Page 1

Excellence in Leadership

Issue 1 | 2013 | £12

Jürg Trüb, of Swiss Re Corporate Solutions, on the relationship between risk and innovation Peter Harris, co-founder, Hotel Chocolat, on creating genuine business partners

Excellence in Leadership

Jean-Marc Huët, CFO of Unilever, explains that all businesses must innovate to thrive Tom Delay, chief executive of the Carbon Trust, on the threat of a resource shortage George Connell, vice president of strategy at Shell, on how the energy giant is a model for successful shared services John Ludlow, head of risk at InterContinental Hotels Group, on managing risk and innovation

Risk and innovation



ISSUE 1 2013

Strategies for harnessing risk and innovation in your organisation


Excellence in Leadership | Issue 1, 2013


Cover image: Franck Allais. This page, illustration: Masao Yamazaki/Dutch Uncle


Risk and innovation

his year, the annual review produced by management of resources can lead to new commercial CIMA has a very different look and feel. opportunities and thriving businesses. He gives five pointers The reason for this change is the to help businesses kick-start the process and avoid the threat institute’s decision to introduce the of a resource crunch (p34). concept of integrated reporting. Resource management is just one of many challenges Traditional annual reports generally facing businesses in an increasingly fast-moving world. provide a one-dimensional view of a Insurance giant Aon sets out the biggest risks facing finance company’s identity – an overview of its teams (p30). These include cybercrime and pension deficits. financial performance. In contrast, integrated reporting Meanwhile, Cedric Lenoire, manager of business risk provides a more three-dimensional view with a clear line of consulting at insurance experts FM Global, outlines which sight to an organisation’s business model and how it creates sectors are most at risk from natural catastrophes value in the long term. (p32) and Donald Stewart, FD of DAF Trucks Brazil, One of the most important facets of integrated reporting is describes how his business mitigates political risk as it highlighting how a company is dealing with its risks and moves into new markets (p36). opportunities. For many years, risk and innovation were On the subject of cybercrime, business journalist Neil viewed as mutually exclusive. Today, the corporate world Hodge looks into the UK government’s four-year Cyber has woken up to the fact that they are two sides of the same Security Strategy and notes that many businesses around coin: careful mitigation of risk can the world still need to become more result in positive and, above all, savvy about cybercrime (p42). ‘One of the most important facets of Running alongside this theme, productive, opportunities. integrated reporting is highlighting CIMA’s head of ethics, Tanya In this issue, we look at organisations that have gone to great how a company is dealing with its Barman, looks at anti-bribery lengths to understand the risk and regulations being used in the risks and opportunities’ innovation factors that will put them battle against organised corruption on the road to sustainable business (p52) while CIMA’s head of success. We start by asking three finance leaders at the cutting corporate governance, Gillian Lees, outlines the institute’s edge of their particular fields to give us an insider’s view. current work on risk governance, which aims to develop James Varga, CEO of online identity-checking service practical guidance to help boards oversee the risk agenda miiCard, venture capitalist Tom Bullock and Jürg Trüb, head more effectively. of environmental and commodity markets at Swiss Re I very much hope that this issue of Excellence in Corporate Solutions, reveal how they go about the task of Leadership provides a more three-dimensional view of the de-risking innovation (p8). role that robust risk and innovation strategies can play in To get a clearer idea of how both risk and innovation can be developing business value – and a sharper focus on how harnessed in the longer term, two business experts share their these strategies can contribute to creating long-term, insights with us. John Ludlow, senior vice president and head sustainable success. of global risk management at the InterContinental Hotels Group, reveals that his secret to creating a risk-resilient organisation is thinking from the stakeholders’ perspective Charles Tilley, and having a strong customer-facing staff culture (p14), while chief executive, Jean-Marc Huët, CFO of Unilever, explains how the company CIMA goes about “maxing the mix” of innovation methods. A recent report by the World Wildlife Fund warned that mankind is extracting natural resources more than 50 per cent faster than they can be regenerated. Tom Delay, chief executive of the UK’s Carbon Trust, outlines how good

Excellence in Leadership is the official publication of CIMAplus. For more information visit:


Excellence in Leadership | Issue 1, 2013

CONTENTS Entering new territories How to manage the political risks of entering an unknown market p36

Cyber response How governments and industry must tackle cybercrime together p42

Avoiding ‘nat cats’ Which industries are most at risk from natural catastrophes? p32 3 Foreword 6 Vital statistics 8 Risk and innovation James Varga, CEO of miiCard, venture capitalist Tim Bullock, and Jürg Trüb, head of environmental and commodity markets at Swiss Re Corporate Solutions, explore whether risk and innovation are joined at the hips of their businesses 14 The big interview John Ludlow, head of risk at InterContinental Hotels Group, on how the hotels giant manages risk and innovation in its business 20 Innovate to thrive Jean-Marc Huët, CFO of Unilever, explains that organisations must innovate across the board if they are to

24 Model of excellence How energy giant Shell spent a decade overhauling its shared services centres to become a global bestpractice model

34 Resource shortages Tom Delay, chief executive of the UK’s Carbon Trust, suggests businesses must learn from sustainability champions such as B&Q, Puma and M&S, and adapt their business models to avoid the consequences of resource shortages

30 Top global risks facing your business Insurer Aon sets out the biggest risks facing finance teams over the coming 12 months

36 Dangerous liaisons Firms looking to expand into new markets must assess and manage a variety of political risks. Tim Cooper asks the experts how it can be done

32 Avoiding the ‘nat cats’ As supply chains grow evermore complex and global, they face a greater threat from unpredictable natural catastrophes. But which are most at risk?

