About Me

My photo
Reputability LLP are thought leaders in the field of reputational risk and its root causes, behavioural risk and organisational risk. Our book 'Rethinking Reputational Risk' received excellent reviews: see www.rethinkingreputationalrisk.com We help business leaders to find these widespread but hidden risks that regularly cause reputational disasters. We also teach leaders and risk teams about these risks. Here are our thoughts, and the thoughts of our guest bloggers, on some recent stories which have captured our attention. We are always interested to know what you think too.

Wednesday, 30 April 2014

The Co-op: Don't Blame the Mutual Model

The unfolding Co-op debacle has encouraged some commentators to question the viability of the mutual model in the 21st century. The model may have its disadvantages but there are notable examples of highly successful mutuals in the financial and retail sectors where the Co-op operates.

 Sir Christopher Kelly's report published yesterday confirms the media views that the Co-op was brought to its knees by a long list of mishaps, including:
  • The merger with the Britannia Building Society in 2009.
  • Failure by the Bank after the merger to plan and manage capital adequately.
  • Fundamental weaknesses in the governance and management of risk.
  • Material capability gaps, leading to a serious mismatch between aspirations and ability to deliver.
  • Past mis-selling of payment protection insurance (PPI).
  • A flawed culture.
  • A system of governance which led to serious failures of oversight. 

But what are the root causes of these lamentable failures?

The root causes are the familiar 'underlying causes' – what we now call Behavioural and Organisational Risks - identified in 'Roads to Ruin', the Cass Business School report for Airmic and our own report 'Deconstructing failure - Insights for boards'.  They are depressingly familiar and include:
  • Lack of board skill  and experience
  • Lack of strategy where one was needed
  • Lack of board understanding of reputational risk
  • Board unaware of important information
  • Board risk blindness and groupthink
  • Unwillingness and inability of Non-Executive Directors to stand up to Executives 
  • Failed board leadership on ethos and culture 
  • Culture that delayed bad news and discouraged challenge 
  • Risks from poorly understood complexity
  • Failed change management
  • Risks from inappropriate incentives
Rather than blaming the mutual model, the challenge should be to the conventional wisdom of the Three Lines of Defence risk management approach, which was not questioned by Sir Christopher no doubt on the basis that if it is good enough for the Basel Committee on Banking Supervision, it is good enough for him.

Unfortunately, as we have previously explained, the Three Lines of Defence model is flawed.

As a process it is conceptually sound, and its name sounds reassuring - as did the name of the Maginot Line. But it assumes that risk management has the tools, and risk managers the authority, to capture and deal with behavioural and organisational risks.

This assumption is wrong, whether those risks are at or below board level.  Classical risk management does not have the tools systematically to find behavioural risks; and risk managers do not have the status to challenge their superiors from whom most of these risks ultimately emanate.

The problem is the old one. The board sits at the apex of a risk management structure, but who is able to manage risks that emanate from the board itself? Or as the Roman satirist Juvenal put it, “Who is guarding the guards?”

In a regulated environment, regulators are one of the few who can ensure that boards get an outside view on the risks they create.  It is reassuring to see two of the UK's most important business regulators taking up the challenge.
 
The Financial Reporting Council has tackled the issue. Its guidance, effectively directing boards to tackle behavioural and organisational risks, is expected to come into force on 1 October.  The Bank of England/PRA is not far behind.  This is nimble work for which the FRC and PRA should be congratulated.



Professor Derek Atkins
Anthony Fitzsimmons
Reputability LLP
London
www.reputability.co.uk

Wednesday, 16 April 2014

Imminent FRC Rulings on Behavioural and Organisational Risks

The banking crisis probably reflects the largest ever failure of risk management and internal control by boards, risk managers, internal auditors and regulators.  It was system-wide and its root causes remain largely outside risk management.

Risk management failed because of a major gap in the science of risk management, first identified in 2011, in 'Roads to Ruin' the Cass Business School report for Airmic.   Two of the four authors are partners in  Reputability.

The report identified and classified a series of previously unrecognised risks from individual and collective human behaviour at all levels of organisations, from the bottom to the very top including boards.  We now call these risks 'behavioural' and 'organisational' risks.

Our own report, 'Deconstructing failure - Insights for boards' subsequently extended the research into the role of boards in corporate failure.  The findings can be summarised in the bar chart below which shows the frequency with which we identified various root causes across 41 case studies.

