Tag Archives: business risk

It’s Oxymoron– Managing Risk and Uncertainty: An Organization Without Risk is Organization Stuck in a Rut…

Risk is a basic ingredient for innovation… Risk implies uncertainty and an inability to fully control the outcomes or consequences of an event… It’s an uncertain world and organizations must accept the fact that they operate in a world of unknowable risk… According to Donald J. Riggin; regardless of the nature of risk it’s impossible to manage; in fact, the expression ‘risk management’ is an oxymoron, because if risk was manageable it would no longer be considered risk…

However, understanding risks is a critical step to knowing how to deal it… According to Steve Tobak; the notion that– Big Risk beget Big Reward is nonsense… Whether it’s the world’s top– hedge fund traders, venture capitalists, real estate tycoons… these billionaire insiders look for opportunities that provide asymmetrical risk/reward… This is fancy way of saying that ‘reward’ is drastically disproportionate to ‘risk’…

In the article Decision-Making Under Risk and Uncertainty by Samia Rekhi writes: The starting point in decision-making is the distinction among three different states of a decision environments: certainty, risk, uncertainty. The distinction is drawn on the basis of the degree of knowledge or information possessed by the decision-maker… Certainty can be characterized as a state in which the decision-maker possesses complete and perfect knowledge regarding the impact of all of the available alternatives…

Often when making decisions the two terms ‘risk’ and ‘uncertainty’ are used synonymous… Both imply ‘lack of certainty’, but there is a difference between the two concepts; risk is characterized as a state in which decision-makers have imperfect knowledge– incomplete information but enough to assign a probability estimate to possible outcomes of a decision…

These estimates may be subjective judgments or they may be derived mathematically from a probability distribution… Uncertainty is a state in which the decision-maker does not have enough information to make a subjective probability assessments… It was Frank Knight who first drew a distinction between risk and uncertainty; risk is objective, whereas uncertainty is subjective… risk can be quantified, whereas uncertainty cannot… Uncertainty implies that probabilities of various outcomes are unknown and cannot be estimated… It’s largely because of these two characteristics that decision-making, in risk environment, involves primarily subjective judgment…

All business decision-making have common characteristics. The traditional approach requires precise information and thus often leads management to underestimate uncertainty and risk factors, which can be downright dangerous for an organization… According to Hugh G. Courtney, Jane Kirkland, and S. Patrick Viguer; making sound decisions under uncertainty requires an approach that avoids the dangerous binary view of risk…

Available relevant business decision information tends to fall into two categories… First, it’s often possible to identify clear trends, such as; market demographics… Second, it’s also possible to identify not so clear trends, such as; customer psychographics…The uncertainty or risk factors that remains tend to fall into one of four broad levels …

  • Level one: Clear enough future: The uncertainty is irrelevant and risk factors are relatively low for making decisions… hence, management can make reasonable precise decisions… Also management can use traditional information gathering, such as; market research, analyses of competitor costs and capacity, value chain analysis, Michael Porter’s five-forces framework, and so on…
  • Level two: Alternative futures: The future can be described as one of a few discrete scenarios… Although probability analysis is useful it cannot precisely identify which outcome is most likely to occur…
  • Level three: Range of futures: A range of potential futures can be identified… A limited number of key variables define the range and most likely outcome can lie anywhere within the range. There are no natural discrete scenarios for the outcome. Organizations in emerging industries or entering new geographic markets often face this uncertainty…
  • Level four: True ambiguity: A number uncertainties and risk factors create an environment that is virtually impossible to predict. And it’s impossible to identify a range of potential outcomes, let alone scenarios within a range. It might not even be possible to identify, much less predict, all the relevant variables that define the future. This situation is rare– black swan events– although they do exist.

Knowing how to assess risk is an organizational competency that must be fostered for long-term sustainability… To do so requires new language and tools to facilitate effective decision-making and decisive action. According to Ralph Jacobson; in developing business strategy it’s important to determine an organization’s ‘risk appetite’, i.e.; how much risk it’s willing, and can afford, to accept… This involves identifying and understanding the scope of risk required in a decision. Typically there are four options– avoid it, accept it, transfer it, share it…

But often decision-makers are confronted with unknowns– these are ‘unknown unknowns’… These unknowns are things that haven’t even been thought of as possible– black swan occurrence– rare but they do pop-up every now and then… situations where management tries to understand more about what they don’t know, than what you do know... These are precisely situations where innovation thrives– it’s when innovators push the edges, challenge status quo, break boundaries in the realm of uncertainty and risk taking. According to Dan Gregory and Kieran Flanagan; uncertainty suggests taking risks, going beyond the known and knowable– thinking scared, thinking stupid, thinking different…

Thinking scared is simply understanding that fear drives all decision-making– it might be the fear of taking action or fear of not taking action. These twin forces often govern negative behavior… but they can also be marshaled and used for positive motivation– the fear of missing out is perhaps most potent motivation in many organization. It’s human nature to resist change and this same nature can be used to drive innovation that embraces risk and uncertainty, and thinks beyond scared, thinks beyond stupid, thinks beyond different…

Most Under-Estimated Business Risk in Face of Uncertainty: Blindness to Ever-Increasing Threats in World of Business Risk…

Underestimated business risk, in hindsight, may seem obvious… Yet many companies fall prey to an ever-increasing world of business risks… management often believes that a risk-event just came out of nowhere, or it could not have been anticipated… Business risk is probabilistic; an event that may happen, or it may not… and often management is either, blind to the risk factors, or just neglects to identify the risks that might impact the organization.

Often business may suffer from a risk-event even before knowing that one is actually occurring, and typically the root cause is a management ‘blindness’ to the business risk factors, such as; change in consumer behavior, increase competition, change in government policy, market disruption, product obsolescence… Also, there may be loss of company assets due to– fire, flood, earthquakes, riots, war, political unrest… which may cause serious interruption to business operations…

brisk4 images

Many companies are often ill-equipped to deal with uncertainty and business risk. Yet every day companies base business plans on uncertainties, and do not adequately consider business risk, whether they be– next month’s sales, next year’s costs, tomorrow’s stock price… According to Sam Savage; business plans based on ‘average’ assumptions are wrong, on average… and typically business risk is depicted as a single number in a spreadsheet to represent future uncertainty– statistical uncertainties are pervasive in business decision-making every day…

According to David Leonhardt; many companies make two basic, and opposite, types of business risk assumptions, i.e.: When an unlikely risk-event is difficult to imagine, business tend to underestimate its likelihood; so management assumes it would not happen at least not to them… On the other hand, when an unlikely risk-event is all too easy to imagine, management often go in the opposite direction and overestimate the risk…

