The good folks at Lexis-Nexis have been kind enough to invite me to be on the editorial panel of their new magazine Risk Management Today, and to have the lead article in the inaugural edition.  They’ve also been kind enough to make this article available free of charge to my clients and readers for a limited time.

The article aims to get beyond the literature and standards, and give insights on some of the key things to look for when assessing the adequacy of an organisation’s risk framework.  It is pitched at those who are not necessarily experts in risk management per se, but rely heavily on an organisation’s risk management framework.

Key points

• Despite organisations making significant investments in risk management, they still fall short in dealing with disruptive change.
• Regulatory changes seem unlikely to get to the heart of what really matters in avoiding significant destruction of shareholder value in the future.
• Seven key areas of risk management areas are discussed that investors, boards and the C-suite should be looking for.

Please feel free to download the article and pass it on.

Download the article (pdf, 3 pages, 86kB)

Also this publication is shaping up to be a very good one, and I’d encourage you to have download the inaugural issue and have a look (free download for a limited time).

Todd

I’m writing this article while working in Western Australia – the home of the black swan. Black Swans are common here, to the extent that most people here would consider white swans to be an incredibly rare thing.

Nicholas Taleb recently popularised the idea of a black swan as an event which someone didn’t see coming. He now has a best seller on the idea, asking questions like:

• Why don’t we anticipate big disruptions?
• Why didn’t we see subprime coming?
• What’s the next big disruption?

These days I spend most of my thinking time on these sorts of questions and keeping an eye out for black swans, elephants in the room and 800 pound gorillas.

In Australia, our version of an emission trading scheme (ETS) is taking shape, and is being branded as the CPRS. This CPRS is not to be confused with the Canadian Public Relations Society – it’s the Carbon Pollution Reduction Scheme – which is useful branding in case we forget why the scheme was introduced as an industry builds around it.

Industry is now intensely focused on the CPRS. And why not? It’s in the media, it’s in black and white, it’s tangible and its proposed to be implemented in the next few years. Companies can do financial modelling to work out the day 1 winners and losers, and industry lobbyists can have a field day arguing for free permits and to keep their cost base as close to the status quo as possible.

At a presentation a few months ago, one of Australia’s leading risk experts pointed out that while an ETS and carbon accounting were important, there were bigger things afoot. He explained some of the consequences of climate change – increased frequency of severe weather events, issues with rainfall and water security and the like. He took pains to emphasise the bigger picture beyond this regulatory change.

Needless to say that I was a little surprised during the Q&A at the end of the event to find that nearly all questions from the audience revolved around carbon accounting and emissions trading. Had no-one been listening? Had the message failed to sink in? Why was this? Or to bastardise Taleb’s language, why was the swan still black even when shining a big spotlight on it?

The event in question was attended by senior public sector auditors and risk professionals – the sort of people we count on to ask such questions. I thought about why people gravitated to the accounting, reporting and compliance aspects rather than to the elephant in the room and I guess its human nature – it’s black and white, it’s tangible, it’s measurable and it requires a response in the short term. In other words this part of the issue is more tame than wicked, unlike the bigger problems that governments and their advisors are now attempting to tackle.

So what is the real elephant in the room you may well ask. As I see it there is no longer just one elephant – the ones I see tend to travel in herds.

We’ve already mentioned climate change – there’s plenty of literature on that. If you analyse search metrics on the web you’ll see the term’s popularity rise to a highly mainstream top of mind topic. This doesn’t mean people can see it clearly or are operationalising around it, (if fact it seems that many aren’t), but at least it means that they aware of a big lurking presence. This is a good start.

But there are others as well. A few spring to mind:

• The modelling is not yet public but there are indications that petrol prices could go up in the order of 5-10% under a CPRS. This seems like a significant jump, and for many industries this will be, but this needs to be taken in context. If popular opinion among energy forecasters is correct, then we are looking at a doubling, tripling of fuel prices or even more over the next 10 years. Within this context, a 5-10% carbon impost is not the main act – in fact it’s potentially a sideshow at best.
• The industrial revolution and the way we use air travel are driven by cheap energy. If energy prices jump what does this mean to complex supply chains that source lowest cost inputs from around the world? Will countries with cheap labour still be able to compete effectively in global markets in the absence of cheap freight? Was all this effort in establishing free trade agreements for nought? What does this mean to distribution of wealth and currency markets? What knock on effects will these have?

