Prominent examples of board failures over the past few years have not gone unnoticed in the world of governance, and the world at large, and much has been done to improve risk frameworks, internal processes, transparency, diversity and more.
Yet this year’s motion of the Annual Non-Executive Director Debate, organised by the Non-Executive Directors’ Association, and supported by Board Agenda, was still timely: ‘This House believes that boards struggle to identify and manage risks.’ It appears to lend itself to an easy victory.
Let’s look a bit deeper into boards and risk, in the context of the UK, and draw out some points that may not be so obvious at first.
To begin with, the UK is characterised by a fear of difference in opinion, a fear of creativity and, ultimately, innovation. Contrary to that, the US, despite many conditions being different over there, embraces creativity and sees the upside in risk taking.
For the UK, confirmation bias is the traditional modus operandi, where people are expected to conform and history appears and is expected to be predictable. An analogy with the animal kingdom would be a group of zebras, where any odd one—the coloured dot zebra—in times of challenge would be sacrificed or pushed towards self-sacrifice – maintaining ‘business as usual’.
I am not going to quote the many studies undertaken over the past decade or more that demonstrate the financial and risk management benefits of diverse teams, including boards. The point is that this reality is not fully accepted or embraced this side of the Pond.
This results in the conformity ‘Curse of Incremental Change’, that is, a restriction in that business can accept only incremental changes in the status quo. The core risk here is that incremental change is no longer enough for survival.
If businesses don’t innovate, they die. This puts boards into a position where they struggle to identify and manage risks, because they are stuck in the incremental change loop.
Crossing zebras
A second and related situation is the ‘Dilemma of the Zebras’: zebras make themselves equivalent targets to the predator, based on the hope that someone else from the herd will surely get eaten. Transposing this into the boardroom, a conformity culture makes boards struggle to identify and manage risks.
Let’s take the example of cyber risk, where businesses and their boards blindly hope that another business will bear the brunt of attack. We all know by now that the reality doesn’t comply to this view of the world.
Third: If everybody is doing the same, then it is all about economics—or what can turn into ‘the Abyss of Economics’. The obsession with productivity and economics drives businesses to flock to the same big tech providers, cyber security providers, IT and cloud systems.
Big is beautiful, arguably stable and possibly considered cheap. But behold, big is systemic, which, as we observe regularly in practice—with the latest evidence being Crowdstrike—leaves business vulnerable to black swan events in the absence of foresightful efforts.
Doughnuts—some things they can’t do
And there is a fourth dilemma: ‘the Accountability Doughnut’. Businesses and their boards feel comfortably accountable in the middle of the doughnut where they perceive they are in control, while everything outside is considered to be out of their control. It therefore becomes impossible to take a hard decision about the future from inside the doughnut, but that is where the whole system lies—recall the ‘Curse of Incremental Change!’.
Because boards struggle to identify and manage risks—and let’s pick up our cyber example again—they turn to outside help, cyber insurance, unaware that cyber insurers don’t know any better either and so the house of cards is bound to collapse.
This situation does not get remedied by the embedding of ‘Advanced Risk Frameworks, Processes and Standards’, unfortunately.
The fact that over the past four years we have witnessed the development of three critical combat spaces: space, cyber and now AI, is just the icing on the board ‘doughnut’.
Boards struggle to identity these risks, making it also a struggle to manage them. Operating in a left-hand side business model that wants to measure what gets done—based on the precondition of measurability itself—is at the core of this struggle.
Sharper strategic focus
This leads me to ponder the missing piece: strategy. All the great masters of warfare, think Sun Tzu, Alexander the Great or Napoleon, had a solid goal in mind and, based on that, they developed their strategy. They demonstrated excellence because within the strategy they were able to diversify their tactics, the ability to act in order to support the strategy to achieve the end goal.
Strategies on boards today are not fleshed out enough; they are too short-termist and changed too often, where boards lack the ability to use tactics. This tendency to a lack of clarity and to flux when it comes to strategy, going hand in hand with an inability to deploy different tactics, makes it impossible to appropriately react to larger changes. This leads to failure.
Only when you know what you want and have a strategy of going about it, are you able to meet the unforeseen circumstance, and deal with it, by placing it into that context.
Finally, we are experiencing a fundamental generational shift in society. The new generation operates on a different ethical and moral code. This is a system shift, which throws all old systems, risk frameworks and corporate organisational structures out of the window. Boards are aware of this but struggle to identify in what way this poses a risk to their business and so they struggle to manage it.
Unless businesses and their boards decide to open their eyes to change and decide to change their ways in order to obtain the rewards of risk, rather than their demise through risk, boards will continue to struggle to identify and manage risk to the point of their extinction.
Ruth Wandhöfer is an author, speaker, adviser, visiting professor at Bayes Business School and a non-executive director.