About Me

My photo
Reputability LLP are pioneers and leaders globally in the field of reputational risk and its root causes, behavioural risk and organisational risk. We help business leaders to find these widespread but hidden risks that regularly cause reputational disasters. We also teach leaders and risk teams about these risks. Here are our thoughts, and the thoughts of our guest bloggers, on some recent stories which have captured our attention. We are always interested to know what you think too.

Sunday, 29 September 2013

Civil service competence revisited

Two years ago, I asked whether the Civil Service's top mandarins are competent.  I discussed two pieces of evidence suggesting that they have a reputation for incompetence among those who deal most closely with them. A third suggested that this reputation is deserved.

Two recent books have brought the subject back into focus. Both consider the role of politicians as well as mandarins.  Both are on my reading list on the strength of the experience of the authors and the reviews.  Here is a taster based on the reviews.  I'll write again when I've read the books. 

The first book is 'Conundrum: Why Every Government Gets Things Wrong and What We Can Do About it" by Richard Bacon MP and Christopher Hope.  It's a good team:  Bacon is the longest serving member of the Public Accounts Committee and Hope is senior political correspondent at the Daily Telegraph.

The Telegraph's reviewer,
"Conundrum pitches itself as an examination of the failures of government, but it is primarily about the failures of government procurement....One of the most interesting areas they cover is the relationship between civil servants and the politicians who, nominally, oversee them. In my experience, the majority of career civil servants regard politicians as meddling dilettantes, while politicians regard most civil servants as obstructive bureaucrats. It’s pleasing to find Hope and Bacon confirming that view"
The second book is 'The Blunders of our Governments' by Anthony King and Ivor Crewe.  The authors are eminent professorial political scientists of an age to have allowed each of them many decades observing the machinery of government.

According to the The Financial Times review by Philip Stephens, the book shatters the delusion of UK public administrators that British government is of 'Rolls Royce' quality.  Rather, through a "sometimes grimly entertaining" catalogue of public policy disasters over the past several decades, the authors show that Britain's public administration is characterised by "predictable and predicted blunders".

Not content with that, the authors explain that blunders are not the same as mistakes. "Mistakes count as blunders when they are stupid and careless – driven by some combination of hubris, laziness, wilful ignorance or sheer incompetence."

Both books appear to assert not only the incompetence of senior civil servants but also of the their political masters of all colours and persuasions.  It is no consolation that private sector failures display similar weaknesses, as was demonstrated by 'Roads to Ruin', the Cass Business School report for Airmic.

Is it too much to expect that the Civil Servants' leaders address weaknesses such as these?  Sadly, yes.   Cognitive biases make it hard for us all to see our own shortcomings, and civil servants and politicians are as human as you and I.  Overcoming this weaknesses requires a new attitude.

Until mandarins appreciate that they 'may' - the above authors would say 'do' - lie at the root cause of unacceptable behavioural and organisational risks, they will not allow investigation of their own weaknesses.  The signs are that mandarins are still in denial.  And it is far too dangerous for their subordinates to enlighten them of their weaknesses.  That is why suggestions that the Treasury's Orange Book on risk management needs revision to include behavoural and organisational risks have been ignored.

Once they have achieved acceptance that they may be part of the problem, mandarins will need a new tool.  In 'Deconstructing failure - Insights for boards', a report by Reputablity, we proposed a new tool to deal with the parallel weakness in company boards: the Board Vulnerability Evaluation.  Adapted to the Civil Service departmental leadership teams, this would help civil service leaders and their political masters to:
  • identify sources of risk within and outside the leadership that may impair leadership effectiveness, including risks from inadequate information flows to and from the leadership;
  • analyse the potential consequences of these risks and weaknesses individually, in combination and in combination with other risks;
  • prioritise action to mitigate these risks;
  • set risk appetite, and
  • gain insights as to the extent to which behavioural and organisational risks elsewhere in the organisation need investigation.
It is too often an unnecessary tragedy when a government project fails and the cost falls on the public purse.  But it will only be when influential insiders come to recognise the nature and scale of the problem, and their central role in it, that these apparently widespread weaknesses will be addressed.

Anthony Fitzsimmons
Reputability LLP
London
www.reputability.co.uk


Wednesday, 11 September 2013

'Three lines of defence': A dangerous delusion



A 'Three lines of Defence' risk management model sounds reassuring, but it contains a flaw.

