25,99 €
25,99 €
-100%
Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.
Mehr erfahren.
Mehr erfahren.
- Herausgeber: John Wiley & Sons
- Kategorie: Fachliteratur
- Sprache: Englisch
A new book to help senior executives and boards get smart about risk management
The ability of businesses to survive and thrive often requires unconventional thinking and calculated risk taking. The key is to make the right decisions—even under the most risky, uncertain, and turbulent conditions.
In the new book, Surviving and Thriving in Uncertainty: Creating the Risk Intelligent Enterprise, authors Rick Funston and Steve Wagner suggest that effective risk taking is needed in order to innovate, stay competitive, and drive value creation.
Based on their combined decades of experience as practitioners, consultants, and advisors to numerous business professionals throughout the world, Funston and Wagner discuss the adoption of 10 essential and practical skills, which will improve agility, resilience, and realize benefits:
- Challenging basic business assumptions can help identify "Black Swans" and provide first-mover advantage
- Defining the corporate risk appetite and risk tolerances can help reduce the risk of ruin.
- Anticipating potential causes of failure can improve chances of survival and success through improved preparedness.
- Factoring in velocity and momentum can improve speed of response and recovery.
- Verifying sources and the reliability of information can improve insights for decision making and thus decision quality.
- Taking a longer-term perspective can aid in identifying the potential unintended consequences of short-term decisions.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 580
Veröffentlichungsjahr: 2010
0,0
Bewertungen werden von Nutzern von Legimi sowie anderen Partner-Webseiten vergeben.
Legimi prüft nicht, ob Rezensionen von Nutzern stammen, die den betreffenden Titel tatsächlich gekauft oder gelesen/gehört haben. Wir entfernen aber gefälschte Rezensionen.
Ähnliche
Table of Contents
Praise
Title Page
Copyright Page
Dedication
Acknowledgements
Foreword
Preface
Introduction
Conventional Risk Management
A Risk Intelligent Approach
The Approach of This Book
The Structure of This Book
PART I - When Risks Become Brutal Realities
CHAPTER 1 - To Survive and Thrive
The Revolving Door to the Corner Office
Barriers to Board Effectiveness
The Imperatives of the Enterprise
CHAPTER 2 - Conventional Risk Management Has Failed
What Goes Up Must Come Down
The Evolution of Finance, Market, and Risk Management Theory
Taking a (Random) Walk
CHAPTER 3 - An Unconventional Approach to Risk Management
Calculated Risk Taking Creates Value
Calculated Risk Taking and Risk Aversion
Risk Intelligence: An Unconventional Approach
PART II - Ten Essential Risk Intelligence Skills
CHAPTER 4 - Check Your Assumptions at the Door
Fatal Flaw #1: Failing to Challenge Your Assumptions
Risk Intelligence Skill #1: Check Your Assumptions at the Door
CHAPTER 5 - Maintain Constant Vigilance
Fatal Flaw #2: Lack of Vigilance
Risk Intelligence Skill #2: Maintain Constant Vigilance
CHAPTER 6 - Factor in Velocity and Momentum
Fatal Flaw # 3: Failure to Consider Velocity and Momentum
Risk Intelligence Skill #3: Factor in Velocity and Momentum
CHAPTER 7 - Manage the Key Connections
Fatal Flaw #4: Failure to Make Key Connections and Manage Complexity
Risk Intelligence Skill #4: Manage Your Key Connections
CHAPTER 8 - Anticipate Causes of Failure
Fatal Flaw #5: Failure to Anticipate Failure
Risk Intelligence Skill #5: Anticipate Causes of Failure
CHAPTER 9 - Verify Sources and Corroborate Information
Fatal Flaw #6: Failure to Verify Sources and Corroborate Information
Risk Intelligence Skill # 6: Verify Sources and Corroborate Information
CHAPTER 10 - Maintain a Margin of Safety
Fatal Flaw #7: Failing to Maintain a Margin of Safety
Risk Intelligence Skill #7: Maintain a Margin of Safety
CHAPTER 11 - Set Your Enterprise Time Horizons
Fatal Flaw #8: Short-Termism
Risk Intelligence Skill #8: Set Your Enterprise Time Horizons
CHAPTER 12 - Take Enough of the Right Risks
Fatal Flaw #9: Failure to Take Enough of the Right Risks
Risk Intelligence Skill #9: Taking Enough of the Right Risks
CHAPTER 13 - Sustain Operational Discipline
Case Example: The U.S. Submarine Force
Fatal Flaw #10: Lack of Operational Discipline
Risk Intelligence Skill #10: Develop and Sustain Operational Discipline
PART III - Creating the Risk Intelligent Enterprise
CHAPTER 14 - Risk Intelligence Is Free
A Closer Look at Costs
The Rewards of Risk Intelligence
CHAPTER 15 - Risk Intelligent Governance
The Risk Intelligent Board
Committees of the Board and Risk Intelligence
Where Does Risk Oversight End and Risk Management Begin?
CHAPTER 16 - Risk Intelligent Enterprise Management
ERM and Risk Intelligence
Developing Risk Intelligent Enterprise Management
Act as One
A New Way of Doing Business
CHAPTER 17 - The Way Forward
The Benefits of Improved Risk Intelligence
What’s Your Enterprise Risk IQ?
Making the Transformation
Conclusion
Notes
About the Authors
Index
More Praise forSurviving and Thriving in Uncertainty
“Surviving and Thriving in Uncertainty is proof that effective risk intelligence doesn’t have to be an arcane venture requiring a Ph.D. The authors’ practical, common sense insights and actionable methods make efforts to improve decision quality and manage enterprise value not only achievable, but oddly enjoyable. Simplifying complexity is perhaps one of the book’s biggest strengths. Whether you’re an experienced director, a seasoned executive, or just starting out, this book is a must-read.”
—Chris DePippo, ERM Director and Chief Compliance Officer, Computer Sciences Corporation (CSC)
“Funston and Wagner’s excellent user’s guide for managing risk in today’s rapidly changing global business world is also a great tool for how to win in high-threat competitive environments. As skilled practitioners, they provide just the right mix of insightful reflection and timely practical guidance for readers to incorporate into their own disciplines.”