Fourth Allianz Business Risk Barometer 2015: This years survey conducted among more than 500 business risk managers and corporate insurance experts from businesses in 47 countries found following; companies are facing new challenges from a rise of disruptive scenarios in an ever-increasing interconnected global business environment… And according to survey certain types of business risk are of continuing concern, e.g.;  market interruption and supply chain linkage (46% of responses), natural catastrophes (30%), fire and floods (27%)… In addition, cyber (17%) and political risks (11%) are the most significant movers…

According to Chris Fischer Hirs; the interdependency of many industries and processes means businesses are now exposed to an ever-increasing number of disruptive scenarios. Hence, negative effects can quickly multiply and one risk can lead to several others. Natural catastrophes or cyber attacks can cause business interruption not only for one company, but to whole supply chain, industry sector, critical infrastructure…

Business risk management must reflect this new reality by identifying the impact of all ‘inter-connectivity’ early in the process, which can mitigate or at least help prevent significant business risk… It’s also essential to foster ‘cross-functional’ collaboration within organizations to quickly identify potential business risk…

brisk Top-10-business-risks_800x384

In the article Executives Underestimate Business Risk of Security, Privacy to Consumers by Deloitte writes: Research uncovered a notable discrepancy between consumer product industry executivesperceptions of consumers attitudes toward security and privacy, and consumers’ stated views on the topic… Many consumer product (CP) industry executives may be out of touch with consumers’ opinions on the importance of data security and privacy… Results of an online survey of U.S. consumers and 70 CP industry executives suggest that consumers care a lot more about the security and privacy of personal data than many CP executives seem to realize… CP companies’ treatment of the personal data they collect from consumers appears to factor prominently in consumers’ purchasing decisions…

According to the survey data: 80% of consumers who responded to the survey say they are more likely to purchase from CP companies they believe protect their personal data; 72% avoid purchasing from companies they believe do not take adequate measures to protect consumers’ personal data; 70% say they would be more likely to buy from a CP company that a third-party verified as having high standards for data privacy and security; 59% say knowing a company experienced a data breach would negatively impact their likelihood of buying from that company…

Industry executives are putting their companies at significant business risk by not fully understanding consumers concerns… According to Frank Milano; the more sensitive data a company collects the greater its attractiveness to hackers and the greater the risk for data breaches… Companies may avoid alienating consumers and losing their hard-earned trust by being transparent about data collection and digital marketing practices… and giving consumers more control over their own personal data…

Executives also tend to overestimate effectiveness of their companies’ data privacy and security policies and value consumers receive in exchange for sharing their personal data, e.g.; the survey data shows that 77% of executives believe that their companies’ data privacy policies are clear and well-understood by consumers, while roughly 73% of consumers say they would like to see more clarity in companies’ data privacy policies… also 47% of executives believe consumers regard the risks of sharing their personal data is worth the personalized promotions, advertising, coupons they receive from companies in return…

However, only 25% of survey consumers agree with that assessment… also 47% of executives think consumers view the risks of sharing personal data as worth the brand recommendations they receive from companies… however, only 18% of consumers agree with that conclusion… Clearly there is a serious disconnect of perceptions between consumers and company executives…

In the article Managing Business Risk: Where Are You on the Curve? by Ralph Jacobson writes: Business risk must be in the forefront as management most critical agenda item… Knowing how to assess and properly manage business risk is an organization competency that must be fostered for long-term sustainability… This requires techniques and tools… that will facilitate effective strategic thinking, decision-making, decisive action…

One such technique that can be used to help management transition in world characterized by significant business risk factors is represented by an S-curve. The S-curve is a tool for evaluating risk and determining various kinds of actions that can be taken at specific points in time, e. g.; the S-curve technique suggests when growth and change in growth happens along an almost  predictable trajectory of three distinct phases…

brisk1 untitledUnderstanding where/when an issues falls on the S-curve determines the most effective action… One of the powerful attributes of the technique is that it can provide a timely way to determine when a new discontinuous change occurs and its relationship to the  existing state of the business. The S-curve strives to predict the collision of two worlds: The concept of S-curve helps to frame the situation so that players can depersonalize the negative energy and help each-side find value in the other-side. It’s in this manner that management can help balance business risk, e.g.; long and short-term conditions; existing and new financial models…

Without the use of this type of technique and tool business risk issues are prone to serious intra-organizational conflict– hence, the potential for very contentious risk issues can move from politically imposed solution, to more collaborative solution that embraces a larger set of possibilities…

The importance of business risk management can never be underestimated when you are involved in any business venture or making decision that might impact the very survival of a business. Identifying and mitigating business risk properly and correctly before they can make a serious impact on business is paramount to having a successful business… The importance of risk management is often seen in hindsight when ignored  business risk factors result in a failed business issue… In retrospect business risk issues fail because management was not properly prepared to engage the specific risk that had the potential for serious negative impact on the business… By having a business risk plan, business can prevent or mitigate most of underestimated business risk factors that might occur…

brisk business-pulse-dual-perspectives-on-the-top-10-risks-and-opportunities-2013-and-beyond-8-638

According to Srini Pillay; many companies fall prey to unforeseen business risk, because management may believe that probably of occurrence is low, or that they are immune from the risk, or they just turn a blind-eye to the possibility, or the risk could not be foreseen or anticipated… While these excuses may be true for many issues, but a more plausible explanation is business risk ‘blindness’, which occurs due to the way the human brain is wired… business risk ‘blindness’ is the tendency to overlook immediate business risk when making decisions due to human factors, such as; fear, greed… a condition that occurs all too often in many organizations…

Business risk is inherent in decision-making, hence one of the most important management skills for ensuring long-term success is the ability to effectively evaluating all risk factors in making business decisions… No matter how obvious business risk might seem in hindsight, it’s critically important to detect the impact of specific risk factors on a business, in foresight…

Challenge of Managing Business Risk– Basis for Sustainability: Know and Understand Uncertainty and the Risk Landscape…

Risk is defined as the probability of an unforeseen incident, and its penalty on the business… Whatever the purpose of an organization, the delivery of its objectives is surrounded by uncertainty which both poses threats to success and offers opportunity for increasing success…

You can safeguard your business and increase its success rate by having an effective risk management policy in place. By identifying the risks before they occur, you will have the time and space to prepare and to put solutions in place if needed… Risk management may seem scary when you are planning your business. But by having business risk plan in place, you can ensure that you protect the viability of your business…

risk1 th

Risk is defined as the uncertainty of outcome, and it must be assessed with respect to a combination of the likelihood of something happening, and the impact if it does actually happen. Risk management includes; identifying and assessing risks (‘inherent risks’) and then responding to them… The resources available for managing risk are finite and so the aim is to achieve an optimum response to risk, prioritized in accordance with an evaluation of the risks.

