Hack:
Risk Capital as Commons - Distributive and Networked Governance
- Perhaps 10% or more of the meaning of a message is lost each time it is passed along. If risk appetite and corporate objectives are only developed at the board level, by the time they reach customer-facing or market-facing risk-originators who are several layers down the hierarchy, they are likely to have been badly distorted and to contain more incorrect information than correct information.
- When issues arise and need to be addressed through a corporate change, communication up the hierarchy similarly suffers a fate of distortion. For example, as customer preferences change or as the realization of a risk emerges but is not yet fully realized, by the time such a message reaches senior management, it may be mostly incorrect or it may be too late to deal with it.
In complex organizations, there is a challenge in understanding appropriate levels of risk to take and in ensuring that those risks are understood, are aligned with corporate tolerance levels and that risk-taking is properly incented.
- How much risk can a business unit or product line take?
- Are incentive and other compensation policies driving a focus on the best return on this risk-taking capacity?
- Should there be an independent risk oversight of all activities?
- How can we focus group efforts on a common outcome?
Distributive Governance
Similar in concept to the Carver Governance Model, each successive layer of management defines policies and objectives to a level of detail at which it is comfortable that the next layer of the organization can make any reasonable interpretation of the policies.
Further, the capacity for risk taking, as one of those policies, is defined through the allocation of Risk Capital (defined below) which becomes a common property of that next level of management.
Networked Governance
As the Carver model or any other form of distributive governance has the capacity to isolate groups in their thinking (group think), each higher level of management and other stakeholders will have representation within the govrnening committee of the lower level so that outside information can flow into the group and so that group information can flow out to the organization.
See work of Shann Turnbull in this area for its application to the Board of Directors and envision a similar application at each level to which risk capital is allocated (mini-boards at each level)
Risk Capital
Defined as the capacity for risk-taking, it is similar to the amount of risk that each successive unit within the company could take risk on its own as a standalone. In effect, each subdivision of the organization becomes an entrepreneurial venture, responsible for the raising of its risk capital (through business plans and lobbying) and for the return to the organization on that capital.
- Greater ownership of outcomes by smaller and smaller subsets of the organization
- Smaller individual risks taken, none of which would have the capacity to take down the entire organization, thus building resiliency
- Better investment return on risk capital
- Lower perceived risk of the organization by external parties
In short, the three factors that matter for the valuation of the organization (size of cash flows, duration of cash flows and rate of risk at which to discount those cash flows back to today) all improve, greatly improving the value of the organization.
Step two: force each line to do the same thing, down to a level at which it make no more sense to divide (might be to a loan originator, for example, or to a factory or branch office)
Step three: establish incentive plans based on the value of those final subdivisions and a method for determining, in advance, what that value is (avoid overly metric-based approaches that might distort behaviors, see Darley's Law)
Step four: establish stakeholder groups that will integrate with each successively smaller subdivision during its strategic planning and evaluation process
The Origin of Wealth (Eric Beinhocker)
Carver Governance Model (John Carver)
Network Governance (Shann Turnbull)
Governance of the Commons (Elinor Ostrom)
Darley's Law (John Darley)
There are numerous texts that have also had an influence, too numerous to list here.
Thanks, Cristene!
You make such an important point: what are the risks of not doing something? It's far too easy to become the risk manager that finds reasons to shoot down new ideas because they come to us in pre-packaged presentations, with concrete items on which to take issue. But, we often don't go beyond this to envision our organizations in the future and their risk-taking capacity two years from now, for example, which would be different if the new idea succeeded.
What I think We really are trying to encourage in our governance frameworks is innovation and better use of our risk-taking capacity. Some of that comes from transparency and some of it comes from simply being able to repeatedly take hundreds of better-informed business decisions.
If we play this game well, we will make more right decisions than wrong ones. Our right decisions can be allowed to continue growing (let your winners ride) and our ability to absorb or respond to our wrong decisions and external influences, will allow us to keep playing the game for a very long time...which means we will come out ahead.
