Corporate governance: Of Cyber attacks, fateful drills and resourceful enemies

5-21-15-Access-Denied1

America has installed Trump as president, the UK has voted itself out of the EU, North Korea is testing nuclear launch capabilities, Elon Musk plans to colonise Mars and the NHS is amongst the latest victims of a large scale cyber attack.

None of this is a routine drill, none of it is imaginary. They are as real as the arctic wind in London, Googles’ search capability and the fall of the Greek empire.

Once immune, I can now feel the tremors from an earthquake in another land, the fear and heat from the bombings in Syria and visualise the power of information in the wrong hands. This is now more than mismanagement, bigger than negligence, worse than ignorance and definitely unacceptable.

But why do I care? Why has this prompted me to vocalise my indignation? Why can’t I simply ascribe this to ‘large- scale governance failure’, indulge in cynical finger waggin’, deliver the final ‘this was coming’ verdict and get away from it all?

Simply because, this time, I can feel the peril. My own vulnerability seems to tango to disconcerting music; flirt with the sorcerer and look me straight in the eye. The issue has now fallen out of the NHS board room, parliamentary debates and lies at my front door. Awaiting action!

I need to address this ….  as a citizen, as a taxpayer and as a fellow human. For who is to say that these attacks won’t be more serious next time and my personal security would not be affected. The size of the problem seems to grow. Friday’s cyber-attack affected more than 200,000 victims in 150 countries, as per Europol chief Rob Wainwright. He also said that another attack may be imminent.

As I look for additional clues, I discover that the weakness in NHS cyber security is a documented matter and was listed as one of the 3 principle risk facing the NHS in the security review, as per Defence Secretary Michael Fallon, in this interview. The report also states Labour leader Jeremy Corbyn, saying that an annual £5.5m deal with Microsoft to protect NHS devices has not been renewed since 2014.

Why has cyber security not been addressed at the NHS? Why has weak infrastructure not been upgraded? Why has this issue been allowed to linger when the threats were well-understood.

As per reports, 48 NHS trusts reported problems at hospitals in England; while 13 NHS organisations in Scotland were affected. Hospital trusts were repeatedly warned about cyber threats before the attack on computer systems on Friday, Defence Secretary Michael Fallon has said. He told said that the NHS was given “a large chunk” of money to improve its security.

Labour leader Jeremy Corbyn said on Saturday that an annual £5.5m deal with Microsoft to protect NHS devices had been renewed in 2014 but not since.

Surely, issues abound and need to be addressed. Our voices need to be heard, because we are at risk when institutions such as the NHS are taken down. We need to ask more questions, demand an explanation and expect a resolution. Corporate governance needs a prod here.

Isolation is now a myth. We are all now connected, for better or for worse and need to bear the consequences for a breach, such as this.

And the proof of the pudding lies in the fact the saviour was a fellow blogger, plugged into the world wide web while on holiday. He chanced upon the ‘disarm’ button on the malware and saved the day.

© Anu Maakan 2017

(Disclaimer: all views published here are the personal views of the author and do not represent those of any organization).

Organisational Governance: Nonprofit boards – Mean machines or Tactical crowbars

crowbar

As I exhaled a lungful of corporate stiffness and took in the soothing vibes from the nonprofit world, a sense of wellbeing arose from within. I could sense more freedom; and the possibility of varied notes emanating from my core. I was now in the realm of do-gooders and philanthropists.

The new life beckoned and I got started. I asked for the governing document, financials, budgets, list of trustees. However, what precise role was I to play?

  • Watch from the sidelines?
  • Be a cheerleader?
  • Jump in head first and ask a lot of questions?
  • Drill into spending patterns? Or Revenues?
  • Focus on specific issues?
  • Raise funds or enable fund raising?
  • Review past performance patterns or peer into the future?
  • Play a strategic role or get a grip on the day-to-day?

It was important I find answers to these questions, to be meaningfully engaged. I started to explore and understand the intricacies of this big new world ‘with a socially conscious heart and soul’.

I found that multiple challenges exist for non-profits.  Starting with the resource crunch of the recessionary era, new technology, shifting trends in fund-raising, rise of social media, new regulation, insufficient financial incentive, outdated board practices, inability to measure outcomes, the rising threat of cyber-attacks, effective engagement with shareholders: in short there is enough to grab the attention of a new trustee.  Trustees are not always able to grasp the magnitude of the issues facing the executive team.

In my opinion, it is important to have a financially savvy board that contributes positively to financial and operating strategy. To take an example, in order to evaluate competing requests for funding or grants, a charity would also need to understand which of the options aligns best with its future course / strategic direction. Fund raising being at the heart of all non-profits, they should be able to measure the return on investment for the various fundraising options: finance and strategy are ultimately inextricably linked. Donors and shareholders are also beginning to ask for greater transparency into the way funds are spent; furthering the call to action.

