You're reading...


The profession that knows it all

The theme which underpins Clouds of Vagueness is the inherent difficulty of mastering an uncertain future and the inadequacy of our standard risk management techniques to help with this.  So I was delighted to see the paper by Michael Power of the LSE in the journal Accounting, Organisations and Society, with the provocative title The risk management of nothing which

challenges core elements of ERM and suggests that an impoverished conception of ‘risk appetite’ is part of the ‘intellectual failure’ at the heart of the financial crisis.

Right on!  However, I was brought to a dead stop when I saw that Power thinks that business continuity  may provide clues about how risk management may be reconstructed.  Up to a point, my lord!

Power produces a critique of ERM and risk appetite which is very similar to ours:

  • excessive focus on ‘risk to objectives’
  • insufficient imagination in identifying what can go wrong and how it might play out
  • excessive reliance on risk estimates as if they were ‘accurate’
  • excessive reliance on a very artificial or naive process which is actually virtually impossible to embed
  • excessive reliance on process auditing, and regulation generally.

But he makes one contention which I think is dubious: the financial system relied on ERM to manage its risks and avoid disaster.

Now I’m not a financial person but I’m dubious about the idea that the banks were relying on risk registers, PIDs and the like to control risks.  Actually they operated, and sought reassurance, using inadequate quantitative models as highlighted by Nassim Nicholas Taleb and others (see this post for more).  In the circles I move in, ERM is regarded as something of a joke, a marketing slogan employed to sell software and expensive management consulting.  But this does not detract from the larger ideals of comprehensive organisational risk management that we aspire to.  What we have to do is tackle the five problem bullet points above.

Power focusses on ‘risk appetite’ as a useful phrase to discuss how organisations decide what risks to take.  I have argued that the phrase itself is unhelpful and certainly Power gets led into some ugly neologisms when he talks about ‘conceptualising risk appetising as a process’ and the ‘entityhood’ of an organisation.  His view is that we should not regard organisations as single ‘enterprising selves’, but that instead we need to understand their internal workings to see how decisions, including those about risk, get taken.  I’m enough of a control freak that I’m not yet ready to accept that we should work with a self managing organism view of the organisation to deal with risk.  But I do believe we need to differentiate the descriptive and normative perspective, as I’ve said elsewhere in Clouds of Vagueness.  What’s more, in future I shall appeal to my inner Presbyterian to think it possible he may be mistaken.

‘All is not lost,’ says Power.  Business continuity management is:

  • a hybrid field
  • a practice areas where interconnectivity risks are central, including outside the organisation
  • originated outside accounting (!).

This might seem rather a flimsy basis on which to put our faith.  Don’t we think that risk management is interdisciplinary?  Don’t we recognise that risks are wide-ranging in their cause and effect?  Don’t we know that accountants are the true villains?  But it is true that in an unknowably uncertain world it makes sense to concetrate on agility and resilience as the BCM people love to tell us. 

And I turn to Power to administer a final kick in the ribs to the beancounters:

The problem goes much deeper: no less than an accounting style of knowing and a logic of auditability are responsible for restricting the development of a risk management which might have done a better job.

This is just a rather ugly reformulation of the quotation which inspires Clouds of Vagueness.  Accountants just don’t get it.

Print Friendly