Greg Carroll and Lee J Finniear argue that a blurring of the lines between risk culture and organisational culture can have a detrimental effect on good governance.
The real purpose of risk culture is to provide objective oversight against established biases. Therefore, an independent risk culture is as vital to good corporate governance as an independent judiciary is to good democratic government.
So how did such a reputational disaster occur in one of Europe’s most respected investigative magazines? In 1983, respected West German news magazine Stern published excerpts from what was purported to be the diaries of Adolf Hitler, for which Stern’s parent company Gruner & Jahr paid nine million German marks (equivalent to US$10 million in today’s dollars). The diaries were supposed to be part of a consignment of documents recovered from an aircraft crash in Dresden in April 1945.
The diaries had been collected in great secrecy over the course of more than 18 months. Three separate handwriting analyses, in Europe and the US, identified the writing as Hitler’s. However, Gruner & Jahr delayed forensic analysis for fear of leaks. Two historians, Hugh Trevor-Roper (Times Newspapers) and Gerhard Weinberg (Newsweek), were flown to Switzerland and shown a few diary volumes, along with a large archive of additional Hitler material salvaged from the plane crash. They subsequently authenticated the diaries before bidding for the serialisation rights. After the first instalment was published, Stern was forced to have the diaries independently forensically tested. This showed the paper and glue to be post 1952, while other historians pointed out glaring mistakes in times and places quoted in the text.
So how did such a reputational disaster occur in one of Europe’s most respected magazines?
First, due to Stern editors’ aversion to Hitler stories, the journalists involved went over their head to corporate executives who saw it as a marketing coup. The project was led by the then managing director of Gruner & Jahr, who was flattered to be approached directly by two distinguished journalists. He then passed it on to his 2IC who became his successor a short time later. The “top down” ball was rolling.
Due to the “scoop” mentality of the industry, knowledge of the diaries was limited to a select group of “need-to-knows”. They felt special to be included in the managing director’s inner circle and were not about to raise any concerns. With such a high powered group driving the issue, everyone subsequently brought in assumed it must be true. Finally, the legal department insisted on some verification. The siege mentality meant the journalists who sourced the story also organised the experts to verify the diaries, using material from their same source. Unfortunately, those respected journalists also stood to make a financial windfall from the diaries. The three experts concluded the extracts and calibration material (also forged) were from the same author without knowing it was supposed to be Hitler.
Finally, by the time Stern’s editorial (operational) management were involved, they were presented with a fait accompli, including proven background checks, material expert advice and a strategy of taking it to market, leaving them with little choice but follow orders.
A dominant managing director had instilled an exceptional top down organisational culture that had enabled Stern to rise out of the ashes of post-war Germany. Stern’s well forged common purpose, values and belief system created a clear focus on the outcome, while its attention to detail included the verification and background checks.
Our issue is that the above attributes are precisely the same as the “values, belief systems and sharing of common purpose” being pushed as essential elements of the new “risk culture” by some risk institutes. As can be seen by this case study, such a “new” risk culture would have had little effect on the Stern outcome.
On the other hand, had Stern implemented a traditional “devil’s advocate” risk culture concurrent and independent to its organisational culture, the forged diary extracts (and Stern’s reputation) would never have been splashed across the newsstands of Europe.
To be effective, risk culture must demand honest evaluation of situations untainted by beliefs and philosophical views. Such beliefs create decision biases that are the greatest threat to effective decision-making. So, while an empowering organisational culture is absolutely vital to success, without the counter balance of an independent risk culture this enthusiasm has the ability to drive the business right off a cliff.
The graveyard of corporate collapses is strewn with the results of misguided good intentions. For example, the Barings Bank collapse started when Nick Leeson attempted to cover a colleague’s mistake – that is, a common shared value. To maintain effective governance, we recommend boards and their executives:
- Create an empowering organisational culture.
- Create a separate, objective and unbiased risk culture that provides independent surveillance over the actions of the company.
- Require formal risk identification and risk management for all material investments, projects and operations.
- Monitor key risk indicators, with automatic, immediate escalation to the board if they are materially breached.
- Ensure that the organisational culture values and rewards honesty, openness and compliance, and protects whistle-blowers.
Already a member?
Login to view this content