Buried in the middle layers of many organizations resides a strata of highly skilled experts, from HR managers to risk evaluators, whose collective wisdom and experience could prove invaluable in informing strategic decisions at the highest levels.
“They're all competing for visibility at the top management level.”
If only they could be heard. Often these individuals remain buried in hierarchy, impacting only their isolated areas of influence.
In the working paper Organizational Toolmaking: Transformations in the Influence of Experts, Harvard Business School professor Anette Mikes and Matthew Hall and Yuval Millo from the London School of Economics look at how these employees can use their own skills to become so-called frame-makers, part of their organizations' strategic decision-making teams.
While their research focused on risk management professionals at two large British banks, "it's a bigger story," Mikes says over tea recently in her immaculate office.
"We believe it's not just risk managers who fight these issues but also human resources managers, accountants, finance professionals, internal auditors, marketing, you name them, they're all competing for visibility at the top management level."
Mikes began her research in 2005 in England, where she earned her PhD from the London School of Economics. (Hall and Millo are both employed there.) Within five years, she had interviewed 60 risk management officers, senior risk officers, managers, and executives in the two banks. For privacy's sake, they were referred to as Anglo Bank, which tackled almost 40 deals in the $1 billion range between 2004 and 2006, making it a force in corporate finance, and Saxon Bank, which was a risk-averse, moderate-growth bank with over 70,000 employees. Both banks focused on corporate and consumer lending.
The researchers chose to study risk-management experts because their role has risen in importance with demands for improved corporate governance and the need for better forecasting and modeling. After the financial crisis of 2008-2009, the call for better risk management escalated. A Deloitte survey in 2010 of 131 financial institutions worldwide found that 79 percent had enterprise risk management programs in place or in progress, an increase of 20 percent from just two years earlier. And 86 percent had a chief risk officer who reported to the board or to the CEO or both, up from 73 percent in 2008.
Mikes and her colleagues first examined the banks' "risk management tool-makers." Often viewed as risk "compliance champions," these functional experts don't influence decisions directly. At first sight, they spend their days behind the scenes developing tools: practices, routines, and technologies. Some of these tools have the potential to become part of the bank's decision-making processes, others do not. Then the team looked at ways that the tool-makers could expand their influence. They used the Anglo and Saxon Banks to show the different routes that experts followed in each organization to gain influence.
Success At Saxon
The paper highlights the rise of a feisty, ambitious chief risk director at Saxon, analyzing the steps she took to gain influence after she joined the bank in 2003. Evolving from "box-ticker" to tool-maker and finally to frame-maker took her almost a decade of strategizing, networking, and developing tools.
Here's how the chief risk director did it: First, she asked for more power. She demanded—and received—an unprecedented degree of formal authority, becoming a member of the bank's Group Executive Committee, where strategic decisions were discussed and made.
Then she moved to expand her risk management process throughout the bank. She handed out 10,000 booklets that presented the department's view and expertise in areas including market risk, credit risk, and operational risk. All the materials used standard language to describe risk, encouraging a unified organizational view.
“The risk management function was getting incorporated into more and more firm-wide debates that were really important for management.”
The chief risk director also implemented new practices including scenario planning and a forward-looking Early Warning System that conveyed the bank's "risk view." Management started using these tools to frame important debates, such as the evaluation of divisional heads' performance at quarterly business reviews. The system also helped the bank plan through the uncertainty of the credit crisis.
"In Saxon Bank we realized that the risk management function was getting involved in more and more firm-wide debates that were really important for management," Mikes says. "At the same time, risk managers guarded carefully their leadership and initiative to develop these tools further; so that these techniques could not be used without them."
Anglo's Approach
Anglo Bank's approach stood in stark contrast. Its risk management department included two groups of risk experts: a new guard and an old guard, with conflicting worldviews.
The new guard—the box-tickers—fulfilled a purpose and were respected for their compliance skills. But this group lacked influence with top management. With its own logic and terminology, management viewed the new guard's methods as incompatible with the way the bank was run and difficult to attach to the bank's existing business processes, Mikes says.
Anglo's old guard, or "ad hoc advisors," were functional experts valued for their experience, analysis and intuition. They had the trust of top management and the business people. But because their expertise was based on individual experience and tacit knowledge that they could not translate into tools, their influence didn't extend beyond their own remit into firm-wide budgeting or strategizing for other business areas.
