Welcome to Directors Australia’s blog
Disclaimer: This blog site has been prepared by Directors Australia for the purposes of providing general information only. Nothing on this blog site should be used or relied on for legal or other advice by any party. Each party's individual circumstances may change the effect and relevance of any matters discussed.
Monday, 13 May 2013 00:00
Directors & officers targeted personally for the organisation’s ‘cultural failings’
by Tim Murray
Managing Director of Culture Strategy Partners
- In FY2011 the Hastie Group had $1.8b revenue, $2.9b construction work-in-progress, $1b assets and 7,000 employees. The Group was placed in administration in May 2012.
- The Administrator’s report summarises Hastie’s collapse as being “..due to poor strategic, operational and financial management and increased competition.”
- While many of the issues identified by the Administrators are accounting and legal in nature, they also identify numerous ‘cultural failings’ that caused, or contributed to, Hastie’s downfall.
- The Administrator believes these cultural failings represent potential civil and/or criminal breaches of duty and are targeting directors and officers personally for damages.
Cultural failings as observed by the Hastie Group Administrators
Many of the issues identified by the Administrators are accounting and legal in nature. However, the Administrators also identified a range of ‘cultural failings’ within the organisation that they believe represent potential civil and/or criminal breaches of duties by directors & officers due to “Failure to exercise their powers and discharge their duties with the degree of care and diligence that a reasonable person would exercise in the same circumstances”:
- the poorly implemented acquisition strategy, including lack of due diligence; poor post-acquisition integration and performance of the businesses; duplication of overhead costs; loss of key personnel
- inadequate management and Board reporting systems, including lack of uniformity across subsidiaries that were open to manipulation
- the Board appeared not to have ‘an enquiring mind’ resulting in poor or non-existent interrogation of management and financial reports and forecasts
- inadequate control exercised by the Board over management, including profitable companies subsidising the loss-making Middle East businesses
- sub-standard project management systems and processes; no or inadequate communication with customers
- a general lack of transparency leading to a culture of ignoring bad news
Three things directors & officers can do to minimise risks from ‘cultural failings’
- Demonstrate that culture is actually important to you. You can do this by asking the right questions; looking for evidence that management is actively focusing on organisational culture; and enthusiastically participating in the culture program that management is leading.
- Monitor whether the organisation has the appropriate ‘cultural traits’ for its business. For example, organisational transparency (sharing the right information with the right people); accessibility (anyone being able to talk to anyone); accountability (the right reports from the right people at the right time).
- Include cultural aspects with the other decision criteria that drive M&A decisions – financial, strategic, operational – during due diligence, the overall decision formulation process, and the post-deal business integration process.
An effective culture is not just about risk management
Research into business high-performance over the past 100 years has established a direct correlation between financial results and the communication habits that drive its workplace – ie its culture.
In today’s increasingly competitive, complex and rapidly changing business world, there’s a widening performance gap between organisations with strong cultures, and those that are frustrating and depressing places to work.
So focusing on culture is not just about risk management and crisis avoidance. It makes good business sense.
Tim Murray is Managing Director of Culture Strategy Partners (CSP): Communications for a High-Performing Workplace. For more information call Tim on (02) 9043 5288 or visit the website www.culturestrategy.com.au
Monday, 01 April 2013 00:00
By Greg Fraser
In our last blog we considered risk oversight from the board’s perspective and offered some questions for boards to ask around risk management as well as outlined some red flags to look for.
