Slide 1

Professor Michael Mainelli, Executive Chairman, The Z/Yen Group

[An edited version of this article first appeared as "When Risk Pays Off", Financial Services Review, Number 76,  Association of Chartered Certified Accountants (December 2005) pages 8-9.]

How Not to Choose in a Big Organisation

One of the great 21st century problems is the increasing arteriosclerosis of our large organisations. Whether it is a large public company or a large government department we seem unable to get it to move forward in any direction, or take responsibility for its lack of direction. As Geoffrey Howe attributed to Douglas Hurd, “inertia can develop its own momentum.” Truly, the 21st century organisation seems to have a new biology and a new physics.

The underlying cause of this inertia is that the risk/reward equation is out of kilter. A flood of regulations and social expectations are swamping organisations. Public companies can reel off initiatives they are expected to meet from new, hard laws on corporate criminality or Sarbanes-Oxley, through to regulations from myriad government departments such as the DTI on OFR (Operating and Financial Review), to stock exchange listing requirements, to initiatives such as Corporate Social Responsibility or the Mercator Principles. We, as a society, dream that all of our organisations can move into Lah-Lah Land – huge benefits for us with no risk. For a richer discussion, see Ulrich Beck’s work on our transition from a society that is concerned about the distribution of wealth to one concerned about the distribution of risk [Beck, 1992]. Despite increasing acceptance of asymmetric reward, success taken at great risk doesn’t feel any better correlated with great reward, witness current debates over government cronies or corporate fat cats.

It is sometimes difficult to believe we actually live in a capitalist society. So much of the economy is government, the safety nets for citizens are ubiquitous and we constantly cry “their oughta be a law” or regulation whenever anything goes wrong. At the same time, our organisational controls are primitive. We use command and control structures for most of our big organisations. When at risk or in doubt we remove choice from managers by setting out policies or procedures that constrain their ability to act. A large multi-national can seem more like a Soviet centrally-planned economy than an active member of liberal capitalism. We have five year plans and copious bureaucracy. We try to ‘institutionalise’ innovation while at the same time sending our managers on courses to ‘empower’ them. Don’t even start to think about government management methods and their Soviet style targets. Despite the ‘seizing up’ of our large organisations, we as a society seem to want even more governance, policies, laws and regulations.

The Ungovernable In Full Pursuit Of The Unriskable

To paraphrase Oscar Wilde on foxhunting is to point out that our large organisations are trying to hunt risk into oblivion. But ‘eliminating risk’ is not a fox hunt, it is a pointless wild goose chase. Risk cannot be eliminated from a large organisation. While government departments can be characterised as “political risk minimisation machines for ministers” rather than entities that need to achieve, commercial organisations need to balance risk with appropriate, excess reward – or go bust. The necessity of making profit in a world of increasing governance and compliance is leading to some very interesting changes in the way we measure and the way we manage large organisations, lessons of interest to large commercial and governmental organisations alike.

Governance can be defined as “the act, manner or functioning of the rules, guidance and controls which determine a course of actions through an intended or emergent system of processes.” [Vagneur, 2005]. Of course, “an intended or emergent system of processes” is also a traditional exposition of the two schools of strategy – the intended, a la Porter or Ansoff, and the emergent, a la Mintzberg. So our governance challenge consists of, at the very least, (1) aligning governance with markets, and (2) aligning governance with strategy. What are large organisations doing to accomplish this? Well, they are experimenting with new ways of managing.

Three types of activities improve organisational performance and need to be measured – risk avoidance, reward enhancement and volatility reduction [Harris, Mainelli & O’Callaghan, 2002]. Risk avoidance activities reduce large exposures, e.g. continuity planning, insurance or legal compliance activities. Reward enhancement activities are often normal management projects to increase performance such as marketing, training, cost reduction or improved production. Volatility reduction is subtle. Activities that reduce volatility or improve consistent delivery add measurable value. In a listed company, volatility reduction can be estimated and the value calculated. One study showed that UK companies in the lowest quintile of profit volatility over the past 30 years have enjoyed a 17% premium in market capitalisation [Mainelli, 2004]. A focus on volatility reduction leads to new ways of looking at how we measure the value of risk management. Not only do we have governance systems to avoid disasters, we can use governance systems to ensure that our variance from goals is minimised, and the consequent volatility reduction will benefit shareholders. A variant of this argument also applies to public sector organisations [Mainelli and Harris, 2004].

Enterprise Risk/Reward Management

The biggest new technique is to price risk at the managerial level. By giving each manager a ‘premium’ for the risks they face, accompanied by ‘insurance’ of their bonus-influencing results, we can bring market prices back into organisations. These internal insurance systems are emerging in numerous multi-national under a variety of names, which Z/Yen terms “enterprise risk/reward management” systems (ER/RM systems) [Mainelli, 2003]. ER/RM systems are not “enterprise risk” systems, which are typically taxonomies of corporate risks and responsibilities, nor are they “enterprise reward” systems such as performance-related pay. ER/RM systems help managers to make decisions such as “should I really devote three man-years to paperwork or cut paperwork corners for profit”.

