Viewpoint: CEOs Can Reduce Risk With a 'Culture of Resilience'

June 27, 2012
Corporate adviser Andrew Goldberg explores the CEO role in managing risk in part two of this series.

Continued from Part 1: Leaders and Risk: A Critical Priority for the CEO

Risk-management strategies only work when the following factors come into play:

  • The CEO must effectively operate as the chief risk leader.
  • The CEO must be actively engaged on the front line and have a very good feel for front line operations and conditions in the company.
  • The right people within the firm-the best risk leaders-must be engaged.
  • The CEO bakes into his regular business planning-that the people and operations be assessed as often as he would review sales reports, marketing plans and profit projections

When we blend these factors together, we call this a culture of resilience.

An interesting example of where this culture of risk worked, and then disintegrated is JP Morgan. If news reports are to be counted on JP Morgan fit this framework very well-for a time.

During the financial crisis of 2008-10, their CEO hit each of these criteria. But as markets and profitability improved, CEO vigilance and engagement declined. Assessment of trading risks devolved into trading unit itself, which could not resolve its ongoing tensions over taking ever greater risks, but was unwilling to bring the dissenting views to the CEO.

Many CEOs, regardless of industry, will recognize this downward spiral. You start off well in your risk procedures and end badly. After all CEOs are busy, they have to delegate. And the problem with delegation is that somehow, somewhere something goes wrong. As CEO, it is simply not possible to be vigilant all the time.

Or is it possible? You cannot be personally vigilant. But you can be a culture which is more vigilant. You can shape a culture in which you, as CEO, can be more effectively engaged. You can develop the necessary team that can reach out to you with alerts when plans, systems, or external forces are going off-track and who can respond effectively when the Black Swan flies.

Three Keys to Risk Preparedness

1. Know your experts personally and meet with them regularly

One of the frequent outcomes of risks that go wrong are executive changes. This is often, in our experience, a result of the CEO not having the right players involved in the first place. This is frequently the outcome of the CEO only knowing intimately a few people around who may neither have the right risk expertise or may not be the right people to judge who has.

The purpose of pulling together risk-preparedness teams is therefore not just to generate plans -- it is to get a sense of the mindsets and capabilities of the individuals involved. This is frequently the outcome of the CEO only knowing intimately a few people around who may neither have the right risk expertise or may not be the right people to judge who has.

The purpose of pulling together risk preparedness teams is therefore not just to generate plans-it is to get a sense of the mindsets and capabilities of the individuals involved. The CEO needs to know who the right "go-to" people are in the organization, and then reach out to them regularly.

2. Find the best risk managers: They are rarely who you think they are

The corollary to this recommendation is that the CEO needs a transparent process to indentify the best risk managers, which entails different behavioral skill sets. Some are great thinkers, others are better at communicating and sharing ideas; still others are better at finding the right mix of people and resources to make a strategy successful. The record of crisis situations shows that most senior executives rarely have a strong sense of who the risk leaders are within the firm. Corporate structures are relatively rigid and line of sight into the right people in critical departments is far from perfect.

3. Risk preparedness needs to factor in talent churn and institutional learning

Executives often tell us that, while painful, much is learned in the crucible of crisis. Systems improve, remedies implemented. Yet over time readiness dissolves. In part this is a natural psychological response. Returning to normalcy is a return to the curve. It is also a belief that our organizational immune system has adapted and we are now confident we can address new threats resiliently.

Companies go through lots of changes, though: people leave, are transferred, retire. When we benchmark crisis systems, the most common complaint of crisis managers is that of churn. Old hands are rarely given the opportunity to teach new ones. Transferred executives are dropped from the information chain. New leaders who weren't around for the last crisis are rarely interested in lessons of the past.

It is hard to find almost any other critical function of the firm where the institutional learning is so poor.

Raise Risk Awareness

Part of the answer here is for CEOs to build risk responsiveness and risk awareness into the hiring and development criteria for key managers of the firm. In most cases that we have encountered, these criteria usually factor only in hires in areas such as finance (around financial risk), compliance or public relations. This a vital area of improvement.

1. Incentivize transparency

If the above set of recommendations seems intrusive-well, they are. So CEOs must anticipate that departmental heads can feel threatened by CEOs seemingly bypassing their authority to engage with their preferred risk leaders in the firm.

Transparency can be rewarded and encouraged, however. Departmental heads can be given special awards, given personally by the CEO, for encouraging their employees to generate actionable ideas and flag critical risks, regardless where in the firm those ideas are employed.

2. Take a risk on special purpose risk teams

It is a virtual axiom that no line manager wants to distract their employees from core business functions. Hence the core risk dilemma: most effort is focused on the normal running of the business; therefore there is less available management time to focus on out of the box risks.

So CEOs have to be risk takers at the margins. Once they have identified and gotten in touch with "go to" talent, getting those people the time and tools to collaborate on game changing businesses is absolutely necessary.

Which loops back into our central proposition: risk planning IS business planning. CEOs cannot simply delegate the risk responsibility away. Nor can they ignore the possibility of unintended consequences to the business strategies they deploy. True risk leadership is essential for long term firm survival. CEOs must recognize this and find the most efficient ways to build risk-resilient cultures.

Andrew Goldberg serves as executive vice president of public relations firm Makovsky & Co. Inc.'s Corporate Advisors division,which counsels CEOs and other C-suite executives in restructuring, change management and M&A situations. Goldberg was previously the president of WPP-owned Pivot Red and chairman of the corporate practice at Burson-Marsteller. He earned a Ph.D. at Columbia University in international affairs, specializing in the psychology of decision-makers under stress.

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!