42 Cyber threats More money is being invested in the fight against cyber attacks, but real progress will only be made when governments and industry dovetail their efforts

thrive in the current economic environment 23 Get involved with CIMA

48 Risk governance The role of risk governance in managing risk and innovation 52 Rooting out corruption Tanya Barman, head of ethics at CIMA, examines whether firms are doing enough to protect themselves against the risks of corruption 54 New business partners The skills the business partners of tomorrow will require to be successful 56 Making it work Arif Kamal, FD of GL Hearn, Vicky Godliman, FD at Trustmarque Solutions, and Peter Harris, co-founder of Hotel Chocolat, on effective businesses partnering 65 Next issue 66 CIMA directory

Editorial advisory board Malinga Arsakularatne chief financial officer, Hemas Holdings

Bogi Nils Bogason chief financial officer, Icelandair Group

George Riding chief financial officer, Middle East and north Africa, SAP

Jeff van der Eems chief financial officer, United Biscuits

David Blackwood group finance director, Yule Catto & Co

Kai Peters chief executive, Ashridge Business School

Arul Sivagananathan managing director, Hayleys BSI

Jennice Zhu finance director, Unilever China

6 Excellence in Leadership | Issue 1, 2013


CIMA is the Chartered Institute of Management Accountants 26 Chapter Street, London SW1P 4NP 020 7663 5441 CIMA contact: Learning and development specialist Gillian Butler Email: gillian.butler

Risks & opportunities

Risk of volatility

The top 10 risks and opportunities facing business in 2013.

CIMA/AICPA survey of more than 1,300 members on how economic crises affect long-term business planning:





of finance chiefs expect higher US interest rates

of finance chiefs believe the ongoing US debt crisis will ultimately push the global economy towards recession

70% 60%

anticipate a weaker dollar

of finance chiefs believe businesses are too sensitive to economic crises


agreed that their organisation must seek new ways to be resilient and less susceptible to macro-economic volatility Source: CIMA/AICPA Pulse Survey 2013

Excellence in Leadership is published for CIMA by Seven, 3-7 Herbal Hill, London EC1R 5EJ. Tel: 020 7775 7775. Group editor Jon Watkins Group art director Simon Campbell Junior designer Josh Farley Senior sub editors Graeme Allen Darren Barrett Deputy chief sub Christina Ryder Chief sub editor Steve McCubbin Picture editor Louise Fenerci Picture researcher Alex Ridley Editorial director Peter Dean Managing director Jessica Gibson Creative director Michael Booth Production manager Mike Doukanaris Group publishing director Rachael Stilwell Account director Lisa Mills Global sales director Hilton Young Advertising manager Philippa Mathers Email: philippa.mathers@ Tel: 020 7775 5717 Chief executive Sean King Chairman Tim Trotter © Seven © CIMA Cover artwork Frank Allais The contents of this publication are subject to worldwide copyright protection and reproduction in whole or in part, whether mechanical or electronic, is expressly forbidden without the prior written consent of CIMA/Seven. All rights reserved.

Origination by Altaimage London. Printed in the UK by Wyndeham Press Group.

The products and service advertised in Excellence in Leadership are not necessarily endorsed by or connected in any way with CIMA. The editorial opinions expressed in the publication are those of the individual authors and not necessarily those of CIMA or Seven. While every effort has been made to ensure the accuracy of the information in this publication, neither Seven nor CIMA accepts responsibility for errors or omissions.


Risk and innovation For many years, risk and innovation were viewed by businesses as mutually exclusive. Today, businesses have woken up to the fact that they are partners, driving one another. Anthony Harrington asks James Varga, CEO of miiCard, venture capitalist Tim Bullock, and J端rg Tr端b, head of environmental and commodity markets at Swiss Re Corporate Solutions, whether risk and innovation are joined at the hips of their businesses


Excellence in Leadership | Issue 1, 2013

Photography: Getty Images

James Varga

CEO of miiCard, an online identity checking service Anyone involved in a start-up technology company almost by definition has to be engaged in bringing an innovative product or service to market, and as such they have to shoulder the risks that go with innovation. James Varga, the CEO of miiCard, an online identity checking service that looks like massively enhancing the trust people can place in the identity of those they are dealing with online, has had to think long and hard about the interrelated nature of risk and innovation. “It seems clear to me that if you set out to completely eliminate risk from what you are doing you would leave no room for innovation at all,” he says. In a start-up world, or where you are setting out to try to create destructive technologies – that is, technologies that completely alter the game for all the players in the market, removing or attacking the privileged position of the current market leaders in that field – huge risks are an inherent part of what you are doing. “From a personal point of view I’m a bit of a start-up junkie, having done this a few times. I find it exhilarating, so long as I can compartmentalise and manage most of the risks involved in a start-up. You have to balance the pros and cons and round out the corners, as it were, so that nothing pops your balloon,” he says. For Varga, what will help to de-risk innovation for a venture capitalist looking to back pioneering new plays is a strong proposition, allied to a clear commercial model. “Venture capitalists look to see if the product or service in question really does have a clear, addressable market. Is the market large enough? Does the commercial opportunity look sound? These are all straightforward questions, but they are also things that so many start-ups do not think through clearly enough. They get caught up with their own view of the product and they simply do not address risks that are plain to potential investors,” Varga says. He points out that many start-ups actually launch with products or services in which the innovative content is considerably less than the gloss the hopeful entrepreneurs put on their venture. “These tend to be lower risk opportunities, but with considerably lower commercial potential and very little by way of a real defence for the product once it hits the market and gets