So this risk function was incapable of promoting risk managers toward the organizational role of frame-maker.
Mikes says the expansion of Saxon's risk management influence surprised her—she had expected Anglo's risk managers to emerge as "the heroes of risk management."
"I saw these larger-than-life personalities making deal-making and deal-breaking decisions—billion-dollar megadeals," she says. "There's a lot of power involved in that. At Saxon Bank I initially thought risk management was more low key. In fact, when we looked at it more closely, the risk management team was busy developing tools … diligently toiling away and gaining enterprise-wide influence at multiple levels."
Next Steps
Mikes, who, with HBS professor Robert S. Kaplan, launched the Executive Education program Risk Management for Corporate Leaders in 2010, says she's still following up with both banks and plans to turn the research into teaching case studies.
She's also looking at how risk management works in industries such as electrical and nuclear power, at space agencies, and at companies that run huge, complicated high-risk operations.
In discussing the March earthquake/tsunami disaster in Japan (a "Black Swan" event, as risk managers call any surprise event that has a major impact and is rationalized by hindsight), Mikes sees a crucial future role for risk managers who do complex scenario planning that can be applied to both corporate strategy and disaster planning.
"I would advocate that risk managers should, and in some cases do, take responsibility for those kinds of questions," she says. "It's just very, very hard … [to know] what to do about the types of risks that you cannot control. But you can still have an answer in terms of trying to build organizational resilience."
The difference between bean counters and game changers is similar (in my profession) to the difference between those who gather (lots of) data and those who provide intelligence.
Intelligence incorporates insight & deep understanding to create a strategy that is likely to be successful. Data reflects the past; yes, it's useful, but very limited.
Intelligence can be a game changer but it must be intelligence (current, accurate, objective, relevant, and sufficient.) It's not knowing everything your competitOR is doing; it's knowing your marketplace and what's changing, which is the best source of opportunity.
Most CEOs indeed played into the hands of these highly numerate risk and finance officers by recklessly throwing caution to the wind. Initially the risk officers played a cover up as their CEOs and few top guys mishandled the company's assets. As they learn that responsibility cannot be shared with few of them losing their positions, they became more appreciative of the strategic position they occupied.
The sustainability of the recognition being accorded these guys will surely be dependent on level of value the shareholders can keep deriving from these changed efforts.
Risk managers' advices should be taken seriously and actioned upon.
Another thought I had was in relation to not just what these dedicated folks can offer by way of technical insight but also how they go about commnicating and influencing those around them.One of the root causes we have observed is that the "middle ranked" silences arise because of a range of factors such as confidence,perceived "juniority" and straight out lack of business acumen and translation challenges-getting the message in a form that makes sense,is impactful but not alarmist.
Keep up the great work-it seems that the better organisations collect and collaborate with less friction and greater respect for others opinions.How this translates into reliability and value to stakeholders is worth close examination.
It is therefore no wonder their knowledge is superior and become the frame makers. Risk manager is also good at building capability to the team, to ensure that risk mitigation products, developed by him / her are really executed in the desired manner. It is therefore, an opportunity for the organisations, to expose every one in the cadre, to the risk management assignment and develop the leadership skills. It is this cadre of team, who continusouly search the missing opportunities (because they are also risks) apart from the other activities.
Organisations, who have a structure to nurture this risk mangement skill to its employees will definetly be the winners at any point in time.
I believe that risk managers do have to take 'personal risks' from time to time to get top management attention. Guerillia Marketing can be a great source of inspiration. A risk manager of one of the biggest American entertainment companies recently spoke about his 'succeed or die' practice that goes in this direction: He created a 'fake risk report' with some critical risks to stress test top management attention and action. Confronted with his fake report the result was that top management did not really pay too much attention and postponed their risk mitigation decisions. By disclosing his fake approach and mirroring the top management their risk culture, he got some angry reactions as a first reflex, but finally succeeded in raising the risk awareness and importance of the risk function on the whole...My key lesson learned from that: Be creativ, take personal risks (calculated risk/reward ratio) to get attention!
It was highly mathematical, well-established, widely respected with a great body of evidence, numerous highly trained academic practitioners and a core part of the curriculum of every leading university. - it was astrology - in 1600.