Buried in the middle layers of many organizations resides a strata of highly skilled experts, from HR managers to risk evaluators, whose collective wisdom and experience could prove invaluable in informing strategic decisions at the highest levels.
“They're all competing for visibility at the top management level.”
If only they could be heard. Often these individuals remain buried in hierarchy, impacting only their isolated areas of influence.
In the working paper Organizational Toolmaking: Transformations in the Influence of Experts, Harvard Business School professor Anette Mikes and Matthew Hall and Yuval Millo from the London School of Economics look at how these employees can use their own skills to become so-called frame-makers, part of their organizations' strategic decision-making teams.
While their research focused on risk management professionals at two large British banks, "it's a bigger story," Mikes says over tea recently in her immaculate office.
"We believe it's not just risk managers who fight these issues but also human resources managers, accountants, finance professionals, internal auditors, marketing, you name them, they're all competing for visibility at the top management level."
Mikes began her research in 2005 in England, where she earned her PhD from the London School of Economics. (Hall and Millo are both employed there.) Within five years, she had interviewed 60 risk management officers, senior risk officers, managers, and executives in the two banks. For privacy's sake, they were referred to as Anglo Bank, which tackled almost 40 deals in the $1 billion range between 2004 and 2006, making it a force in corporate finance, and Saxon Bank, which was a risk-averse, moderate-growth bank with over 70,000 employees. Both banks focused on corporate and consumer lending.
The researchers chose to study risk-management experts because their role has risen in importance with demands for improved corporate governance and the need for better forecasting and modeling. After the financial crisis of 2008-2009, the call for better risk management escalated. A Deloitte survey in 2010 of 131 financial institutions worldwide found that 79 percent had enterprise risk management programs in place or in progress, an increase of 20 percent from just two years earlier. And 86 percent had a chief risk officer who reported to the board or to the CEO or both, up from 73 percent in 2008.
Mikes and her colleagues first examined the banks' "risk management tool-makers." Often viewed as risk "compliance champions," these functional experts don't influence decisions directly. At first sight, they spend their days behind the scenes developing tools: practices, routines, and technologies. Some of these tools have the potential to become part of the bank's decision-making processes, others do not. Then the team looked at ways that the tool-makers could expand their influence. They used the Anglo and Saxon Banks to show the different routes that experts followed in each organization to gain influence.
Success At Saxon
The paper highlights the rise of a feisty, ambitious chief risk director at Saxon, analyzing the steps she took to gain influence after she joined the bank in 2003. Evolving from "box-ticker" to tool-maker and finally to frame-maker took her almost a decade of strategizing, networking, and developing tools.
Here's how the chief risk director did it: First, she asked for more power. She demanded—and received—an unprecedented degree of formal authority, becoming a member of the bank's Group Executive Committee, where strategic decisions were discussed and made.
Then she moved to expand her risk management process throughout the bank. She handed out 10,000 booklets that presented the department's view and expertise in areas including market risk, credit risk, and operational risk. All the materials used standard language to describe risk, encouraging a unified organizational view.
“The risk management function was getting incorporated into more and more firm-wide debates that were really important for management.”
The chief risk director also implemented new practices including scenario planning and a forward-looking Early Warning System that conveyed the bank's "risk view." Management started using these tools to frame important debates, such as the evaluation of divisional heads' performance at quarterly business reviews. The system also helped the bank plan through the uncertainty of the credit crisis.
"In Saxon Bank we realized that the risk management function was getting involved in more and more firm-wide debates that were really important for management," Mikes says. "At the same time, risk managers guarded carefully their leadership and initiative to develop these tools further; so that these techniques could not be used without them."
Anglo's Approach
Anglo Bank's approach stood in stark contrast. Its risk management department included two groups of risk experts: a new guard and an old guard, with conflicting worldviews.
The new guard—the box-tickers—fulfilled a purpose and were respected for their compliance skills. But this group lacked influence with top management. With its own logic and terminology, management viewed the new guard's methods as incompatible with the way the bank was run and difficult to attach to the bank's existing business processes, Mikes says.
