at the CQC"

The review highlights allegations of a culture of bullying and harassment under the previous leadership.  Publishing the results and addressing the issue head-on is the right way to deal with it.

The failings are all too familiar to us both from our work and as summarised in our latest report ‘Deconstructing failure – Insights for boards’.  The report appears to highlight three major problem areas at the CQC: 
  • A failure of leadership to create the right ethos and culture
  • A dominant leader not welcoming challenge
  • Risks arising from incentives/targets set by leaders - in this case with the added fear of penalties for failure

All three are among the top seven risk areas identified in ‘Deconstructing failure’. 

Since the review did not pretend to make a root cause analysis of the problems at the CQC, it does not comment on other fundamental risks that may have been at work at the CQC, such as an ineffective board, a board lacking key skills, poor information flows to the board, organisational complexity and board blindness to key risks to their licence to operate.

Finding a solution

From my experience as a regulatory chief executive, a particularly interesting aspect is the collected views of staff on "What would it be like to work here, if things changed for the better."  It is our experience that when things are not right, insiders still know what “good” would look like – if only someone is prepared to listen to them.

This list of staff aspirations will help the new management team in the cultural change programme that should be the next step. It will not be easy, or quick, but given time and sound leadership, such a programme should ensure dramatic improvement in the work of this much criticised regulator.  Politicians must allow management enough time to bring about the necessary changes.

A better future?

I look forward to a future when the CQC is admired and respected by all its stakeholders, and the NHS has learned that the best way to achieve high standards is to regulate their own organisation to observe the highest standards, and invite the regulator to approve what they have done. This has been the guiding principle for the aviation industry, and has been adopted all around the globe with the result that the flight safety system is not an issue of public concern. Let's hope the CQC and the NHS will learn from best practice wherever it is found.

Mike Bell
Reputability LLP