Risk is unavoidable, and every organization needs to take action to manage risk in a way which it can justify to a level which is tolerable. The amount of risk which is judged to be tolerable and justifiable is the ‘risk appetite’.  Response to a risk situation may involve one or more of the following actions:

  • TOLERATE: The business’ exposure may be tolerable without any further action. Even if it’s not tolerable, the ability to do anything about some risks may be limited, or the cost of taking any action may be disproportionate to the potential benefit gained…
  • TREAT: The greater number of business risks will be addressed in this way. An action is taken to constrain the risk to an acceptable level…
  • TRANSFER: For some business risks the best response may be to transfer them to either reduce the exposure of the organization or because another organization is more capable of more effectively managing the risk, however, some risks are not (fully) transferable…
  • TERMINATE: Some risks will only be treatable, or containable to acceptable levels, by terminating the activity, and this might become more clear when the cost/benefit relationship is in jeopardy…

Effective risk management requires understanding more about what you don’t know than what you do know. In particular, it must recognize when new risks are emerging. Too often, risk assessment plot the usual ‘known knows’, leaving executives and directors under-whelmed because the process doesn’t really tell them anything they don’t already know…

World Economic Forum’s Global Risks 2013 Report is an annual survey of more than 1,000 experts from industry, government, academia and civil society who are asked to review a landscape of 50 global risks. .. The global risk respondents rated most likely to manifest over the next 10 years is ‘severe income disparity’, while the risk rated as having the highest impact if it were to manifest is ‘major systemic financial failure’.

There are also two risks appearing in the top five of both impact and likelihood; ‘chronic fiscal imbalances’ and ‘water supply crisis’…Unforeseen consequences of life science technologies’ was the biggest mover among global risks when assessing likelihood, while ‘unforeseen negative consequences of regulation’ moved the most on the impact scale when comparing the result with last year’s…

Resilience is the theme that runs through this report. It seems like an obvious one when contemplating the external nature of global business risks because they are beyond any organization’s or nation’s capacity to manage or mitigate on its own. And yet these global risks are often diminished, or even ignored, in current enterprise risk management. One reason for this is that global risks do not fit neatly into existing conceptual frameworks, and fortunately this is changing…

The report advises that building resilience against external risks is of paramount importance and alerts directors to the importance of scanning a wider risk horizon than that normally scoped in risk frameworks… When considering external risks, directors need to be cognizant of the growing awareness and understanding of the importance of emerging risks…

The 2014 annual Emerging Risks Survey (poll of more than 200 risk managers predominantly based at North American re/insurance companies) reported the top five emerging risks as follows: Financial volatility (24% of respondents). Cyber security/interconnectedness of infrastructure (14%). Liability regimes/regulatory framework (10%). Blowup in asset prices (8%). Chinese economic hard landing (6%)… It’s interesting to observe the diversity in understanding of emerging business risk definitions. For example; Lloyds: An issue perceived to be potentially significant but may not be fully understood or allowed with respect to– insurance terms and conditions, pricing, reserving or capital setting… PWC: Large-scale event, circumstances beyond direct capacity to control that impact in ways difficult to imagine today… S&P: Risks that do not currently exist…

In the article Managing Risk: Where Are You on the Curve? by Ralph Jacobson writes: The management of business risk is now forefront for senior leader’s key agenda items. Knowing how to assess risks and properly manage them is a critical organization competency that must be fostered for long-term business sustainability. To do so requires new language and tools to facilitate effective strategic thinking, decision-making, and decisive action…

Here are some thoughts to help senior leaders transition to a world characterized by significant risk, for example; the S-curve is effective for evaluating risk and determining the various kinds of action that should be taken at specific points in time. The curve suggests that growth and change happen along an almost predictable trajectory of three distinct phases… Knowing where issues falls on the curve determines most effective action.

risk thFYE0ZRV6

One of the powerful attributes of the model is that it can provide a timely way to determine when a new discontinuous change occurs and its relationship to the current state. The S-curve can be used to determine the types of organization and leadership issues that will be encountered on the journey… It’s a Collision of two worlds: The generic S-curve suggests that when a few pioneers start a new S-curve (green line) they are initially ignored by those who remain intent on achieving the historical performance metrics and objectives… The existing stakeholders (pink line) view the green line as an unnecessary drain on resources at a time when financial and people assets will be at lower levels because the organization is experiencing ‘stage-3’ decline..

risk th0SBWAF3I

Caught between these forces are those who resist change and those who under-appreciate the accomplishments of the past… senior leaders must help each side understand the need to do both; maintain the past approaches long enough to reap short-term benefits and focus on establishing the successful implementation of the new-to-achieve long-term benefits… The concept of the S-curve helps leaders frame the situation so that players depersonalize their negative energies, and help each side find value in the other. It’s in this manner that the senior leader can help balance such risks the ‘long and short-term’; current financial model and the new model…

Historically companies have viewed business risk through a functional lens (financial risk, human capital risk, supply chain risk, etc.), and by focusing on one distinct ‘silo’ you can miss the interrelatedness of risk to a company. that is, miss those connections and you may misfire when attempting to manage it… According to Robert S. Kaplan and Anette Mikes; Organizational biases inhibit the ability to discuss risk and failure. In particular, teams facing uncertain conditions often engage in ‘group think’: Once a course of action has gathered support within a group, those that are not yet on board tend to suppress their objections, however valid and fall in line… Which means that many business rather than mitigating risk, they actually incubate risk by tolerating minor failures and defects– treating early warning signals as false alarms– rather than alerts to imminent danger…

According to Gerard Joyce; managing business risk makes company’s actions more predictable, thus more successful. The ISO 31000:2009 standard outlines principles and guidelines to follow in implementing a structured process for managing business risk effectively Managing business risk in a systematic way can be an enabler,e.g.; decision-making is more informed, presumptions and assumptions are challenged, and actions taken are more likely to achieve desired outcomes. A structured process highlights the ‘Key Risk Indicators (KRIs)’ or early warning signs that need to be monitored. These enables the organization to take pre-emptive action to avert or mitigate significant outcomes…

According to Jeanne Lauf Walpole; business risk management is identification, assessment and economic control of those risks that can endanger assets and earning capacity of business… Once a complete list of risks has been established, then each risk should be assessed for its probability of occurrence, for example: Very likely to occur; Some chance to occur; Small chance to occur; Very little chance to occur… Also, it’s important to evaluate potential financial damage that can result from each risk, and respond appropriately. Business risk management decisions must be based upon preventing, as much risk as possible although complete eradication may not be realistic, and/or mitigating risks at a level that’s at least tolerable for the business…

risk thNJXROOYI

According to Peadar Duffy; risk and strategy are intertwined, and one cannot exist without the other, and they must be considered together. Such consideration needs to take place throughout the execution of strategy. Consequently, it’s vital that consideration is given to ‘risk appetite’ when business strategy is formulated– and that requires a well-conceived business strategy and superior execution, on the one hand… and very serious risks assessment and process, on the other…

According to Adi Alon, Wouter Koetzier, Steve Culp; most companies opt to reduce uncertainty by leveraging the traditional– stage-gate innovation process. Stage gates are designed to identify the best ideas by putting them through multiple reviews or gates… This concept, in principle, is extremely effective but in reality new opportunities tend to be defined very narrowly.