Anglo's old guard, or "ad hoc advisors," were functional experts valued for their experience, analysis and intuition. They had the trust of top management and the business people. But because their expertise was based on individual experience and tacit knowledge that they could not translate into tools, their influence didn't extend beyond their own remit into firm-wide budgeting or strategizing for other business areas.
So this risk function was incapable of promoting risk managers toward the organizational role of frame-maker.
Mikes says the expansion of Saxon's risk management influence surprised her—she had expected Anglo's risk managers to emerge as "the heroes of risk management."
"I saw these larger-than-life personalities making deal-making and deal-breaking decisions—billion-dollar megadeals," she says. "There's a lot of power involved in that. At Saxon Bank I initially thought risk management was more low key. In fact, when we looked at it more closely, the risk management team was busy developing tools … diligently toiling away and gaining enterprise-wide influence at multiple levels."
Next Steps
Mikes, who, with HBS professor Robert S. Kaplan, launched the Executive Education program Risk Management for Corporate Leaders in 2010, says she's still following up with both banks and plans to turn the research into teaching case studies.
She's also looking at how risk management works in industries such as electrical and nuclear power, at space agencies, and at companies that run huge, complicated high-risk operations.
In discussing the March earthquake/tsunami disaster in Japan (a "Black Swan" event, as risk managers call any surprise event that has a major impact and is rationalized by hindsight), Mikes sees a crucial future role for risk managers who do complex scenario planning that can be applied to both corporate strategy and disaster planning.
"I would advocate that risk managers should, and in some cases do, take responsibility for those kinds of questions," she says. "It's just very, very hard … [to know] what to do about the types of risks that you cannot control. But you can still have an answer in terms of trying to build organizational resilience."
- Anonymous
The active management of operational and strategic risks is a necessity for any enterprise to become and remain successful. Risk management at the operational level is an absolute essential to stay in the business you are currently in. Risk management at the strategic level is the key to creating shareholder value on an ongoing basis as business environments evolve. It is no surprise the Chief Risk Officer role in many organizations is closely aligned with the corporate strategy role.- Seena Sharp
- Principal and Author, Sharp Market Intelligence
The title alone provides an important perspective that's frequently missing in metric-centered organizations.The difference between bean counters and game changers is similar (in my profession) to the difference between those who gather (lots of) data and those who provide intelligence.
Intelligence incorporates insight & deep understanding to create a strategy that is likely to be successful. Data reflects the past; yes, it's useful, but very limited.
Intelligence can be a game changer but it must be intelligence (current, accurate, objective, relevant, and sufficient.) It's not knowing everything your competitOR is doing; it's knowing your marketplace and what's changing, which is the best source of opportunity.
- Goke Kupolati
- CEO, Skye Mortgage
It is quite interesting to see the changes that have taken place in risk management evolution. From isolated risk management functions to enterprise or comprehensive identification and risk management process.Most CEOs indeed played into the hands of these highly numerate risk and finance officers by recklessly throwing caution to the wind. Initially the risk officers played a cover up as their CEOs and few top guys mishandled the company's assets. As they learn that responsibility cannot be shared with few of them losing their positions, they became more appreciative of the strategic position they occupied.
The sustainability of the recognition being accorded these guys will surely be dependent on level of value the shareholders can keep deriving from these changed efforts.
- Romie Frederick Littrell
- Associate Professor of International Business, Auckland University of Technology
I find this attempt to raise those who count the results of what managerial leaders do, usually one or two years after it happens, to be discouraging. Such functions provide data, they must not be they must not be allowed to make tactical and strategic decisions. E.g., a bit of history, the ultimate failure of Xerox Data Systems (nee Xerox Computer Systems) was guaranteed when an accountant was appointed president by Xerox Corp.- Kapil Kumar Sopory
- Company Secretary, SMEC(India) private Limited
Whatever model a business adopts, to be successful it has to be aware of the various surrounding risks and, once aware, to take steps to counter the risks via workable solutions. Risk managers, even when not designated as such, are there in all organisations and it is they who provide yeoman's service to ensure all is well. Yes, many of these people do so silently without awareness of the management. An enlightened management must know the acumen of all the staff and use it optimally.Risk managers' advices should be taken seriously and actioned upon.