—William O. McCabe, former B-52 commander, Pentagon official, and DuPont executive
“Surviving and Thriving in Uncertainty provides a refreshing risk-management framework. Funston and Wagner provide unique insights into creating the Risk Intelligent Enterprise. Their focused questions and real-world examples transferred easily to our own risk program. The common sense approach resonated with our board and staff and rapidly advanced the WSIB’s risk program.”
—Theresa Whitmarsh, Executive Director, Washington State Investment Board
Copyright © 2010 by John Wiley & Sons. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and authors have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
“Risk Intelligent Enterprise” and “Risk Intelligence Map” are trademarks of Deloitte Development LLC.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. For more information about Wiley products, visit our web site at www.wiley.com.
Library of Congress Cataloging-in-Publication Data:
Funston, Frederick.
Surviving and thriving in uncertainty: creating the risk intelligent enterprise/ Frederick Funston, Stephen Wagner.
p. cm.
Includes bibliographical references and index.
ISBN 978-0-470-24788-4 (cloth)
1. Risk management. 2. Uncertainty. I. Wagner, Stephen. II. Title.
HD61.F86 2010
658.15’ 5—dc22 2009046301
To our wives Irina and Charlie for their unflagging support and sage advice throughout this journey. To the partners, principals, and directors of the Deloitte firms for their support of this project.
Acknowledgments
We wish to express our sincere appreciation to the following people for their support:
To Elizabeth Harrington, John Cardis, Ellen Hexter, Debbie Van Opstal, and John Olson for their insights and advice.
To Tom Gorman, Max Russell, and Samantha Clutter for their editorial assistance.
To Barbara Tysell for her research and fact checking throughout numerous drafts.
To Bill Sandy and George Peck for reviewing early drafts and providing highly constructive feedback.
To Mike Gardner and Jim Laney for their willingness to be partners in developing these concepts.
To Duncan Galloway and Bill Foote for the years of collaboration that formed the initial foundation of the risk intelligent enterprise.
To Alex Zmoira, Ian Waxman, Lane Kimbrough, Linda Igarashi, and other members of the Governance and Risk Oversight team for their support in researching various aspects of the manuscript.
To Kristy Coviello, Jack Burlingame, and Mark Baylis for their help in taking this manuscript through to publication.
To John DeRemigis, Emilie Herman, Chris Gage, and the entire team at John Wiley & Sons for their efforts and support.
And lastly, to the innumerable directors and executives we have met with who have shared their experiences, their challenges, and their visions.
Foreword
During my tenure as the first Secretary of the U.S. Department of Homeland Security, much of what we did to secure the country and its citizens centered on risk assessment and risk management. Dealing with risk, whether in the public or private sector, is a daunting but critical task. At the Department of Homeland Security, of course, risk management is required in order to keep the country adequately protected while simultaneously contributing to its capacity to be competitive and productive. What you will see in the following chapters is an insightful view of how risk management, when intelligently applied, can help the private sector achieve the same outcomes.
Every day, people, businesses, and governments assess, manage, and prepare for risks. Any business, in my view, that does not have some measure of risk assessment and risk management embedded in its operational structure and culture is most likely a static and non-innovative enterprise. It has no true situational awareness and thus, in the long term, will have no long term—because it will have neither means for preventing and mitigating crises nor for identifying and optimizing opportunities.
At the governmental level, one of the challenges of risk management is building bridges and promoting shared communication among the intelligence community. Consider the National Security Agency, the Federal Bureau of Investigation, the Central Intelligence Agency, and the Department of Defense. Each has its own set of intelligence sources. But if these separate agencies don’t share information, their effectiveness in identifying and managing risks is diminished. The same is true of different business units or departments within any corporation.
It isn’t easy to run any federal department as a business, particularly when you consider that 535 people, the Congress, act as an informal board of directors, appropriate dollars, and dictate where the department or agency spends them.
However, it is possible and even necessary for government to apply certain business principles to its overarching and departmental missions. That begins with identifying risks. Each day, on the way to the White House, I would receive a matrix that addressed potential threats. Homeland Security doesn’t generate intelligence information; it is a consumer of information provided by various intelligence agencies. But the question for the leadership of any enterprise is how do you evaluate risks and the impact each could have on your business or enterprise?
The first consideration is credibility. How credible are your sources? Have you received information from a given source before, and did that information prove to be accurate? Second, can this intelligence be corroborated? Can you verify this information with another source? Third, how exposed are you? How vulnerable are you at that particular point? Have you performed certain preparedness training? Have you built security and safety measures to substantially mitigate the risk? Fourth, what’s the actionable threat? What are the most important things you can do to deter the risk immediately? Is this action consistent with your culture, your reputation, and how you do business? Will it have a good or bad economic impact on your enterprise? Will taking action make your enterprise safer or more productive? The answer is usually both.
Effective risk management is not about forecasting events with 100 percent accuracy. That would be a fruitless and impossible goal. But in many cases, erring on the side of caution, even when your information might not be as reliable as you would like or when your intelligence cannot be verified by a second source, is simply the smart thing to do. Before and during the 2003 holiday season, Homeland Security cancelled a number of flights due to intercepted “chatter” that al Qaeda had plans to hijack an airplane and attack a target in the United States. Was this information credible? We thought so. Was it corroborated? Not really. Yet the context and content were so unique that the threat could not be overlooked. We found out roughly nine months later that the intelligence we intercepted was, in fact, not accurate. But given the potential risks, we couldn’t afford to ignore the possibility that such an attack was being planned.
Finally, an aspect of risk management that is often overlooked is the notion of being too cautious—walling up like a fortress, precluding opportunity. An example, perhaps, of being overly vigilant can be seen in the obstacles U.S. businesses face as they attempt to bring in professionals from other countries. In a post-9/11 world, it has become increasingly difficult for foreign professionals to navigate the rules and regulations that would allow them to enter this country to do business.
The key to risk management is managing risk before it manages you. Individuals, national governments, and international enterprises face this challenge every day. But it’s a challenge that is becoming increasingly complex and complicated, particularly given today’s global and interdependent marketplace. Additionally, the concept of risk as a two-edged sword is as true at the corporate level as it is at the governmental level. However, risk management, when done intelligently, not only allows businesses to build in resiliency and protections but also to inspire innovation and create value. The following pages provide practical strategies and approaches that can help enterprises do just that.