exposed to competition, as opposed to being a mediumrisk venture with really innovative content that is hard for third parties to replicate. Clearly, the biggest opportunities lie with the real game-changing plays that bring transformative new technology to the market, but these are also extremely high-risk plays and require skilled management to execute successfully,” he says. Varga makes the point that, in some instances, the scale of the risk will be so large that an entire industry will shy away for years from fully exploring an avenue that many in the industry know to be attractive. The electric car is an obvious case in point, he says. In itself, the electric car is a huge game changer, but the risks to the auto industry were perceived as so high that the project was kyboshed for some 50 years. It is only now, when the cost of hydrocarbon-based fuel has reached levels that would have seemed fantastical 50 years ago, that electric cars are being seen as a lower risk proposition and are starting to change the dynamics of the auto industry. Varga sees his own company as being in the same disruptive space as electric vehicles. “Online identity checking is instant and does away at a stroke with much of the need for credit reference agencies, so it threatens their long-term viability. Banks do not have to halt an online loan enquiry, for example, in order to verify the identity and check the references of the applicant since the online identity check gives them all that information instantly in a secure, encrypted fashion. “We see similar transformations going on with consumer-centric payment solutions, such as Square and PayPal, which are posing real challenges to the traditional credit card companies, such as Visa and Mastercard,” he says. Varga points out that m-Pesa, the mobile payments system in Kenya, is even more radical and disruptive, since the user does not need a bank account, only a mobile phone and to be registered with Safaricom, Kenya’s mobile telephony giant. Using the mobile phone, users can pay for everything from a chocolate bar to their rent. This brings up another dimension of risk and innovation, he notes. Companies that do not innovate at all may avoid the risks associated with innovation, but they are wide open to massive risk from a different direction, namely that some wholly disruptive technology will suddenly roar over the horizon and completely undermine the appeal of the incumbent’s »


Varga is the founder and CEO of miiCard and a serial entrepreneur. He was previously COO of Beblu.


well-established and well-oiled business model. A somewhat different take on risk and innovation, Varga suggests, emerges when the patent process goes too far in protecting a new, disruptive technology, so that all competition is effectively frozen out. “The BBC had an excellent series on technology recently, which highlighted the consequences of one of the early inventors of the steam engine being granted a patent that was sweeping enough to block all further developments in steam engines for 50 years. In effect, this delayed the Industrial Revolution by half a century,” says Varga. “Patents should give inventors first-mover advantage, but they shouldn’t be a barrier to further innovation. However, patents are essential to help de-risk innovation by enabling the originators to obtain a real commercial advantage from their invention. This helps funding, since investors can be confident in their possession of the invention, and as such patents and intellectual property protection smooths the road for innovation generally.”

Tim Bullock

Venture capitalist, New Wave Ventures Tim Bullock is co-founder of the private investment firm New Wave Ventures, which was launched in 2010. The firm’s philosophy is to invest for longterm growth, which gives it a buy-and-hold mentality, and it is increasingly looking to invest in start-ups. Many would see that as a high-risk approach, but Bullock has a different take on it. “One of the real problems you have with any long-established company is that you simply do not know, at the outset, where all the bodies are buried. There can be any number of unpleasant surprises that will emerge gradually over time, from badly formulated or outright disastrous joint ventures or third-party arrangements to some cartel-like activity that is going to attract crushing fines from the Competition Commission, or from Brussels,” he says. For him, then, out-and-out innovation from a start-up is a much more clearly defined proposition, and as such is rather lower risk than investing in a proven, large and highly complex operation.

Obviously, the quality of the management team is a key factor that determines the overall risk level of any project. Bullock rates the management team’s contribution even more highly than he rates innovation as a critical success factor. “Our mantra is that we would rather back the A team with a B product than the B team with an A product. We have seen good projects struggle in the past with a B quality management team that just could not grapple successfully with the issues that they were facing,” he says. New Wave Ventures tends to divide management teams into two different classes of entrepreneur – the “invent-epreneur” and the “exec-epreneur”. Bullock says that he would rather deal with the latter than the former. “The ‘invent-epreneur’ we see as someone who has had a light bulb-type moment, a great idea that they have then dedicated their lives to achieving,” he says. “The idea might be good, but this category of entrepreneur is usually extremely difficult to work with, so the execution risk that they bring with them tends to be excessive.” The problem with the inventor-entrepreneur is that they tend to be fixated on their invention and very closed-minded about how to go about commercialising that idea. The “exec-epreneur” or executive-entrepreneur, on the other hand, has usually had a life in a large organisation and understands project management, and probably also has excellent project management skills. They also tend to be accustomed to cash management disciplines and are more used to being challenged and taking on board and responding to other people’s opinions. “In my view, the popular stereotype of the entrepreneur as a risk-taker is a myth. Successful entrepreneurs almost always have a very good understanding of risk and either eliminate it altogether or else work hard at managing it very carefully. It is the depth of their understanding of the issues involved that mitigates the risk,” he says. He and his colleagues divide risks into market risk (is this a product for which there is a ready market?); novelty risk (is this product truly innovative?); and execution risk, already mentioned. Market risk, for him, means not taking on brilliant »


Excellence in Leadership | Issue 1, 2013


Bullock previously spent 26 years in banking and finance with Barclays, NatWest and Lombard, and was MD at Lloyds for 14 years.

