Risk management as a board responsibility Early warning systems

Risk management as a board responsibility covers many facets. Patrick Caragata* says directors must ensure that appropriate early warning systems are in place to prevent either a physical, environmental or financial disaster.

The recent crash of Egypt Air 900 off the east coast of the United States led to much speculation about the cause of the disaster. It also produced a spate of articles in newspapers on why such disasters continue to happen. For example, an article in the Washington Post concluded that: "if we are honest, we know that most disasters have early warning signals that responsible people fail to detect."

This is an important insight. My extensive research has examined hundreds of the great industrial and commercial disasters of the 20th century, including:

* Hindenburg Zeppelin explosion (US, 1937)

* PanAm & KLM air collision (Tenerife, Canary Is, 1977)

* MGM Grand Hotel fire (Las Vegas, Nevada, 1980)

* Union Carbide pesticide disaster (Bhopal, India 1984)

* Boeing 747 crash (Gumma, Japan, 1985)

* Chernobyl nuclear disaster (Ukraine, 1986)

* Challenger Space Shuttle explosion (1986)

* Hanford nuclear dump (Washington, 1944-88)

* Exxon Valdez oil spill, (Alaska, 1989)

 

These man-made calamities were selected on the basis of three key criteria: cost, the number of deaths and injuries, and a combination of symbolism and lasting effects.

Ignoring early warning signs is a key, consistent causal factor across all the major industrial and commercial disasters in the 20th century - but it is not the only factor. The science of examining early warning signs for business survival and growth is just really beginning.

There are late warning signs and early warning signs, good warning signs and false warning signs. Many can be tracked electronically through electronic risk profiling. The key is to train people to be better observers, provide them with appropriate electronic diagnostic tools for providing the board and senior management with better quality information, and to train management and the board to be more open to data and information that challenge existing paradigms (approaches to problem-solving) and dominant values and perceptions.

So what are the common "footsteps to disaster"? There are both structural and behavioural deficiencies in most companies and governments. The four principal structural deficiencies are:

(1) ineffective electronic monitoring and poor quality information (a recent study of New Zealand's electricity system revealed that despite the presence of sophisticated computer equipment there is too much poor quality information, resulting in unnecessary higher costs);

(2) inadequate back-up or fail-safe systems (a series of these problems helped to lead to the Exxon-Valdez oil spill and Chernobyl);

(3) inadequate funding for an early warning system (a common problem across most companies and governments); and

(4) weak risk standards (also a common problem across most companies, as assessed in the September 1999 Turnbull Report on "Internal Control: Guidance for Directors on the Combined Code." for the Institute of Chartered Accountants in England and Wales).

 

These four factors together imply that there is a weak decision-centre - senior management and the board. There are also four principal behavioural deficiencies that lead to corporate disasters:

(1) ignoring risk thresholds (a key factor in the "O" ring problem that led to the Challenger disaster);

(2) ignoring early warning signs (the drinking habits of the pilot of the Exxon-Valdez);

(3) inadequate advance screening (a principal cause of the Japan Airlines crash at Gumma in 1985 that killed 527 people; it is also an on-going problem in hiring new employees or vetting existing employees); and

(4) the absence of clear signals (a principal cause of the greatest air disaster of the century in Tenerife).

 

These four deficiencies imply poor observation and strategic planning skills. The shock waves of the Turnbull Report will reverberate around the world. It recommends that, beginning in 2001, boards must, on a regular basis,

* assess how the risks have been "identified, evaluated and managed"

* "maintain a sound system of internal control to safeguard shareholders' investment and the company's assets"

* report on the state of effectiveness of their internal control systems, including any weaknesses.

* ensure that the risk management reports are factual and do not exaggerate.

* ensure that the full board should form its own view of the risks, despite delegating work to the audit committee of the board.

 

The objective is to ensure that companies develop "more meaningful, high-level information," while avoiding unnecessary, voluminous disclosure and related transaction costs. It is also anticipated that the courts will take these guidelines seriously in determining liability at the board and senior management levels in the event of litigation. It should be clear from these issues that the development and protection of the quality of information, which is an emerging priority for all companies, requires vigilance and diligence.

The London Stock Exchange has called for immediate implementation by members of the report's recommendations. Turnbull, CFO at the Rank Group in the UK, stated: "We have focussed on producing practical guidance that will ensure that the board is aware of significant risks faced by their company and the procedures in pace to mange them. Executive management is responsible for managing risks through maintaining an effective system of internal control, and the board as a whole is responsible for reporting on it." The Institute of Chartered Accountants has told companies: "do not delay in implementing Turnbull."

