Published by Todd Davies on 15 Jul 2009
Strategic and systemic risk – the key issues of our times
This week I was fortunate enough to join with some of the leading minds on governance at a joint meeting of the International Corporate Governance Network (ICGN), World Economic Forum (WEF) and the UN Principles of Responsible Investment (PRI) to discuss a range of issues on where governance needs change in order to avoid another Global Financial Crisis (GFC)… or worse.
The length and extent of debate was extensive ranging from the structure of the financial system, through to regulatory structuring, regulatory arbitrage, global regulatory frameworks, rules vs principles vs supervision and enforcement, Australia’s twin peaks and quadruple peaks model, ESG and a range of other useful debate, as well as the old chestnuts of shareholder input into executive remuneration.
I was encouraged by comments early in the meeting by Jules Muis, former Vice President and Controller of the World Bank saying that there are really only two key issues which need attention – strategic risk and systemic risk, and if we can get accountability for assessing and managing these at different scales, then we will be set for success in the future.
Lindsay Tanner, Federal Minister for Finance explained that conditions had changed and global markets can only be regulated through global coordination, while Anne Simpson, from CalPERS representing one of the largest pension funds in the world told us simply, that “we needed more joined up thinking”, eluding to the need for a wholistic, multi-faceted approach to systems thinking.
Al Gore reminded us that “we often confuse the unprecedented with the unlikely”, and Professor Mervyn King SC reminded us that “companies do not operate in a vacuum.”
Despite this sage counsel that we need an approach which allows us to think properly about strategic and systemic risk, and predict the “unprecedented but increasingly likely”, unfortunately these threads were not actively picked up, perhaps because this is an area which is not yet well understood.
In the area of risk management, boards are concerned about false comfort in risk systems – whereby companies hire a small army of risk experts who go away and implement risk frameworks such as COSO ERM, A/NZS 4360 or ISO 31000, and assure them that everything is okay, that their risk systems are sound, and the board and management can sign off.
The problem of course is that while routine bottom-up approaches to compliance, operational and reporting risk are good at managing the bread and butter of businesses, it’s rarely these areas which cause the material problems. Despite strategic risk and systemic risk now starting to be recognised globally by policy setters as the daddy of them all, people don’t have the capabilities in place to understand what these are, let alone manage them. Intuitively, boards know this.
The result is that a significant proportion of companies which experienced significant value destruction and earnings surprises in the last 18 months came out with the standard rhetoric “no one could have seen this coming”, leading to an inference that either the risk systems are not as we’ve been told (deceptive conduct) or the boards were incompetent (negligence).
I’ve been giving briefings and training on these areas internationally, including in public fora around Australia and the United States in order to help companies govern responsibly. In my mind, strategic and systemic risk are the elephants in the room which are still being overlooked and not understood.
I asserted in a public session at the meeting in front of some of Australia’s leading directors and experts that it might take someone to launch a class action in a move to get traction on this issue. After the session, one of the leading shareholder class action lawyers from New York suggested to me that being his expert witness could be very lucrative in the short term as long as I had no intention of ever being employed again, and perhaps I should stick to helping companies rather than suing them.
In Australia, internal auditors are being asked to give advice to boards on whether their company’s risk management framework is effective, and whether the risk profiles prepared by management give a true and complete picture. The advice I’m giving my clients is that if the organisation doesn’t have good capabilities around strategic and systemic risk, then the answer has got to be no, and therefore their public statements on this issue have to be qualified.
In an effort to raise awareness of strategic risk internationally, I’ve been speaking in public fora around Australia and the United States as well as through the Resilient Futures Network (RFN). The good news is that I’ve been getting traction with industry associations, community groups, pension funds, boards and large companies… and we’re beginning to prove that strategic risk doesn’t have to be difficult as long as you’ve got a good model and a diversity of perspectives (thanks to the RFN for their involvement with that).
If you’re an internal auditor trying to get your head around this, the Institute of Internal Auditors in Australia is running half-day training workshops on this topic nationally, which means you can get your head around this and bank some CPE credits at the same time. If they aren’t running near you, or if you want to run a session in-house, get a group together and The IIA will be happy to organise these.
If you’re a non-executive director and want to find out about the strategic risks which aren’t on your radar and should be, I’d be happy to give you a briefing. Please feel free to watch this primer and get in touch.
Todd
Todd Davies & Associates
Specialists in strategy, governance and step change
Web: www.todddavies.com.au
Email: todd@todddavies.com.au
Tel: +61 (0) 422 000 913