The ‘Risk Glass Ceiling’

Boards of large organisations are frequently devastated to discover things happening in their organisation that have created considerable risk and even led to crises. A common cause of this problem is ‘unknown knowns’, that is things known to the organisation, but not known to management.

It may be thought that this is simply a problem of communication, but studies have shown that the problem arises from a number of causes, such as:

* information not being communicated upwards because the subordinate does not regard it as important, either because of ignorance, complacency, or lacking the ability to understand the real threat;

* a manager may have been told but was distracted, a poor listener, habituated to that state of affairs, or insufficiently experienced to understand the threat;

* the information has been repeatedly reinterpreted as it passes through the levels of management, perhaps because the recipients fail to understand the message, or simply regard it as unpalatable;

* line managers may try to conceal their own, or their peer’s weaknesses or misdeeds;

* lower management may believe that the executive or Board does not wish to know about the problem. For example, leaders may give the impression that targets must be achieved no matter what it takes (and don’t tell us what it took), they only want to hear good news, or the messenger of bad news may be punished. The manager may be perceived as being a bully.

Glass Ceiling Risk

The result is that the Board, who have the power to act, remain ignorant. The ‘Risk Glass Ceiling’ causes risk blindness to important risks leaving the Board unable to deal with them before they cause harm.

The importance of this is backed up in a report by Cass Business School on behalf of Airmic (June 2013) which identified “underlying weaknesses that made them especially prior to both crises and to the escalation of crisis into a disaster.” These weaknesses were found to arise from seven key areas:

1. Board skill and NED control risks – limitations on board competence and the ability of the Non-Executive Directors (NEDs) effectively to monitor, and, if necessary, control the executives.

2. Board risk blindness – the failure of boards to engage with important risks, including risks to reputation and ‘licence to operate’, to the same degree that they engage with reward and opportunity.

3. Poor leadership on ethos and culture - risks from a failure of board leadership and implementation on ethos and culture.

4. Defective communication – risks arising from the defective flow of important information within the organisation, including to board-equivalent levels.

5. Risks arising from excessive complexity.

6. Risks arising from inappropriate incentives – whether explicit or implicit.

7. Risk ‘Glass Ceilings’ – arising from the inability of risk management and internal audit teams to report on risks originating from higher levels of their organisation’s hierarchy.

In two of these key areas (2) and (7), risk information did not flow freely up to senior management, usually due to behavioural and structural barriers. The result was a failure of the board to properly recognise and engage with risks inherent in the business.