inventions that people do not yet realise that they have a need for. He expects management to be able to name and have the telephone numbers of their major prospects. “If you can’t name your early buyers, that implies huge risk for us,” he says. The company should also have a good grasp of the price point that its new target market is likely to find acceptable. Novelty risk, once you can see that the product really is innovative, is all about seeing that the management team is not infringing someone else’s patent rights with their invention. “The real danger is that you find out that the chief technical officer or chief scientist was previously working for a company that you discover has a legitimate prior claim on that person’s research. So we really want to be sure that there is not a risk that the product infringes someone else’s patent, and that the product is defensible and has the proper IP protections in place,” Bullock says. In the context of a start-up, innovation can mean many things, he points out. It need not entail some wonderfully clever new invention. It could simply be a novel business model that uses off-the-shelf, readily available technology to achieve its aims. “What becomes obvious when you work with smallto medium-sized enterprises is that they really are so much more nimble than big corporates,” Bullock says. “Their huge competitors tend not to be alert enough to opportunity and not fast enough to seize the moment, so there will always be a way forward for energetic start-ups.” However, when the business model looks great and has an appealing simplicity about it you are immediately faced with execution risk. Does the current management team have the know-how and the discipline to make it happen? “Do they address the key questions early enough and knock them on the head before they emerge as real make-or-break issues? Does the

Viewpoint: Jürg Trüb, head of environmental and commodity markets at Swiss Re Corporate Solutions In 2012, the global reinsurance specialist Swiss Re was awarded the Weather Risk Management Transaction of the Year by Environmental Finance magazine for structuring the first precipitation index insurance solution in China. The client was Guangdong Meiyan Hydropower, which is listed on the Shanghai stock exchange and operates five hydroelectric stations in Guangdong province. The problem that hydroelectric companies face is that drought can lead to significant reductions in power output and hence to significant losses. Drought had precisely this effect on the power production of the hydropower companies in southwest China in the winter of 2009 and the spring of 2010, with some companies seeing a reduction of more than 50 per cent of their power output. In the past, there was no risk transfer solution available and companies simply had to shoulder that risk themselves. This was the problem that Swiss Re identified and set out to solve. Swiss Re has considerable experience in bringing new and innovative products to market. Catastrophe insurance was one example and the ground-breaking precipitation index product is another. What are the risks in bringing new forms of insurance to the market and how do you limit the scale of those risks while setting reasonable profit targets? One of the largest risks is that there is no obvious demand for new products in the market. We therefore work intensively with potential clients to design products to their specific needs. Apart from that, there are the obvious challenges of getting enough risk information to adequately assess and price risks. With 150 years of experience, we have accumulated such an amount of technical expertise that I would consider the technical challenges of new product developments as less important. One of the problems with limiting risk by reference to what has happened in the past is becoming confident in the predictive power of past results as an indicator of future probabilities. How is that problem addressed?


Excellence in Leadership | Issue 1, 2013

That is indeed a challenge. However, we try to collect as much risk information as possible. To provide weather insurance, for example, we collect daily time series of temperature and precipitation etc. We also look into trends, seasonality and, if available, even into weather forecasts to price risks, thus accounting for increasingly warmer temperatures or changes in rainfall variability. Insurance is always a cost/benefit analysis, but different clients will take different views on where to draw the line between what “works” for them and what doesn’t. How does that level of subjectivity get integrated into a coherent business plan from the insurance provider’s point of view? Insurance is always priced in a way that premium income has a strong probability of being higher than expected losses, otherwise insurance companies wouldn’t be profitable. Hence the added value of insurance is in reducing the financial volatility exposure of our clients. This, in turn, helps them to get better access to finance for their operations. We show clients how their financial volatility is reduced by our products and what benefits this can have for their weighted average cost of capital, or how insurance can help them to get access to credit. For a new product to make its way successfully in the market without creating huge losses for the insurance company, there has to be good perceived benefit from the client’s point of view and a reasonable chance for profit from the insurance underwriter’s point of view. How does that work in terms of the water insurance product? As mentioned above, to successfully launch a new product it is important to understand the client’s motivation. For example, in China many hydropower producers are smaller-sized and hydropower companies need bank credits to finance their upfront investment for constructing the plant. Having an insurance cover that guarantees a minimum level of income and cash flow during a bad hydrological year is extremely helpful to the company when it comes to getting access to credit or negotiating better terms for credit. That’s another added value of insurance. Both the insured and the insurer usually know that premiums are a bit higher than expected losses. However, they are willing to transact because with insurance they can guarantee the long-term sustainable profit of their operations.

management team have sufficient experience to draw on – have they done this before?” Bullock asks. Since its inception, New Wave Ventures has made 12 investments. “There is not a lot of due diligence to look at with a start-up so you focus on technical due diligence, on the science underlying the product. However, this is a lot easier and a lot less risky than looking at a wellestablished company, as we said. When we have looked at investing in well-established companies, all too often our due diligence has revealed skeletons and we have run away in horror.” Two of the start-ups New Wave has backed are Discova Ltd, an anti-biotic drug discovery company, which, according to Bullock, “pushes the boundaries of using genetic sequencing to understand the role of individual genes within a bacterium so that they can be selectively attacked”. The second is CambTEK, which pioneered an instrument for dissolving pills to prepare samples for testing. Both teams had a track record of developing on time and to budget with very high-level engagement with potential customers. As such, Bullock says they ticked all New Wave’s boxes and made the partners feel comfortable that the risk/reward ratio was solid. “What these companies illustrate is another myth. Whenever you talk to venture capitalists they always tell you that things took longer and cost more than everyone expected. However, these two companies did everything on or ahead of time and to or below budget. So financial risk, which is something we take very seriously, was answered in the best possible way.” • Visit the CGMA Risk and Innovation spotlight:



Excellence in Leadership | Issue 1, 2013

‘It’s about the guests’ John Ludlow, InterContinental Hotels Group’s senior vice president, on how the company manages risk

Photography: Vismedia



ohn Ludlow’s approach to risk management is elegantly simple. He is senior vice president and head of global risk management at InterContinental Hotels Group (IHG), a vast empire that brought in profits of $614m last year. The firm also has more guest rooms than any other hotel company in the world and operates in nearly 100 countries and territories under nine different brands. Yet Ludlow says his task can be encapsulated in one neat phrase: Great Hotels Guests Love, the company’s goal, which is emblazoned on its website. “Having this core purpose really helps me to do my job. It means everyone is trying to do and achieve the same thing – everyone’s compass is pointing north. It’s not great hotels developers love or great hotels suppliers love, it’s about the guests. So we are always thinking, how will this affect the guest? My job can be broken down from there. This is a relationship business.” Ludlow’s thinking is precise and clear. Creating a risk-resilient organisation is about forging trust with your stakeholders and thinking through all issues from their perspective. “Crises only happen when stakeholders lose trust. To avoid a crisis you need to walk a mile in their shoes and think about their viewpoint.” Again, this is a daunting challenge given that the organisation has around 350,000 frontline staff and more than 4,600 hotels – the majority of which are franchised (only ten are owned and 658 are managed). However, Ludlow has been at IHG for 17 years, (starting in an operations role helping to run Toby restaurants) with 13 of them developing and leading risk teams. During this time his strategy to ensure that the function adds value has been three-pronged: build an effective and robust team to address the group’s strategic, tactical and operational risks; change the company culture and increase compliance and standard levels among all IHG’s hotels.

His risk team consists of 45 people, sitting as part of a function called business reputation and responsibility, which has board representation. The team is broken down regionally to deal with operational risk, especially safety, and is supported by global teams split by discipline: risk financing (insurance and claims), dynamic security (terrorism, organised crime, fraud) and corporate risk and risk training. “It is a team of teams,” says Ludlow. “Getting all of these different people in different disciplines and regions to absolutely sign up to the fact they are part of the same team and work together in a matrix has been a big achievement.” To embed a risk management culture across all levels of the organisation, Ludlow says the message needs to be tailored. “You need to match the event with a consequence that is relevant to the level in the organisation you are talking to. You need to be on their wavelength, and of course that changes up and down the business.” For example, he says, the messages for frontline staff need to be relayed in operational terms. “Usually it’s related to a security, safety or business continuity event. So we might say, ‘This is important to do because if you don’t do it you won’t be able to serve dinner tonight, or because it is important to the safety of your guest or staff.’ If it’s middle management you are targeting you are usually talking about performance objectives.” A completely different approach is required for the board. “At non-executive level, particularly in this business, we talk in terms of reputation. The non-exec has been self-actualising for probably 15 to 20 years and just been running another huge business. They sit on the board because they want to help another business succeed so it’s an incredibly generous role,” Ludlow says. “With executives you need to be cognisant of where their mind is. They are about driving the business, succeeding and winning, so it’s about competitors, their objectives and how they transform the business. If you »


Excellence in Leadership | Issue 1, 2013

THE IN-DEPTH INTERVIEW don’t talk about risk management in terms of those things you are not going to get through. “Most risk managers struggle because they are technical people and they try to talk in technical terms to business people – it just doesn’t relate.” IHG’s organisational culture has also been pivotal in encouraging risk management to be taken seriously. A programme called Winning Ways was implemented a number of years ago and sets out five core behaviours expected of staff with the purpose of creating a unique culture at IHG. Staff themselves identified these during a consultation process, with examples such as “do the right thing” or “work better together”. Ludlow points out that the focus was deliberately on behaviours rather than values (more conventionally used in culture programmes). “Anyone can sign up to values. People also find them difficult to relate to in their daily lives. Behaviours, though still closely associated with values, are more tangible and emotional.” He stresses: “These were a gift for us since it’s a way of holding each other to account and helps us in our task of risk management.” In particular, it has been useful in the function’s work around brand, currently an issue featuring strongly on the radar. As IHG has undergone a re-orientation of the business over the past decade it has shifted from being property-dependent to an asset-light model, at the same time evolving from having an operating mentality to a brand-hearted one. Its portfolio of nine brands range from the wellestablished Holiday Inn and Crowne Plaza to the more recently launched Hualuxe, aimed at the upscale Chinese

consumer – a growing market. Ludlow explains that they have to keep the brands consistent, yet distinctive and repeatable. “Brands that are delivered by human beings require huge amounts of culture and training. Winning Ways helps us with that, since to protect the brand you need everyone thinking responsibly and contributing to a risk culture.” Meanwhile, some of the downside risks being tackled include competing with online travel agents – what Ludlow terms unconventional competitors. We are talking about companies such as Expedia. “We need to fight them off just as much as our conventional competitors, such as Hilton, Marriott and so on. The online companies are not competing against your brands, but your delivery systems: your reservation system, web interfaces and so on.” Other ongoing threats include information security, payment card industry compliance and data privacy. Inevitably, another major plank of work for 2013 is dealing with the ongoing gloomy macroeconomic outlook that, Ludlow says, many think is a risk that simply can’t be mitigated. “Some people just shrug their shoulders. But there are things you can do. You can plan and be aware of the drivers of economic or political instability so you have your key risk indicators mapped out and are monitoring the situation. You can prepare your people so if you have general managers in Egypt, for example, they have the backbone to deal with potential instability. You can train your people and get them up to speed ahead of risk happening. You can look at your budgets and say, well there is more risk in this part of the world or that and decide to focus resources in areas where you’re more certain. Then you can put your response plans in place. We are still developing and fine-tuning response plans just in case parts of the eurozone fall apart, for example.” The group has posted a steady increase in profits since 2009, despite the difficult trading conditions posed by the downturn. How much is attributable to rigorous risk management? Ludlow says: “We are after sustainable, long-term quality growth. And in risk management we are there to make sure that success comes for all stakeholders, not just for one. That means we can move forward with confidence and deal with disasters that might knock us back. “We help with the efficiency and effectiveness so we have fewer incidents and fewer claims. We have cheaper insurance as a result of that, as well as broader coverage in our insurance.” In fact, Ludlow says insurance premiums per hotel have been reduced by around 60 per cent (ignoring inflation) in the past five years. Importantly, he points »