Source: 'Deconstructing failure - Insights for boards'. © Reputability 2013

Last November, we reported that the Financial Reporting Council is tackling this dangerous but under-recognised family of risks head-on.  You can read the background here.

The FRC's timetable is now becoming clear.  As a result, it is now a priority for boards to gain a systematic understanding of behavioural and organisational risks.

As we explained last November the FRC has two regulatory actions in the pipeline.

The first is the ‘Draft Guidance on the Strategic Report’.  A revision to the Companies Act 2006 requires boards to disclose, in the Annual Report, their company's ‘Principal Risks’.  The FRC's draft guidance on how to do this states:

"Principal risks should be disclosed and described irrespective of how they are classified or whether they result from strategic decisions, operations, organisation or behaviour, or from external factors over which the board may have little or no direct control." (underlining added)
Many of the Principal Risks to a company have their origins in the way its people, at all levels, behave individually and in the context of the organisation in which they work, though these origins often remain unrecognised until it is too late.  Boards cannot fulfil this duty without an adequate understanding of behavioural and organisational risks.

This guidance, which seems set to be issued in September, is expected to apply to accounting periods beginning on or after 1 October 2014.

The second is the FRC’s ‘Draft Guidance on Risk Management, Internal Control and the Going Concern Basis of Accounting’. This revises the old so-called ‘Turnbull’ Guidance and implements the Sharman Report on the ‘going concern’ basis of accounting.

Laced with dozens of practical questions for boards to ask themselves about behavioural and organisational risks, the draft Guidance on Risk Management is designed to help boards oversee the practicalities of managing such risks below them and to recognise the issues that surround them.  Here too, boards cannot fulfil their duties without an adequate understanding of behavioural and organisational risks.

This guidance too seems set to be issued in September, and is expected to apply to accounting periods beginning on or after 1 October 2014.

So what needs to be done?  The first requirement is for boards to gain adequate knowledge to understand and supervise these newly recognised risks.  The shape of the solution comes from the Corporate Governance Code, which requires boards regularly to ‘update and refresh their skills and knowledge’.   

The first step is therefore for Chairmen and Company Secretaries to commission tailored board education about behavioural and organisational risks and their relationship with reputational damage.  Everything else flows from that.

Anthony Fitzsimmons
Reputability LLP
London



Tuesday, 8 April 2014

PR - How not to improve your Reputation!

The success of the PR industry has recently been measured, and some surprising findings have emerged.

YouGov, who carried out the research found that the PR industry in the UK is forecast to be worth £9.62 billion, that's 28% more than in 2011, when the research was last carried out. There are now 62,000 employees in the industry.

YouGov also reported that 'Overall, PR professionals are confident of continuing growth in revenue and headcount'.

It is all the more surprising, perhaps, to note that the incidence and scale of corporate crises has continued undiminished over this PR golden age. Could it be that there is little correlation between an increased spend on communications and a reduction in business catastrophes? Could it be that the money that is being pumped into Public Relations is a waste of time and resources? Is it that professional communicators cannot prevent crises? Perhaps they miss the warning signs altogether? Or are they aware of the behavioural and organisational complexities which underpin crises, but are powerless to influence them?

Reputability's research, 'Deconstructing failure - Insights for boards', demonstrates how often the root cause of most reputation-damaging activity stems from the organisation's board and, to date, few PR professionals are represented here. Equally worrying is the fact that most Risk Managers are also too junior to have board positions. The combined absence of these two key functions contributes to the information 'glass ceiling' where boards simply miss out on knowing what is actually happening on a day to day basis in their companies.

My own view about the growth and buoyancy of Public Relations is that the greatest impact made in recent times has been as a large contributor to the excellent marketing seen in most organisations today. But even this can be seen as a double-edged sword. In fact, the very success of PR and marketing can raise customer expectations to such a level that when the delivery of the product or service proves to be distinctly underwhelming there is a consequent rise in customer complaints and a massive dent in corporate reputation.

PR can never be a substitute for sound policy-making and good governance. Those companies which seek to exclude communications professionals from decision-making, and view the PR function merely as a convenient mechanism for glossing the corporate reputation are likely to receive a very rude awakening.

Jane Howard FCIPR
Reputability LLP
London
www.reputability.co.uk