The model was implicitly endorsed by the UK's now defunct Financial Services Authority in 2003 and is still characterised as “sound operational risk governance” by the Basel Committee on Banking Supervision, failed to prevent the recent financial sector crisis.

‘Three lines of defence’, ubiquitous in financial services and widespread elsewhere, actually has four layers.  Line managers deal with risks as they take them.  Centralised teams monitor and report on risk to the CEO’s team and to the board.  Internal and external auditors should bring an independent view.  And the whole is overseen by non-executive directors, typically the Audit or Risk Committee.

The Parliamentary Commission on Banking Standards recently criticised the model, for promoting a ‘wholly misplaced sense of security’, blurring responsibility, diluting accountability and leaving risk, compliance and internal audit staff with insufficient status to do their job properly.  They thought much of the system had become a box-ticking exercise.

The Commission has correctly identified a failure in implementation of the model, but the model has a deeper, more dangerous flaw because it takes no account of the evidence on the real root causes of failures.  

Most major institutional disasters lead to an inquiry. But as Anthony Hilton, the City commentator sagely remarked:-

“Inquiries are rarely the answer because it is in the nature of inquiries to stop just at the point when they get interesting; in other words they stop when they have found someone to blame. Not for nothing did the late management guru Peter Drucker say that too often the first rule in any corporate disaster was to find a scapegoat. So inquiries focus on the processes within an organisation until they find some hapless individual or group who departed from the manual.”

We have been deeply involved in two recent studies of the root causes of major crises and failures.  We were two of the four authors of ‘Roads to Ruin’, the Cass Business School report for Airmic.   More recently, we doubled the scale of the study, publishing our conclusions as Reputability’s report ‘Deconstructing failure – Insights for boards’.  Taken together these seminal reports dig to the root causes of over 40 major crises and failures, spread across the financial and non-financial sectors and involving companies with collective pre-crisis assets beyond the GDP of the USA.  The reports bring a new, and fundamentally different, insight into why large, respected companies fail.  The patterns of failure revealed show that the ‘three lines of defence’ model failed because of a fundamental gap in risk management.

Our breakthrough is the recognition that the root causes of almost all the crises and failures we studied emerge from normal human behaviour and the way in which humans are organised and led within firms.  We call these previously unrecognised risk areas ‘Behavioural’ and ‘Organisational’ risks, collectively ‘People’ risks. 

People risks lie at the root of all the failures studied for ‘Deconstructing failure’ both in the financial sector and outside it.  But ‘three lines of defence’ provides no defence against people risks in general, still less against people risks within or emanating from the board, because risk management systems don’t go there.  Risk management hasn’t yet evolved systematically to take in people risks, so few risk professionals understand them; and the most important risks are also too hot to handle because they emanate from boards. 

With these insights it is no surprise that the doctrine failed to prevent the last banking crisis.  Nor will it prevent the next one – or crises in other sectors.

These gaps have to be filled if boards and regulators are to be able to sleep at night.  Two developments are required. The first is to develop a cadre of risk professionals with skills in people risks, the main drivers of reputational damage and corporate collapse.

But that will not deal with the issue of vulnerabilities in or emanating from boards that regularly bring organisations to their knees.  For that, a second development is essential.  Boards need new tools that will both assess risks in and caused by the board; and help boards to overcome the cognitive biases that make it hard for all of us to see ourselves as others can.

In ‘Deconstructing failure’ we recommend a new tool to meet this need.  We call it the ‘Board Vulnerability Evaluation’ (and we have now done the work to develop it).  The tool is designed to help chairmen and their Boards to:-

  • Systematically understand and identify potential sources of corporate vulnerability within and outside the board, including people risks and risks from inadequate information flows to and from the board;
  • analyse the potential consequences of these risks and weaknesses individually, in combination and in combination with other risks;
  • prioritise and galvanise action where needed to mitigate these risks;
  • set risk appetite, and
  • gain insights as to the extent to which people risks elsewhere in the organisation need investigation.

It is a tragedy when a respected company fails and the cost can be catastrophic.  Board Vulnerability Evaluation will give Boards the opportunity to find, prioritise and where appropriate deal with these unrecognised but potentially devastating risks before they cause serious harm.  

Professor Derek Atkins
Anthony Fitzsimmons
Reputability LLP
London