Tag Archives: harvard business school

Key Misunderstanding on Risk Management

Bob Kaplan deserves our respect. Famous for his contribution to management with the balanced scorecard, he is now senior fellow and Marvin Bower professor of leadership development, emeritus at the Harvard Business School. (I have never had the privilege of meeting him.)

His colleague, Anette Mikes, was with him at Harvard, and she is now professor of accounting and control at the University of Lausanne (HEC). I am in a network of risk practitioners and thought leaders that includes her. (I have heard her speak but have never met her one-on-one.) She has made important contributions to the academic study of risk management that includes a case study of John Fraser’s Hydro One and a similar case study on Lego.

I have shared my thoughts with her on the narrow and highly limiting view that risk management is about mitigating potential harm from adverse events. Unfortunately, I have not been persuasive.

Kaplan and Mikes recently published a Harvard Business School working paper, “Risk Management – the Revealing Hand.”

While there is some value in the paper — such as its insistence that risk management must be continuous as well as its discussion of overreliance on models — it demonstrates very clearly why so many board members and executives do not see how the management of risk enables their organizations to set and deliver on objectives and strategies. For example, the ERM Initiative at North Carolina State University, in its 2016 survey of the state of risk management, found that only 4% of organizations feel their risk management is very mature (up from 3.4% in 2010). In 2013, a Deloitte survey found only 13% of executives believe risk management supports their ability to develop and execute on business strategy very well.

See also: How to Remove Fear in Risk Management

How can risk management practitioners demonstrate value and significantly contribute to the success of an organization when they:

  • Focus on a list of potential harms;
  • Don’t focus on enabling intelligent and informed decisions from strategy to tactics; and
  • Talk in technobabble instead of the language of the business?

I see risk management as about the following:

  • Enabling informed and intelligent decisions that consider what might happen, both good and bad. Those decisions include setting the vision for the organization (including its strategy, plans and objectives) as well as the decisions made every day across the extended enterprise as people at all levels direct and manage the organization toward its objectives.
  • Thinking about what lies between where we are and where we go, how it might affect our ability to achieve or exceed our objectives and what (if anything) we need to do about it.
  • Taking the right level of the right risks. We cannot survive, let alone thrive, if we do not take risk. The concept that we must mitigate all risks is absurd. Risks need to be assessed in the context of achieving objectives, not in a silo.
  • Knowing how to evaluate the potential for any event or situation to have good, bad or a combination of good and bad effects — and providing a structured process for making decisions about the path forward.
  • Promoting intelligent and effective management that enables the organization to succeed.

Kaplan and Mikes say there has been no credible academic study that demonstrates that risk management delivers tangible value. (Note: EY and Aon have released studies that say that organizations with better risk management obtain better long-term financial results.)

Is the conclusion by Kaplan and MIkes because they don’t understand what risk management should be, that it is not about managing a list of potential harms (what Jim DeLoach calls “enterprise list management”)? Focusing on what could go wrong will not help you do what is needed for everything to go right. If you were greeted at your front door by someone with a list of all the bad things that might happen, would you ever go out, or, would you dismiss the pessimist with disdain?

Here are just a few quotes to support my view:

  • “Enterprise risk management helps an entity get to where it wants to go.” – COSO (the acronym for the Committee of Sponsoring Organizations of the Treadway Commission, which published “Internal Control—Integrated Framework” in 1992).
  • “[Risk management enables] a greater likelihood of achieving business objectives [and] more informed risk-taking and decision-making.” – COSO
  • “The purpose of managing risk is to increase the likelihood of an organization achieving its objectives by being in a position to manage threats and adverse situations and being ready to take advantage of opportunities that may arise.” – National Guidance on Implementing ISO 31000:2009 from NSAI in Ireland
  • “We believe a paradigm shift in risk management is beginning, which is tied to the increasingly complex world in which companies now operate; based on the awareness that uncertainty is embedded in [and affects] everything we do; [and] focused on both capturing upside opportunities as well as protecting the business.” – EY
  • “You need [risk management] to become part of the rhythm of the business — meaning within the flow of strategic and business planning, operations, oversight and monitoring that runs from the board to the line.” – EY
  • “The job of risk (management) is to make … executives more confident to take strategic risks; to demand objectivity in decision-making; and to focus on value added, not just value preserved.” – Deloitte

I can tell you that the risk management programs at Hydro One and Lego do not limit their work to potential harms. They consider the potential for reward as well as harm and work to help management succeed.

