Here is the ultimate ‘shooting the messenger’ story. In October 1707, Admiral Sir Cloudesley Shovell, after twelve consecutive days lost in fog at sea, called on his navigators to put their heads together and decide where they were. The consensus placed the English fleet well clear of the treacherous rocks off the Scilly Isles. However, a lowly sailor on one of the ships had kept his own reckoning of the fleet’s location and was so convinced they were in danger that he dared to approach the admiral to make his concerns known. Unfortunately, subversive navigation by an inferior was, at the time, forbidden by the Royal Navy, so the admiral had the sailor hanged on the spot for mutiny. A short while later, the ships struck the rocks the sailor had warned about; four ships were lost and two thousand of Sir Cloudesley’s troops drowned.
I’m a non-executive director (NED) on the board of two different not-for-profit organisations and each year we go through a risk assessment exercise. We do our best to identify risks to the organisation, weigh up their seriousness, and make plans to mitigate those risks. The exercise always leaves me feeling uneasy, wondering whether, as a board, we know enough about the business and the risks that might be lurking unseen beneath the surface. I long for a brave whistleblower to burst into the room and tell us the way it really is. Of course, this never happens and, in the unlikely event that it did, would we listen?
Cass Business School recently brought out a report called Roads to ruin that studied 18 high profile corporate crises (including Arthur Anderson, BP, Enron, and Northern Rock) to see what could be learnt about major risk events. The report identifies seven key issues and four of them make uncomfortable reading for NEDs like me:
inadequate board skills and inability of NED members to exercise control blindness to inherent risks defective internal communications and information flow glass ceilings that prevent risk managers from addressing risks emanating from the top.
Every organisation has a built-in propensity to fail. Wouldn’t it be fascinating to know what the board of News International had on their risk assessment list? I bet whistleblowers don’t even get a mention.
Perhaps every organisation should ask itself, ‘What would a fearless whistleblower say about our processes and practices?’ And if your organisation had a fearless whistleblower, would you suppress what they had to say or would you listen?