- Log in to post comments
Hello David,
Its a great idea for the top to share its power and free its time and energy. Reminds me of the Intel story: The decentralization of approval gave the top excellent altenatives, down the line, for stepping into the future. The MMX technology is an example. However, I get the feeling there will be plenty of people looking over the shoulder for any innovation that is approved in this system. While that may help to get quick traction for outright successful projects it may impart decision-making a conservative bias. At worst, perhaps innovation does not respond to layers.
Best wishes,
Raj Kumar
- Log in to post comments
Many thanks for your comment, Raj. I'm sorry to have been delayed in my reply.
The idea behind nested policies in the Carver governance model is that it defines a boundary that should prevent the type of intervention to which I think you are referring. The rule they use is that policy should be defined to a point at which the group to which it applies can make any reasonable interpretation of the intent of that policy. Sometimes this is very tightly defined. Sometimes more loosely. But, the idea is that once it has been defined, the group should be allowed to pursue objectives and ideas their way.
Perhaps the concern is about how the network aspect of this might work? If stakeholders have veto power over innovations, then I think that could lead to a problem in some circumstances. But what I envision is that those vetoes would be rare, requiring a majority of external stakeholders to object. Since the stakeholders would come from different areas, it is hard to see what their motivation would be to collaborate towards veto unless the objectives or ideas of the group truly are viewed as destructive or dangerous. Further, you could allow for appeal to the next level of policy (the one in which this policy level has been nested as a subset)...which would also rarely be used for loss of political capital.
Finally, if the risk capital allocation is being correctly processed, then the better method might be for the stakeholder group to suggest that the risk management function re-assess the risk of the idea or work of the group for fear that the risk is under-appreciated. In other words, for fear that the group is not being charged enough for the risk they are creating. If risk management agreed, a higher risk assessment would raise the required cost to the group of taking on the project. Since the risk capital is a common, more of it would be used up and the group would then be forced to decide if it still made sense to use up the resource on the particular objective or idea as it would make it unable to pursue something else that could have used that risk capital.
Does that help to clarify or to address your concern?
Kind regards,
David
- Log in to post comments
Hello David,
Thank you for the response. However, while framing the question I was thinking of the execution and not the allocation. Perhaps the approach is suited to Financial instruments where results are cut and dried. For other functional areas having too many people passing judgment on incipient resuts may handicap the ability to stick with the hard phase of an innovation.
Regards,
Raj
- Log in to post comments
A major strength of any organization is its ability to unite behind a single project. I find that strength is compromised by your hack. It appeears more suited to organizations in the business only to earn money. This neglects the important concepts of value-add and service. Can these aspects be evaluated independently by Divisions of a company?
Regards,
Dhiraj
- Log in to post comments
All organizations are ultimately trying to maximize their "value", but it is up to each organization to define what value means and how your measure it. Generally, this definition is driven by that organization's values, which can be profit-oriented or service-oriented. So, the concept of distributing risk-taking capacity is not just for profit-seeking organizations it is for all who seek to maximize the service of their mission and values. As a reflection of this, the Carver model of governance, which I cite above, is probably used in more non-profits (charitible organizations) than for-profits.
In terms of uniting behind a single project, I think that can be true for small groups, as you suggest. However, the subdivision of an organization that gets an allocation of risk capital to use as a "commons" need not be focused on just one project. It can be, but it is not required to be. It is most likely that such a subdivision will have some other common interests that unite them as well (service to clients, service of specific mission, development of a new product, etc).
The idea of using risk capital as a commons is to create another very powerful reason for members of a group to unite, in addition to common mission or other uniting factors.
- Log in to post comments
I think we have got somewhere. Not that I am a socialist but the word 'capital' alienates me. It is impersonal and meaningful only to those seeking it. The numbers so occupied are very few in the organization and they may not be overly concerned with Values and Service. These two words are the life blood of the organization. I am with you on the word 'Unite'. You too take it seriously. Risk capital as a commons is at best a one time unifying activity. Will that be enough to face up to the challenges of the emerging world? Are we in short supply of methods of thinking or methods of execution?