“Boards need to be engaged with the major strategic options and must measure outcomes,” says Alnoor Ebrahim, in an interview with Forbes, ‘…….If we’re ever going to solve the most difficult problems facing our society, we need non-profit boards to be relentless in pushing their organizations to measure their progress, to be honest about failures, and to learn from them.’

CEOs of non-profits today also vocalise their need for an engaged, enlightened board that they can partner with. Non-profit boards often do not have a good understanding of the ever growing challenges facing them. “It is imperative non-profit organisations scale up to meet the current dynamics,” echoes Geoffrey Hand, UK based non-profit consultant. “Board education, focus on financials and measuring board performance are crucial.”

The UK Charities Commission has clearly laid it out about managing resources, acting with reasonable care and skill, in the Essential Trustee.

Given the growing demands placed on this sector, the more informed and strategically aware the board is the greater their chances of survival; and bigger benefits are likely to accrue to the communities they serve. This is especially true in current times when economies are struggling and loose change may not be as readily available as it used to be. Trustees will need to up their game and be ready to move at the pace expected of them.

While nonprofits don’t exist to make profits their mantra cannot be to make losses either!

 

© Anu Maakan 2016

(Disclaimer: all views published here are the personal views of the author and do not represent those of any organization).

Organisational Governance: The story of the Crimson Board

boardroom

They met in the Crimson room, just as usual. Tim was there, so were Paul and James. Michael with his striped tie, angled for power with the CEO. Becky was in animated conversation in a corner of the room. Murakami had an urgent word for Terry.

King, designated to run the meeting, started to read out the agenda. Not everyone seemed to agree on the priorities. There were rumblings about missing topics. Paul did not seem to recognise item number 3. Well, he did have a lot going on with his responsibilities on 4 other corporate boards!

The closely-drawn, dark blinds in the background seemed sinister than usual. The banter was noticeably toned-down! The crimson room seemed tense.

There were 20 of them, the nerve centre of a mighty corporation. Between them, they had over 200 years of experience in Strategy & Sales, IT, Audit & Risk, Human Resources, Finance, Marketing and new ventures. They had valiantly steered the company for the first ten years. The company had grown and shown resilience to new challenges. However, in the last 2 years…there had been issues. The CEO was under serious pressure, the P&L red in places and large investors engaged in considerable ‘finger waggin’.

What went wrong?

While a few clues are hidden in the story of the Crimson board, it would help to understand what industry pundits have to say about Board best practices.

best

·         Is the board the right size, for the size of the company?

·         Does it have the right set of competencies/ skills?; i.e. suited to the size of the organisation and its peculiar issues.

·         Does it include an adequate number of independent directors?  Independent directors are likely to ask the harder questions, discipline managers & ensure shareholder interest is taken care of.

·         Does the board meet at regular intervals and have a clear agenda for every meeting? Does the agenda cover all matters of importance to the company?

·         How flexible is the agenda? Is it easy enough to call for special meetings or to include new issues?

·         Does the board receive the meeting pack in sufficient time, prior to the Board meeting?

·         Is the board able to allocate time across topics such as Strategy, Risk Management, Financial performance, Compliance, Compensation & Succession planning?  (Smaller boards may have fewer focus items.

As per Korn & Ferry’s 20 Best Practices to improve Board Performance, ‘boards can play a critical role in evaluating how well the business strategy of the organisation is being carried out’.

·         The board should carry sufficient diversity; provide sufficient coverage to minorities, foreign nationals and women. This can help avoid ‘group think’.

·         Do new and old members both contribute to the discussions and do board members have sufficient time to invest in their board duties?

·         Does the board have open, hi-quality debates leading to effective decisions? Do board members challenge decisions? As per the FRC UK, ‘An effective board should not necessarily be a comfortable place. Challenge, as well as teamwork, is an essential feature.’

·         Does the board have a good understanding of the core business and is able to use its own observations together with the data presented to it.

·         Is the board proactive in responding to external events?

·         Do the chairman & CEO work well together and does the CEO trusts the board enough to share information?  Or ‘Does he wait until the night before to dump on the directors a phone-book-size report that includes, buried in the thicket of sub-clauses and footnotes, the news that earnings are off for the second consecutive quarter?’, says Jeffrey A. Sonnenfeld in the Harvard Business Review article, ‘What makes great boards great’.

·         How effective is group dynamics & interpersonal relations between directors, between board and management and between chair & board?

·         How well are conflicts executives and shareholders managed? Members of the board, as trustees of shareholder rights, must play the role of owners as best as they can!

·         Are the board’s sub-committees properly constituted, perform their delegated roles and report back clearly and fully to the board?

·         Is the board place value on the reputation of the company as much as corporate performance?