FACTFILE IHG franchises, leases, manages or owns more than 4,600 hotels and more than 675,000 guest rooms. With more than 1,000 hotels in its development pipeline, IHG expects to recruit around 90,000 people into additional roles across its estate over the next few years. IHG’s loyalty programme also manages Priority Club Rewards, the world’s first and largest hotel loyalty programme with more than 71 million members worldwide.


Excellence in Leadership | Issue 1, 2013


out that their work around security and safety – a hugely key and resource-heavy area, considering it’s a guest’s number one need – has resulted in an increased feeling of guest safety. Again it relates back to the mission, Great Hotels Guests Love. “I add value, I deliver the guest experience.” On the employee side, risk management plays a part in the service profit chain – the business model that establishes a relationship between staff engagement and loyalty, customer satisfaction and, ultimately, profit. “Results from all over the world show me a strong correlation between each stage of that service profit chain,” Ludlow says. “High accident rates end up with staff that aren’t as happy in their working environment or engaged in their work. If our staff aren’t engaged as well as they should be, they probably aren’t looking after the guests as well as they should be. If guests aren’t looked after they won’t pay the premium for the products and services and will go elsewhere.” These benefits are clearly adding to the bottom line. Yet the function is also a lever for innovation. This can often come in the wake of a disaster, Ludlow says. “It’s the upside of a downside risk, the silver lining. Once you’ve dealt with the disaster you stop, stand back and have to think about the upside – and there is almost always an upside. All your competitors are usually dealing with the same disaster, but the ability to stand back and think strategically about it is what differentiates you.” One dramatic example was when former Lebanese prime minister Rafic Hariri was killed in a bomb attack in Beirut in 2005, very close to the landmark InterContinental Phoenicia Beirut. “We suffered an awful lot of damage to our building – every window in the hotel was blown out. Fortunately, nobody at the hotel died, although three people sustained minor glass injuries. “But out of that we took the decision we needed to transform our security capability. I was able to build a robust security capability that monitors and mitigates the risk of terrorism and organised crime. It meant we were able to operate in rather more adventurous places, which made us attractive for very high-end business to business and government sales because they trusted our security.” In March this year, IHG also scooped a prestigious award from the Institute of Risk Management, which recognised its partnership with Oxford Brookes University’s School of Hospitality Management (OSHM) in setting new standards in the field of risk management and bringing about tangible benefits. The partnership started seven years ago, when Ludlow

participated in a study on crisis management and business continuity conducted by Dr Alexandros Paraskevas, OSHM’s senior lecturer in strategic risk management. Paraskevas ended up working with Ludlow, bringing “academic rigour” to the risk management model being built at IHG and the relationship developed further after Ludlow was asked to deliver a talk to students about risk management. As a result, several chose to do their dissertations on the subject and were given access to IHG’s risk executives and resources. This evolved to active involvement of IHG’s risk team in the design and delivery of the risk-management-related curriculum at OSHM. Ludlow explains: “Universities that generally teach hospitality don’t teach risk management. It hasn’t had the profile it deserves. So general managers who don’t know anything about it come to the fore. I wanted this to change so Alex and I, over time, turned a module on the master’s course at OSHM into risk management based on IHG’s approach.” Eventually, four “knowledge exchange” projects were set up between students and IHG’s risk team in the areas of business continuity, risk management performance monitoring, operational risk management and risk training. Two of these were Knowledge Transfer Partnerships co-funded by the UK Technology Strategy Board and Economic and Social Research Council. The outcomes of these projects not only set new standards in IHG’s risk management practice, but they have proved to be a goldmine of talent. One of the students taken on for a two-year programme in business continuity has been offered a permanent job and, Ludlow says, there are expected to be further new hires. “It can be difficult to bring in young talent because risk management is based on the ethic of learnt reason, which you tend to develop with life experience so this is hugely valuable. These are our future risk management leaders.” The university has also benefited because the courses are now more relevant and a tighter fit with the industry – it’s been a model for industryacademia collaboration. IHG risk function’s focus, both on innovation and day-to-day threats, have clearly played their part in an organisation rallying against the gloomy economy, both in terms of share price, dividends (up 16 per cent last year) and reputation. Still, Ludlow warns: “You can never be complacent because we live in a much more joined-up, dynamic world.”

JOHN LUDLOW Ludlow is senior vice president and head of global risk management, at IHG. Prior to this he was vice president, risk management EMEA for four years, before which he was director of risk management at Bass Taverns.