As a result, promising news ideas that are a little off center are often smothered. And while many of innovation initiatives that do gain approval are low risk, they offer only low returns– incremental improvements that usually do little more than maintain market share. Whereas, prudent risk-taking when managed properly is the foundation for business growth and sustainability…

Psychology of Change Management: Resistance, Failure, Behavior, Irrational Side… Improving Odds for Success…

Change management is the law of life, and those who look only to the past or present are certain to miss the future. ~ John F. Kennedy

Most business change management programs fail, but the odds of success can be greatly improved by taking into account– counter intuitive insights about how employees interpret their environment and choose to act, say ‘Carolyn Aiken and Scott Keller’. In the book ‘Leading Change’ (classic work in change management) by John Kotter reveals that only 30% of change management programs succeed.

Since the book’s release, literally thousands of books and journal articles have been published on the topic, and courses dedicated to managing change are now part of many major MBA programs. Yet in 2008, a McKinsey survey of 3,199 executives around the world found, as Kotter did, that only one change transformation in three succeeds. Other studies over the past ten years reveal remarkably similar results.

In the article ‘The Psychology of Change Management’ by ‘Emily Lawson and Colin Price’ they provide a holistic perspective, which suggests that four basic conditions are necessary before employees will change their behavior: a) compelling story, b) role modeling, c) reinforcing mechanisms, d) capability building.  According to ‘Aiken and Keller’; this prescription is well grounded in psychology and is entirely rational. One of its merits is its intuitive appeal; many managers feel that, once revealed, it’s simply good ‘common sense’. And this, ‘Aiken and Keller’ say is precisely where things go wrong:

The prescription is right, but rational managers who attempt to put these four conditions in place by applying ‘common sense’, typically; waste time and energy, create messages that miss the mark, and experience frustrating and unintended consequences from their efforts to influence change management. Why? Because when managers implement the prescription, they disregard certain– sometimes irrational– but predictable elements of human nature…

In the article Why Change Management Fails in Organizations by Ray Williams writes: Leaders must understand and apply the knowledge of behavioral psychology to manage organizational change successfully. In the past, efforts at organizational change have systematically failed because they have neglected the reality that change doesn’t happen without individual people changing their– thinking, beliefs, and behavior.

In the article by ‘Emily Lawson and Colin Price’ they argue that change management success, in large organizations, depend on groups and individuals changing the way they function… In effect, management must alter the mind-sets of their employees– no easy task.  Aubrey C. Daniels, world authority on management and human performance, says another reason why organizations are fundamentally flawed from a behavioral perspective is that they were designed by people– those with financial expertise– who have only one purpose in mind, to make money.

He says– ‘when change management programs are designed without an understanding of human behavior; results can be destructive.’ For example, there is a mountain of research to show that employees are not primarily motivated by financial rewards, over long-term, yet we continue to use it as a management motivational strategy.

An article by ‘Rock and Schwartz’ states: “The traditional command-and-control style of change management doesn’t lead to permanent changes in behavior. The more you try to convince people that you’re right and they’re wrong, the more they push back. The way to get past objections is to help people come to their own resolution.”

Dr. Robert Cooper writing in ‘Strategy and Leadership Journal’, points out that we actually have three brains–the ‘one in our head’, the ‘one in our gut’ and the ‘one in our heart’. He claims that the highest reasoning involves three brains working together… All this information is great, but what does it all mean? It means that: Conventional change management tactics in organizations are based more on animal training than on human psychology…

Leaders promise bonuses and promotions (the carrot) for those who go along with the changes, and punish those (the stick) who don’t with less important jobs or even job loss. This kind of managerial behavior flies in the face of evidence that shows that people’s primary motivation, in workplace, is neither; money or advancement, but rather personal interest in their jobs, good work environment, and a fulfilling relationships with their boss and colleagues…

In the article The Irrational Side of Change Management by Carolyn Aiken and Scott Keller write: In our research working with companies attempting change management, we identified nine insights into how human nature gets in the way of successfully applying the four conditions (i.e., Lawson and Price) required for behavioral change.

Conventional change management thinking extols the virtues of; creating a compelling change story, communicating it to employees, and following it up with ongoing communications and involvement. This is good advice, but in practice there are three pitfalls to achieving the desired impact:

  1. What motivates you doesn’t motivate most of your employees.
  2. You’re better off letting them write their own story.
  3. It takes a story with both + and – to create real energy.

The fact is human beings consistently think they are better than they are– a phenomenon referred to in psychology as a self-serving bias:

  1. Leaders believe mistakenly that they already ‘are the change’.
  2. Influence leaders– aren’t a panacea for making change happen.

Conventional change management practice emphasizes the importance of reinforcing and embedding desired changes into; structures, processes, systems, target setting, incentives. We agree. To be effective, however, the mechanisms must take into account that people don’t always behave rationally:

  1. Money is the most expensive way to motivate people.
  2. The process and the outcome have got to be fair.

Change management literature emphasizes the importance of building the skills and talent needed for desired change. Though hard to argue with, in practice there are two insights that demand attention in order to succeed:

  1. Employees are what they– think, feel, and believe in.
  2. Good intentions aren’t enough.

In the article Improving Your Odds of Success in Driving Change by Art Petty writes: In their article, the authors ‘Carolyn Aiken and Scott Keller’ offer some interesting insights and ideas that they describe as counter-intuitive but potentially helpful for improving the odds of success for change management initiatives.  On a depressing but not surprising note, in their article, ‘Aiken and Keller’ cite a 2008 study of over 3,000 executives that found that one-in-three change management initiatives fail. 