Regards,
Dhiraj
- Log in to post comments
This is a powerful idea. In my view, it may be even more powerful when combined with a cap and trade mechanism such as the one I have proposed, as a market-based means of "governing" the total risk in a system (see, for example, http://www.nytimes.com/2009/10/31/business/31nocera.html?pagewanted=all. In the present instance, a cap and trade regime would help govern the risk allocation process within an organization.
- Log in to post comments
It's pretty impressive that Joe Nocera chose to highlight your ideas in his last article before taking a leave to write his book! Congratulations!
For big systems, like the air we breathe, where the commons hasn't always been managed well, it seems that cap and trade are the buzz. You're the first one that I know who has brought forward this idea for entire economic systems.
It would be interesting to think about who the stakeholders would be in a networked form of governance of economies as national economies are all interwoven. Still, the economy is another system and your idea should be workable somehow. The political barriers would be enormous, but I see how the application within a relatively smaller system, like a business, might also work.
In the model that I have tried to briefly describe here, the idea of having the final recipients of risk-taking capacity be free to trade that capacity to others seems potentially distracting. However, the next "higher" part of the organization is probably the place where that "trading" would take place in the form of a redistribution to those who can make a better use of risk capital.
Maybe this is one of those areas for deep philosophical contemplation about where something becomes so big or so interwoven that cap and trade becomes a viably small part of their overall work focus.....I hope that makes some sense....
All my best,
David
- Log in to post comments
This is a creative solution to improving risk communication and risk-taking thorughout the organization. Using specific incentives and stakeholder groups could serve as a check-and-balance on effiecient and effective use of resources and risk-taking. Good idea!
Best regards,
Jean
- Log in to post comments
I'm glad that you bring forward the check-and-balance idea. We don't want to stifle innovation with too many checks and balances. So, we have to combine properly aligned incentives with the input of stakeholders to find the right mix.
- Log in to post comments
- Log in to post comments
Your focus on communication and risk management simultaneously is very important. Businesses exist to take risk and, hence, every business decision is a risk management decision. The idea is to take risk in a better and smarter way than others and we have to have accurate communication flows to do that.
In physics, they say that a closed system tends towards disorder and an open system tends towards greater organization. Communication helps to keep our systems open and that is the main benefit that the Network Governance component brings to this approach.
- Log in to post comments
It's a good idea to incorporate risk consideration (in a form of risk capital) into decision making processes at all organizational levels. One could ask some questions on how to allocate risk capital (i) during different life stages of an organisation: start-up, mature, in transition, in the midst of a crisis, etc. or (ii) when strategies or mandates are not clearly defined at each and every organisational level. Another set of questions could be asked on how to measure non-quantifiable risk taking activities and translate that measure in capital numbers.
- Log in to post comments
I like the notion of life stages, especially as one might consider that not all parts of an organization are at the same life stage. In a way, we're looking for continual renewal of parts of the organization, which means that the risk-taking at the new parts can be done in a different way than at the older parts. The older parts are likely to include the larger umbrella groups from which risk capital is first given or may include legacy products that have never become large enough to be passed "up" the organization.
You also mention one stage being "in the midst of a crisis". We, of course, hope such to be a transitory stage as well. Part of the idea of decentralization and distribution of our governance is that we can reduce the risk of a "single point of failure" that brings down the whole system (organization). There was an article in Atlantic Monthly back in 2002 that included a look at some of the work that Bruce Schneier has done related to IT and privacy/cryptography systems, including his revelations about the stability of systems that are built to sustain single failures well, or to break well. I think that this is a very helpful viewpoint and spurred some of my thinking about how we approach risk management in our organizations.
The other challenge you raise is around how we apply this concept to non-quantifiable risk-taking activities. I think that this is the part where the network approach to governance plays a nice role. In effect, a negotiation takes place between risk-capital providers and the end users of that risk capital. Outside perspectives on the risk potentially assumed by doing something new, or by an existing product/service that may be growing, can make the risk-taking decision better-informed. The inclusion of a risk professional in the conversation can also help to arrive at some kind of a "monetization" of the non-quantifiable. When something is non-quantifiable, we might refer to it as uncertainty, but our goal is to try to turn it into risk, which is quantifiable to a degree. We know that the negotiation will never yield an exactly correct estimate of risk, but we also know that the negotiation process will make the organization smarter about its uncertainties and its risks.