In taking the initial pain on CPRS in Australia, we need to remember that in other markets there was also an outcry by business before their emission trading schemes were introduced. In the years that followed, some argue that the carbon price fell dramatically because cutting carbon was far easier than initially anticipated. The carbon cap was possibly too low and some commentators believe this resulted in many years delay before reaching a sustainable carbon price and a lost opportunity for the environment that will never be regained.

Within this context one has to wonder whether the current bemoaning by some companies and industry groups about the CPRS is really about business disruption or just a clamour for free permits, and for protectionism of obsolete assets and ways of working.

Short term lobbying on the CPRS will generate short term winners and losers and perhaps will help some companies until their CEOs cash in their options.

The medium and long term winners will be those organisations and individuals with a deep understanding of emerging mega conditions and whole systems at a micro, macro and mega scale. Those entities that understand that you can’t lobby or cartel a black swan will be the ones on the journey towards resilience and ongoing prosperity.

Todd Davies
August 2008

Reprinted with permission from resilientfutures.org

As the developed world pulls itself away from the abyss of the global financial crisis, many around the globe are breathing a sigh of relief. Having dodged a major bullet, organizations are now returning to business as usual. But if the crisis was a wake-up-call for the world, did business leaders and internal auditors pay attention or just hit the snooze alarm? What’s the next “black swan,” or significant unforeseen risk, and what should internal auditors be doing about it?

In this free feature from IIA’s global magazine, Todd summarises several key areas should be on all company watch lists for 2010 and beyond.

http://www.theiia.org/intAuditor/free-feature/2010/february/a-look-ahead-top-risks-for-2010/

In this video presentation as part of a three day strategy and leadership conference on the future of residential colleges in Australia, Todd provides insights into the nexus between governance, leadership and risk, and provides a whole systems perspective into regulatory reform, avoiding the next GFC and the future of leadership on these dimensions.

Part 1

Part 2:

Part 3:

Thanks to the the team from Resilient Futures and AHAUCHI who have been kind enough to record some of their work and make it available to the public free of charge.

More on this series can be found on the Resilient Futures YouTube site.

This week I was fortunate enough to join with some of the leading minds on governance at a joint meeting of the International Corporate Governance Network (ICGN), World Economic Forum (WEF) and the UN Principles of Responsible Investment (PRI) to discuss a range of issues on where governance needs change in order to avoid another Global Financial Crisis (GFC)… or worse.

The length and extent of debate was extensive ranging from the structure of the financial system, through to regulatory structuring, regulatory arbitrage, global regulatory frameworks, rules vs principles vs supervision and enforcement, Australia’s twin peaks and quadruple peaks model, ESG and a range of other useful debate, as well as the old chestnuts of shareholder input into executive remuneration.

I was encouraged by comments early in the meeting by Jules Muis, former Vice President and Controller of the World Bank saying that there are really only two key issues which need attention – strategic risk and systemic risk, and if we can get accountability for assessing and managing these at different scales, then we will be set for success in the future.

Lindsay Tanner, Federal Minister for Finance explained that conditions had changed and global markets can only be regulated through global coordination, while Anne Simpson, from CalPERS representing one of the largest pension funds in the world told us simply, that “we needed more joined up thinking”, eluding to the need for a wholistic, multi-faceted approach to systems thinking.

Al Gore reminded us that “we often confuse the unprecedented with the unlikely”, and Professor Mervyn King SC reminded us that “companies do not operate in a vacuum.”

Despite this sage counsel that we need an approach which allows us to think properly about strategic and systemic risk, and predict the “unprecedented but increasingly likely”, unfortunately these threads were not actively picked up, perhaps because this is an area which is not yet well understood.

