Half a billion (yes, that’s a “b”) users had their Yahoo accounts hacked in one of history’s biggest ever cyber-attacks, according to news reports last week. Security experts write that the threat landscape has grown increasingly complex, with attackers weaving together all sorts of malicious tools and gaining access through every imaginable entry point in a company. No company can ward off these threats unless they have a comprehensive, cross-organizational initiative that brings together multiple kinds of experts including not only the IT and security functions but also HR, manufacturing and logistics, public relations, legal, customer service, and others. It’s not surprise, therefore, that clients are asking (or perhaps more accurately: demanding) that their highly specialized professional advisers work across all sorts of boundaries in order to deliver an integrated approach to managing risks –not just cybersecurity, but numerous others like it that are not only increasingly complex and multidisciplinary, but also increasingly keeping executives awake at night.
Getting specialist experts to team up and integrate their knowledge to solve complex, sophisticated problems that none could tackle alone: that’s the definition of collaboration. And smart leaders are increasingly waking up to the fact that collaboration is not just a “nice to have,” but rather a business imperative for increasing profits, gaining competitive advantage, attracting the hottest talent… and now, as a way to prevent and manage enterprise risk. This post talks about two kinds of risk that are serious issues for today’s professional service firms: malpractice and financial implosion. First, collaboration gives firms greater oversight of their partners’ work, thereby reducing the potential for the kinds of misbehavior that some professional firms’ insurers put into the colorful categories of “dabblers,” “body snatchers,” and “lone wolves.” Second, collaboration across functions, hierarchies, and geographies is necessary to handle existential risks such financial demise.
A dabbler is someone who has a clearly defined area of expertise, but who, when a client brings up a problem outside that area, declines to search out a colleague with the relevant expertise, and instead says, “I think I could stretch just far enough to tackle that problem –by myself.” Think it doesn’t happen that often? Wrong! In the PSF arena, malpractice claims have skyrocketed in recent years. Why? As market pressures increase, some professionals start gaming the system. In an effort to maintain their personal edge and expand their marketability, they begin to promise solutions they can’t deliver. One study by the American Bar Association, for example, found that nearly half the malpractice claims were the result of substantive errors by the lawyers involved, rather than failed processes within the firm. The lawyers didn’t know the relevant law well enough, didn’t apply it well enough, failed to anticipate the implications of their advice, and so on. The kinds of mistakes are likely to be caught when the right expert is brought into the mix. “Mistakes have supplanted client misconduct and conflicts,” a contact at a professional firm’s insurer told me recently, “and the failure to collaborate is a key part of those claims.” Unfortunately, it’s not just the individual who’s on the hook, in such cases; it’s also the firm that is at risk.
The lone wolf is someone who keeps a client account exclusively under his own control, which is another kind of risky behavior. When no peers are allowed access to the account records or personnel, the risk of unauthorized activities increases dramatically. That’s the reason, for example, that both Europe’s banking authorities and the US Securities and Exchange Commission have recommended that banks require their traders to take two-week holidays, during which their colleagues would take over their books and ensure that all activity was above board. Ongoing collaboration, spread over time and across multiple team members, would enhance transparency even more.
Finally, body snatchers are people who try to supervise extensive amounts of work conducted by juniors in another department, rather than involve any of those subordinates’ own supervisors. Body snatchers are typically motivated by financial metrics that allow them to use lower-cost resources outside their own unit. Or perhaps their own resources are constrained. Or perhaps they know they can get away with abusive behavior (demanding extraordinary hours, say, or yelling, or failing to give credit) when the junior resides elsewhere. The risk, though, is that body snatchers have neither the expertise to conduct appropriate quality control nor the authority over the junior staff to handle issues through formal processes, such as performance reviews. By encouraging teams of partner-level peers to collaborate, firms can help to prevent the sorts of errors and abuse caused by body snatchers.
Deliberate malpractice in professional service firms is admittedly rare, but when it happens, it can be fatal. What can you do to protect yourself and your firm? Nothing can entirely eliminate these risks, of course. But having more informed eyes on the account—one natural by-product of collaboration—can certainly mitigate risks. A beneficial corollary of collaboration is, of course, the likelihood that your firm is better placed to help clients to handle their own complex risks and opportunities.
The second kind of risk that collaboration can help to prevent is financial melt-down. In his award-winning book Enterprise Risk Management: From Incentives to Controls, risk expert James Lam writes that the first principle of risk management is “Know Your Business.” Everyone, he argues, from the Board of Directors through to front-line employees should understand operational processes, key revenue and cost drivers, and exposure points. He cites convincing —and scary—cases of major organizations that have imploded when managers didn’t understand the nitty-gritty of their business well enough.
Can you honestly say that your partners clearly understand the link between, say, their write-off decisions, accounts receivables, associate utilization, and the practice group profitability? I doubt it, and here’s why: Most –yes, truly, most –of the senior leaders who come to executive education programs at Harvard confess that they didn’t truly understand some of the nuances that could ultimately put their financials at risk. So it’s not a large leap of imagination to realize that a large swath of your partnership is also making uninformed daily decisions that could ultimately lead to a cascade of profit-draining troubles.
Yet in most professional firms, the lines of defense against such financial disaster—people, tools, training—remain siloed in individual departments, offices, or practice groups. The group head is rarely chosen for his or her financial acumen; some (many?) seek a leadership role for the associated status, with little interest in learning core management processes like budgeting and forecasting. Also, many group leaders are unwilling to take time away from client opportunities in order to dig into individual partner’s accounts, so they don’t have a clear handle on risks being incurred. Furthermore, because their reputation is often linked to the unit’s growth, rather than profitability, they pay scant attention to the true bottom line and are dis-incentivized to widely report any problems they do notice or even ask for help from fellow department leaders across the firm. Department members who observe this laissez faire attitude toward risk might think it gives them license to become dabblers –or worse.
In some firms, the tools and data about risks are walled off from those on-the-ground professionals who need to know. One advisory to law firms wrote, “In my consulting practice I spend a lot of time reviewing practice group strategy and finances, and quite often I’m advised not to share these confidential data with partners (partners!) in these practices. It’s startling how many law firms still embrace a closed system in which many if not most of the partners are excluded from the financial operations of the firm.” Moreover, the people in professional service firms who do have information about risks and may be willing to share it are undervalued because they’re “staff” instead of client-facing professionals. True collaboration across this hierarchical divide is still shockingly rare.
In sum, firms need a more disciplined and collaborative approach to manage financial risk. They must put in place explicit processes to increase and integrate their partners’ knowledge about operational and client risks, and hold everyone accountable for acting on that knowledge. Given the sophistication of the threats at hand —cybersecurity perhaps top among them—it’s now more important than ever for professionals to collaborate across organizational silos to identify, prevent and mitigate enterprise risks. Before it’s too late.
*** What are the best practice examples of risk management in your firm, within and especially across different business units or locations? Do you have ways to develop professionals’ knowledge about risks (financial, operational, reputational, etc.), and to help them understand how their actions influence outcomes? Any examples of a time when you de-risked a situation or prevented a bad outcome by collaborating across siloes to identify the issue? ***
As ever in this Idea Space, please leave your comments below. If you have a sensitive or confidential example that you’d like to share, then please email me directly on hgardner@law.harvard.edu. This post is the initial foray into research on the links between collaboration and risk management. Please check out prior topics in the Archive section at right.
Last point: “Smart Collaboration: How Professionals and Their Firms Succeed by Breaking Down Silos” is now at the printers! It is available for pre-order on Amazon, and will be shipping later this autumn.