Visualisation of reward risks – the appetite for risk

Image

 

Introduction

The profile of reward and the risks it runs can hardly be higher.  Just in the last few days we have seen media headlines about alleged million pound plus salary overpayments in an NHS trust to further issues around votes on remuneration reports, for example the report in the Telegraph of Imperial Tobacco facing investor revolt over its bonus revamp.

These risks include operational reward risks (an often overlooked area) such as making sure that payrolls are run accurately with appropriate tax accounting and payments through to communications between remuneration committees and the shareholder advocacy groups such as, in the UK, the ABI or in the US ISS.

Risk is part of business operations.  What is important, if not essential, is to measure and manage those risks in a systematic framework.    This allows us reward professionals to discuss risk issues confidently with the business, our colleagues in external and internal audit as well as the regulators.  A systematic process allows us to define and agree our risk appetite with our organisations and reduces (although will never abolish) surprises from our reward activity.  I am a great believer in two philosophic approaches.  One is that we always underestimate the frequency and impact of random events.  The recent best seller “Thinking fast and slow” by Kahbneman is a fascinating book on these issues. Likewise, we will always be subject to “black swans” the disruptive large scale random event that no one was expecting.

An overall approach to reward risk

Rosario Longo has published a very good blog “Risk and Reward Risk Management” which gives an excellent overview and structure for looking at reward management risk.   He identifies the key stages and stakeholders in the analysis of risk – mostly from an operational reward risk perspective but the approach is also applicable to the wider questions of strategy, executive remuneration and so on.

His approach on risk measurement and evaluation is very similar to an approach I developed that allows the use of a relatively simple Microsoft Excel spread sheet to generate a visualisation of risk scores in an organisation.  Rosario makes the excellent point that risk scores and measurements are not absolute numbers but an expression of relativity in relation to the known reward risks that organisations may face.

The visualisation approach

It must be recognised that my approach is essentially a sub-set of the type of systematic approach that Rosario has suggested.  Much of the data feeding in to my spread sheet will have been collected by the methods and collaborations suggested by him.  I would add that much of the generation of indicators in my approach are a result of the implicit knowledge of the person drawing up the risks and metrics.  An experienced reward professional will know where the key choke points in reward operations lie and what issues tend to occur during bonus planning and reward processes.

First step: the listing of reward risks

There are a number of approaches to listing the risks in reward.  I like to use a systematic approach by looking at the individual reward processes and then considering the risks attached to each process.  When I last carried out a process like this I came out with a list of over 300 risks.  Here are some examples of reward risks:

Lack of   understanding by senior management of the reward process

Issues   with Regulators over reward

Levels   of base salary insufficient to recruit

US   Benefit structure not appropriate for culture

Vendor   costs not being controlled

Communications   with employees insufficient

Remco has insufficient market data

Table 1 Examples of reward risks

It would be good practice to collaborate on the list with stakeholders such as Remco, HR business partners, the Finance and Audit departments etc to get their views on what they see as reward risks.

The list of reward risks is not static; it will change with time and such issues as changes in legislation, tax, reporting requirements, code changes and so on. A quarterly review of the list would be a good starting point. 

Some organisations run risk databases; such as Operational Risk departments – or may even have access to external risk databases.  All of these are good sources of intelligence on risk in reward.

Once we have a list of risks we more on to the next stage of probability.

Second step: listing probabilities

This is the most difficult stage of the process.  In the vast majority of cases we look to our (and other) organisational history to see what has “gone wrong” or “needs improvement” in the past.  In addition we must also scan events to look for issues that have occurred in other organisations, either in our sector or elsewhere.  Again, access to an external risk databases is a good way of keeping up with risk issues.  Advisors can also be a good source of advice around incipient risks.

At the end of the day risk is largely down to individual judgement.  Unless you have risks with a high frequency which allows mathematical modelling such as Monte Carlo simulations then you have to make an informed judgement call on the probability of risk based on history.  However, as investment advisors are keen to point out, past performance is no predictor for future results”.  Also any risk listing will be specific to the organisation to which it relates – it is all about context.

My model uses a risk weighting of 1 to 10.  Where a rating of one is highly improbable and ten is certain.    Once again, the rating is not static.  Risk probabilities change over time, so the probabilities must be reviewed frequently to ensure we are capturing as many of the issues as possible with their shifting probabilities. 

I am sure that statisticians or actuaries would have much more sophisticated approaches to this process; but I have designed the approach so that HR and reward professionals have a basic framework to start their risk mapping, if you have access to more sophisticated approaches then do use them.