I hope that this helps a bit to address your comments.
Many thanks,
David
- Log in to post comments
David -
This is a great idea! Have you seen this model implemented in any organizations? If yes, how effective was it?
- Log in to post comments
From identification of the problem to development of the solutions, this is extremely well thought out. It takes a complex issue and carves it up into meaningful processes that are appropriate, manageable and high impact. While I have seen significant commentary on risk management and corporate governance, this hack takes an innovative, yet logical approach to inspiring action on broadening ownership of risk, building risk capital and decentralizing control. This is an energizing approach.
- Log in to post comments
- Log in to post comments
Many thanks, Matt!
I am not aware of any company that has implemented this concept in whole, but it is an assembly of concepts that are being applied piecemeal at various companies.
i know that Shann Turnbull cites Visa International as a good example of how a network form of governance can have a positive impact. At the same time, Visa shows up on some governance ratings with a negative bias. So, I don't know if they have it right overall.
The Carver model of nested policies, which goes a long way towards the distributive form of governance is cited in their published work (books and papers) to be in use at numerous organizations (for-profit and non-profit) with great success. I do hear many anecdotal stories about the Carver model and they are often highly positive.
Risk capital is being used at most financial firms, but not to the level which I suggest it be done and probably not is the manner I suggest. While few of us would hold financial service companies out as examples of good governance, the allocation of risk-taking capacity via this means is a positive element...it's just been overwhelmed by the other governance failings.
In combining all three, I think you address many of the key failings of each individually.
Where I have worked and we have implemented a greater awareness of risk-taking capacity, I have seen dramatic growth in market share and performance. This comes about as the company as a whole and individual components of the organization are better able to take risk confidently and to know how it fits into the context of the organization as a whole. Success with such brings about more independence from the top of the organization, which then moved us closer to an effective implementation of the concept above. That is why I suggest beginning with the risk capital or risk-taking-capacity assessment as the first step.
I hope that this helps.
- Log in to post comments
Excellent, well thought-out ideas, David. I really appreciate the barriers / challenges you noted; however, the proper use of incentives should provide the support needed for successful implementation. Thanks for sharing.
- Log in to post comments
- Log in to post comments
Interesting twist on risk management (traditionally belonging to the defensive line of business). If I understand you correctly, you are saying it's time to now also focus on the offensive line, by empowering organizations with a structured approach to take appropiate risks. Whereas risk management thinking leads to control-oriented solutions, such as organizational hierachies, risk taking organizations need to operate in a more distributed and interdependent manner. Examples of risk taking practices include the management of complex organizations (where cause-effect dynamics are not predictable) and creative endeavours, such as invetion and innovation, where successes look more like "black swans" then inferences from past experience.
I am also a supporter of Shann Turnbull's network governance. One organization that might be able to help implement your hack proposal is http://www.holacracy.org. They have a system that appears to incorporate both network governance and Carver's policy governance principles in software.
Finally, for a shameless plug, I would suggest that to retain confidence in the absence of hierarchical controls, you need to compensate by incorporating trust enabling mechanisms, such as those introduced in my hack "The Trust Extender: Enlarge the circle of trust by empowering stakeholders to trust and reciprocate trust" (see http://www.managementexchange.com/hack/trust-extender-enlarge-circle-tru...).
- Log in to post comments
The logic of this hack should appeal to the ones who design new financial instruments.
- Log in to post comments
- Log in to post comments
Many thanks, Alex.
Yes, my view has always been that a better understanding of risk allows for better business decision making. Businesses exist to take risk. In fact, the first decision an entrepreneur makes to open a business is their first risk management decision and we build from there. Too often risk managers are focused primarily or exclusively on control and loss avoidance. We know from behavior finance that the management of expectations around loss avoidance is critical to the value/perceived value of an organization. So, it is essential that such be done well, but not the end game.
Similar to how understanding market share dynamics, competitive initiatives and pricing regimes, information about the price of risk, or the costs of funding risk-taking, help to inform a business decision. You can take risk more confidently.