See also: Moving to Real-Time Risk Management

So how is it that Kaplan and Mikes have such a narrow view? Perhaps it is because the great majority of practitioners limit risk to the negative and their practice to a periodic review of a list of top risks (enterprise list management).

That narrow view inevitably creates a disconnect with the desire of management to lead their organization to success.

How do you expect a CEO to believe risk management enables success when all the chief risk officer (CRO) gives him is a list of what could go wrong? The CEO needs help to see what might happen, both good and bad, and what to do about it. In other words, the CEO needs to see risk management as helping him or her get where he or she needs to go.

Do you share my view?

If so, how do we convince both the practitioner and academic community? How can we move the practice forward so that it is recognized by leaders of every organization as contributing to their success?

I welcome your views.

This article was originally posted here.

The Hemingway Model of Disruption

In Ernest Hemingway’s The Sun Also Rises, a character is asked how he went bankrupt. “Two ways,” he says. “Gradually, then suddenly.”

In my experience covering innovation for nearly three decades, that’s how disruption has come to a host of industries: IT, newspapers, books, retail, music, etc. What I think of as the Hemingway model for disruption — gradually, then suddenly — is thus how I expect transformation to come to the four main areas that have yet to see huge changes driven by IT: healthcare, higher education, government and our favorite, insurance.

If history is any guide — and it usually is — many insurance executives will miss the warning signs and be caught unawares, just as executives in other industries have been. In 1997, my frequent co-author, Chunka Mui, and I sat in the office of the CEO of Sears and tried to convince him that the gradual change he was then seeing in retail would become sudden once the Internet matured. We argued that he should search for a new business model, using Sears’ brand name and experience with tools and appliances to become the nation’s handyman. He demurred, convinced that the “sudden” part of disruption wasn’t coming. That same year, we sat down with the president of a very large distributor of music and told him that “sudden” was just around the corner because of MP3 players. We argued that he should sell the business and run for the hills. He, too, was unconvinced.

Even though insurance executives now have two decades of disruption in other industries as evidence, I’m seeing many focus on the “gradual” part of Hemingway’s formulation and hoping that “suddenly” either isn’t coming or doesn’t hit until after they’ve safely eased into retirement.

I came across an article the other day by an old friend and colleague of Chunka’s and mine that takes a different tack and offers some concrete ways to monitor for disruption — or, rather, for what the article, How Old Industries Become Young Again, calls the “dematuring” of an industry. The author, John Sviokla, was a partner of ours at Diamond Management & Technology Consultants, now part of PwC. Before that, he was a professor at Harvard Business School, where he co-wrote a thoroughly prescient piece in Harvard Business Review in the early 1990s (years before most of us even discovered the Internet) that described the contours of what the authors then referred to as the “marketspace” and that we now think of as e-commerce.

In describing how to watch for coming problems and opportunities, Sviokla writes, “What most industries experience as disruption is typically not a sudden change from one source, but the accumulated impact of a range of interacting factors. If you want to be prepared for disruption, it’s critical to understand the more gradual, prevalent and multifaceted dynamic that underlies it: a phenomenon called dematurity….You can think of dematurity as a crescendo of mini-disruptions that add up to great effect.”

He says to look for changes in five areas, to understand how rapidly the industry will change and to see how to prepare:

  • New customer habits
  • New production technologies
  • New lateral competitors
  • New regulations
  • New means of distribution

Because Sviokla only touches on insurance, I’ll channel my inner John and offer some thoughts on the five areas, three of which are clearly dematuring the industry and a fourth of which seems to be well on its way.

New customer habits

This is clearly an area of change. The discussion among insurers mostly concerns Millennials, and that’s fair enough as far as it goes, but the issue is much broader. All sorts of customers have come to expect more transparent pricing and convenient service because of the examples that Amazon and other e-commerce giants have set. Mobile technology drives even more changes in customer behavior, increasing demands for immediacy, among other things. Other technologies, such as health-related wearables, are catching on, with consequences that are unclear at this point but that could be profound. Demographics are changing, and not just because of Millennials. And so on.

New Production Technologies

Another area of clear change. The inputs that can go into the writing of an insurance policy are exploding — cameras, sensors, previously unscrutinized notes from salesmen, from customer service reps, from social media, you name it. Silos within companies mean that insurers can’t yet take full advantage of the new inputs, but change is coming. Agile production technologies will soon mean that it won’t take six to eight months to get a new product to market. It will take six to eight weeks or even six to eight days.