It is important, from a methodological standpoint, not to read false accuracy in to the risk probability approach.  At the end of the process we are looking at the relative levels of risk in our organisation to give some focus as to where we should concentrate resources; not a forecasting tool.

 Third step: listing impact

This is perhaps easier than listing probabilities.  Again we use a simple 1-10 scale where one indicates no impact to ten – the end of life as we know it.  What we are looking at here is what impact would the risk have on our organisation?  For example, would incorrect tax payments on employee remuneration lead to reputational and financial damage?  Would not paying our R&D staff insufficiently result in them leaving with long term damage to our research effort?   Again, we are looking at an estimate of impact, ranging from some minor inconvenience to putting the existence of the organisation at risk.  As an example of this we have seen some companies run in to very serious financial problems in the UK as they had not fully considered the risks they were taking with their final salary pension schemes and the funding requirements nearly bankrupted them.

Another story around impact and probability.  When working in the City I was advised to carry an emergency gas mask.  I questioned the advice.  It was pointed out to me that the probability of a terrorist gas attack in the City was small (although perhaps higher now than in the past), the probability of being on an over ground or underground train catching fire and filling with smoke was considerably higher – but still low.  However, the impact of either of these events was a ten.  So while I hope I never have to use the mask, it only takes one occurrence of the above and me to have the mask to save my life.  We do tend to underestimate low probability, high impact events; as a former scout leader, “be prepared” it a good motto for reward risk as well as scouting.

At this stage we have a list of risks, a listing of probability against each risk and a score for the potential impact of the risk.

Forth step: Risk correlation multiplier

My initial model of risk in reward did not contain a risk correlation multiplier.  However, I have come to the conclusion that difficult as it is, consideration has to be given to this issue.  What is a risk correlation multiplier?  Simply put, if a risk occurs how likely is it that the risk will cause an increase in another risk factor.  Taking a simple example of payroll.  The risk is that we are not paying our employees correctly.  There is a correlation (and I am not strictly talking of statistical correlation here) between not paying employees correctly and not paying the correct statutory deductions in the relevant country.  What I have done is added a correlation multiplier to the score for the risk of not paying employees correctly to reflect it will increase risk in other areas.  If you pay employees in different countries, perhaps on split contracts, the issue of where payment is made, where, and how much tax is due and the implications of getting it wrong, impact on a number of other risks and pose a real operational threat.

Once again we are in the world of estimates.  The more statistically aware will see I am multiplying estimates by estimates by estimates; giving a number which arguably has no real meaning.  However, as noted above we are not looking for an arithmetical answer but relativities of risk in our organisation to allow us to focus resources in the most effective way possible.

We are nearly at the end of the process…

Fifth step: Generate the risk score

This is simply the product of the probability, impact and risk correlation multiplier.  The risk score is a single number that allows us to rank our scores and see where the highest risks in our environment appear to exist.  

Final step: mapping the risk

As figure one above shows, it is possible to produce a useful graphic that shows where are key risks are concentrated.  This is really beneficial when talking to stakeholders, who may not need the detail of the process, but allows them to focus in on the key risk factors. 

Clearly if you have 300 risks, mapping them like this will not work.  In that case it is easy to return to our original process map of reward and use this approach to map risk against each process with an overall map showing a cumulative risk for each process in our reward product stable.  Once again individual circumstances and trial and error will lead us to a process that is optimal for us and our organisation.

Managing the risks

Once we have the information on the likely risks in our reward environment we need to consider how to manage them.  In my model I use a column called “mitigation”.  That is what we can do to reduce the risk.  It may be, for example, that we review the risk with an external advisor or with our Finance department to see how the risk can be reduced.  Linked to this is the next column which I have called “Controls”.  So, for example, if we are concerned about inappropriate payments being made from payroll we can have four eyes, or even six eyes sign off on non-regular payments.  Or, perhaps mandate a random sampling and checking of the payroll.  Again, our colleagues in external and internal audit can be of great help in designing controls on our key risk areas. 

Having appropriate key performance indicators is one approach to managing risk matrix issues.  We need to know and measure before we can attempt to control.   It is not possible to attach KPI’s to every reward process; but there are many that we can.  For example, we can look at attrition statistics, together with leaver interviews to deduct if pay levels are an issue and track this over time.  Payroll and pension payment errors are easy to use for KPI’s.

Many years ago when I worked for Ford Motor Company, everyone in the business, over a certain level or employed in certain key areas were required to undertake a course in statistical process control (SPC).  I suspect this may be a little old fashioned these days; but I found it a very useful way to look at error occurrences and decide if they were random issues or there was an underlying systematic problem that needed to be addressed.  KPI’s and SPC taken together are very powerful tools for spotting issues before they become (or as they become) problems.  Every organisation will have their way of managing risk, but having an organised systematic approach, from the very simple to the very sophisticated is a very good way to start on the risk management journey.