On risk generally, I tend to refer to risk as the unknown change in value (up or down) of something (a company, a bond, a currency, etc). A risk event is something that drives the realization of risk (again, up or down in value) and risk management is shaping the way in which the value of that something (your company, your portfolio, etc) changes in response to that risk event. A good risk manager, then, works to help businesses shape themselves to respond most favorably to risk events (positive and negative) along with addressing the fear of large losses (impact of loss avoidance). Governance is the framework within which such risk management takes place.
I am not familiar with the Holacracy framework you mentioned, but did give their introductory document a quick read. I see distributed governance mentioned and what looks like a form of networking in it. So, perhaps there is some potential. I have to admit getting lost in the jargon, though (RepLink, Double Linking, etc). Maybe that kind of labeling is needed for broader implementation, but it always seems to change the focus to success in implementing the governance model and not to success in running the business. Success is not about getting the right model in place, but about increasing the value of the organization and I always worry that when we throw about too many cute names we encourage people to define their success by being a really good "double linker", for example. Having said that, the site to which you refer does seem to offer some promising views and tools. So, maybe I just have to get past my own hesitations.
One of the key ingredients in the approach I am suggesting, though, which I didn't see in the Holacracy framework was the use of risk capital as the "commons". They do mention "economic profit", which is often defined in terms of return on risk-adjusted capital, and further note that organizations need more than just this (they need a purpose). In some ways I agree, but the key is to define how the organization measures its "value" (not values), then distribute the risk-taking capacity out so that such value can be pursued by these smaller groups.
Maybe there is a nice way to integrate the Holacracy approach with a "commons" approach, as you suggest.
- Log in to post comments
Dear Dr.Koenig,
Your approach is a complete departure from the people focus of the management sciences for raising performance. In particular the blogs of the mavericks talk of loss of trust in Management and engage in soul searching to restore it. Their search covers greater sensitivity in making choices, the disconnect between individuals and the organization, and successful philosophies like Employees First & Customer Second.
There is a claim that Feedback can enable Managements realise success. The claim is supported by R&D over the 20th century and ties in rather neatly with the concepts of trust and collective ability. Does your concept of risk capital also work through trust and teamwork? How does it deal with the daily choices of decision making and cooperation that determine execution?
Regards,
P.Singh
- Log in to post comments
Thank you for your comments and questions. Sorry for my delay as we celebrated our Thanksgiving holiday and I was traveling on business until today.
Based on your comment and one made earlier by another Mixer, perhaps the emphasis on 'capital' seems to diminish the human aspect of this hack. In fact, the human element is central to its success. At each level of the organization, there are interactions of humans from within and outside of the respective systems to which risk capital has been allocated. There is a necessary trust that is given when capital is allocated and that is where the freedom to innovate is derived, within risk-taking parameters. Further, trust is required within groups that risks are not being hidden or left to manage themselves.
Risk capital is allocated to teams. The size of those teams grows smaller and smaller as risk capital is allocated in smaller and smaller amounts. Ultimately we reach a point at which it makes no more sense to divide. In some cases, that end will be with one person, like a loan originator, or perhaps a sales person. In some cases, it may end at a large group, such as a factory or retail store. In all cases, teamwork is required to maximize the return on the teams collective ability to take business risks.
In terms of daily impact, it would not be very helpful to require every decision meet some kind of risk-adjusted return criteria. But, policies can determine when the potential impact of a decision is large enough that it must. The essential outcome, though, is that everyone who originates risk (individuals and groups) becomes aware that risk-taking has a cost like any other input to the process of generating output and that such costs are incorporated into the business decision making process. Risk-taking is discussed much like the costs of adding staff, expanding or updating physical plant or marketing research.
In the end, we want the smartest people allocating risk-taking capacity and the smartest people taking risk. Smart does not need to mean book-smart, but rather outcome-smart.
I hope that this helps to address your question, but am happy to expand further if helpful.
Kind regards,
David
- Log in to post comments
Excellent ideas here David and I especially appreciated your strategies to disrupt the status quo for the sake of funding and supporting ongoing innovation. You are right that it is risk capital that appears to be missing in most static organizations. This appears to create a problem also for reaching for innovative talent beyond the organization.