These low success rates have been well documented by John Kotter, as well as other researchers in the field of change management. The ‘Aiken and Keller’ article cites the 4 basic conditions (i.e., Lawson and Price) necessary for change according to theories in psychology of change management, and their thoughts on how these 4 conditions are applied, namely:

The prescription is right, but rational managers who attempt to put the four conditions in place by applying ‘common sense’, typically; waste time and energy, create messages that miss the mark, and experience frustrating and unintended consequences from their efforts to influence change.” The authors go on to share nine insights into their application of the 4 conditions that explain why change initiatives might fail and how to improve the odds. My interest is with two of their insights related to the ‘compelling story’ condition for change; here are my comments:

  • First: What motivates you doesn’t motivate most of your employees’. While we tend to focus on telling stories about ‘what has changed’ and ‘why we have to change’, or ‘what we want to accomplish’, research shows that people respond best to stories that address five forms of impact: society, customer, company, environment, ‘me-personal’
  • Second: ‘You’re better off letting them write own story’. Executives and leaders go to great lengths to tell change management stories.  They call special meetings, conduct town halls, webinars, blog posts and often walk away feeling like they’ve      done the job.  They’ve spoken, the message is clear and everyone must agree or they’ll single them out as resistors.  The authors suggest that while stories about the need to changes (i.e., told in ways that address the five forms of impact) have to get out there: I suggest that we would be better off by listening more and telling less.

While there is much more in the ‘Aiken and Keller’ article, than I am highlighting here, just the lessons from the first two points alone are compelling… The bottom-line: Like so many things in leadership and management, there are no silver bullets for success. A lot of really smart people try to drive change in business, and fail. 

Those that succeed seem to know that change is intensely personal and that their role is to create an environment where the need for change can be processed and where individuals can take control of defining the terms of change.  While it seems that just when the leader thinks that he/she should be hands-on, is precisely the time when he/she should step back and let go.

Even the most credible of leaders have to step up their game when it comes to talking about and promoting change on their teams and in their organizations.  According to Art Petty; you can trust that a good number of people in the organization have developed a case of cynicism on talk of change emanating from the higher-ups. They’ve consumed too many ‘flavor of the month’ programs and developed heartburn when the programs died in mid-stream.

They’ve watched leaders come and go, and they no longer hear the siren call or pay much attention to the slogans and signs. Can you blame them? If they wait a few minutes, this too shall pass, and in spite of their positive view, people are conditioned to wait until the noise dies down and the focus turns back to getting the work done. For some leaders, the institutionalized and individual resistance to change is extremely frustrating and vexing.

One leader offered; “I’m told that I’m credible, people have responded well to my leadership, I don’t pump sunshine or doom and gloom, yet people are dragging their feet on this new program. I know that doing new things can be frightening, but why aren’t people more excited and supportive?”

Change is inevitable and intuitively, we all know and accept this reality. However, don’t discount the challenges that you will face in gaining support for your message on the need to change. You’ve had ample time to process on it, but when your team members hear it for the first time, it’s either noise or interesting, but not tangible. The only way through the resistance is straight ahead. Your honesty and authenticity are truly important. Your willingness to engage in dialogue and your humility in asking for input and help are priceless…

People don’t resist change. They resist being changed! ~ Peter Senge

Business Cyber Snooping, Spying, Eavesdropping… When Does Internet-Email Snooping, Spying… Go Too Far…

It’s pretty rare for companies to have a snooping, spying… policy; although these days, it’s getting more common ~ David R. Ellis

Snooping, in a security context, is unauthorized access to another person’s or company’s data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include; casual observance of an email that appears on another’s computer screen or watching what someone else is keying.

More sophisticated snooping uses software programs to remotely monitor activity on a computer or network device, e.g., malicious hackers or keyloggers that monitor keystrokes, capture passwords and login information, and intercept emails and other private data transmissions and communications. Corporations sometimes snoop on employees, mostly legitimately, to monitor use of business computers and track Internet usage; governments may snoop on individuals to collect information and avert crime and terrorism.

Although snooping has a negative connotation, in general in computer technology, snooping can refer to computer programs that perform a monitoring function. An interesting example of snooping, whether it was intentional or not, was the Google ‘Street View’ cars snooping incident; where, in addition to snapping photos of the houses and roadways, the Google car secretly harvested many– emails, photographs, and other personal data from WiFi networks…

In the U.S. there is a proposed new law, the ‘Cyber Intelligence Sharing and Protection Act of 2011’; this law basically allows the government and private companies to communicate about cyber-security threat information. It allows intelligence communities to share threat details with private companies, and encourages companies to do the same. More to the point, the information shared would be exempted from public disclosure.

Not surprisingly, civil liberties groups are up in arms, and as ‘Andrew Couts’ writes; the big problem with the legislation is trust. It demands that we trust the government and big business not to do the wrong thing. The fact remains that critical portions of the bill, e.g., vague definition of cyber threat and national security, far-reaching exceptions to existing laws, and toothless protections for privacy– all require trust that the federal government and corporations will not violate the people rights. This is a worrying trend we’re seeing around the world.

In Britain, there are similar moves with proposed legislation that allows the government to monitor every email, text message and phone call flowing throughout the country. Under the British law, Internet service providers (ISPs) would be forced to install hardware that would give law enforcement real-time, and on-demand access to every internet user’s IP address, email address books, when and to whom emails are sent and how frequently– as well as, the same type of data for phone calls and text messages… One senior UK coalition source said: There is going to be a big battle between those in favor of security and those in favor of liberty.

In the article In the Cyber Snooping: How Online Spying Permeates the Workplace by Cindy Krischer Goodman writes:  Everything we do online is out there for the world to see… Are you a cyber snooper? Do you think we all need to be? As social media explodes and information comes to us in the palm of our hand, we can’t resist using what we glean from the Web to gain a leg-up in business.

We now have the ability to go online to see who got the job we wanted, whether a co-worker spent the weekend golfing with the boss or what new marketing gimmick our competitor might be offering. ‘People should be aware of what’s happening in their companies and their industries,’ said Vanessa McGovern, independent consultant. ‘It makes good business sense.

Today, more people on social media sites share information about their lives through status updates, location check-ins and résumé changes’. Overall, more than 66% Internet users participate on social network sites, as of February 2012, up from 46%, in 2009. Vigilant monitoring of online activity led one advertising agency owner to discover her largest client was talking to a competitor.

Another small business owner said– she noticed a client whose business she wanted– regularly checked into a particular restaurant, on Foursquare. So, she invited the client out to lunch, at that restaurant, casually mentioning it was her own favorite dining spot. Many companies see social networks as mere distractions for their employees, but there are those who recognize the tremendous opportunity they represent as a research tool.

With employers, bosses and competitors– snooping, spying… on each other, how do workers and employers adapt and keep private what they don’t want public? Is it even possible anymore? Five years ago, this was not possible, but now it’s a huge business competitive advantage. Or, is it just snooping…

In the article Social Snooping for Business Opportunities by Kaleidico writes: Twitter, and ask one simple question: What are you doing? This simple question, and the increasingly intertwined network of social connections have sparked a revolution. Everyone is trying to figure out how to leverage millions of users, hundreds of applications, and an increasingly social ethos on the Web.