Photography: Getty Images


Innovate to thrive In a vast multinational corporation, encouraging and harnessing innovation can be challenging. Jean-Marc HuÍt, CFO of Unilever, tells Lawrie Holmes what innovation looks like at the global giant – and how it is driven by finance

21 Excellence in Leadership | Issue 1, 2013


irst of all, it’s important to say that our growth over the past three years has been driven not just by innovation, but also by improved execution. This is about not only making sure that our products are on the shelves, but that the right products are on the right shelves in the right stores. In some ways, that has been as important, if not more important, than innovation. That said, we have increased our innovation within existing brands, entering what we call “white spaces” – new countries, for example. That’s incredibly profitable and incredibly important because we want to drive the volume of our business. For example, two years ago we launched Lipton tea products in Spain. You would have thought that Lipton was everywhere, but it isn’t. That’s a reflection of how decentralised our business has been over the past 100 years, but driving the throughput of existing brands – where we’ve already spent on R&D and know what is effective advertising and promotion – has been a focus for us. We consider innovation in many ways, and for us there are different types of innovation. In the main, there is innovation that is quite incremental and there’s innovation that is what we term “disruptive”. Disruptive innovation is very much driven through R&D, and these projects are what we call “breakthrough” projects. Incremental innovation, which is focused on taking an existing product and improving it, probably makes up the lion’s share of our innovation. In terms of revenues, around a third of ours has been what we would call “innovated” over the past three years or so, which gives you an idea of throughput. At Unilever, we have innovated a lot, but we had to kick-start that process and encourage it. You cannot become good at innovation from day one, so to make sure we didn’t stifle early attempts at innovation


Huët joined Unilever in February 2010 as CFO. He was previously executive VP and CFP at Bristol-Myers Squibb Company.

the focus was taken off of profitability when measuring success. It is important that you do not spend too much time on the profitability of the innovation. Instead, you must let the organisation know what innovation is truly about – driving products through the pipeline, getting the confidence of the marketers and making sure everything lands properly. Only in the second stage of our programme did we focus on the profitability of innovation – how margin accretive it is. Once you’re at this stage it is important to look at this because, in essence, I would say that if an innovation is not margin accretive, then it is not really an innovation. There will still be some innovation you are going to invest in which is not margin accretive, of course. But I would say that the lion’s share of innovation needs to be accretive. Finance has an important role to play in driving profitability, providing the discipline through the pipeline in terms of what is and what isn’t margin accretive. Is that a high priority? Absolutely. We use something we call “maxing the mix”, which is how we drive gross margin. If you want profitability through more volume, that’s either done through the bottom line (reducing the cost base) or through pricing products in a different way – setting a different mix of products. We consider the variables. One channel may be more profitable than another, one geography may be more profitable than another, one product may have more premium than another. Throughout that, innovation has to add to your margin and play a primary role in making sure that we really “max the mix”. I think that discipline is a mind-set here now, but I also think it is something we can still improve on. This year is very important for us as we look to demonstrate that discipline. We’ve kick-started the growth, we have an improved track record, and on different line items within gross margin we can be more disciplined. But there’s more to be done. We must not be complacent.


Excellence in Leadership | Issue 1, 2013

Get involved with CIMA CIMA ethics support Would you know what to do if you had an ethical dilemma? The CIMA ethics helpline is available to members and students who need help with ethical decision-making. We also provide a 2 4/7 global guidance line. For more information visit

CIMA ethics newsletter

Photography: Shutterstock

Ethical Lens gives you a snapshot of the latest developments in ethical and sustainable business worldwide, and directs you to new resources and reports relevant to the finance professional. This edition features articles in perceived corruption ranking, IIRC’s prototype framework, and sustainability reporting in India. Ethical Lens is available at www. For more information about CIMA’s ethics support, resources and your professional code, visit

Risk and innovation resource spotlight How do global market leaders get the balance of risk and innovation right, and what role should the finance professional play? This comprehensive roundup of the latest thinking, tools, reports and best practices in risk and innovation will help you answer these questions and navigate this critical space. The latest resources are available to view at

Now on The following resources are now available online: • Business leaders talk risk and innovation Hear business leaders from top global companies talk about how they balance risk and innovation. Doug Bonthrone from Coca-Cola, Priyan Fernando from American Express, Bob Laux from Microsoft and Simon Henry from Royal Dutch Shell discuss how risk and

innovation can be shaped by management accountants. • World Economic Forum “Global Risks Report 2013” Based on a survey of more than 1,000 experts from more than 100 countries, this report examines key global risks, such as the effect of economic weakness on environmental challenges, wealth gaps and unsustainable government debt. It also highlights emerging concerns, such as geoengineering and brainaltering technologies. • How to communicate risks using a heat map In the risk-assessment process, visualisation of risks using a heat map presents a big picture, holistic view to share while making decisions on the likelihood and impact of entity-wide risks within an organisation. This tool can also be used to communicate the risk assessment to senior management, audit committees and boards of directors. For more information, visit

Global performance management: the Shell SSC story


Excellence in Leadership | Issue 1, 2013

Energy giant Shell has spent more than a decade overhauling its shared service offering. George Connell, Shell’s vice president of strategy and Glasgow SSC lead, explains how its innovative approach has made it a global role model

