Boards are blinding themselves to risk

Not all risks can be managed. In fact, it turns out that there are quite a few business issues that risk managers themselves have absolutely no influence over and yet pose an existential threat to their organisations.

In many cases these are problems created or exacerbated by the senior leadership within a business...and therefore completely outside the remit of the average risk manager to handle.

This is one of the principal findings of a major piece of research commissioned by Airmic and carried out by the Cass Business School. The research, which looked at over 20 major crises to strike companies around the world in the past ten years, throws a spotlight on corporate governance problems and how senior executives oversee their companies.

“It sounds obvious that the leaders of a business should have the skills that are necessary to understand and run it,” said the report. “But some of our studies suggested that the leaders did not.”

It draws attention to seven risk areas that pose existential threats to companies and that are beyond the realm of the traditional risk management process but which the report recommends should be drawn within its scope.

These issues arise from the board’s ineffective oversight of risks, poor company cultures and inadequate risk communication (see the full list of issues in the box at the bottom of this page).

The paper also warns boardrooms that without listening to views from the outside they are blindfolding themselves to risks within the business—and uses examples to demonstrate this.

In the reports own words “the studies contain a valuable and extensive opportunity to learn painlessly from the misfortune of others”.

Below are some of the key points illustrated by one of the case studies in the report. A complete breakdown of the report's key findings is available in the next issue of StrategicRISK.

BP Texas refinery explosion

In March 2005 an explosion and fire at BP’s Texas City Refinery killed 15 people and injured many others. The subsequent compensation bill added up to over $1.6bn. The oil company also had to pay several criminal penalties and fines for health and safety violations. It was one of the most prominent safety failures to hit BP in North America, meaning that its reputation was trashed even before the Deepwater Horizon disaster in 2010.

Lessons

1. Rapid growth led to too much complexity: BP doubled in size between 1998 and 2000 resulting in an extremely complex management structure.

2. Walk the walk, don’t just talk the talk: While the board talked up BP’s safety measures outside consultants said cost cutting was prioritised over safety.

3. Take notice of the warning signs: Before the Texas explosion there had been 23 deaths at the refinery, four since BP had taken over.

4. Listen and learn: Chief executive Tony Hayward wrote on BP’s internal website: ‘The top of the organisation doesn’t listen hard enough to what the bottom of the organisation is saying.”

5. It’s more than just compliance: The Baker report, commissioned in the aftermath of the accident, said that the main focus of BP’s safety audits was on satisfying legal requirements not on improving overall safety performance.

6. …and follow through: The same report claimed that BP repeatedly failed to “follow through” with improvements following the safety reviews.