How do you stop a risk from becoming a crisis?
Most business leaders know that various risks can segue into a crisis at any time and they want answers. Two main causes create such a change.
First, there’s the familiar boiled frog syndrome. What seems a trivial issue quietly builds from being a niggle in the background into a full blown disaster.
That must have been how things looked at Wells Fargo. First, the managers knew something was going awry. But their unethical tactics were bringing business results, so they ignored the danger signals. Pressure from above made sure of that.
Next came staff complaints about being bullied into unethical behaviour—opening unrequested accounts and charging for them. Again there was no serious management reaction, except some people were fired for protesting.
Then wang! In 2016 the dirt finally hit the fan. From being a highly respected bank with a long history of decent behavior, damning headlines now ricocheted around the world.
The bank’s name was trashed for its unethical practices. The CEO resigned and even today the organisation continues to pick up the pieces. It was the equivalent of the frog finally dying of excess heat.
Commenting almost explicitly on the boiled frog syndrome experienced at VW, Fed officials pointed to “persistent misconduct” at the bank. They said the two former most senior managers had presided over “many years pervasive and serious compliance and conduct failures.
In case you think that you’re well protected again the boiled frog syndrome, take a look at Kobe Steel and the mess it’s in right now. Here’s a company with apparently a culture of compliance with rules and regulations, and quality control systems. It has compliance committees, compliance directors, whistle blowing programs, and internal reporting systems.
Yet Kobe’s boiled frog disaster has been slowly heating up over years. First this October the company announced it had found one case of falsified data on iron ore powder. This is used in vehicle parts such as gears. It followed an admission it had falsified figures about the strength and durability of its aluminium and copper products–used in the transport and defence industries.
Kobe’s shares plummeted 18% after the iron ore admission. This brought the company’s stock-market losses since the scandal broke to $1.6bn (£1.2bn). It is now examining other possible data manipulations going back a decade.
The boiled frog experience, in which something happens so slowly that one hardly notices the important differences building, can occur just about anywhere in a business. Watching out for the signs is partly what ethical leadership is all about.
Sometimes the syndrome takes years to emerge as a fully fledged crisis. Both Corrillion and Capita have hit the headlines recently for “suddenly” being in trouble. Yet in both cases the problems have long been gestating. As Capita’s new CEO puts it Capita was spread over too many markets. It had under invested with much emphasis on acquisitions to drive growth”. He also mentioned “weakness in new sales”. Worse, the organisation was
” too complex, it is driven by a short-term focus and lacks operational discipline and financial flexibility.
On top of this, Mr Lewis said the firm still had too much debt, at £1.15bn, and that this urgently needed to be brought down through selling assets. Hardly a short term sudden on set of risk.
Then there are the lightening strikes. These are situations you cannot easily predict. Seemingly they come from nowhere.
Sometimes there are bad things that you least expect. As when some employees behave irresponsibly and leave the organisation and its leaders reeling.
Human behavior is the trickiest risk factor to predict, manage and defend against. Despite years of high-profile breaches, security training and anti-phishing campaigns, end users persist in using weak and compromised passwords, clicking on suspicious links, sharing accounts and using insecure apps and websites.
Lightening recently struck Bankers of Steinhoff International, the South African-based home retailer in late 2017.
The bankers suffered billions in paper losses when the retailer’s shares plunged 75% and the chief executive resigned. Like a lightening strike, “accounting regularities” had unexpectedly emerged into the light of day.
Much the same occurred in Tesco, when the retailer suddenly “discovered” a huge hole in its accounts. The case ended up in court, after Tesco announced in September 2014 that its profit forecast had been overstated. This was mainly due to booking commercial deals with suppliers too early.
Tesco’s unexpected disclosure saw its shares tumble, plunging the company into the worst crisis in its near 100-year history.
What remedial action?
So what can a business leader do about either the boiled frog syndrome, or the lightening strike?
The best avoidance strategy stems from being an ethical leader. Ethical Leadership is one of the most effective risk mitigation strategies a company can adopt.
Ethical leadership relies first on a high level of emotional intelligence (EQ). This is the ability to own an organization’s values as well as one’s own. It means linking the means of achieving success with the business strategy. “How” matters just as much as “what.”
Second, ethical leaders are good at listening to multiple points of view. Consequently they’re open to differing input and feedback. Rather than “killing the messenger”, ethical leaders welcome those who bring them the bad news. They even reward them. Such leaders are more likely to come across a boiled frog situation or be warned about a potential lightening strike vulnerability.
For example, one new chief executive asked his team to list all the “red” signs of danger on their various business projects. At this first meeting nobody admitted anything bad was happening. They preferred to let the “frog boil”. They hoped somehow it might be OK.