At an organisational level, risk management must be a continual process. Based on my extensive experience working with a range of organisations in developing and continually reviewing and improving risk management systems, I have developed the following practical tips for managing risk effectively in organisations:
- Treat risk management as a thinking exercise and develop a thorough understanding of the internal and external operating environment and its impact, through generating risk, on achieving the organisation’s objectives
- Consult widely with stakeholders and staff in understanding the risk environment
- Build risk management into the early stages of an initiative or project so it can be used to improve outputs and outcomes – it is too late when problems or disasters occur
- Look for opportunities as well as potential threats when identifying possible risks
- Risk treatments need to be cost effective, practicable and aim to reduce likelihood and/or impacts and improve controls – generally, do not spend $1 million to mitigate a $50,000 risk
- Document your assessment of risks to facilitate accountability, communication and monitoring and review – but it is not necessary to create War and Peace
- Identify responsibilities, accountabilities and timeframes for implementing risk treatments - this facilitates monitoring and review of risks
- Formally monitor and review implementation of risk treatments regularly through normal management processes and adjust risk management strategies for any changes or emerging risks
- Seek professional advice and assistance where accountability is high or you do not have the skills and experience
10. Involve colleagues in key steps of the process, e.g., assessing the level of each risk
11. Inform management about the risks and how they are being managed - escalate to the right level of management for sign-off and acceptance of risks
12. Create a culture of openness and confidence around the management of risk – it is alright to have high risks provided they are being managed effectively.
Tuesday, 26 March 2013 00:00
By Kerryn Newton
Over the last few months there has been considerable media regarding the potential and increasingly emerging risks caused by cyber terrorism, data theft and corporate espionage, and a concern that businesses aren’t adequately safeguarded against these risks. A question arises as to whether boards have the collective skill set to oversee such risks.
The administrator’s report in the Hastie collapse also highlights the importance of culture in risk management with the administrators reporting to ASIC a “general culture of ignoring bad news” and an ineffective audit and risk committee.
In our work with boards, the questions we ask around board oversight of risk management include:
- Has the board got the right collective skill set to identify, understand and oversee risk management?
- Has the board set a clear risk appetite for the organisation?
- Is the board and organisational culture conducive to appropriately managing and reporting risks to the board?
- Has the board set appropriate mechanisms in place to oversee risk (eg a board risk policy and a board committee with risk responsibilities)?
- Does the board regularly receive a risk report?
- Has the board defined what it requires to be reported in that risk report (eg strategic/corporate risks v operational risks, ‘by exception’ reporting, potential and actual risks)?
The board’s performance regarding risk should be an issue which is addressed in regular board performance evaluations.
At board level, there are a number of flags which should be considered when it comes to risk oversight. Globally respected Professor Richard Leblanc of York University, Canada considers that risk management oversight failure by boards comes down to three things, all in control by the board:
- tone at the top
- internal controls, and
According to Professor Leblanc, when it comes to risk management oversight boards should be looking for red flags including:
- weak or defective internal audit
- lack of internal controls over acute risks (cyber-crime, derivatives, anti-money laundering, terrorist financing)
- defective board/committee risk reporting and assurance
- lack of stress testing
- overloaded audit/risk committees and a lack of focus on non-financial risks
- lack of written risk appetite framework and limits
- static not dynamic risk registers without emerging, interdependent risks and accountabilities
- defective whistle-blowing procedures dominated by management
- tone at the top and not firing wrong-doers
- lack of risk-adjusted compensation
- audit committee and board not understanding how fraud is committed in their company
- acceptance of facilitating payments and not understanding bribery and corruption red flags
- over tenured and pedigree auditors and directors
- management dominance and over-ride of controls
- lack of independent, coordinated assurance over controls
- board not recognising basic risk, fraud and control flags
- complex structures and related party transactions, and
- use of, and reliance on, experts.
Wednesday, 05 December 2012 20:55by Tim Murray
Managing Director of Culture Strategy Partners
The GFC has given us a new business landscape, and what was important to your customers, staff and shareholders in 2007, may simply have lost relevance today.
If your organisation is running with the same purpose & vision now as you were in 2007, it might be timely to rethink them in light of what’s happened to your stakeholder base over the past 5 years. Your purpose & vision is the driver behind your organisation’s culture. Culture drives performance. Performance drives strategy. Strategy determines sustainability.
How the GFC has affected your customers, staff and shareholders
After five years of the GFC, we live in a new business landscape, and it’s highly likely your customers – in fact all your stakeholders, staff and shareholders included - have very different drivers now than they did in 2007.