New Lateral Competitors

There has been lots of speculation. Is Google coming? Facebook? Amazon? Will there be an Uber of insurance? Some other start-up that revolutionizes the industry? The answers are still a bit unclear, but it seems to me that new competitors are emerging and that the pace will pick up. You can already see effects in reinsurance, where some risks can be so fully quantified that they are being covered in the capital markets rather than through traditional insurers.

New Regulations

Obamacare has certainly shaken up parts of the health insurance market, but, in general, regulations will slow the dematuring of insurance, not accelerate it.

New Means of Distribution

This will take a while to sort out, but at least parts of the sales process will go direct — the agent may still advise on the content of the policy but won’t handle as many logistical details. The increasing reliance on mobile devices will accelerate the move to direct interactions with insurers.

However, you see Sviokla’s checklist of five areas to watch, I’d encourage you to read his article. A lot of the discussion about the potential for disruption can get emotional — The British are coming! The British are coming! No, they’re not! No, they’re not! — but John, as usual, has managed to take a dispassionate, scholarly look at the issues.

What Is the Cost of Doing Nothing?

An associate professor at Harvard Business School recently gave the world an inadvertent lesson on opportunity cost when he spent several days taking a family-owned Chinese restaurant to task, to the point of threatening legal action, for an apparent overcharge of $4. (Happily, he has since offered a sincere apology.)

Opportunity cost is the loss of benefit associated with an option that is not chosen, given a set of mutually exclusive alternatives. In our restaurant example, the professor gave up not only the refund that was immediately offered to him but also the benefit of the myriad other things he could have done instead of composing those emails – from advancing his research to enjoying a nice glass of pinot noir.  In the heat of the moment, it’s easy to overlook the possibility that what we’re doing right now isn’t, in fact, the most beneficial thing to be doing right now.

In my Value Consulting organization, we spend a lot of time with insurers exploring the value of transforming their business with a modern software platform. But recently, we’ve had some really interesting conversations focused on the converse of that: What is the opportunity cost of not moving forward? What is the cost of doing nothing? What is the cost of delaying a decision?

Let’s imagine that you’ve built a case for change in your organization. You’ve estimated that your company could realize a benefit of $12 million a year, beginning at the conclusion of a two-year project that will cost $25 million. But, with limited budgets and scarce human resources, approval for that $25 million could be a long way off.

Overcoming the big-ticket anxiety is difficult, but the math is pretty straightforward. In this simplified example, the investment pays back in year five, with a 10-year net present value of $31 million. So a choice in favor of the status quo will hurt your company by a net of $31 million over the next 10 years. Allocated evenly, that’s a loss of $8,500 per day – every day, including weekends and holidays – for the next 10 years. A six-month delay in moving forward will cost you $1.5 million. In the time you’ve spent reading this blog post, you’ve already lost 20 or 30 bucks.

Of course, an opportunity cost calculation is no guarantee that you’ll actually realize that benefit. The business case must be strong and realistic to begin with. The right software must be chosen, and the right decisions must be made during implementation to ensure success. The hard work of implementing the project must be done. But sometimes a simple, potentially cheeky data point is enough to start a much bigger, more serious conversation.

3 Reasons Why Big Firms Should (and Can) Out-Innovate Start-Ups

The chief innovation officer of a Fortune 1000 company relocated to a Silicon Valley outpost far from her New York corporate headquarters. She now spends most of her time holding court with venture capitalists and entrepreneurs about stakes in hot start-ups. It is never clear who is courting whom in those meetings, though the general attitude in the Valley is that there is more dumb money than good start-ups. Her goal is not to maximize financial returns on her investments—even a 200% return would not be material to her corporation’s financials. Instead, she is essentially outsourcing her company’s innovation strategy to start-ups.

Do these stories sound familiar?

Like too many of their peers, these smart and savvy veterans were stymied in their efforts to get their companies to innovate. They resigned themselves to a conventional wisdom that has taken root in recent decades: that start-ups are destined to out-innovate big, established businesses. Consider, such pessimists contend, that 227 of the companies on the Fortune 500 list just 10 years ago are no longer on the list.