Similar warning signs have become very common lately. For example, in June 1999, the Toronto Stock Exchange berated many companies for not acting on the good governance guidelines it developed in the mid-1990s requiring that:

(1) the CEO position to be separate from the chairmanship of the board;

(2) the board should meet separately without the presence of management; and

(3) inside directors should not sit on the audit committee of the board.

A related concern about the quality of information was raised by the Ontario Securities Commission because Canadian accounting rules are generally more lax than American accounting rules, and too many Canadian companies (such as Bre-X, YMB Magnex, Livent and Philips Services) have either been allegedly engaging in illegal activity or have been stretching the rules through aggressive accounting practices to overstate current income by bringing forward revenue, or to understate current revenue by overstating one-time charges in order to improve future earnings prospects.

In 1998, both the OSC and Arthur Levitt, chairman of the US Securities and Exchange Commission warned auditors, notably the Big Five accounting firms, about their growing potential conflict of interest in providing both financial statement advice and management consulting advice.

The risk is that the auditors will promote weaker standards in order to curry favour with companies to which they sell management services. Management services is the fastest growing source of income for the Big Five.

In February 1999, an SEC committee recommended that members of the audit committee of every board be financially literate, completely independent of the company, report directly to shareholders and discuss the auditors report with the auditors before it is published.

For most companies, developing or improving a system of internal controls is the closest they will come to creating a business early warning system. And that is not enough. Early warning systems are the next stage in the evolution of competent corporate governance because they take a scientific approach to presenting directors and senior management with timely, if not instant, business intelligence about internal and external threats.

As a company begins developing an early warning system its approach should be both qualitative and quantitative, rigorously scientific in order to establish the right tests for the results produced, and sector-specific (depending on the range of its investments). It should set achievement-thresholds, milestones and warning points, and develop a back-up system or alternative approach that cross-checks the results. The Turnbull Report is a welcome leap in that direction.

What are the major factors that provide the fertile ground for encouraging the development of these eight structural and behavioural footsteps to disaster?

Generically, all of these problems arise from at least five key sources:

* Information is not treated as a capital good, like financial capital and human capital. Another way of putting it is that information is treated as a free good and hence not respected. Electronic monitoring permits electronic risk profiling which permits information to be refined like gold is refined.

* Management is not fully aware of the fundamental prerequisites of anticipating and preventing business disasters.

* Management does not fully understand what "total quality management" means and how it should be implemented.

* Many people do not have good observation skills and good communication skills. These skills lack focus, incisiveness, clarity and simplicity. Court cases prove over and over again that people see things in different ways and report them in different ways. This requires better training.

 

So what should companies do to preserve and enhance asset value in the future? How can they learn the lessons of past disasters and prepare better for future crises?

They need to set up mechanisms that deliver transparency, accountability and performance measurement. Mistakes should not be condemned. Staff must be encouraged to report them as soon as they happen. The climate of fear created by management if mistakes are made must be replaced by a climate of proactive problem-solving. When mistakes are buried, they compound other mistakes and weaken the immunity of companies to survive future shocks.

The consequences if a proactive approach to crisis management is not implemented include: failure to maximise shareholder value; erosion or destruction of the brand name; the replacement of senior management; an increase in officers and directors liability; and a shortened life-span for the company. Bill Gates revealed in 1998 that he expects a major crisis to hit Microsoft every three years. All companies should think along the same lines.

* Dr Patrick Caragata is the author of Business Early Warning Systems: Corporate Governance for the New Millennium, published by Butterworths New Zealand. He is also managing director, Financial Diagnostics at McCallum Petterson in Wellington (dpc@mccallumpetterson.com) which has automated the corporate credit rating process and advises on corporate turnarounds. He is the author or editor of six other books and numerous articles

Disclaimer

The purpose of this database is to provide a full-text record of all articles that have appeared in the CDJ since February 1997. It is aimed to assist in the research and reference process. The database has a full-text index and will enable articles to be easily retrieved.It should be noted that information contained in this database is in pre-publication format only - IT IS NOT THE FINAL PRINTED VERSION OF THE CDJ - therefore there might be slight discrepancies between the contents of this database and the printed CDJ.