For me, the final part of the risk management mapping is identifying the risk owner.  Who has responsibility for the process in which there are risks?  This helps focus our attention on the whom as well as the what of stakeholder risk management.

Risk appetite

One of the other important outputs from risk mapping is to agree with management the risk appetite of an organisation.  What risks within the matrix are acceptable and which are unacceptable.  Risk is part of business and the costs of mistakes are again part of the cost of business.  The question arises as to how much cost (including indirect cost such as reputational damage) is an organisation prepared to “allow”?  What risks are completely unacceptable and need to be completely removed if that is possible or a willingness to spend more or less on mitigation of risk.  This is an area where a risk mapping in reward can add real value to a business.

Conclusion

The mapping of risk in reward is a key process.  It gives some comfort to management, auditors and regulators that we are aware of the risks of our activities and the steps we have taken to measure, control and mitigate as appropriate. 

The two frameworks, from Rosario Longo and my spread sheet based approach provide a very useful toolkit for a systematic approach to risk in reward and at least forms the basis for a comprehensive risk structure.

Risk mapping adds value to our activities and processes for the business as it both prevents unnecessary costs and contributes in a very positive way to the governance of our organisation.

Image

Advertisements

Reward and Rock and Roll

ImageWhat are the similarities between reward and rock and roll?  At first glance not very much.  But the pending publication of Peter Cook’s new book “The music of business” got me thinking.  I first came across Peter when I undertook the creativity and innovation module of my MBA.  He was leading an improvised jam session to demonstrate the application of techniques of innovation and creativity.  I have, and still do, find his approach to business strategy meaningful, impactful and most of all, fun. 

Peter Cook is a polymath.  An unusual man who straddles several different “worlds” and not only brings them together but is able to translate and communicate the lessons from one field in to other fields of his expertise.  He is a gifted musician, educator consultant and social media expert.  A real renaissance man.

What has this to do with the world of reward?  There are many lessons from the world of rock and roll that could be applied in reward (albeit at a somewhat lower volume).  If we take creativity and innovation we see the examples of David Bowie and Kylie Minogue who constantly reinvent their persona to meet current tastes and trends.  We in reward need to constantly reinvent our products, communications and approaches to meet the demands of our challenging client base not to mention the changing agendas of regulators and rule makers.

To me, a large part of reward is the communication of our message.  Rock stars (or perhaps their management) are masters at segmenting their audience and thus their customers by all the normal demographics such as age and country. They then communicate short, impactful messages about the products they have produced to sell to their chosen demographic. We also need to segment our client base so we can provide meaningful products and messages to get the best bang for our buck.  I use the Prato rule – 80% of our impact will come from 20% of our communication.  Getting that 20% right will make the difference in our reward space between success and failure.

Leadership is another key area in which Peter is a specialist.  The lessons in product, strategy and marketing leadership in the face of changing environments, technologies and fashions by the rock industry (look at the move from CD’s to MP3’s)  can be usefully and creativity learned and applied to our own fields.  I have written before on how social media is going to not only change the way we communicate our message but will change the very products that we offer our clients.

I am a strong believer in using creativity in my reward work.  Part of creativity is being willing to move outside our comfort zone, outside our normal models of thinking and open ourselves to the unexpected.  Peter Cook’s new book and his general approach is about exactly that.  It is about moving outside the normal MBA approaches to business and to look to other industries and ways of doing business to allow us to think creativity about both our day to day activities but also about wider issues of strategy formulation – and perhaps to do it in a fun and interesting way.   Now where did I put my Stratocaster?

Book Review: “Directors’ Remuneration Handbook” by Cliff Weight

Directors’ pay is a highly complex area with a multitude of rules, regulations and codes of practice; and that is only in the UK.  “Directors’ Remuneration Handbook” is an outstanding reference book and guide to this area.  It deals in concise terms with issues such as reward theory and practice, strategy, design and the host of issues including stakeholders,  pay paradoxes, topical discussions, relevant codes and statutory regulations around the subject.

It is a weighty book with 52 chapters and the same number of tables. The book index runs to nearly thirty pages.  While it is aimed very much at the UK market it has some very useful commentary on US and other jurisdiction’s’ practice.  Cliff Weight is very aware of his target audience of reward specialists, Non-Executive directors, company secretaries, academics and those with a detailed interest in this topical subject.  He moves from the general to detailed technical discussion, such as issues around using Monte Carlo simulations for share option pricing, in an easy to follow way, without being dry and dusty.