In the area of risk management, boards are concerned about false comfort in risk systems – whereby companies hire a small army of risk experts who go away and implement risk frameworks such as COSO ERM, A/NZS 4360 or ISO 31000, and assure them that everything is okay, that their risk systems are sound, and the board and management can sign off.

The problem of course is that while routine bottom-up approaches to compliance, operational and reporting risk are good at managing the bread and butter of businesses, it’s rarely these areas which cause the material problems. Despite strategic risk and systemic risk now starting to be recognised globally by policy setters as the daddy of them all, people don’t have the capabilities in place to understand what these are, let alone manage them. Intuitively, boards know this.

The result is that a significant proportion of companies which experienced significant value destruction and earnings surprises in the last 18 months came out with the standard rhetoric “no one could have seen this coming”, leading to an inference that either the risk systems are not as we’ve been told (deceptive conduct) or the boards were incompetent (negligence).

I’ve been giving briefings and training on these areas internationally, including in public fora around Australia and the United States in order to help companies govern responsibly. In my mind, strategic and systemic risk are the elephants in the room which are still being overlooked and not understood.

I asserted in a public session at the meeting in front of some of Australia’s leading directors and experts that it might take someone to launch a class action in a move to get traction on this issue. After the session, one of the leading shareholder class action lawyers from New York suggested to me that being his expert witness could be very lucrative in the short term as long as I had no intention of ever being employed again, and perhaps I should stick to helping companies rather than suing them.

In Australia, internal auditors are being asked to give advice to boards on whether their company’s risk management framework is effective, and whether the risk profiles prepared by management give a true and complete picture. The advice I’m giving my clients is that if the organisation doesn’t have good capabilities around strategic and systemic risk, then the answer has got to be no, and therefore their public statements on this issue have to be qualified.

In an effort to raise awareness of strategic risk internationally, I’ve been speaking in public fora around Australia and the United States as well as through the Resilient Futures Network (RFN). The good news is that I’ve been getting traction with industry associations, community groups, pension funds, boards and large companies… and we’re beginning to prove that strategic risk doesn’t have to be difficult as long as you’ve got a good model and a diversity of perspectives (thanks to the RFN for their involvement with that).

If you’re an internal auditor trying to get your head around this, the Institute of Internal Auditors in Australia is running half-day training workshops on this topic nationally, which means you can get your head around this and bank some CPE credits at the same time. If they aren’t running near you, or if you want to run a session in-house, get a group together and The IIA will be happy to organise these.

If you’re a non-executive director and want to find out about the strategic risks which aren’t on your radar and should be, I’d be happy to give you a briefing. Please feel free to watch this primer and get in touch.

Todd

Todd Davies & Associates
Specialists in strategy, governance and step change

Web: www.todddavies.com.au
Email: todd@todddavies.com.au
Tel: +61 (0) 422 000 913

Can your organisation continue to prosper as conditions change?

Organisations are facing greater challenges than ever before.  As a leader if you feel that you are facing more change than ever before, you are not alone.  The nature, scale and frequency of change is increasing which is putting tests on the resilience of all organisations.

Increasingly, the term resilience is popping up with a number of variants – enterprise resilience, organisational resilience, business resilience and others.  Some variants are narrow dealing only with a part of the problem.  Resilience from a HR perspective often talks about personal resilience – in other words, the ability of an individual to bounce back in the face of adversity – something akin to personal tenacity.  Resilience from a risk perspective is often limited to business continuity or crisis management.  Both models tend to plan for and react to disaster rather than empowering organisations and leaders to navigate strategically.

TDA takes a holistic view of resilience using the models embodied in the Resilient Futures Network models to answer the simple question for leaders – “How can we continue to prosper as conditions change?”.  Our models bring together the key aspects of strategy, risk, governance, leadership and assurance to allow for organisational resilience and transformation.