THE HONORABLE TOM RIDGE First Secretary of the U.S. Department of Homeland Security Former Governor of the Commonwealth of Pennsylvania
Preface
Any clear-eyed assessment of the state of risk management today would have to conclude that the field is more notable for its spectacular failures than its ability to keep businesses—and the executives who run them—out of trouble. Innumerable organizations have been staggered by risks that, in hindsight at least, could have been recognized and mitigated; their names are well known and need not be repeated here. Equally disturbing perhaps, these organizations often touted their risk management processes as state of the art, an assessment frequently seconded by analysts and commentators and accepted at face value by eager investors.
Standing amid the rubble of the latest financial ruin, two troubling questions arise:
1. Why can’t the cycle of scandal, speculation, greed, and recklessness be broken? Devastating business failures have occurred frequently throughout the last century, yet the most-recent wave always seems to catch the business community off guard.
2. With countless sums spent on conventional risk management, why does it consistently fail at critical junctures? Executives, investors, and regulators are justifiably skeptical about continuing to invest in approaches apparently so fundamentally flawed.
The answers to these questions, as you might have guessed, can be found within these pages. Rick Funston and Stephen Wagner have spent most of their careers helping top executives, boards of directors, and audit committee members bring clarity and efficiency to their risk management programs. In this book, the authors clearly describe the risks unaddressed and the warning signs unheeded that have brought erstwhile respectable companies to their knees. More important, the authors devote much of the book to practical advice that allows companies not simply to survive in a risk-fraught business environment, but to thrive in a climate of uncertainty and peril that sinks poorly prepared organizations.
However, perhaps the greatest value of this book lies in its power of demystification. As the authors note, the failure of enterprise risk management (ERM) can often be tied to needless complexity. Business executives frequently complain that ERM is too complicated and too big; that a typical ERM infrastructure is by its nature bulky, creaky, and likely to collapse under its own weight. Due to the misconception that it’s virtually impossible to get one’s arms around ERM, many organizations take a piecemeal approach, with risk specialists in various business units lacking a harmonizing, oversight, or “big picture” view and approach. This “silo” phenomenon often yields predictably fragmented results, as it is unable to address aggregate or cascading risk scenarios. (For example, a credit risk that impacts treasury that in turn affects cash flow, accounts payable, supply chain, production, inventory, and sales.)
Yet, as Funston and Wagner convincingly demonstrate, a risk infrastructure need not be bloated. Indeed, the best risk management programs are often the simplest, in both design and execution.
The full picture has been carefully drawn by the authors in this book. Their insights and practical knowledge will benefit those directors and executives who seek to tame the risks and capture the rewards that await their enterprises.
HENRY RISTUCCIA Managing Partner Governance, Regulatory & Risk Strategies Services Deloitte and Touche LLP
Introduction
There is no security on this earth. Only opportunity.
—Douglas MacArthur
The pursuit of opportunity in any human endeavor means leaving the security of the status quo, the safe haven, the tried and true. General MacArthur’s statement above implies that fact of our professional and personal lives. Moreover, his statement explicitly describes security itself as nonexistent. Efforts to achieve security by standing still, hunkering down, or attempting only that which has been attempted in the past will not produce security. Indeed, such actions will generate risks of their own. Yet, as we all know, risks also accompany the pursuit of opportunity.
Managing the risks that accompany the pursuit of opportunity—or, more precisely, the pursuit of value—is the main subject of this book. Executives and board members understand that risk accompanies this pursuit, yet they often misjudge, mismanage, or simply avoid that risk. Indeed, risk avoidance has traditionally been the foundation of risk management as commonly practiced in enterprises. As a result, events in the business and financial world over the past decade clearly demonstrated that risks encountered in the pursuit of value are rarely fully appreciated or properly managed.
Executives and boards mainly accustomed to risk avoidance—or to gauging and addressing risk by means of mathematical models—often failed to identify, appreciate, and manage the risks that attended the pursuit of value. This occurred across a range of industries, and it was chiefly a result of conventional approaches to risk management.
Conventional Risk Management
Relatively few board members and senior executives, including those of many major corporations, take what we call a risk intelligent approach to managing the risks their organizations face. Conventional risk management, with its focus mainly on avoiding risk and protecting existing assets, is necessary but not sufficient. Worse, risk management as practiced rarely focuses on ways to identify, develop, seize, and exploit the most promising opportunities for the enterprise to create value. Indeed, most leaders and risk managers do not see risk management as part of value creation, and that is a major reason we’ve written this book.
The proper aims of risk management in business are to preserve existing value and to enable the creation of new value. Implicit in this view of risk management is the recognition of the reality that value and risk are inseparable. Risk attends every attempt to protect and create value.
Yet conventional risk management takes value preservation as its main purview and leaves risk taking for value creation (the reason that the enterprise exists) largely out of risk management. This leaves most directors and executives with a skewed view of risk and with only one set of tools—asset preservation tools—when they need another set to deal with the risks that accompany their efforts to create new value.
Conventional risk management has failed, most recently and spectacularly, in the well-chronicled housing bubble, subprime crisis, and credit crisis of the 2000s, with exacerbating effects on the business cycle. When we began writing this book in late 2007, we set out to warn that conventional approaches to risk management presented serious dangers and that leaders’ understanding of risk management—and risk itself—had to change.
Now that we all have experienced what by many measures was the worst financial and economic crisis since the Great Depression, those “warnings” have been issued. We also set out to offer a more pragmatic approach to risk management through a deeper understanding of value and risk. That approach and that understanding is what you will find in this book.
A Risk Intelligent Approach
Executives and boards must make important decisions in the present, without complete information in a complex and rapidly changing environment characterized by uncertainty and turbulence. Uncertainty is a state in which the outcomes are unknown and perhaps unknowable; the more distant in time, the greater the uncertainty. University of Chicago economist Frank Knight described two types of uncertainty: first, that in which probabilities are known or knowable, which he called risk; and, second, uncertainty, which is not known or knowable.
This bifurcation has led to much of the current wisdom on which conventional risk management is founded—that is, probabilities based on normal distributions. Thus extreme cases are typically ignored. Unfortunately, such wisdom has failed us, as improbable and extreme events have occurred while probable events have failed to occur.
Turbulence is a state of extreme instability characterized by sudden and violent change. It cannot be modeled outside of the laboratory. It is characterized by high speed. Together, uncertainty and turbulence generate risk, that is, the potential for failure. In the case of the enterprise, it is both the failure to protect its existing assets and the failure to create future value.