Based on personal experience with hundreds of large company innovation successes and failures, and research into thousands more, however, I have found that this conventional wisdom just isn’t true. Or, at least, it need not be. Yes, small and agile beats big and slow, but big and agile beats anyone—and that combination is more possible than ever.

There are three reasons why innovators at large companies should be optimistic about their ability to beat start-ups.

1. Start-ups aren’t all they’re cracked up to be.

Yes, Silicon Valley has the cachet, but Harvard Business School research shows that the failure rate for start-ups runs as high as 95%. Start-ups, as a group, succeed largely because there are so many of them, not because of any special insight.

What’s more, the National Bureau of Economic Research (NBER) found that entrepreneurs are saddled with most of the risk while financiers capture most of the rewards. Entrepreneurs invest their time, reputations and accumulated expertise for modest salaries and long hours in the hope of gaining huge rewards at “exit,” when the start-up goes public or is acquired. NBER researchers found, however, that start-ups rarely pay off for the entrepreneurs who slave away at them. Of companies that reached an exit (after a median time of 49 months from first venture funding), 68% resulted in no meaningful wealth going into the pockets of the entrepreneurs. These numbers add up to pretty long odds for corporate innovators looking to find greener pastures as an entrepreneur.

The story is not much better for strategic investors chasing start-ups through venture capitalists. Numerous studies, including a 2012 study by the Ewing Marion Kauffman Foundation and a more recent one by Cambridge Associates, show that venture capital has delivered poor returns for more than a decade. VC returns haven’t significantly outperformed the public market since the late 1990s, and, since 1997, less cash has been returned to investors than has been invested in venture capital. Risk and reward have not correlated.

Vinod Khosla, a billionaire venture capitalist and cofounder of Sun Microsystems, tweeted a revealing line from an executive at one of his companies in 2012: “Entrepreneurs really are lousy at predicting the future… VCs are just as bad.”

2. Scale is more valuable than ever.

In the context of today’s immense technology-enabled opportunities, large companies have growth platforms that would take start-ups years to build. Incumbents have products with which to leverage new capabilities such as mobile devices, pervasive networks, the cloud, cameras and sensors. Social media can amplify brand power and customer relationships. Large companies also sit on mountains of market and customer data and are therefore in the best position to extract knowledge from big data.

The possibilities are startling. And tapping into them isn’t optional. A perfect storm of six technological innovations—combining mobile devices, social media, cameras, sensors, the cloud and what we call emergent knowledge—means that more than $36 trillion of stock-market value is up for what some venture capitalists are calling “reimagination” in the near future. That $36 trillion is the total market valuation of public companies in the 10 industries that will be most vulnerable to change over the next few years: financials (including insurance), consumer staples, information technology, energy, consumer goods, health care, industrials, materials, telecom and utilities. Incumbent companies will either do the reimagining and lay claim to the markets of the future or they’ll be reimagined out of existence.

3. The roadmap for leveraging scale while avoiding innovation landmines is clearer than ever.

Since the start of the Internet boom some two decades ago, so many companies have looked to information technology to innovate that there’s now a track record showing what works and what doesn’t. The problems that have stifled innovation in large companies are now known and can be avoided. These problems are not inherent to bigness. 273 companies that were on the Fortune 500 list 10 years ago are still thriving and remain on the list. Compare that 55% success rate against the 90%-plus failure rate of start-ups.

Large companies can out-innovate both existing and start-up competitors by undertaking a systematic innovation process of thinking big, starting small and learning fast. I outlined this roadmap for how to—and how not to—innovate in a recent LinkedIn post. It is also thoroughly annotated in my books Billion Dollar Lessons: What You Can Learn From The Most Inexcusable Business Failures of the Last 25 Years and The New Killer Apps: How Large Companies Can Out-Innovate Start-Ups (both written with Paul Carroll).

* * *

I am not arguing that there is no place for entrepreneurship or start-ups. Start-ups as a group will continue to be an economic engine driving innovation, jobs and wealth. But any individual start-up, or even a small portfolio of start-ups, is far from a better bet for corporate veterans seeking better jobs or more successful innovation.

Rather than jumping from the frying pan into the fire, corporate innovators should consider staying put and focus on tearing down the barriers stifling their company’s innovation efforts. Yes, small and agile start-ups look very attractive when viewed from the confines of a big and slow bureaucracy. Big and agile is an even more attractive position.

Do you agree? I’d love to get your thoughts!