The insightful new CEO sent all the team away. He said return back next week with more honest information about their projects. When the following week his team reassembled, one of them stood up and admitted his main project was Red and in trouble. The CEO refrained from yelling at him, or criticising him for the bad news.
Instead, the CEO stood up and applauded the surprised excecutive. The others got the message. Soon more useful information started flowing their respective “boiling frogs.” The CEO had found a way to mitigate the combined risks before they spiralled into a crisis.
At VW the new anti-corruption czar, Kurt Michels found a team unwilling to voice its thoughts, fears or uncertainties despite the gravity of the diesel crisis. Michels had to encourage his team members to speak up during meetings.
“During the first two (conference) calls, I didn’t receive a question at all. No one asked a question.”
Many were passive, waiting for instruction and interpreted his brainstorming suggestions as straightforward orders not to discuss but to carry out. VW has paid $30 billion in costs from its boiled frog experience since 2015.
VW also suffered from a lightening strike, when it was recently revealed that the company was testing the impact of pollution from its diesel engines on monkeys. Apparently nobody in the section carrying out the tests thought to ask the classic ethical filter questions: “How would we look if what we’re doing appeared on the front papers of the major media?”
Why is this a moral or ethical issue?
Today’s risk environment differs significantly and is less understandable than a few years back. Complexity, globalisation, and large forces such as climate change and cyber insecurity have transformed the risk scene.
Consequently many organizations now face a large variety of intangible and hard to predict risks. These may range from unwanted disclosure of information due to the behaviour of errant employees, through to breaches of conduct driven by skewed incentive systems, such as at Wells Fargo.
The task of risk management in a company is therefore expanding. From protecting the balance sheet and having a mainly bottom line focus, today’s risk management must encompass wider possibilities.
Two capabilities can help companies tackle this trickier risk environment. First, there’s the more widespread adoption of ethical leadership. This tends to be more open to the unpredictable implications of the boiled frogs and lightening strikes syndromes.
Second, no amount of attention to devising codes of practice, adopting compliance technology or issuing threats of punishment will mitigate the risk factors companies could encounter. Instead, organisations need to become more explicitly in being values-driven.
The combination of ethical leadership and a reliance on core values can affect people’s responses to the intangible risks ahead.
Another helpful tool in tackling the transformed risk environment is a more analytical approach to risk management. This has resulted in the production of a variety of guidelines, frameworks, and standards to assist leaders assert better control over risk.
These frameworks help them tackle a common problem shared across many types of business enterprise. In highly competitive or fast changing environments people under stress may not only suffer from burnout and health threats. They may also fail to see there is an ethical or moral dimension to their decision making.
That certainly happened in VW. There, the decision to install defeat software to hide the extent the company’s engines were polluting, was initially seen as a technical one. Not as a moral or ethical choice.
Starting with the values
Much risk management effort relies on using bogus objective measures of mitigation. For example, one much-used approach asks: how much impact would a particular issue make if it occurred? This is then ranked on a scale from one to 10. Next the approach asks: how likely is the risk to occur–again described on a scale?
Combining impact and likelihood produces a deceptively easy to grasp risk assessment measure. The resulting number has the comforting appearance of logic and objectivity.
Yet you cannot turn risk into a value free zone. It is deeply embedded in the ethical dimension of the organisation. Something may be wrong, no matter what the risk scale tells you.
If and when his happens it should be possible to detect the values-driven approach affecting strategy and planning, management, reporting processes, policies, and culture.
Therefore the best place to start in handling boiled frogs or lightening strikes is not with a so-called objective tool for measuring risk. Instead, invest in time and resources to understand the interplay between corporate values and risk management.
Reaching this understanding remains more art than science. It means viewing social, cultural and organisational values as a source of risk. Values and culture for example, produce their own range of risks and these need to be managed.
The connection between an organisation’s values and broader societal values may therefore be an important yet much ignored source of ethical risk—see panel
CLICK HERE TO READ ABOUT:
Finally, the effective management of ethical risk must become an on-going discipline. Not a one-off event.
This means having constant checks on how the organisation’s declared values and the risks they cause arise in daily ways of working. Here are five specific ways to combat the twin evils of boiled frog syndrome and lightening strikes:
- Jondle et al, Managing risk through the ethical business culture model, European Financial Review June 19, 2013
- Disparte, Simple Ethics Rules for Better Risk Management, HBR Nov 2016
- FT Reporters, Banks stand to lose billions in Steinhoff, FT 8th December 2017
- ecember 11, 2017 Combating Your Company’s Insider Risk, Corporate Compliance Insights, D
- A.Gray and B.Mclannahan, Fed’s rap puts fear of God into bank board rooms, FT 6th February 2018
Acknowledgement: Thanks to David Archer of Socia.co.uk for inspiring this title, –the rest with all its faults, is down to me.