Thus, improving ways of anticipating and managing risk in uncertainty and turbulence is the subject of this book. To help leaders operate effectively in that environment, we present—under the rubric of risk intelligence—proven methods from a wide variety of disciplines by which they can exercise better judgment and make superior decisions under risky, uncertain, and turbulent conditions.
The risk intelligent enterprise recognizes that risk intelligence and risk management are not ends in themselves but a means toward the ends of creating and preserving value and surviving and thriving in uncertainty. Risk intelligence is an approach to conducting business that improves decision making and judgment in vital areas and initiatives. After all, to be enterprising means to be bold and willing to undertake new initiatives that involve risk.
In fact, according to Webster’s New Collegiate Dictionary, the word enterprise means “a project or undertaking that is esp. difficult, complicated, or risky” or “a unit of economic organization or activity, especially a business organization.” Too many enterprises appear to bear the second definition in mind but not the first.
Risk intelligence is dynamic. There is no set of rules to follow, no permanent certification, no way to insulate the organization from the forms that uncertainty and turbulence will take in the future. Rather, there is only a path to creating value and managing risks that enables better decisions.
The Approach of This Book
This book aims to stimulate and contribute to the discussion of risk by presenting factual, informative, provocative, and sometimes challenging views on the subject. In that spirit, we present a number of realities that organizations must confront if they are to survive and thrive.
In addition, we provide a multifaceted, panoramic way of viewing risk, one that encompasses both asset preservation and value creation. We have repeatedly heard directors and senior executives express their desire for new skills and their need for updated tools for addressing risk proactively rather than reactively. We introduce such skills and tools in this book and provide a context in which to use them in the form of the risk intelligent enterprise.
A risk intelligent enterprise takes a broad view of risk, assesses the full range of risks across the enterprise, matches risk management resources to the priority of the risk, and thus more effectively manages the risks of value creation as well as asset preservation.
We address ourselves primarily to boards and senior executives because they hold primary responsibility for the success or failure of the enterprise. They, and only they, hold the power to promulgate risk intelligent practices in the enterprise because they define the direction and develop the strategies by which the enterprise creates value. They also make the major decisions regarding the initiatives that the organization will pursue, the resources to be allocated to those initiatives, and the risks that are inherent in those initiatives.
As to method, we draw upon our collective years of client work and research experience in Deloitte & Touche and throughout our careers, and draw upon on the intellectual capital of the firm. We’ve met with hundreds of directors and senior executives to obtain their perspectives on issues such as resilience and agility, asset preservation and value creation, and corporate governance and risk management.
We also sought the perspectives of combat pilots, first responders to crises, race car drivers, sailors, mountaineers, explorers, and astronauts—people with a vital interest in managing risk. And we drew upon extensive research into news stories and historical sources in fields both related and unrelated to business.
In our research, we discovered converging themes in areas as diverse as biology, cybernetics, military operations, physics, behavioral finance, and national security, among others. Our inquiry into areas related to the natural and social sciences rested on the notion that the enterprise can be best understood as a living organism with two imperatives: to survive and to thrive.
Change and turbulence, whether they originate within the organism or enterprise or in the environment, typically present the greatest threats and the richest opportunities—provided adaptation occurs. Adaptation may be gradual or sudden, effective or ineffective, but adaptation typically occurs in unexpected ways and in response to unanticipated changes and events.
We have also dug deep into business-related disciplines such as quality and process improvement and scenario analysis to locate root causes of failure and to develop insights regarding success. However, this is no technical manual or treatise on risk. Rather it is a practical guide for directors and senior executives, as well as risk managers, business unit heads, and aspirants to these positions.
Given that directors and executives have cautioned us that a book of this type must provide compelling methods of successful application as well as a strong conceptual framework, we present numerous cases, examples, anecdotes, quotes, tools, and tactics within an overarching structure. Much in the way in which one must balance risk and reward, we have sought to balance often opposing factors, such as depth and breadth, theory and practice, and information and entertainment, in our effort to further the inquiry into risk and to foster optimal approaches to risk management.
The Structure of This Book
This book consists of seventeen chapters, organized into three parts, as follows:
Part I: When Risks Become Brutal Realities states the problems and challenges that leaders of large enterprises confront in managing risk and creating value. It details why conventional risk management and risk governance have failed and provides a new, more useful view of both of those key leadership activities.
Part II: Ten Essential Risk Intelligence Skills presents ten “fatal flaws” in conventional risk management and the corresponding skill required to correct and overcome each flaw. Each chapter in this part also contains tools for exercising that skill. Not every flaw or every tool will apply to every organization; however, collectively they amount to an intellectual approach, a mind-set, and a set of practical steps to improve risk management in your enterprise. These skills and tools address needs that repeatedly arose in our experience, our research, and our discussions with interviewees. These skills improve people’s awareness of and responses to risks and opportunities, immediately and in the long term, at every level of the organization.
Part III: Creating the Risk Intelligent Enterprise describes the characteristics of the risk intelligent enterprise and provides a framework for developing such an organization. This part explains the roles of directors and executives and the leadership challenges they face in this endeavor. It also shows how to orchestrate people, processes, and systems toward that end. A risk intelligent enterprise incorporates risk intelligence into the ways it understands and manages the business. As result, it is better positioned to make superior decisions under conditions of uncertainty and turbulence and thus increases its chances of survival and competitive success.
Two additional features of this book warrant a mention. First, to reinforce specific points, we have presented verbatim views of our interviewees in sidebars titled Voice of Experience. These views illustrate the needs and concerns of these individuals as they pertain to the subject at hand (and not necessarily the views of their organizations, which many preferred not to have identified in these pages). Second, we have included Questions to Ask at the end of selected chapters. These questions, which are by no means exhaustive, are intended to focus discussion and prompt further inquiry into the related topic.
At this point in the development of business, of capitalism, and of the global economy, risk management presents the greatest challenges and opportunities for leaders in enterprises of every stripe. We trust that this book achieves our aim of inspiring leaders to accept those challenges and to pursue those opportunities, and to do so with greater effectiveness, efficiency, and enthusiasm.
PART I
When Risks Become Brutal Realities
CHAPTER1
To Survive and Thrive
A Matter of Judgment
Life is short, art long, opportunity fleeting, experience misleading, judgment difficult.