But, the challenge is even greater for use in business strategy: It’s not just Twitter– also, Google Profiles, Google Reader, Facebook, Linkedin, FriendFeed, Yelp, Blogs… At the most basic level the social graph (generic term for the social network) is system of nodes connected by relationships and communications. The nodes are people, relationships, and communications that are observable to determine relevance to business objectives– e.g., getting more sales… Let’s take a closer look:

1. Monitoring Social Chatter: Let’s return to the most basic and common social question asked by all of these new social networks: ‘What are you doing?‘ This simple question elicits responses like:

  • “Tasked with first email campaign, I’m nervous”
  • “What is the best place to book travel?”
  • “Need a new pair of running shoes…suggestions?”
  • “My Internet is down again. I’ve had it with Company B!”

All these responses are potential sales or customer service leads. Are you catching them? Are you engaging them?

2. Identifying the Nodes: Monitoring the social chatter is just one part of the equation. The Internet is still shrouded in pseudonyms and aliases. This is where most social networking processes go into a time-consuming search for hunches. Ironically, most of the answers to whom these people are, and how to connect to them are in their social profiles. Chances are they are promoting something and want to be found. You just need to follow the thread to their contact information, i.e., do a little snooping.  Each of these profiles, given relevant conversations, is a potential prospect. Are you getting them identified, and into your sales pipeline?

3. Leveraging Connections: One of the most powerful laws of networks is their tendency to clump into hubs and communities. This ultimately means the more nodes you collect and/or ‘connect with’ the more likely you are to be one step away from a referral– the gold standard of sales leads.  This information is typically a little trickier, but the practice of connecting to friends is adding information to the social graph each day. Harvesting this information and putting it into context can give you multiple channels into a prospective client. The opportunities flow from a multitude of search engines and social networks into your ‘sales funnel’. The result is an endless flow of potential business opportunities in the sales process… all it takes is a little snooping…

According to Nolo.com: If you want privacy, don’t count on emails. Emails may feel like a private, one-to-one conversation safe from prying eyes but emails, on the contrary, are not secure and private: In fact, email messages can be intercepted and read anywhere in their transit, or reconstructed and read off of backup devices, where the emails can be stored for an extended period of time.

If you’re sending emails at work, the boss can legally monitor them, and if the company becomes involved in a lawsuit, the adversary has the legal right to review them. If you send emails from home, anonymous hackers can intercept them, and if you are suspected of a crime, law enforcement officials with a warrant can seize all your electronic mail.

Even Internet service provider (ISP) may legally be able to scrutinize your emails. What all this means is simply: Unless you take affirmative steps to protect your messages, don’t count on emails as confidential method of transmitting information. In many companies, new employees may be asked to sign and acknowledge some form of employer email policy.

The policy will probably inform you that emails are for business purposes, that computer systems at work are property of employer, that emails may be monitored, and that you have no reasonable expectation of privacy in the use of emails. A written statement like this, signed by an employee, creates a contract upon which an employer can rely, if they want to snoop.

Even if there is no signed agreement or written policy, an employer can still peek into emails (or your desk for that matter) — assuming, as is usually the case, that you have no reasonable expectation of privacy as to the contents. In the end, emails’ speed and convenience outweighs its non-private nature for most every day discussions. But think of emails like; postcards, not letters– where messages are open to everyone’s snooping eye, along the way.

Computer enabled snooping, spying... has increased the scope and abilities of companies, governments and private interests that wish to obtain sensitive personal and business information. The ever-increasing number of reports of criminal and unethical incidents on the Internet– compromise of sensitive personal data,  stolen credit- and debit-card data, theft of businesses’ IP,  accessing proprietary business information…– suggest that cyber snooping, spying… is having a serious economic impact on consumers and businesses.

While it’s difficult to estimate size of the problem, the consequences of cyber snooping, spying… is enormous.  These are real threats to all global nations– it’s war for competitive information. We all must face what is described as an evolving array of Internet threats, which include; unethical business practices, corrupt employees, criminal groups, hackers, sinister nations…

According to Justin Basini; ‘Your Internet browser is a fantastic way for people to know your interests; your mobile phone is the best way for people to track your movements; and your social networks gives a complete view of your personal connections.

Initiatives like ‘privacy by design’ encourage businesses, organizations, and governments to view people not as ‘users’ but ‘data owners’, but the reality is that the collection of data about people largely goes on without transparency and without much control.

Regulators both in Europe and the U.S. are battling to establish consumer rights over information, but they are under intense fire from the vested interests of companies who know that their value is intrinsically linked to the data they hold on people.

Therefore, the public must reconcile a key question– Is Internet cyber snooping, spying… a threat to the public’s civil liberties, or is cyber snooping, spying… necessary to keep those liberties safe? Where is the balance?

Business Risk Management: ‘Protect Against Unthinkables’–Loss Due to Damages, Legal Liabilities, Fines, Crime, Strategic Relationships, Disasters…

“The first step in the business risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning.” ~Charles Tremper

Business Risk Management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

An ‘Inc. Magazine’ article writes: Every business encounters risks, some of which are predictable and under management’s control; others are unpredictable and uncontrollable. Risk management is particularly vital for businesses, since some common types of losses—such as theft, fire, flood, legal liability, injury, or disability—can destroy in a few minutes what may have taken years to build. In the early 2000s, the role of risk management expanded to protect entire companies during periods of change and growth.

As businesses grow, they experienced rapid changes in nearly every aspect of their operations, including production, marketing, distribution, and human resources. Such rapid change also exposes the business to increased risk. In response, risk management professionals created the concept of ‘enterprise risk management’ (ERM), which was intended to implement risk awareness and prevention programs on a company-wide basis. The main focus of ‘enterprise risk management’ (ERM) is to establish a culture of risk management throughout a company to handle the risks associated with growth and a rapidly changing business environment.

Writing in ‘Best’s Review’, Tim Tongson recommended that businesses take the following steps in implementing an ‘enterprise-wide risk management program: 1) incorporate risk management into the core values of the company; 2) support those values with actions; 3) conduct a risk analysis; 4) implement specific strategies to reduce risk; 5) develop monitoring systems to provide early warnings about potential risks; and 6) perform periodic reviews of the program.

In the articleWhat is Business Risk Management? by Business risk management.org writes: The goal of business risk management is to detail what kinds of risks exist in your specific business and figure out how to prevent them entirely, or minimize their impact on the business as a whole.