The chapter layout is clear and logical allowing readers to dip in and out of the topics that are of interest.  The executive summary at the beginning of the book is, in my view, a “must read” for anyone who wants to get an understanding of the paradoxes and issues within the world of executive pay.  It discusses, among other things, the Principal Agent problem in a very clear way, the issues caused by the differences in time horizons between CEO’s who have a median service of four years; and the vastly different perspectives of long-term shareholders and other key considerations.  The summary also includes seven suggested remuneration strategies depending on where the company is in its lifecycle.

There is a fascinating discussion on the difficulty of measuring short term company performance for executives – particularly when looking at share price movement.  Weight points out the difficulty of using TSR as a pay performance measure over the short-term.  He also touches on tax issues; an important consideration given all the tinkering with the tax system we have seen over the last few years.  He wisely points out that we should not allow director’s pay strategy to be driven by tax considerations.

The bulk of the book focuses on all the issues that impact Director’s remuneration including some useful checklists.  He also discusses in detail the different shareholder approaches to pay and my own personal area of concern, the influence of shareholder advocacy groups.  One of the strong themes in the book is the importance of good communication with and between stakeholders, including management, REMCO, advisors, shareholder advocates, regulators and so on.

The book also contains a wealth of data on the UK directors’ remuneration landscape.  There are many helpful tables in the book; although some are a little unclear – at least without a magnifying glass – but this should not detract from this book being a key reference work and probably the definitive volume on the subject.

This is not a cheap book retailing at over seventy pounds.  However, as a private buyer and compensation and benefits specialist I thought it was worth every penny, my copy is already well-thumbed and notated.

I would highly recommend this book to anyone who has a professional or serious interest in the subject of Directors’ remuneration.

The book is published by Bloomsbury Professional and is available from Amazon (for example) at £70.74.  ISBN 978-1-84766-888-2.

The narrative of reward

I was rereading a collection of essays by William Gibson (the inventor of the term “cyberspace”) called “Distrust that particular flavour”.  Gibson has a wonderful narrative style.  As an example he writes, “The end point of human culture may well be a single point of effectively endless duration, an infinite digital Now”.  Reading it made me reflect on the power of narrative and how it may be harnessed to benefit the communication of reward.
The power of storytelling in business is well known; http://www.forbes.com/sites/patrickhanlon/2011/10/10/8-master-storylines-for-business-storytellers-part-1/, but how can we undertake successful storytelling to develop a narrative for reward?  Telling a story gives meaning, cohesion and structure to complex subjects.  It allows our audience to engage in a powerful way and leads to a much greater understanding of our subject than a dry, dusty, factual exposition.  My children seem to pick up more history from the comic story telling of the BBC’s “Horrible histories”   than from well-crafted history lessons at school.
In this time of social media and press scrutiny of reward we have a vast audience of interest.  It includes politicians, shareholders, staff, non-executive directors, compensation committees, regulators, tax authorities. the public, journalist and pundits.  All have different understandings, agendas and viewpoints.  By using a good story of what we are achieving and what we hope to do we can craft a broad canvas to interest and engage our audiences.
The recently published best-selling book “Thinking, fast and slow” by Kahneman strongly extolls the importance to human thinking of making things simple and memorable rather than presenting concepts that require a lot of mental effort and thought.  It argues that people bring to mind the simple and memorable far quicker and perhaps in a more positive way than something that requires to be thought about.  Providing an engaging and interesting tale of success will frame the way our audiences view our work.  With that achieved we can perhaps seek to reveal the complexity and ambiguity that is the actual context of so much reward work.
Engagement is key to understanding.  A well-crafted story creates the images and metaphors that define how people think about reward.  Many of us have read Gareth Morgan’s “Images of Organisation”.  This has a powerful narrative of how the way we use metaphors about our organisation defines how we visualise and think about them.  Do we think of our organisation in warlike terms, “the fight for success” or sporting metaphors, “going for gold” (very apt after the successful Olympics)?  These metaphors will largely define how we think about our organisation.  In the same way the story and metaphors we use in our reward narrative will define how our audiences think about and visualise our products.  Think for a moment about the different images that arise from the use of the word “reward” as opposed to “compensation”.  Reward has positive images, compensation perhaps less so.  Are we rewarding people for their contribution or compensating them for their time and effort?
A good narrative also helps us as reward experts in carefully defining the “well-formed outcomes” that we hope to achieve as well as giving coherence to our thoughts and approaches.
My two final challenges to myself is to work out how I can craft a powerful story that is relevant to the multi-country, multi-cultural environments in which I operate and how I can find time amid all the operational pressures!  Any offers for a solution or some amazing stories on those complex issues?