—Hippocrates
The goal of every species is to survive and thrive, yet about 96 percent of all species that have ever lived on earth are now extinct.1 Life is also short for individuals and—more to our point—for many of the enterprises they create. In 1997, the average life expectancy of a Fortune 500 company was about 45 years.2 By now, it has likely become even shorter, as demonstrated most recently in the number of stressed and failed industrial and financial institutions in the crisis of 2007-08 and in the recession of 2008- 09. While the events of that period have been well documented, a quick review of selected highlights will set the stage for our examination of risk and risk management in this part.
• Between the market highs of October 2007 and the final days of 2008, an estimated $8 trillion in value was lost, as measured by the Dow Jones Industrial Average, where every 500-point decline equals about $700 billion in losses.
• The U.K. hedge fund Peloton had been ranked the world’s highest performing fund in 2007 with an 87 percent return on investment and $10 billion in assets. On March 5, 2008, Peloton was forced to dissolve when its liquidity dried up almost overnight.3 That spring, the failure of 85-year-old Bear Stearns occurred in just over 20 days.4
• Within 20 months after the end of 2006, 274 major U.S. lending operations “imploded.”5 Between January 1 and the end of August 2008, nine U.S. banks failed, and by September 2009 there were 552 on the Federal Deposit Insurance Corporation’s troubled list.6
• General Motors and Chrysler underwent federally assisted bankruptcies, while thousands of retail stores, restaurants, travel, luxury goods, furniture, and other businesses that depend on consumer spending experienced severe decreases in revenue and pressure on profits.
• During 2008, U.S. residential mortgage foreclosure activity increased 81 percent over 2007 levels and 225 percent over 2006 levels.7 Nationally, more than one in every 400 housing units was in some stage of foreclosure.8
Who is responsible? That question has been debated since the onset of the crisis, and it will be for years to come. Yet senior executives and boards of directors have clearly been held responsible in many quarters, representing a trend extending back to Sarbanes-Oxley in 2002, and it’s a trend that we expect to continue.
The reasons should be obvious. People rightfully look to senior executives and boards to exercise judgment: to survey the environment, understand the organization, and make tough decisions in difficult and uncertain situations. The enterprise will either survive and thrive or wither and die on the quality and timeliness of its leaders’ judgments.
We opened this chapter with a quote from Hippocrates, who spoke and taught with humility (to the point of choosing “First, do no harm” as the opening of his eponymous oath). He must have known how little physicians of his time knew about the unknown. Bacteria, brain chemistry, even various organ functions were yet to be discovered. Then, as now, physicians—and executives—must exercise judgment, and do so amid uncertainty.
We mentioned that 96 percent of all species that have appeared on the planet are now extinct. We implied that organizations aren’t doing much better. Yet virtually all species except Homo sapiens operate mainly on genetics and instinct. Only we have judgment. We have what neuroscientists refer to as “executive functions” in our brains, the capacity to gather and process information and to make rational decisions and plans based on that information and on our wants and needs. Shouldn’t our organizations—also equipped with “executive functions”—be doing better, exercising better judgment, even amid uncertainty and the difficulties it brings?
We think so, and we are not alone.
The Revolving Door to the Corner Office
The door to the corner office has been revolving at increasing speeds. In December 2008, National Public Radio (NPR) reported, “Corporate boards are holding chief executives accountable for falling stock prices as well as huge losses suffered in the credit and mortgage markets.” According to the Corporate Library, the CEO turnover rate exceeded 18 percent in 2008. The NPR report noted, “CEOs are also spending less time at the helm—their median tenure is down to four years.”9
In general, CEO turnover doubles in bad times, particularly when shareholder returns suffer. In 2008, 61 companies in the S&P 500 stock index changed CEOs. Boards typically oust CEOs a year or two after shareholder returns slip, and that “grace period” may decrease further.10 (The average chief financial officer has 18 months to get the job done, according to CFO Magazine.11)
The truth, however, is that a new CEO rarely reverses the losses. The shares of 30 companies at which chief executives were removed actually declined more than they gained.12 More recently, CEOs in general have had their powers diminished, relative to their boards. According to a study by the University of Southern California (USC) Center for Effective Organizations and Heidrick & Struggles, 82 percent of directors believe that their “CEOs have less control over their boards, with 49 percent indicating this has happened to a great or very great extent.”13
These trends may well affect management’s view of risk. Jeff Cunningham, Chairman, CEO, and editorial director of Directorship, says, “There is no question that CEO power and prestige have fallen. The unintended consequence is that this can make the CEO overly risk averse. His or her decision making can become reflexive, conventional, and, from a business development point of view, unremarkable.”14 CEO tenure has been reduced to the point where leaders often cannot see significant initiatives through to completion, which can shift their focus to only short-term goals, since they won’t be around to achieve long-term ones. Nor are CEOs the only leaders affected.
Broad Concerns about Boards
The business acumen of the board often fails to match the needs of the enterprise. Cunningham says, “A lot of people will dispute this, but CEOs complain they are just not getting the ‘brain trust’ and strategic counsel from their boards that they did years ago, although they are getting heaps of advice on the governance issues du jour—compensation, compliance, and succession.”15 A 2005 McKinsey survey of more than 1,000 directors reinforces these concerns:
• Only 11 percent of directors reported that they have a complete understanding of key enterprise strategies or risks.
• More than 50 percent have no clear sense of their companies’ prospects five to ten years down the road.
• Just 8 percent of directors claim to have a complete understanding of long-term risks; 37 percent admit they have little or none.
• More than 50 percent of directors admit that they have no way of tracking changes in risks over time, leaving them vulnerable to unforeseen shifts.16
Note that these are directors’ self-assessments. Moreover, the overall trends they identified seem to have continued. The above-noted USC/Heidrick & Struggles study found that 95 percent of directors rated themselves as highly effective in monitoring financial performance, representing shareholders’ interests, and ensuring ethical behavior (compliance and monitoring).
