Roads to Ruin: major corporate failures beyond the scope of risk management
Saturday, 3 December, 2011 1 Comment
I confess that I haven’t read the full report (it runs to 200 pages) but, between the report itself (link below) and the CII summary document, the message sounds eerily familiar to the voices that have been going round in my head for the last few years!!! Don’t be afraid I am not a threat!
Much of what the voices were telling me resulted from extensive research into the nature of complex systems that was prompted by the “genius” of Dr Jacek Marczyk (Founder & CTO at Ontonix). Much of what I have learnt and sought to bring to the attention of those engaged with mitigating and managing risk in insurance (and wider Financial Services) has, unsurprisingly, found its way into the pages of this very blog, numerous Linkedin Group and “real world” discussions.
Whilst my “journey” has been intellectually rewarding the same cannot be said in financial terms!
My experience is such that I don’t expect that there will be rapid and sweeping change as a result of this report. Although, bearing in mind the nature of the risk management “weaknesses” and given what we know about the societal cost of major Corporate failure, it would be perfectly reasonable to ask: why not?
It isn’t as if there haven’t been warnings. This is an extract from a report into systemic risk, prepared during 2006:
Two particularly illuminating questions about priorities in risk management emerge from the report. First, how much money is spent on studying systemic risk as compared with that spent on conventional risk management in individual firms? Second, how expensive is a systemic-risk event to a national or global economy (examples being the stock market crash of 1987, or the turmoil of 1998 associated with the Russian loan default, and the subsequent collapse of the hedge fund Long-Term Capital Management)? The answer to the first question is “comparatively very little”; to the second, “hugely expensive”.
More recently and dealing specifically with the world of insurance, I came across this extract – that I am assured comes from a recent report (a copy of which I haven’t yet obtained):
“Recent experience in the Americas has shown that the hidden indirect costs of ignored or unforeseen risks are between five and ten times higher than claims payments which implies an inability to see, anticipate and measure the scope of risk interdependence in complex business environments by clients, brokers and underwriters alike.”
Anyway, the MAIN EVENT is this report: ROADS TO RUIN. The following extract gives a flavour of what you can expect:
A Re-examination of risk management?
Traditional risk management, it seems, is powerless to control many of the potential risks inherent in board-level behaviour. Such risks, indeed, are barely even recognised within traditional risk management frameworks…
…weaknesses were found to arise from seven key risk areas that are potentially inherent in all organisations and that can pose an existential threat to any firm, however substantial, that fails to recognise and manage them. These risk areas are beyond the scope of insurance and mainly beyond the reach of traditional risk analysis and management techniques as they have evolved so far. In our view, they should be drawn into the risk management process. They are as follows:
A. Board skill and NED control risks – limitations on board competence and the ability of the Non-Executive Directors (NEDs) effectively to monitor and, if necessary, control the executives.
B. Board risk blindness – the failure of boards to engage with important risks, including risks to reputation and ‘licence to operate’, to the same degree that they engage with reward and opportunity.
C. Poor leadership on ethos and culture
D. Defective communication – risks arising from the defective flow of important information within the organisation, including to board-equivalent levels.
E. Risks arising from excessive complexity.
F. Risks arising from inappropriate incentives – whether explicit or implicit.
G. Risk ‘Glass Ceilings’ – arising from the inability of risk management and internal audit teams to report on risks originating from higher levels of their organisation’s hierarchy.
We conclude that a number of developments are necessary to deal with these risks.
The scope, purpose and practicalities of risk • management will need to be rethought from board level downwards in order to capture these and other risks that are not identified by current techniques.
The education of risk professionals will need to be • extended so that they feel competent to identify and analyse risks emerging from their organisation’s ethos, culture and strategy, and from their leaders’ activities and behaviour.
The role and status of risk professionals will need to • change so that they can confidently report all that they find on these subjects to board level.
However, these risks will remain unmanaged unless boards – and particularly Chairmen and NEDs – recognise the need to deal with them. Boards will also need risk professionals with enhanced vision and enhanced competencies to help them do so.
