Moving From Bean Counter to Game Changer
New research by HBS professor Anette Mikes and colleagues looks into how accountants, finance professionals, internal auditors, and risk managers gain influence in their organizations to become strategic decision makers. Key concepts include:
- Many organizations have functional experts who have deep knowledge but lack influence.
- They can influence high-level strategic thinking in their organizations by going through a process that transforms them from "box-checkers" to "frame-makers."
- Frame-makers understand how important it is to attach the tools they create to C-level business goals, such as linking them to the quarterly business review.
- Frame-makers stay relevant by becoming personally involved in the analysis and interpretation of the tools they create.
Buried in the middle layers of many organizations resides a strata of highly skilled experts, from HR managers to risk evaluators, whose collective wisdom and experience could prove invaluable in informing strategic decisions at the highest levels.
"They're all competing for visibility at the top management level."
If only they could be heard. Often these individuals remain buried in hierarchy, impacting only their isolated areas of influence.
In the working paper Organizational Toolmaking: Transformations in the Influence of Experts, Harvard Business School professor Anette Mikes and Matthew Hall and Yuval Millo from the London School of Economics look at how these employees can use their own skills to become so-called frame-makers, part of their organizations' strategic decision-making teams.
While their research focused on risk management professionals at two large British banks, "it's a bigger story," Mikes says over tea recently in her immaculate office.
"We believe it's not just risk managers who fight these issues but also human resources managers, accountants, finance professionals, internal auditors, marketing, you name them, they're all competing for visibility at the top management level."
Mikes began her research in 2005 in England, where she earned her PhD from the London School of Economics. (Hall and Millo are both employed there.) Within five years, she had interviewed 60 risk management officers, senior risk officers, managers, and executives in the two banks. For privacy's sake, they were referred to as Anglo Bank, which tackled almost 40 deals in the $1 billion range between 2004 and 2006, making it a force in corporate finance, and Saxon Bank, which was a risk-averse, moderate-growth bank with over 70,000 employees. Both banks focused on corporate and consumer lending.
The researchers chose to study risk-management experts because their role has risen in importance with demands for improved corporate governance and the need for better forecasting and modeling. After the financial crisis of 2008-2009, the call for better risk management escalated. A Deloitte survey in 2010 of 131 financial institutions worldwide found that 79 percent had enterprise risk management programs in place or in progress, an increase of 20 percent from just two years earlier. And 86 percent had a chief risk officer who reported to the board or to the CEO or both, up from 73 percent in 2008.
Mikes and her colleagues first examined the banks' "risk management tool-makers." Often viewed as risk "compliance champions," these functional experts don't influence decisions directly. At first sight, they spend their days behind the scenes developing tools: practices, routines, and technologies. Some of these tools have the potential to become part of the bank's decision-making processes, others do not. Then the team looked at ways that the tool-makers could expand their influence. They used the Anglo and Saxon Banks to show the different routes that experts followed in each organization to gain influence.
Success at Saxon
The paper highlights the rise of a feisty, ambitious chief risk director at Saxon, analyzing the steps she took to gain influence after she joined the bank in 2003. Evolving from "box-ticker" to tool-maker and finally to frame-maker took her almost a decade of strategizing, networking, and developing tools.
Here's how the chief risk director did it: First, she asked for more power. She demanded—and received—an unprecedented degree of formal authority, becoming a member of the bank's Group Executive Committee, where strategic decisions were discussed and made.
Then she moved to expand her risk management process throughout the bank. She handed out 10,000 booklets that presented the department's view and expertise in areas including market risk, credit risk, and operational risk. All the materials used standard language to describe risk, encouraging a unified organizational view.
"The risk management function was getting incorporated into more and more firm-wide debates that were really important for management."
The chief risk director also implemented new practices including scenario planning and a forward-looking Early Warning System that conveyed the bank's "risk view." Management started using these tools to frame important debates, such as the evaluation of divisional heads' performance at quarterly business reviews. The system also helped the bank plan through the uncertainty of the credit crisis.
"In Saxon Bank we realized that the risk management function was getting involved in more and more firm-wide debates that were really important for management," Mikes says. "At the same time, risk managers guarded carefully their leadership and initiative to develop these tools further; so that these techniques could not be used without them."
Anglo Bank's approach stood in stark contrast. Its risk management department included two groups of risk experts: a new guard and an old guard, with conflicting worldviews.
The new guard—the box-tickers—fulfilled a purpose and were respected for their compliance skills. But this group lacked influence with top management. With its own logic and terminology, management viewed the new guard's methods as incompatible with the way the bank was run and difficult to attach to the bank's existing business processes, Mikes says.
Anglo's old guard, or "ad hoc advisors," were functional experts valued for their experience, analysis and intuition. They had the trust of top management and the business people. But because their expertise was based on individual experience and tacit knowledge that they could not translate into tools, their influence didn't extend beyond their own remit into firm-wide budgeting or strategizing for other business areas.
So this risk function was incapable of promoting risk managers toward the organizational role of frame-maker.
Mikes says the expansion of Saxon's risk management influence surprised her—she had expected Anglo's risk managers to emerge as "the heroes of risk management."
"I saw these larger-than-life personalities making deal-making and deal-breaking decisions—billion-dollar megadeals," she says. "There's a lot of power involved in that. At Saxon Bank I initially thought risk management was more low key. In fact, when we looked at it more closely, the risk management team was busy developing tools … diligently toiling away and gaining enterprise-wide influence at multiple levels."
Mikes, who, with HBS professor Robert S. Kaplan, launched the Executive Education program Risk Management for Corporate Leaders in 2010, says she's still following up with both banks and plans to turn the research into teaching case studies.
She's also looking at how risk management works in industries such as electrical and nuclear power, at space agencies, and at companies that run huge, complicated high-risk operations.
In discussing the March earthquake/tsunami disaster in Japan (a "Black Swan" event, as risk managers call any surprise event that has a major impact and is rationalized by hindsight), Mikes sees a crucial future role for risk managers who do complex scenario planning that can be applied to both corporate strategy and disaster planning.
"I would advocate that risk managers should, and in some cases do, take responsibility for those kinds of questions," she says. "It's just very, very hard … [to know] what to do about the types of risks that you cannot control. But you can still have an answer in terms of trying to build organizational resilience."