However, they rated themselves much lower on shaping long-term strategy, identifying threats or opportunities, and planning for succession.17 Those opinions square with reality. The Wall Street Journal reported on September 22, 2008, “Many U.S. boards don’t cope well with a crisis.” Consequently, “some directors are now ratcheting up efforts to anticipate, and avert, trouble.” Going forward, boards need to “take a bigger role in risk management.”18
Voice of Experience
“Even though there have always been challenges, they were on a different level. We are experiencing ‘a perfect storm.’ First, there is the economic environment—volatility in foreign exchange, raw material costs, oil, and other energy sources. Second, the general public is more vocal and more demanding. And third, public outcry is producing strong pressures for regulatory responses, which in turn create even more flux and unpredictability, not just in the United States but in the rest of the world as well. We are not used to this, and we are not trained or equipped to deal with it effectively.
“We have spent the past five years struggling with overkill of compliance and internal control issues, which are not always correlated with managing the uncertainties of a business. But we sort of took our eyes off the ball for what was on the horizon. That makes us even less prepared.”
—Rolf Classon, Director
What’s Reasonable to Expect of the Board?
The board’s power emanates from the shareholders, whose interests the board represents, and its responsibilities center on governing, guiding, and when appropriate assisting management in protecting and increasing shareholder value. But how much actual responsibility for risk management can be laid upon directors? It’s an open question. For instance, Jeff Cunningham says, “I think the public at large and, add for safe measure both politicians and regulators, may not understand how the board interrelates with the C-suite in the area of risk management, and so they lack some of the basic tools needed to understand the risk environment.”19
Many boards and management teams also don’t understand that interrelation, at least not fully and in practice. In fact, most conventional guidance on the board’s governance role has far more to do with legal obligations, structures, and functions than with how key decisions are made.
For example, in Corporate Governance, Colley and colleagues state that the board is responsible for governance based on their articles of incorporation, bylaws, and shareholder agreements.20 The authors go on to present three broad duties of the board: the fiduciary duty, the duty of fair dealing, and the duty to perform functions in good faith. Other standard expectations call upon directors to:
• Act as an ordinarily prudent person would reasonably believe to be in the best interests of the organization
• Fulfill the paramount duty of oversight, with the ability to delegate that authority
• Understand the corporation’s operations, performance, and proper responses to problems
• Establish policies, such as specifying decisions requiring board approval, establishing codes of ethics and conduct, and ensuring accurate financial reporting
The vast majority of directors do their best to execute these responsibilities. However, they are often constrained by the limits of time and a lack of the right tools. In addition, a move toward increased director independence—a newfound priority for many shareholders and regulators—may have adverse, as well as positive, effects. While conflicts of interest and “coziness” with management may decrease, directors’ insight into the business may also decrease.
Directors must understand the mechanisms by which the value of the enterprise is, and can be, created and destroyed, so they can provide sound governance and useful guidance. Absent understanding and processes that promote sound governance and useful guidance, the board will likely revert to the default setting of raising objections and roadblocks on the one hand, or, on the other, to rubber-stamping management’s decisions and initiatives.
Indeed, many experts and enterprises preoccupy themselves with board structure. To their credit, Leblanc and Gillies note, “It is ‘board effectiveness’ not ‘board structure’ that must be analyzed, for it is the effectiveness of the board in the decision-making process that in the final analysis determines corporate performance.”21
Unfortunately, many boards simply adopt a risk-averse posture rather than develop a decision-making process. Adopting a risk-averse posture in an attempt to protect shareholder value will hobble efforts to create value and, over time, actually erode value. Yet boards require time and certain tools if they are to improve their effectiveness and decision making.
Voice of Experience
“I can’t emphasize enough the fact that continuing on a board is not an automatic entitlement. The board needs to take an inventory of the capabilities it needs to be a complete and an effective board, in terms of skills and experience. It needs to look at what it has relative to what it needs, because more often than not, there will be a historical mismatch. Your board’s composition will reflect what you were in the past rather than what you need to be in the future. The board needs to manage that proactively.”
—David Nierenberg, Director
Barriers to Board Effectiveness
In a Deloitte survey of 250 executives and board members,22 respondents identified the two biggest barriers to effective risk governance systems as a lack of tools needed to analyze nonfinancial issues and skepticism that nonfinancial indicators relate directly to the bottom line:
• One-third of respondents said their companies’ nonfinancial reporting measures were excellent or good, compared with 86 percent for financial reporting measures.
• Nearly half of respondents said nonfinancial reporting measures were ineffective or highly ineffective in helping the board and the CEO make long-term decisions (more than 12 months out).
• Nearly three-quarters of executives and directors were under pressure to measure nonfinancial performance indicators.
Three years later, the results were retested.23 The majority of executives perceived a growing need to better understand the underlying drivers of their performance through nonfinancial measurements, but the available metrics remained inadequate. The study concluded that companies either did not have or were not sharing critical nonfinancial performance data with their boards. It is in this nonfinancial data that much of the information needed to formulate sound judgments resides.
Barriers to Improving Risk Oversight
Boards are certainly taking risk much more seriously. In 2004, just one in ten boards spent more than 10 percent of their time on formal risk management. By 2005, that number had risen to almost 40 percent. Yet this has not necessarily translated into greater expertise.24
In the 12 months prior to the Deloitte survey, one in five companies surveyed had suffered significant damage from a failure to manage risk and 56 percent had experienced at least one near miss (a serious threat to value that was averted or defused). Ten percent of respondents reported three near misses during the past year. However, despite increased discussion and awareness, adoption of risk management standards across the enterprise was limited. Only one-quarter of respondents set regular risk targets for managers, and less than one-third provided risk management training for managers and staff. This is an indicator of cultures in which risk management is considered “someone else’s job.”
It is the board’s responsibility, in its role as steward of shareholder value, to exercise risk oversight. However, three key challenges must be addressed if the quality of directors’ risk oversight is to be improved:
1. Limited time
2. Lack of industry-specific expertise
3. Different definitions of success
LIMITED TIME Given that they are all part-timers, what time commitment is reasonable to expect of directors? Since the adoption of Sarbanes-Oxley in 2002, the average time spent by board members on their duties has increased by almost 30 percent. The USC/Heidrick & Struggles report noted, “On average, the directors indicated that they serve on 2.5 public boards. They report that during the last year, the average estimated time they spent on board matters—including preparation time, meetings, travel, and other activities—was 202 hours, up from 189 hours in 2004, 177 hours in 2003, and 156 hours in 2001.”25 Most boards meet from four to six times per year, although not always in person.
Given the available time, omniscience or even a highly detailed knowledge of operations cannot reasonably be expected. It may also be unreasonable to expect directors to spend significantly more time on those duties, in which case better use must be made of their available time.