We have already seen that, where risk management, legislation and regulation aren’t embedded within the DNA of an enterprise as much effort will be put in to circumventing as will be to complying! Eradicating the prevailing culture is THE single biggest hurdle. Because it would be akin to turkeys voting for Christmas!
C-level Exec’s aren’t easily persuaded by “criticism” (and contrarians are an endangered species!) but present them with a robust financial case and you stand a chance…but the clock is ticking and, whilst triggers for collapse are as diverse as are the organisations and sectors, there is a “clear and present danger”. To say that the way forward presents a major challenge – for an industry already (in the eyes of many) “in the dock” for the chain of failures that led to global financial collapse – would be an understatement.
The scale of the problem is such, that it is not just the future vision or reputations of organisations such as AIRMIC, IRM, ALARM, etc. that are affected by Corporate failure – it impacts every domain – but the future survival of firms and individuals engaged in finance, investment and insurance could hinge on addressing weaknesses that are “potentially inherent in all organisations”!
We may have difficulty getting our heads around the reality of uncertainty but we should, by now, have a reasonable enough (intuitive) understanding of risk, to know that the scope for growth and innovation is, at best, significantly reduced, where risk outweighs reward. For the foreseeable future it looks very likely that achieving stability may be the most pressing challenge!
SO I HAVE A QUESTION FOR READERS: If your company, the organisation you work for, your clients &/or customers already recognise the need to address these issues…do you think that ‘risk carriers’ (such as banks and insurers) are urgently seeking solutions!?
Because, it is the only means by which they can better protect the interests of their stakeholders. Curiously though this isn’t the case. I would be interested to hear someone else’s thoughts as to why this might be the case.
Let me outline the Ontonix approach and why we believe that the ‘conventional wisdom’ that led to the above and similar failures, is not just inadequate for business in the Digital Age but is dangerous for business and harmful as we struggle to revive communities and economies that have suffered for the sins of the financial sector.
Resilience is a function of Complexity
The purpose of measuring and managing complexity, is to maintain the system in a robust [resilient] state. In doing so, the negative impact of points B, C, E, F & G. [refer above], are implicitly managed – identified as affecting system robustness. As “excessive complexity” [refer point E. above] is a source of risk and fragility we are already equipped to, explicitly, manage that exposure.
The process measures the effectiveness of the “flow of information” [refer point D. above] within the system data: to reveal the number, nature and integrity of relationships in the form of a Complexity Map and Profile – “nodes and hubs” where information interactions occur. The greater the granularity the more detailed the insight. This enables the observer/owner to create an effective and agile [robust and adaptable] operational structure for a constantly changing landscape; reduce endogenous risk; provide “crisis anticipation”; enable better, verifiable, objective, even counter-intuitive [risk] decision-making; underpin a culture of loss prevention.
IF further justification is required you may want to read an imminent blog on a report that identifies ADAPTABILITY as more than THE strategy option. “Adaptability: The New Competitive Advantage”.
I just hope that reports such as these reach some more enlightened individuals. Otherwise, roll on Basel IX, Solvency VII and QE X!!! In which case the worry will not be so much about a “lost decade” as the stolen birth rights of several future generations!
If you can’t be bothered to read the report PLEASE, at least, watch the interview: here.
I think there are many related lessons to be learnt from looking more closely at the background to the ecological disaster that was the Gulf of Mexico oil spill. In the words of one expert
Systems accidents don’t occur because the system failed, they occur because the system exists — and because it is so complicated that inevitably something will go wrong.
- BP Report: Black Swan …or just a bird covered in oil!? (fitforrandomness.wordpress.com)
- Dilbert speaks out on: complexity and a novel alternative investment strategy (davidgwilson.spaces.live.com)
- Kenneth Rogoff: The BP Oil Spill’s Lessons for Regulation (fitforrandomness.wordpress.com)
- Beware Self-Inflicted Complexity (fitforrandomness.wordpress.com)
- NY Times.com: Talking about Complexity and Its Discontents (fitforrandomness.wordpress.com)