To do this, most risk managers take a five step approach. First, identify the risks involved in all aspects of the business. Second, review the probability of the negative events occurring. Third, come up with a plan, a way to decrease the risk. Fourth, put plan into action. Last, monitor the situation to see if the plan is effective or if it needs to be altered. Risk management includes risks that are a part of the industry the business serves, and the way in which it does business.

Because of this, business risk management is a way of codifying the way decisions are made and guiding those decisions in the future.  Relationships with customers also can be risky, especially if a company comes to rely on one customer too much. A business risk management process or plan should cover these kinds of risks, as well as how decisions should be made. In other words, it should say how much risk is too much in a financial relationship. While these may include physical risks, business risk management should also take into account how to prevent theft, fraud, and other crimes.

Another risk to a business caused by employees is simple human error, where even a tiny mistake in entering data or in the manufacturing process can have huge and sometimes devastating consequences. Having a ‘risk management plan’ in place not only can help in the event of an emergency, it can also help guide the way the company does business. It will help to organize allocation of resources and capital by helping to regularize the way that priorities are set.

This will help with decision-making and planning, as well. Since risk management requires the anticipation of potential problems, it can help the business prevent a disaster or at least mitigate the impact of the disaster on finances and other assets…

“The global financial crisis in 2008 demonstrated the importance of adequate risk management. Since that time, new risk management standards have been published, including the international standard ‘ISO 31000 Risk management – Principles and Guidelines’. This guide provides a structured approach to implementing ‘enterprise risk management’ (ERM).

Organizations need to understand the overall level of risk embedded within their processes and activities. It is important for organizations to recognize and prioritize significant risks and identify the weakest critical controls. A successful enterprise risk management (ERM) initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency.”

In the article Risk Management Principles and Concepts” by David Campbell writes: Risk management is an integral part of business governance. Risk may have positive or negative outcomes, resulting in either an opportunity or a loss for a business. Risk management is the way in which adverse effects from risk are managed and potential opportunities are realized.

Therefore, risk management involves: Minimizing those things that may negatively impact upon a business, and identifying and harnessing those things that will help to achieve the goals and objectives of a business. Every risk has its own distinct characteristic that requires particular management or analysis. An emerging concept in risk management is that there are three types of risk:

  • Opportunity-based risk.
  • Uncertainty-based risk.
  • Hazard-based risk.

Risk analysis assists in determining which risks have a greater consequence or impact than others. This will assist in providing a better understanding of the possible impact of a risk, or the likelihood of it occurring in order to make a decision about committing resources to control the risk.

Risk analysis involves combining the possible consequences, or impact, of an event, with the likelihood of that event occurring. The result is a ‘level of risk’. That is: “Risk = Consequence x Likelihood”.

In the article “How Managing Political Risk Improves Global Business Performance” by PwC writes: Companies doing business internationally are grappling with political issues that sometimes surprise even the most experienced. A new study by ‘PwC and Eurasia Group’ shows that despite current efforts, a high percentage of multinational companies believe they are not doing all they could to manage political risk effectively: PwC and Eurasia Group believe that more effective management of political risk can help companies protect their investments and take advantage of new opportunities, thereby improving global business performance.

When it comes to improving global business performance, managing political risk helps in two fundamental ways. First, it protects new and existing global investments and operations by helping management anticipate the business risk implications of political change or instability.  Second, for a company constantly on the lookout for new opportunities, monitoring political risk within target regions or across continents can help management hone in on political developments that foretell a business boom, beating competitors to the punch.

Businesses face many risks, therefore risk management should be a central part of any business’ strategic management. Risk management helps you to identify and address the risks facing your business, and risk assessments will change as your business grows or as a result of internal or external changes. This means that the processes you have put in place to manage your business risks should be regularly reviewed.

Such reviews will identify improvements to the processes and equally they can indicate when a process is no longer necessary. There are four ways of dealing with, or managing, each risk that you have identified. You can:

  • Accept it.
  • Transfer it.
  • Reduce it.
  • Eliminate it.

Traditionally, risk management was thought of as mostly a matter of getting the right insurance. However, this impression of risk management has changed, dramatically. With the recent increase in government rules and regulations, employee-related lawsuits and reliance on key resources, risk management is becoming a management practice that is every bit as important as financial or facilities management. 

Organizations should regularly undertake comprehensive and focused assessments of potential risks to dramatically reduce its chances of experiencing a catastrophic event that could ruin or severely impair the organization.  According to ‘Risk Management Insight’ management doesn’t really care about security… they care about risk.  They want answers to questions like:

  • “How much risk do we have?”
  • “How much more (or less) risk, will we have if…?”
  • “What am I getting for the money I’m spending on security today?”
  • “Which risk issues are most significant, and how do they compare to the other business issues I have to deal with?

When we are able to describe the value of security in terms of; ‘how it affects risk’ (the frequency and magnitude of loss), management listens more carefully because we’re speaking in terms that they understand and care about…

“Risk management should be an enterprise-wide exercise and engrained in the business culture of the organization.” ~Julie Dickson

Clarity of Risk is Essential for Success in International Business Development: Opacity Index & Corruption Perceptions Index (CPI)…

“We realized that a lot of information about countries or companies is lost or intentionally hidden. If you can’t get good information, risks can be overvalued or undervalued.” ~Joel Kurtzman

Opacity (defined as ‘lacking transparency or translucence; opaqueness’) is not only a deterrent to global economic development, but it also decreases the ability to access capital. According to the ‘World Bank Doing Business Database’, regulatory and legal transparency is an important indicator of the cost of starting or expanding a business, and, it can enhance or constrain business investment, productivity, and growth…

The Opacity Index is a measure of a country’s regulatory and legal transparency, and consists of five factors: corruption, legal system efficiency, economic and enforcement policies, accounting standards and regulatory effectiveness. Together, these factors form the acronym ‘CLEAR’. ‘Higher level rankings’ of opacity in the ‘CLEAR’ factors indicate poorly functioning governments, which increases the cost of doing business, as well as the risk.

The Opacity Index measures high-frequency, low-impact risks, which include; corruption and un-enforced laws and policies. It also measures the rights of debt- and equity-holders around the world, the adequacy of corporate governance and the quality of accounting standards. Whereas, most traditional measures of risk look at low-frequency, high-impact events, such as coups-d’état, nationalization of industries and earthquakes…

In the blog Overseas Investors Get Guidance from PwC’s Opacity Index by AccountingWEB writes:  The analytical model for the Opacity Index was developed by ‘PricewaterhouseCoopers (PwC) Endowment for the Study of Transparency and Sustainability’ to provide guidance for policy makers and business leaders who are considering the economic impact of international business development.  The objective was to create a country-by-country ‘ranking of opacity’, which represented degrees of ‘lack-of-clear, accurate, easily discernible and widely accepted practices governing the relationships among businesses, investors, and governments’.