LACK OF INDUSTRY-SPECIFIC EXPERTISE While increased independence may have reduced potential conflicts of interest, it may also have deprived the CEO of sources of industry expertise and diminished the board’s value as strategic partner. Professor Ray Reilly of the University of Michigan’s Ross School of Business believes that board members should thoroughly understand the business and that companies should find ways to ensure that they do. He notes that because board members are involved in the business periodically rather than day to day, they often don’t know which questions to ask.26
For example, before Lehman Brothers failed, only three directors had direct experience in the financial services industry. As a follow-up to the USC/Heidrick & Struggles study, authors Meyer and Rollo state that in their extensive informal conversations with CEOs, almost all confided that at most they have one or two “very effective directors who provide wise counsel, offer advice on key issues, and contribute both formally and informally to the direction of the company.” A fortunate few CEOs say they have three or four such directors. Meyer and Rollo then extrapolate that “only about 10 to 20 percent of directors are seen by CEOs as effective.” They add that CEOs also say their senior management team often regards “working with the board as a de-motivating experience.”27
Such findings jibe with the views of directors themselves, as evidenced by the above-noted McKinsey Global Survey of directors in which only 11 percent described themselves as having a complete understanding of their company’s strategy and risks.28,29 It stands to reason that board members will have difficulty providing insight on strategy if they don’t understand it. They may even be changing CEOs so frequently due to misperceptions regarding strategy, operations, and performance.
DIFFERENT DEFINITIONS OF SUCCESS Meyer and Rollo30 also report frequent disconnects between CEOs and their boards regarding expectations. CEOs want thought leaders who will partner with them on strategy. They want “independent directors who can help them make better, faster, and wiser decisions” but who let them run daily business operations. In contrast, “many directors define success in terms of committee work, fiduciary responsibility, and keeping the company in compliance with legal, regulatory, and other oversight requirements.”31
This focus on the part of the board has generated an overemphasis on transparency, compliance, and governance ratings rather than on business strategy. If the board defines success as avoiding suits, fines, regulatory actions, or appearances before Congressional committees and if management defines it as growth in revenue, profits, and shareholder value, then disconnects between the two parties are inevitable.
Combine these three challenges with the potential for tighter regulation in many areas, and with boards perhaps being “gun-shy” after the events of the 2000s, which ranged from Sarbanes-Oxley through government bailouts, and you may have a recipe for even greater challenges. Meanwhile, the basic imperatives of the enterprise have not changed.
The Imperatives of the Enterprise
In Darwinian terms, the enterprise has two fundamental imperatives: to survive and to thrive. Accomplishing both requires resilience and agility. Resilience enables the enterprise to survive adversity and the impact of negative events. Agility enables it to evade or counter adversity and to adapt to seize opportunities.
According to the U.S. Council on Competitiveness, the potential for disruptions of “global transportation networks and supply chains, IT, and energy . . . is rising in lock step with technological complexity, interdependency, terrorism, mutating viruses, and even weather phenomena . . . For enterprises, communities and countries alike, resilience is becoming a competitive differentiator.”32 By definition, resilience is the ability to recover from a blow or, more technically, the ability to quickly resume a former shape and recover functionality following an adverse impact.
Impact is a function of the mass of whatever strikes the organism or entity and its velocity. A resilient enterprise can absorb or deflect an impact and still survive. It might possess that capacity by virtue of factors such as its size, capitalization, breadth of operations, or depth of experience, or it might develop it over time.
Agility is the ability—the coordination, speed, and strength—to change position quickly to avoid or mitigate the effect of an impact, to roll with the punches. Agility is also the ability to move quickly, even to assume a new configuration, to achieve a desired outcome. An agile enterprise can often avoid negative impact (e.g., by anticipating a competitor’s move or a technology that could supersede its own) or take advantage of opportunities for growth (e.g., by moving from a centralized to a decentralized structure, acquiring another company, or changing its business model).
While resilience and agility in organisms have been developed through natural selection over millennia, those qualities develop—or fail to develop—in organizations through decisions made at the executive and board level. For instance, there are usually trade-offs between resilience and agility that require a decision to pursue one or the other or both in some combination.
Factors Affecting Resiliency and Agility
Esther Colwill, a partner in Deloitte’s Calgary office in Canada, is one of perhaps 100 people ever to scale the Seven Summits—the highest peaks on each of the seven continents.33 Colwill noted that when she climbed Mt. Everest, tough decisions had to be made about how much gear to carry. She and her team had to weigh the benefits of resilience to sudden changes in the weather against the agility and faster ascent enabled by small loads.
Likewise, enterprises must balance resilience and agility so they can withstand adverse impacts yet remain nimble enough to exploit opportunities. Jim Porter, retired chief engineer and vice president of Engineering and Operations at DuPont, says, “In the end resilience is about being able to cope successfully with the unexpected. It’s about doing the right things in ways that allow you to remain sustainable.”34
Resiliency and agility depend to a degree on size. The larger the entity, the more shock it can absorb and still return to its original shape or something approximating that shape. Obviously, there are limits, as major bankruptcies have repeatedly proven, and large size often undermines agility. Large organizations, particularly those that fail to survive, have a legendary lack of agility. Smaller enterprises are generally less resilient to adverse impacts (hence their high rate of failure) but are often better able to avoid them and to dodge threats and seize opportunities when they see them coming.
Resilience and agility must be designed into an entity. For instance, the Vendée Globe race is a solo, nonstop, around-the-world sailing race that includes passage through the tumultuous Southern Ocean, where waves up to 110 feet high have been recorded. In these waters, racers actually expect to be “knocked down,” which means submersion of their vessels’ masts. Vessels competing in the Vendée Globe are designed to self-right even when the mast is submerged up to 45 degrees. That is resilience.
Not only can an enterprise improve its resilience to specific known events through better preparation, response, and recovery, it can also improve its resilience to unknown and even to unknowable events. Take, for example, preparing for the outbreak of a pandemic. A pandemic can result in quarantine or loss of goods, facilities, or personnel and restrict activities and movements of workers, suppliers, and customers. But by addressing the known risks and effects of a pandemic, the enterprise can be better prepared for a range of unknown events with similar effects, including hurricanes, earthquakes, war, or bioterrorism.