The question is, if your organisation is running with the same purpose & vision now as you were in 2007, is it appropriate for 2013 and beyond?
Are you focusing on what your existing customers are now looking for?
Will you attract new customers the GFC may have created for you?
Are your employees still passionate about what you’re doing, and loyal to your organisation?
Are your shareholders still happy to leave their capital where it is?
Developments in the world economy over the past five years have driven a social and global transformation of capitalism. For example:
- People are saving more, spending less, and debt has become a dirty word
- Consumerism has shifted away from material accumulation and more towards “experiences” and “meaning”
- “Customer service” has become a more potent brand differentiator than “product”, necessitating more and better communication within our workforces
- The explosion of social media has shifted the balance of information power to the masses, democratising information flow, increasing consumer awareness, accelerating the spread of trends, and forcing companies to operate with greater transparency
- Economic power shifting from West to East has had enormous impacts on consumers and businesses globally, including giving consumers more choice and making it easier to “flip”
- The institution of business has probably never been held in such low esteem, driven by corporate scandals, executive greed, and morally impoverished corporate cultures where profit matters above all else.
Why are purpose & vision so important?
A compelling, inspiring purpose & vision are key to creating and maintaining a high-performing workplace, deserving just as much attention as strategy, execution and innovation.
With the right purpose as your ‘North Star’, employee engagement is higher, competition is less threatening, customers are more loyal, and innovation flows.
Tuesday, 06 November 2012 00:00
When a crisis happens, it's too late to wish you had a Risk Management Communications Plan in place
By Kathryn Britt
Good governance has many aspects. When risk management is being discussed, organisations first look to meeting their statutory obligations but often put other risk management components in the "too hard" basket.
Most businesses have prepared emergency operations plans and business continuity plans to deal with a crisis. But their brand and reputation is not properly protected unless there is also a crisis communications plan in place.
For some industries, such as financial services, it has been a statutory requirement to have in place a Risk Management Communications Plan.
For other industries it is not required by law – but it is certainly best practice.
If an issue or full blown crisis occurs, it's too late to start thinking about what communications strategies you need.
To ensure your organisation doesn’t enter the “what not to do” list of PR disasters that includes the likes of BP (for their reaction to the Deepwater Horizon oil spill) and Gasp retail (for their harsh treatment of a client that received saturation TV, radio and social media coverage), you need to commit time and resources to a decent plan.
A worthwhile plan is not from a “cookie cutter” template, it is tailored specifically for an individual business and will recognise the industry that business is operating in.
It will look at likely at-risk scenarios for your business, taking into account your organisation’s history and risk profile.
It’s also important that the plan provide systems and tools to deal with those totally unexpected scenarios that can cripple a business, especially in today's fast-paced world of social media engagement.
A properly formulated communications plan will ensure that your people are prepared, and know what their roles would be in a crisis situation.
It will identify your key stakeholders and provide background and assessment on specific risks and best methods of communications to these diverse groups.
You'll need to give consideration to essentials such as:
- Who to have on your crisis team and how best to train them (because your plan is only as good as the team tasked with implementing it)
- Positioning and key messages
- Spokespeople (and it’s not always the CEO who is best)
- Media policies and procedures
- Best communication methods for different audiences and situations
- Stakeholder analysis
- Template materials
- Interview tips and media training
A Risk Management Communications Procedures Manual can help your organisation stay calm and communicate clearly when dealing with an issue or crisis.
It should be a living document, regularly updated – not a 200 page manual that is written, paid for and never looked at again.
Ideally it will contain easy-to-read checklists, because in a crisis you don't want to be flicking through an enormous manual reading pages and pages of text to find what you are looking for.
Lastly, the plan should include performance indicators (quantitative and qualitative), so you can document evidence of whether you achieved the desired outcome when managing an issue.
Page 1 of 4«StartPrev1234NextEnd»
Subscribe here to Directors Australia free quarterly newsletter “Above Board” which summarises developments in corporate governance and other issues relevant to directors.