The Opacity Index draws upon 65 objective variables from 41 sources compared across 48 countries. Each component of opacity; corruption (C), efficacy of the legal system (L), deleterious economic policy (E), inadequate accounting and governance practices (A) and detrimental regulatory structures (R) — is rated separately, and the component ratings contribute to an overall opacity rating…

In the article “The True Cost of Going Global” by Judy Warner writes: The Opacity Index helps to make known, that which is hard to know: True cost of doing business globally. What does it really cost to tap China’s massive market? Is that a better value than setting up shop in India or Brazil? Why is Finland considered a safe place to do business?

These type questions are the basis of the book, Global Edge: Using the Opacity Index to Manage the Risks of Cross-Border Business” by Joel Kurtzman and Glenn Yago. While working at PwC, Kurtzman and Yago developed the initial research that led to the creation of the Opacity Index. “What we were interested in were the capital markets and how they reacted to information,” Kurtzman recalls. “We realized that a lot of information about countries or companies is lost or intentionally hidden”.

If you can’t get good information, risks can be overvalued or undervalued. Our yardstick was how the capital markets looked at companies and whole countries and how that related to currencies…Then we looked at governance nationally and at a corporate level, and were able to determine that there’s a lot more globalization of processes than information. We know how to manufacture around the world but, for example, executives in Germany don’t necessarily know how business is conducted in France, or other countries. The index provides a snapshot”…

In the article The Global Costs of Opacity by Joel Kurtzman, Glenn Yago, and Triphon Phumiwasana write:  A careful review of the individual ‘CLEAR’ factors can provide highly useful information in decision-making, since even in countries with the same overall Opacity Index rating the causes of opacity might be quite different. For example, if managers have a choice of where to locate a regional headquarters, they might choose a country with scores higher on the legal and economic sub-indices. If they are looking for a place to build a plant, they may care more about the corruption sub-index.

If they are looking at a joint venture with another company, the legal sub-index will indicate those locales in which the provisions of a joint-venture contract will be best enforced. This is not to suggest that businesses should avoid high-opacity countries. Indeed, in some areas of commerce such as mineral extraction and oil production, that would be difficult, since many of the largest producers of raw materials and oil have high opacity scores. Instead, businesses can use the Index to prudently measure their risks and to create mechanisms to protect themselves against those risks.

In the article “Measuring Opacity” by Christos and Mary Papoutsy write: The Opacity Index measures ‘level of opacity’, defined as “the lack of clear, accurate, formal, easily discernible, and widely accepted practices.” The potential for opacity exists and no country is likely to earn a perfect score. For example, there may be corruption in government bureaucracy that allows bribery or favoritism. The laws governing contracts or property rights may be unclear, conflicting, or incomplete. Economic policies — fiscal, monetary, and tax-related — may be vague or change unpredictably.

Accounting standards may be weak, inconsistent, or irregularly applied. A high degree of opacity in any of these areas will raise the cost of doing business as well as curtail the availability of investment capital. As the world’s markets, in the era of “globalization,” become more interdependent, it becomes obvious that one country can differ from another in clarity and consistency of their approaches to managing their economies. Some national economies are relatively transparent, while many others are relatively opaque. The Opacity Index brings a degree of clarity to the subject of costs related to corruption…

Since 1995, ‘Transparency International (TI)’ has published an annual ‘Corruption Perceptions Index (CPI)’ ordering the countries of the world according to “the degree to which corruption is perceived to exist among public officials and politicians”. The organization defines corruption as “the abuse of entrusted power for private gain”. A higher score means less (perceived) corruption.

Since this index is based on polls, the results are fully subjective and based on a reputational model, and less reliable for countries with fewer sources. Also, what is legally defined (or perceived) to be corruption, differs between jurisdictions: a political donation that is legal in some jurisdiction may be illegal in another; a matter viewed as acceptable tipping in one country may be viewed as bribery in another.

In former Soviet states, the term “corruption” itself has become a proxy for the broader frustration with all changes since the breakup of the USSR. In the Arab world, terms for corruption had to be invented by advocates as recently as the 1990s… Critics point out that definitional problems with the term “corruption” makes the tool problematic for social science. Aside from precision issues, a more fundamental criticism is aimed at the uses of the Index. Critics are quick to concede that the CPI has been instrumental in creating awareness and stimulating debate about corruption.

However, as a source of quantitative data in a field hungry for international datasets, the CPI can take on a life of its own, appearing in cross-country and year-to-year comparisons that the CPI authors themselves admit are not justified by their methodology. The authors themselves state: “Year-to-year changes in a country’s score can either result from a changed perception of a country’s performance or from a change in the CPI’s sample and methodology. The only reliable way to compare a country’s score over time is to go back to individual survey sources, each of which can reflect a change in assessment.”

In the blogCorruption Realities Index 2010 by Anatoly Karlin writes: There are three corruption indices that aren’t as well known as the CPI, but far more useful. One of them is ‘Transparency International’s’ less well-known ‘Global Corruption Barometer’. Every year, they poll respondents on the following question: “In the past 12 months have you or anyone living in your household paid a bribe?” The answers hint at the prevalence of corruption in everyday life, as experienced by a sample of normal people…

Another key resource is the ‘Global Integrity Report’, which evaluates countries on their actually existing ‘Legal Frameworks and Actual Implementation’ on issues, such as, “the transparency of the public procurement process, media freedom, asset disclosure requirements, and conflicts of interest regulations.” This involves line-by-line examination of the laws in question, and the “de-facto realities of practical implementation”…

Finally, there is the ‘International Budget Partnership’, which – believe it or not – assesses budget transparency and accountability. It compiles an ‘Open Budget Index’ on the basis of factors such as budget documents availability, and the effectiveness of oversight by legislatures and supreme audit institutions… Data from all these three aforementioned corruption indices – to the extent available — is amalgamated to produce the ‘Corruption Realities Index’…

Having ‘clarity of risk’ is essential for success (or, for averting failure) in international business development. When assessing business risk, do your homework before investing in a country. Otherwise, problems such as corruption, weak legal systems, inefficient enforcement policies, deliberately confusing or illegal accounting procedures and dysfunctional regulations can increase your costs of doing business or even thwart your efforts.

Learn what to expect before you commit resources: The “Opacity Index” aggregates information on these complex factors to help individuals and companies formulate strategies to protect themselves against the risks of globalization. They also offer a useful, contrarian perspective on a range of issues; for example, they may question the vogue for investing in Brazil, Russia, India and China, which are highly opaque countries, according to their index…

“It’s the same whether it’s a company, a country or a region, if the risk picture is unclear, capital is less likely to go where it’s needed.” ~Matt Feshbach