- Hüseyin Cevdet YILMAZ
- Chief Risk Officer, Kuwait Turkish Participation Bank
It is, risk management, internal auditing, compliance, governance, an evolving subject. What I notice the influence on decision making processes and visibility at senior management of these disciplines is increasing day by day. At the Board of Directors level especially, they are more visible and add value to decision making through various committees such as Audit Committee, Risk Committee, Governance and Compliance Committee.- Matthew Spaniol
- Scenario Planner, Copenhagen Institute for Futures Studies
Getting involved in scenario planning groups can be risky business for a career. It is a process that most everyone can participate in, and provides a venue for rethinking grand strategies. However, if the corporate survivors in top management feel threatened, their instincts may play to reject efforts that are potentially disruptive. One may draw a comparison to a low-level innovator who has to bypass (or give credit to) middle-management in order to find support from upper management.- Nick Chipman
- Partner, PwC
Anette,great to see the thinking progressing in terms of accessing the collective intellectual property of the organisation-in this case on the risk management front.Another thought I had was in relation to not just what these dedicated folks can offer by way of technical insight but also how they go about commnicating and influencing those around them.One of the root causes we have observed is that the "middle ranked" silences arise because of a range of factors such as confidence,perceived "juniority" and straight out lack of business acumen and translation challenges-getting the message in a form that makes sense,is impactful but not alarmist.
Keep up the great work-it seems that the better organisations collect and collaborate with less friction and greater respect for others opinions.How this translates into reliability and value to stakeholders is worth close examination.
- datt
- programmer, radix
Risk management is always risk.Some times these risk can work and some other times it won't.When the risk taken my the management work then people can recognize suppose if it's not work then people used to blame for management failure.If we don't take a risk how can we expect a growth of the organization.- Anonymous
The real risk management shall be at the point of assuming the risk and subsequent activities under the guise of risk management is merely monitoring and highlighting the deviations in the transactions. It is therefore,imperative for the risk manager to proactively the identify the risks and develop the risk mitigation products for the same. In the process of identification of risks, significant amount of time is spent with the senior management (more so with the strategists in an organisation) and gain wholistic expertise. This is the opportunity to the risk manager, to gain acceptance and constructively evaluate with out bias and value to the organisations.It is therefore no wonder their knowledge is superior and become the frame makers. Risk manager is also good at building capability to the team, to ensure that risk mitigation products, developed by him / her are really executed in the desired manner. It is therefore, an opportunity for the organisations, to expose every one in the cadre, to the risk management assignment and develop the leadership skills. It is this cadre of team, who continusouly search the missing opportunities (because they are also risks) apart from the other activities.
Organisations, who have a structure to nurture this risk mangement skill to its employees will definetly be the winners at any point in time.
- Fabian Ringler
- Enterprise Risk Manager, OEBB Infrastruktur AG
Thank you for your insights, Anette!I believe that risk managers do have to take 'personal risks' from time to time to get top management attention. Guerillia Marketing can be a great source of inspiration. A risk manager of one of the biggest American entertainment companies recently spoke about his 'succeed or die' practice that goes in this direction: He created a 'fake risk report' with some critical risks to stress test top management attention and action. Confronted with his fake report the result was that top management did not really pay too much attention and postponed their risk mitigation decisions. By disclosing his fake approach and mirroring the top management their risk culture, he got some angry reactions as a first reflex, but finally succeeded in raising the risk awareness and importance of the risk function on the whole...My key lesson learned from that: Be creativ, take personal risks (calculated risk/reward ratio) to get attention!
- Paul Nicholas
- Director, Soul-Chaplain Consultancy
Nothing is as risky as risk management, and it may be sobering to remember a former very significant tool of risk assessment and management - probably the most venerable and sophisticated academic system of the time.It was highly mathematical, well-established, widely respected with a great body of evidence, numerous highly trained academic practitioners and a core part of the curriculum of every leading university. - it was astrology - in 1600.