·         Is the board representative of large and small shareholders to ensure balance of power and improved decision making?

·         Is there is appropriate succession planning for key board members?

The effectiveness of the lead independent director, the board’s relationship to management, elimination of information asymmetry and development of the board’s agenda are other important aspects. As per the Canadian Society of Corporate Secretaries, the Best Boards ‘have the right people, get the best information and make the best use of their time.’

Let the Crimson Board remember that when boards lose, not just shareholders but employees and all other stakeholders lose too!

 

© Anu Maakan 2016

(Disclaimer: all views published here are the personal views of the author and do not represent those of any  organization).

 

Organisational Governance & Change: Fishing for the right metric

fishing

‘Total fish biomass varies by twofold within three regions of the Atlantic, and 8-10 fold across regions in the Pacific’, as per findings from a paper titled ‘Measuring change in fish communities: from monitoring to metrics to management’. This is part of a study conducted for the National Coral Reef Monitoring Programme. In recent years, ‘Fish Biomass’ has been used as a key metric to describe the status and trends of fish communities.

Even so, scientists involved in this study are not completely happy with the use of this metric to represent the status of a complex ecosystem. They are evaluating other metrics.

Earlier this year, France banned use of dangerously thin models, i.e. models with a low BMI. Super-skinny models will be banned from catwalk shows and advertising in France under a new law aimed at ending end the ‘glorification of anorexia ’.

Under World Health Organisation guidelines, the median body mass index for an adult population should be in the range of 21 to 23 kg/m2, while the goal for individuals should be to maintain body mass index in the range 18.5 to 24.9 kg/m2.

As seen here, BMI and Fish Biomass tell us a lot about the health of an individual and that of an ecosystem. There exist several million metrics, depending on what we want to measure and act on/ improve. However, are we sure we are measuring things optimally and not wasting precious time ploughing through mounds of irrelevant and distracting information?

Factors to consider when selecting a metric:

  • What is the metric trying to measure? Is the metric representative of what you’re trying to measure? ‘Businesses tend to measure the wrong things’, says Becher of SAP in this article in Forbes.
  • How it will be used? For example, in the example where French MPs have identified BMI as a measure, their overall objective is to combat anorexia.
  • Do the key stakeholders buy-in to the metric (for that will determine its credibility)?
  • How accurately can the metric be measured? I.e. is there sufficient data available to compute the measure?
  • Does the metric condense a considerable amount of information into one number, potentially losing a great deal of information in the process?
  • How sensitive is the metric to methodology, i.e. can its value be affected by the process used to compile the metric?
  • What are the other inter-related measures that must be examined alongside.Eg – ‘Time taken to deliver a software package’, might be meaningless if not juxtaposed against ‘Quality of the package’.
  • How does the metric impact behaviour? For example, poorly constructed incentive schemes can distort sales behaviour and encourage miss-selling and misconduct.

‘Metrics are used to drive improvements and help businesses focus their people and resources on what’s important’, says George Forrest in an article titled, ‘The Importance of Implementing Effective Metrics’.

Having scientifically designed metrics helps organisations in making appropriate decisions, measure and drive performance, deliver to expected quality standards, benchmark to competitors, focus change and improvement efforts, provide direction and shape strategy.

Not only should metrics be well-designed, they should be evaluated for ‘appropriateness and relevance’ on an ongoing basis; so as to stay aligned with changing corporate goals.

Remember that choice of metrics such as oven temperature and seasoning are imperative to getting your ‘baked salmon delight’ just right.

(*Body Mass Index (BMI) is a person’s weight in kilograms divided by the square of height in meters. A high BMI can be an indicator of high body fatness).

© Anu Maakan 2016

(Disclaimer: all views published here are the personal views of the author and do not represent those of any organization).

Regulatory Change: Disclosures for investor protection under MIFID II

image001

(Image courtesy: financialexpress.com)

 At the Battle of Tannenberg in August 1914, 30,000 Russian soldiers were killed or wounded and another 95,000 were captured. The Germans lost fewer than 20,000 soldiers and captured military supplies. After this defeat, the Russian army could not muster an offensive against the Germans until World War II.

‘German leaders had a thorough understanding of their adversary’s capabilities, schedules, and concept of operations, and this knowledge allowed them to exploit Russian vulnerabilities and defeat them in detail’, says Gregory Elder in a paper titled ‘Intelligence in War: It can be Decisive’, filed with the CIA library.

Clearly, access to ‘intelligence’ / disclosure of information can be powerful. It can affect outcomes.  ‘OUTCOMES’ determine the financial future and/or quality of life of the investors in the financial markets.