Thus it is generally preferable to anticipate a risk—a specific event or development—and prepare for it rather than ignore it or simply hope for the best. Granted, anticipation and preparation are not always possible. When an event or development simply cannot be anticipated, an enterprise will be best served by improving its general resilience. In other words, the crisis that you prepare for may not be the one you experience, but that preparation will improve your resilience, come what may.
Voice of Experience
“The hardest thing to deal with is the board of a company that’s doing really well. They tend to take an incremental view as opposed to looking at the environment and what’s changing around them. Everything is good. The sun is shining.
“You might ask a board, ‘So, how ready are you for the next downturn? Do you do simulations of what a downturn might look like, how fast it could happen, or how long it would last?’ It seems like a waste of time and money and resources, and instead they’re devoting their energy to increasing shareholder value and top line revenue.
“I think it goes back to whether this is simply a function of human nature that we’ll never be able to change other than on an occasion, and it obviously depends on the leadership and the directors at the time.”
—Suzanne Hopgood, Director
Agility requires awareness, speed, and flexibility, qualities rarely associated with large enterprises. Preparation can help an organization become more agile, but several structural and operational factors should also be considered. For instance, the level of centralization regarding management control and the degree to which responsibility, accountability, and authority are delegated down the line will affect agility. The more decentralized the approach, and the more middle managers and employees are able to make decisions and take action, the more nimble the organization will become.
It’s also essential that the organization maintain a constant state of vigilance. Essentially, vigilance and its corollary, situational awareness, is the characteristic of being aware of the environment and changes in it, and of what the organization can do to respond effectively. It’s harder than it sounds, and many enterprises fail to choose promontories from which to scan the horizon, fail to develop devices with which to detect changes, and fail to employ early-warning systems regarding threats and opportunities. (We discuss these matters in Chapter 5, “Maintain Constant Vigilance.”)
Developing agility can itself expose an enterprise to risks, unless the right processes have also been developed. For example, delegating additional authority—even to middle management, let alone to sales reps and customer service reps—can present risks. So can allowing “skunk works” and other remote teams to perform research and develop business opportunities outside the bureaucracy. These are essential activities but must be properly managed. The Risk Intelligent Enterprise takes steps to inculcate knowledge of risk and risk management into people at all levels. It also establishes rigorous monitoring and reporting systems in order to control and flag risks when authority is delegated.
On that note, the enterprise must be resilient and agile in relation to both financial and nonfinancial events and developments. Our earlier point about executives’ and board members’ lack of focus on nonfinancial reporting measures has deep relevance here. In most organizations, transactions and accounts are monitored and reported that such financial effects are usually readily apparent.
Not so for nonfinancial effects, which include developments regarding organizational reputation, brand equity, stakeholder relations, legal and regulatory matters, and environment, health, and safety concerns. These are less quantifiable and measurable, not monitored or reported on as formally or rigorously (if at all) and thus far less apparent. However, nonfinancial effects can generate financial effects with rapid and severe consequences. So, resilience and agility demands an awareness of potential nonfinancial as well as financial developments and their potential impact.
The less prudence with which others conduct their affairs, the greater prudence with which we must conduct our own affairs.
—Warren Buffett35
To Adapt or Not to Adapt? That Is the Question
Like species, enterprises are subject to a process of natural selection that favors the resilient and the agile. Charles Darwin is often credited with saying, “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” This remains true of enterprises despite occasional government interventions to prop up the slow-to-adapt. Actually, the interventions are intended to preserve jobs and stabilize the economy rather than to prop up the enterprises. Whether such interventions help or hurt the enterprise and the economy can be understood only over time.
Extending Darwin’s thinking into the field of cybernetics, Ashby’s Law of Requisite Variety36 essentially states that it takes variety to deal with variety and complexity in the environment. The greater the variety and complexity and thus the uncertainty in the environment, the greater the variety required to survive and thrive in that environment.
Stated another way, the more finely adapted to a specific environment a species becomes, the more likely it is to be successful as long as its environment does not change. Conversely, such a species is more likely to fail if its environment changes suddenly. (Requisite variety is discussed further in Chapter 7, “Manage the Key Connections,” as a means of dealing with complexity.) As a practical matter, the organism or organization is either fit to survive in the new environment or not. If it is not, it becomes extinct.
Unlike other species, individuals and the enterprises they create can choose how they adapt and evolve. Even so, individuals and enterprises often make choices that jeopardize their very existence. That may be their right, provided the laws permit it. However, in such cases the more interesting issue is whether those choices are conscious.
If the decision not to adapt is conscious, so be it. If it is not conscious and the individual or enterprise would prefer to adapt and survive, what can be done to improve the understanding of the situation, and thus improve the decisions and the chances of survival? An enterprise should be able to develop a sufficient variety of strategies to cope with a variety of changed environments. If companies are to improve their resilience and agility, then their ability to adapt to change must also improve.
The Darwin awards—“A Chronicle of Enterprising Demises: Honoring those who improve the species ... by accidentally removing themselves from it!”37—document stories of individuals who made astonishingly bad choices and got themselves killed. No corporate version has yet been developed; however, if one ever is, there are many candidates awaiting their posthumous moment of glory.
Voice of Experience
“The real key in our view in many of our product lines is to think big, start small, and then scale fast. Crank it up, take a good look at it, and then if it looks right ‘blow and go.’ If, on the other hand, it doesn’t appear as though it’s likely going to be a winner, kill it quick and move on to the next opportunity.”38
—Jim Porter, Retired Chief Engineer and Vice President, Engineering and Operations, DuPont big,
Risk Comes with the Territory
Enterprises regularly place themselves in the running for a Darwin Award by ignoring risks that could have been foreseen or by failing to manage risks they have foreseen. Equally frequent is failure to thrive due to extreme risk aversion, missed opportunities, and blindness to the risks inherent in specific initiatives. Those failures rest largely with senior management and the board of directors. It is up to senior management to protect existing value and to create new value within the enterprise; it is up to the board to govern and guide management in those activities. These amount to sacred duties (in business terms) and they are duties that too many boards and management teams have failed to carry out in recent years.
We maintain that one of the first tasks necessary in fulfilling these duties is for executives and directors to become aware of the need to exercise judgment in areas where they may have been operating on tradition, habit, or autopilot. In this context, the exercise of judgment will typically occur in areas fraught with uncertainty regarding threats and opportunities, often under turbulent conditions or circumstances.
