Christian Blackwell: I am here today with John Davison and we want to explore some of the barriers to effective governance that I have been hearing about in discussions with some of our clients. The first theme is a lack of clear governance structure. Could you tell me a bit more about that?
John Davison: I think sometimes organisations tend to over complicate governance, you know multiple committees with unclearly defined terms of reference, which actually leads to a risk there that decisions are taken in the wrong place, decisions are made by different people on the same subject and that as an organisation people don't understand where the route for that decision making is. I think that links in also to the role of non-executive and executive in an organisation and in a senior manager regime world, actually it is going to be more important for all firms to clearly lineate this. In terms of making sure that people know what they are accountable for, if I was in an organisation I would look at my structure and say (a) do I have the right skilled people, (b) are they clear on what they are empowered to do and (c) do all of our committee terms of reference and structures clearly put borders and barriers around what each of those committees can and can’t do and how that impacts a broader organisation.
Christian Blackwell: Another theme that is coming out is the actual structure, companies say how we have got the structure but we are a little bit unclear about the data that we need to get to actually effectively discharge our governance responsibilities.
John Davison: Data is a minefield, for those who have been in the compliance industry or the risk industry for a long time, they will remember the ‘treating customers fairly initiative’ that generated a huge amount of data and I think all the way back in my career I rarely see an organisation that has really effectively restructured data. I think this leads to a number of potential risks, number one, you know management don't get all of the information to be able to make a decision, but actually a greater risk than that, is management getting data that is (a) incorrect or actually (b) doesn't tell the whole story. My career is kind of littered with experiences where I have seen management make decisions on something because they think the data is telling them something, but actually it doesn't tell them that, it tells them something else.
So for me it’s not only about quality of data, but it is about actually aggregating that data properly and actually making sure people understand what that data is telling them. So not only can they deal with the specific issue, but actually look at root cause, look at repetition and make broader commercial decisions based upon the data they are getting.
Christian Blackwell: How can we, as organisations, deal with the difference silos and different parts of the business providing the different data and the coordination between those?
John Davison: I think that comes back to what we said at the beginning, it is about mapping a route from where data is generated to how it gets to the top table and how that is aggregated together. What is also important which a lot of organisations miss, is that people tend to treat different data points in individual silos. And so it is a myriad of individual data points. Without anybody actually looking at the data as a whole and saying actually what are the consequences of some of our analysis on other parts of the agenda. There is a correlation between the second line of defence, risk and compliance information and business information - that collectively could point to a predictive risk, rather than looking individually at everything and dealing with each thing as a symptom.
Christian Blackwell: The theme of culture and the impact of that on governance, what is your experience of that? I know there is a lot of talk about culture and how it affects the performance of organisations.
John Davison: Culture is a very hard thing to design and culture and conduct means different things for different people. For me in this context, it is a couple of things, a bad culture will stop people raising issues, not raising issues mean things won't get escalated and ultimately it is counter-productive to an organisation.
Second I think people tend to dilute issues if they fall under pressure due to culture. Something that is quite material, actually gets downgraded, and is considered to be less important and therefore reaction isn’t taken at the right time to mitigate it.
I think more broadly though what is fundamentally important are things like whistleblowing and actually not just having a process but actually actively encourage whistleblowing, using the data, preventing any impacts on the people who make claims. An executive committee that deals with issues, analytics of data and actually takes whistleblowing seriously and deals with the root cause of whistleblowing claims, is an organisation much better placed to use the money they spend on providing the information in the first place.
Christian Blackwell: This is linked to the theme around the flow of management information from the actual grass roots of the organisation right up to the board.
John Davison: Yes, it is about making sure people understand what the escalation path is. Somebody at the front office to their supervisor to their manager. What is the escalation path? The other thing is making sure the different escalation routes work in concert, if you have a breach escalation, a whistleblowing, an incident and a risk process, it actually makes sure that all of the issues come together and find a way to the top without aggregating to such a degree that my phrase would be “everything comes amber”. I think it is about looking at individual matters on their merits, looking at themes and finding a way to pull the escalation routes together.