Investor protection is a large theme under MIFID II/ MIFIR which aim to enhance the efficiency, resilience and integrity of financial markets. On 25th April ’16, the Commission adopted a delegated regulation supplementing Directive 2014/65/EU. MIFID II/MIFIR provide an updated harmonised legal framework governing the requirements applicable to investment firms, regulated markets, data reporting services providers and third country firms providing investment services or activities in the Union.

MIFID II, which comes into force in January 2018, bolsters requirements regarding the “appropriate information” that an investment firm must provide in good time to the client. Here is a closer look at some of the key features of MIFID II/ MIFIR pertaining to ‘disclosure’ of information.

  • Investment firms should provide clients or potential clients with the necessary information on the nature of financial instruments and therisks associated with investing in them.
  • Investment firms’ should disclose information on allcosts and charges, in good time before the provision of services. These obligations extend to relationships with professional clients and eligible counterparties.
  • In case the firm offers ‘investment advice’, it must say whether the advice is provided on an independent basis or not and whether it is based on a broad or more restricted analysis of the financial instruments available on the market.
  • Such firms must conduct aSuitability test based on the clients’ investment objectives, financial situation and knowledge and experience. These must be repeated at a regular frequency. Appropriateness must be examined for non-advised services.
  • Clients should be informed of the performance of their portfolio and depreciation of their initial investments.
  • Investment firms must have a ‘Best Execution’ policy in place and must report to the clients the quality of their execution. They must also report the top five execution venues in terms of client orders.
  • Information requirements should be established which take account of the status of a client as   either retail, professional or eligible counterparty. To this end, it is appropriate to establish less stringent specific information requirements with respect to professional clients than to retail clients.

Finally, disclosures must be made in a clear, understandable, unencrypted manner, so as to be useful to investors; much as the intercepted Russian military intelligence was, in the Battle of Tannerberg, to the delight of the Germans!

It is upto investors to make best use of the disclosed information. To quote  Gregory Elder,  ‘Intelligence at Tannenberg did not win the battle, but it did play a decisive role in dictating the way Germans employed their units against a force that was larger than theirs’.

 

© Anu Maakan 2016

(Disclaimer: all views published here are the personal views of the author and do not represent those of any organization).

Project Management: The power of a ‘Retrospective’

 

image001 (2)

I love trains, I love train travel, especially if I get a prized view of the surrey woods as well. The train spells motion, progress, signs of LIFE!

More than that, I love travelling in reverse, i.e. on a seat that gives me a reverse view; a hind sight; a look-back. It seems to give me power. Power over time, power over a forward looking lens and  power over the train’s speed. I feel I have more choice over the views and may linger on them a bit longer.

For a few moments, I’m reminded of the expanse of the universe, the futility of the BAU and the folly of a parochial view. If I am lucky, I might even have a moment of deep understanding or a flash of brilliant insight. The insights are what might save the rest of my day, help resolve a family / work issue or simply bring me a new idea.

In general, look-backs or look-back periods have a much bigger application. They allow us to re-think life insurance contracts, purchase agreements, success or failure of a venture or a project. if we wanted to, we COULD make use of it.

Looking back on a project

In the context of project management, practitioners have instituted ‘Retrospectives’. To some of us, it may seem like another meeting to go, another opportunity to sermonise and have tea. However there may be merit in following the ritual.

Pinnacle projects says that the activities of the retrospective are centred around the question – “How can we work together to improve now, so our next project is demonstrably better?”

It is an opportunity to delve into the performance of the project, understand what went well and what could be improved. Team members contribute their insights and point of view at the discussion.

How to conduct a Retrospective

Retrospectives should include the project teams, including SMEs and IT teams. Stakeholders may be included in some cases. Agendas should be set-up well in advance to allow for preparation. You may also like to circulate a questionnaire prior to the meeting, for improved data collection.

Discussions revolve around performance data/ metrics, timelines, individual perception of things that went well/ could be improved, lessons learnt, ideas to carry forward, what to change and how to improve future projects.

It is also good practice to have flip-charts, white boards, sticky notes, markers etc. in-order to make the discussion more interactive.

image002 (1)

The team should seek to identify tangible and viable improvement ideas. As per the Scrum experts Belinders, ‘One of the most valuable questions that I have experienced in retrospectives is asking why? ‘

  • Why did you do it like this?
  • Why did this (or didn’t this) work for you?
  • Why do you consider something to be important?
  • Why do you feel this way?
  • Why did you decide to work together on this?

For larger projects, it may also help to discuss each measure of project success. These may include: time, cost, value, applicability of solutions identified, end-products amongst others.

Why Retrospectives Are Important

Retrospectives lead to organisational learning, facilitate continuous improvement, lead to better project cost & time estimates, improve performance and team building.

And finally, it allows teams to accrue best practices over the longer-term, without the cost of re-learning from repeat failures.

 

© Anu Maakan 2016

(Disclaimer: all views published here are the personal views of the author and do not represent those of any organization).