We can assist in a range of ways depending on the needs of the organisation with a range of modules and entry points including:

• Primer – introduction to the concepts of resilience and and understanding of why this is business critical and a potential source of ultimate competitive advantage for your organisaton
• Initial diagnostic – initial assessment of key conditions and capabilities required
• Strategic risk assessment – a deep understanding of emerging conditions, key depedencies and how this will affect the organisation’s business model going forward
• Resilience capability assessment – does the organisation have embedded resilience?  What maturity level is the organisation at now?  Where does it need to be?
• Catalytic projects – demensioning catalytic projects to transform the organisation
• Resilient leadership – training leaders within the organistation on key capabilities to allow for organisational transformation
• Program and project management – ensuring what needs to happen does actually happen

After nearly 20 years working in risk and organisational transformation roles I’m convinced that the next five years will be the most disruptive we are likely to see for a generation.  Those who understand and embrace the concepts will be incredibly well placed to create shareholder wealth and outcomes for their stakeholders.  Those leaders which don’t get their head around resilience are likely to preside over  significant value destruction and be the case studies for poor governance of the future.

For a briefing, please contact Todd Davies on (02) 9043 1719.

Need more information first?

Read Todd’s latest articles on the Resilient Futures Network which demonstrate how key events are unfolding today and how outcomes could be different by embracing organisational resilience.

It seems that my piece in the June edition of Risk Management Magazine caused some contraversy, and even drew a letter to the editor from the President of the Risk Management Institution of Australia.  This is all healthy debate as it forces us to assess whether learned approaches are still relevant, or whether we’re just keeping a wary eye on the deckchairs (while forgetting to look out for icebergs).

To see the rebuttal, have a look at page 3 of the July edition of Risk Management Magazine here.  And to see the original article which caused the contraversy, click here for page 3 fo the June edition.  (Now locked down, here’s the web version).

For more information on how strategy, risk, governance and assurance come together, please click here.

The number of software offerings in the space has increased, and the marketing spin is increasing which means that unless you are a highly experienced and sophisticated buyer with a track record in software selection in this space, your chances of making a poor selection are high.

TDA understands the GRC market.  We understand the strengths and weaknesses of different providers and can guide you through the selection process.

We can help you:

1. Understand the different possibilities including in this space such as continuous control monitoring, computer-assisted audit techniques, audit follow-up, data mining, control self-assessment, SOX compliance, risk assessment, legislative compliance, policy compliance, legislative training and integrated solutions.
2. Be very clear on what your specific needs are, including developing your strategy for enterprise governance.
3. Determine whether you require a generalised or niche solution
4. Understand what the most cost-effective solutions are
5. Be clear on which solutions have the strongest support base and longevity
6. Negotiate the right price

For more information, contact us.

Silos.  It’s a word that can fill you with dread if your responsible for the governance of an organisation, yet they keep on appearing.  Organisational theory is currently aguing for matrix structures, but if you’ve ever tried to run one you’ll know that shared accountability without the right tools is the same as no accountability at all.  Silos are alive and well.

TDA has track record in brining these functions together for greatest impact.  We can help to ensure:

• Duplication between assurance functions is minimused
• Assurance programs are focused on what really matters
• Risk management has a top-down view of strategic risks
• Emerging risk capability informs the strategy and risk functions
• Strategic risk insight informs the strategy process
• Strategy drives capability development

To find out more, contact us.

I’m really pleased to announce that the Resilient Futures website went live today.

Resilient Futures was formed in April 2008 as a result of a number of practitioners in various fields believing that the current thinking in their respective professions was inadequate in dealing with the problems of tomorrow, and that resilience thinking and the concepts underpinning it provide much needed clarity in a rapidly changing interconnected world.

The Resilient Futures partnership consists of a divergent practitioners in strategy, risk, urban planning, leadership development and networked systems.  There is a range of innovative but practial thinking coming out of this one and I encourage you to have a look around, read a few articles, download a whitepaper or two, and subscribe to the RSS feed.

I particularly encourage you to have a look at my recent article Are you being a reckless leader without realising it? which gives a feel for where some of the thinking is heading, or our offering on emerging risk analysis here.

Resilient Futures can be found at www.resilientfutures.org.