In the wake of repeated floundering of governance and risk management, navigating these waters has become a priority, writes Michael Mainelli
Governance is a structure specifying the policies, principles, and procedures for making decisions about organisational direction. We have repeated calls for 'more and better' governance and risk management. But aside from layering on more bureaucracy and procedures, what might lie ahead?
Most statements of good governance are platitudinous drivel. Numerous studies have failed to prove that input-defined good governance provides better returns, safer organisations, or more sustainable ones. This is not to denigrate excellent intentions and much hard, boring, work. Rather, the point is that our understanding of governance and risk is at an early stage and much development lies ahead.
A popular metaphor for governance is steering a ship. Once the destination has been set, governance is the structure that delivers the ship safely to its destination.
In 1948, Norbert Wiener initiated the "scientific study of control and communication in the animal and the machine". He coined cybernetics from the Greek kyvernó_, meaning to steer or navigate. Cyberneticists connected electrical and mechanical engineering, logic modelling, evolutionary biology, neuroscience, anthropology, and psychology, then moved on to game theory, system theory, sociology, psychology, and organisational theory.
Today's cyberneticists incorporate cognition, adaptation, social control, emergence, and complexity. In turn, the field of risk management has drawn upon cybernetics to connect organisational governance with analytical implementation in organisations.
Risk management is where optimists, pessimists, and probabilities clash. At what point does governing safe delivery of the ship stop? When should risk management turn from analysing 'failing to meet profit targets' towards 'improving profits'? Significantly different viewpoints create opportunities for conflict (see table 1 below).
Risk generates many philosophical discussions. Two debates are worth noting when trying to ascertain future directions, risk versus uncertainty, and 'frequentist' versus 'Bayesian'. Frank Knight (1885-1972) was a University of Chicago economist who distinguished uncertainty from risk.
Uncertainties are things we know might happen but we are otherwise unable to evaluate. Risks are events we know might happen and we also have sufficient data to make a decent guess at their likelihood and impact. For example, we are very ignorant of the possibility of an asteroid taking out our data centre, yet have great data about power outages that have brought the data centre down in the past. It might seem that the asteroid is a Knightian uncertainty while the power outages are risks. Yet we have evaluated one as data-poor and the other data-rich without genuinely knowing predictive capacity. Perhaps a quick guess at major asteroid impacts on earth is predictive, while our historic record of power outages is useless because high fuel prices are leading to fuel theft.
The prevailing view in risk and statistics is the frequentist. A frequentist infers conclusions from historic data. But a Bayesian evaluates probability as the combination of possible consequences and associated uncertainties, often combining subjective inputs with historic data. The Bayesian view is increasingly popular as risk managers discover the limitations of historic data. Once people are aware of a risk, it is difficult for them not to assign subjective Bayesian probabilities.
Once you're aware that management have a concern about a highly uncertain event, asteroids again perhaps, both you and they start assigning probabilities, perhaps of dubious quality, and it is no longer a Knightian uncertainty, just a poorly analysed risk. Pure uncertainty is impossible. If there is pure uncertainty, then it is ignorance, 'unknown unknowns'. An old children's trick comes to mind - "don't think about elephants".
Peering ahead
Future governance and risk management will evaluate data, people, processes, and results differently. Here are some of them:
STATISTICAL LEARNING THEORY focuses on the future predictive capacity of our past experience. This field has made great strides, such as support vector machines, statistical software that provides a reliable architecture for dynamic anomaly and pattern-response systems.
Numerous firms collect data that identify patterns and trends, then reinforce successful patterns by replicating them in software. Combined with advanced visualisation tools, systems flag anomalies or exceptions upwards to humans in the governance structure. In many ways, this is a frightening future. Machines make the decisions. In other ways, this is a more secure future. Risk management moves from being full of 'stop' signs to more 'go' signs.
COMPARING INDUSTRIES shows different risk management approaches, from the short term and high speed of finance to the long and slow of shipping. One good contrast is the way industries balance regulation and uncontrolled behaviour. Voluntary standards markets self-regulate using certification agencies and accreditation within the ISO standards framework. Food safety uses more than 800 ISO standards, shipping industries nearly 300 but financial services only 51.
There is a lot of cross-industry learning to be gained from comparisons.
QUALITY is the obverse of risk. In my book written with Ian Harris, The Price of Fish: A New Approach to Wicked Economics and Better Decisions, three generic strategic gambits were explored - reduce risk, enhance reward, increase certainty. Certainty equates to lower volatility. Leading industrial organisations measure variance in costs and quality tightly. High-risk processes correlate with high-cost variances and also correlate with low-quality outputs. The popular 'Six Sigma' movement strives for continuous improvement by seeking less than 3.4 defects per million operations. One should expect risk managers in more industries, for example finance, to use cost variances for risk management.
GOOD GOVERNANCE INDICES are providing more and more empirical data from which future researchers should be able to assess objectively what does and does not work. The 'instrumental factor' approach used in other areas to test hypotheses will become increasingly more common.
ENVIRONMENTAL CONSISTENCY is an approach that encourages organisations to use predictive tools extraneous to the financial system to validate confidence in the environment. For example, one commodities trader uses operational statistics without financial numbers to predict daily losses. Most large organisations could use such approaches, for example estimating daily profit from operational retail activity.
CONFIDENCE ACCOUNTING is an initiative encouraging companies to use ranges, rather than discrete numbers, for major accounting entries. In a world of confidence accounting, the profit and loss, balance sheet, and cash-flow statements would be shown with ranges.
Ranges provide a fairer representation of financial results, mitigate mark-to-market effects, reduce the number of footnotes, and aid measuring audit quality over time. There are numerous ways of representing ranges, such as errors bars, candlestick diagrams, or fan charts. One of the simplest ways is to state the bottom value, the expected value, and the top value, with a judgment on the likelihood that the value is in that range (for example, 'Bottom Expected Top' (BET) range).
As a simple example, a value for freehold land assets might be expressed as, B: £5 million, E: £6 million, T: £8 million, with a 98% confidence the value is in that range. Such an approach, used more widely, would unite risk, finance, and business over the numbers.
BEHAVIOURAL ANALYSIS of human factors - tribalism, herding, fear, greed, trust, turf, ownership, anchoring - which influence organisational protocols and business decisions is advancing rapidly. One financial services firm found that the ability to spot financial bubbles correlates mildly with some personality tests. In an era where predictive analytics and gamification correlate consumer behaviour and decisions with personal characteristics, expect to see the same technology assess corporate behaviour and decisions.
Researchers are exploring ways of using corporate currencies, mentoring, social networks, community investment, and sponsorship initiatives to develop stronger feelings of 'skin in the game'.
LONG-TERM THINKING emphasises sustainability. Thinly-priced, 25-year mortgages financed in overnight markets probably exemplified pursuit of short-term profit at the expense of a sustainable long-term franchise.
In finance many products - pensions, life insurance, mortgages, and wealth management - are long term. Many clients never change their bank in their lifetime. In other industries there are similar moves to link the long-term with the day-to-day measures. Sustainability, both survival and environmental, becomes core to an organisation looking at longer time horizons.
Another nautical comparison came from the UK Parliamentary Commission on Banking Standards report of 2013 about the HBOS collapse: "We are shocked and surprised that, even after the ship has run aground, so many of those who were on the bridge still seem so keen to congratulate themselves on their collective navigational skills." We still have a lot to learn about steering governance and risk management.