One barrier you state as “by the time such a message reaches senior management, it may be mostly incorrect or it may be too late to deal with it.” That is so true and appears to be a communication block between senior management and organizational pools where risk is located.
I was a bit unsure how you solution would connect senior management more to the innovative life of the organization. It is sort of dealt with in your “Distributive governance” and “Networked governance” sections, yet I would find a bit more detail helpful since this barrier is huge in most organizations.
My question is also tied to your notion of “Challenge two: letting go of central control…”
Could you elaborate a bit more. on this scenario. An outside innovator proposes an idea that could replace a broken practice (such as many wasted top down meetings) with a highly profitable approach (such as reconfigured department meetings where skilled facilitators get more innovation, and productivity in less time by actively engaging more talent as shared ideas forward - at meetings).
How could that innovative change transform one innovation segment in a traditional organizations you address here? Thanks – I look forward to your ideas, David.
- Log in to post comments
Happy to report that the book I wrote which further builds on this idea will be published in April of 2012 and was recently featured in an article on Forbes.com:
http://www.forbes.com/sites/christopherskroupa/2011/12/05/freddie-mac-an...
You can see the pre-publication page for the book on Amazon at:
http://www.amazon.com/dp/0470598786/ref=as_li_ss_til?tag=ductilibility-2...
- Log in to post comments
Regarding the connection of management to the innovation in the organization, the flow of information most easily comes from financial returns that will get noticed as they grow and the required risk capital to support the successful innovation becomes larger. In fact, it is possible that a very successful idea becomes large enough that the small group in which it started needs to pass it "up" the organization because it has to use the greater risk capital allocation of the next higher group or it will drain all of its risk-taking capacity.
As such growth occurs, you can see how a very successful product could eventually lead to the creation of an entirely new subdivision of the company. It would eventually grow in its size and use of risk capital that it would reach the "top" allocator of such. Each time it moved "up" the organization, a new level of management would be taking greater notice of it as it took up more of their common scarce resource of risk capital, just as it did to the small group where it started.
My feeling is that the "higher" you go in the organization, the more the policies are about the levels of risk capital that you are willing to allocate to the subdivisions "below" you and about how tightly you define the nested policies. Apologies for the hierarchical imagery, but the hierarchy is most highly correlated with the amount of risk capital you have to allocate and the scale of the freedom you are able to grant.
Regarding the scenario you suggested, if the outside innovator was part of a stakeholder committee, perhaps a supplier or customer, they would be able to suggest the change to the subdivision of the organization to which their stakeholder committee was assigned. It would be entirely up to the subdivision of the company to decide if that innovation would actually improve their return on risk capital, or if it would otherwise free risk capital (reduce risk on existing processes) such that they could pursue more ideas. In this discussion, they would also have to balance the potential negative consequences of ignoring the stakeholder....which will, at a minimum, force contemplation of the idea.
Please let me know if this helps to address your comments and suggestions? I'm happy to expand upon this in any way that is helpful.
With kind regards,
David
- Log in to post comments
Governance Reimagined: Organizational Design, Risk, and Value Creation is now available for Kindle users and the hard bound version will ship from Amazon and others in about two weeks.
You can preview the book at: http://www.davidrkoenig.com/PDF/Governance_Reimagined_Preview.pdf
And, if interested, you can order it from Amazon at: http://amzn.to/GNmlG1
Thanks to everyone for your support and encouragement!
- Log in to post comments
I like this idea quite a bit. The one area of risk as I see it is the summary ability and making it more visible. That implies not just the traditional risk dashboard - which I think fails because it is used by a select few but also fails often to point out the risk of not taking action. This needs to be not only more visible, but more SIMPLY quantitative - i.e. decision tree format with probabilities attached that can be followed through a systemic set of points and outcomes. All executives are from Missouri and want to be shown (despite the pop band Journey's admonishment "don't stop believing.")
I would want to build out the "grey swan" aspects - where might our risks be in not expanding rapidly or deeply enough? How can we be monitoring the market to detect and correlate weak signals faster and with greater decision authority?
Next,
- Log in to post comments
You need to register in order to submit a comment.