ER/RM systems work by having a central unit, frequently emerging from finance, that helps the organisation price risk internally. ER/RM units often start from recognition that the organisation cannot insure everything, so some limits are placed on what’s insurable and what the organisation will bear, e.g. take an excess of £50,000 on fire damage. Typically, some fancy financial planning means that an internal insurance unit, albeit small, emerges to handle corporate captive insurers and charge these costs back to the business units. Finally someone realises that we really have an internal insurance company that can evaluate and insure our real corporate risks, which may involve things such as meeting customer quality expectations or avoiding political risk or aligning managers with governance rules.

The essence of enterprise risk/reward management is that organizations change culture by changing choices make day-to-day in order to maximise their remuneration. ER/RM systems use internal risk markets to share knowledge by altering charges, through:

  • strategic risk valuation: encouraging the organisation to look at all its risks, not just financial ones, and forcing the board to see total risk and initiative costs;

  • internal “premia” and “claims” management: showing line managers the financial implications of risks by implicitly altering capital charges and project evaluations, while also reducing external insurance costs, often by 25%;

  • notifications and investigations: actively reporting and investigating near misses and incidents in order to learn;

  • sharing best practice: using information on risks gained from notifications and investigations and comparisons which permit line managers to learn from each other;

  • external comparators: providing comparative information on risk management from links with external markets, e.g. reinsurers, rating agencies, benchmarking databases;

  • fewer crises: overall corporate volatility and exposure should be reduced.

One large telecommunications firm began measuring internal perceptions of concerns against external stakeholder sentiment (e.g. growing the data market while protecting the vulnerable), identifying conflicting stakeholder expectations (e.g. safe but cheap mobile phones), weighing the aims of stakeholders, and setting out mitigation strategies (e.g. changes to sourcing or encouraging industry-wide activism). When the firm realised the immense value of perceived volatility reduction, it was able to increase its pursuit of safer network provision at higher cost knowing that it nevertheless was adding to shareholder worth and protecting brand value. Volatility reduction, rather than risk minimisation, focused on the critical issues, gave measures that prioritised “the biggest bang for each risk mitigation buck” and provided a framework for reviewing progress on risks.

Vorsprung Durch Accountants

Advance through enterprise risk/reward technology depends on accountants. Accountants have large roles in ER/RM systems. Accountants provide the numbers; accountants frequently manage the corporate risk vehicles and captives; accountants develop the statistical ‘proof’ that key risk indicators (KRIs) are ‘key’ by correlating KRIs with incidents and losses; accountants demonstrate internal volatility using activity-based costing; accountants value volatility using financial analysis of capital markets and risk/reward options. In fact, accountants are uniquely qualified to bring governance back into alignment with markets and strategies through ER/RM systems.


[1] Ulrich Beck, Risk Society: Towards A New Modernity, (Mark Ritter, translator) Sage Publications, 1992.

[2] Ian Harris, Michael Mainelli and Mary O’Callaghan, “Evidence of Worth in Not-for-Profit Sector Organisations”, Journal of Strategic Change, Volume 11, Number 8, pages 399-410, John Wiley & Sons (December 2002).

[3] Michael Mainelli and Ian Harris, “Risks, Rewards and Reliability” (debate “Public and Private Sectors: Who’s Learning from Whom?”), European Business Forum, Issue 18, pages 10-13, Community of European Management Schools and PricewaterhouseCoopers (Summer 2004).

[4] Michael Mainelli, “The Consequences of Choice” (enterprise risk/reward management systems), European Business Forum, Issue 13, pages 23-26, Community of European Management Schools and PricewaterhouseCoopers (Spring 2003).

[5] Michael Mainelli, “Ethical Volatility: How CSR Ratings and Returns Might Be Changing the World of Risk”, Balance Sheet, The Michael Mainelli Column, Volume 12, Number 1, pages 42-45, Emerald Group Publishing Limited (January 2004).

[6] Dr Kathryn Vagneur, Corporate Governance, Pearson Education: Edinburgh Business School Heriot-Watt University (2005), ISBN: 0273 675923, 568 pages.


I would like to thank Adrian Berendt for encouraging me to develop these ideas.

Professor Michael Mainelli, PhD FCCA FIC CMC MBCS CITP MSI MEI, originally did aerospace and computing research followed by seven years as a partner in a large international accountancy practice before a spell as Corporate Development Director of Europe’s largest R&D organisation, the UK’s Defence Evaluation and Research Agency, and becoming a director of Z/Yen (This email address is being protected from spambots. You need JavaScript enabled to view it.). Z/Yen was awarded a DTI Smart Award 2003 for its risk/reward prediction engine, PropheZy, while Michael was awarded IT Director of the Year 2004/2005 by the British Computer Society for Z/Yen’s work on PropheZy. Michael is Mercers’ School Memorial Professor of Commerce at Gresham College.

Michael’s humorous risk/reward management novel, “Clean Business Cuisine: Now and Z/Yen”, written with Ian Harris, was published in 2000; it was a Sunday Times Book of the Week; Accountancy Age described it as “surprisingly funny considering it is written by a couple of accountants”.

Z/Yen Limited is a risk/reward management firm helping organisations make better choices. Z/Yen undertakes strategy, finance, systems, marketing and intelligence projects in a wide variety of fields (, such as developing an award-winning risk/reward prediction engine, helping a global charity win a good governance award or benchmarking transaction costs across global investment banks.

Z/Yen Limited, 5-7 St Helen’s Place, London EC3A 6AU, United Kingdom; tel: +44 (0) 20-7562-9562.