S Photography: Getty Images

hell is seen by many in the shared service centre (SSC) community as the role model for a successful shared service operation. But, as one might expect, the journey to “maturity” has taken time and, according to George Connell, Shell’s vice president of strategy and Glasgow SSC lead, the journey is not over yet. In the first of three articles, Ian Herbert and Lin Fitzgerald from Loughborough University press him on why the shared service model works for Shell and what has been accomplished so far. What was the driver for shared services at Shell? Following a benchmarking exercise in 2005, we realised that our finance function was significantly more expensive than the peer group and that change was required. Comparatively, we had too many people in finance at the time and, a bit like one of our oil tankers, we knew that it would take a while to change direction. We also needed to be sure that the new direction would be the right direction. A shared service approach allows a large function, such as finance, to be tackled in a phased, one could say “salami” manner, and we felt that it was right for us that shared services should be a key enabler for the transformation of the Royal Dutch Shell (RDS) finance function. Radical change programmes can sound convincing in the board room, but in reality they tend not to live up to management’s expectations. In any case, while we accepted that things had to be done faster and cheaper we did have a well-embedded model with elements that worked well enough. As a multinational

dealing with critical energy supplies, we could not risk creating problems that would adversely impact our businesses. A sceptical reading could be that the shared service model lacks conviction? On the contrary. From the outset we were strategically very clear about where we needed to get to and by when, but big plans need a lot of detailed operational things to happen, in conjunction with multiple internal and external stakeholders. We see the shared services model as enabling the best of two worlds, not a convenient compromise. We looked to establish a spirit of collaboration, recognising the implication of large-scale people change as we worked through the detail of the overall change programme. In short, we created a working partnership between the stakeholders of the finance function and support functions, such as HR, within a transparent framework. Don’t forget that the other functional areas and divisions of Shell were also feeling their way through their own business transformation journeys. The finance function has evolved as business needs have changed over the years, alongside the development of information technology. Furthermore, as we delivered successful change the scope (activities and controls responsibilities) of what is included in shared services has evolved and expanded. How did the SSC journey start? We originally set up the Glasgow SSC in 1998 as a joint venture with Ernst & Young. Like many other SSC startups, we cut our teeth, so to speak, on those activities that were less embedded in front-line operations. Adopting »


45% The financial industry leads in the application of SSCs. It accounts for 45 per cent of the total SSCs Source: Ernst & Young


Excellence in Leadership | Issue 1, 2013

a phased and progressive approach allowed us to migrate the activities in a structured and progressive way. Most finance activities had evolved over many years and our external partners were able to bring a fresh sense of challenge to the status quo. They also provided valuable expertise, based on their recent project support of similar SSC start-ups. Later, as we built up experience of executing migrations we went alone and branded our centres as “Shell shared services”. In other words, “owned by Shell for Shell”. This meant that we could better leverage our global brand attraction and retain the talent and capability that we needed in a sustainable manner. Subsequently, we rebranded again to “finance operations”, stressing the nature of the activities we were responsible for and that we were a key part of the end-to-end processes, rather than merely being seen as a subservient service provider. We now have more than half of the total RDS finance population working in our global network of centres.


80% 65%

More than 80 per cent of multinationals have established SSCs, and 65 per cent of those have incorporated the establishment of SSCs into their business strategy Source: Ernst & Young

You mention a global approach. Where are your centres? There are five centres accommodating finance operations employees: Glasgow, Kraków, Chennai, Manila and Kuala Lumpur. Some of these centres also cover finance, HR, customer service, procurement, IT and supply and distribution functions. Finance operations continue to support the RDS aspiration of “becoming the world’s most competitive and innovative energy company” by delivering sustainable, externally benchmarked, world-class E2E performance for the activities we operate. We will deliver operational effectiveness and efficiency in a safe and sustainable working environment. A sustainable global network is key The locations that we operate from have to provide a workforce with high-quality technical and interpersonal skills, supported by the latest information and communications technology. The locations also have to operate as a complementary and integrated part of a global network as they collaborate together, exchange talent and support business continuity where required for critical processes, etc. We make extensive use of video/tele-presence technology

to keep connected around the world – in the centre network and with our business partners in other locations. People talk a lot about being global because they have operations across the world, but for Shell being a global rather than simply a multinational company is an attitude of mind – it’s a part of our DNA. But does this mean just the cheapest place on Earth? Cost has to be considered, although while we are constantly driving efficiency and effectiveness from our global reach and scale, there are a number of factors that inform our overall location strategy. In addition to the more obvious issues, such as skills availability and logistical support, we also need to ensure that the mix and balance is coherent, especially that risk is minimised and offset, wherever practical. For example, making sure that finance and other critical support operations can continue to operate seamlessly on a 24/7/365 basis, even if there is a major business continuity disruption in one part of the world. As you might expect, we do a lot of work on scenario planning and business resilience as we continue to assume increased responsibility for the processes and controls that we operate. Excuse our academic scepticism, but an alternate view of the transformation programme might be that finance has been moved piece by piece to somewhere else and now the whole thing is being reassembled into another monolithic department. Can you really say that things are different now? That is a good question and it goes to the heart of our transformation journey. We have made significant efficiency gains from re-engineering services and relocating them to the most appropriate place and creating scale economies. However, the biggest win for Shell is in creating a robust, performance-driven framework structured around our global processes and data activities with transparent management of performance to externally benchmarked standards. Overall, it has been a fundamental transformation programme and we continue to move towards a processoriented organisation in everything that we do.


Excellence in Leadership | Issue 1, 2013

‘Many businesses had their own local and discrete way of doing things, but these can be standardised without compromising local effectiveness’

Sorry to come straight back at that. Why is a “process orientation” any different to just “doing things”? A process has an end point at which an activity can be said to be producing an outcome. In other words, the result is useful to someone else who has a need for that process to be executed. In practical terms, this means that everyone within the process is doing things purely because their activity aligns with what the end user needs. This idea of alignment, both forwards and backwards along each individual value chain, drives a questioning approach. Why are we doing this? What is the end value? Is there a better way of achieving the same result? Could we change the outcome slightly to save cost while still giving the end user the service they need to satisfy their customers? This is where we apply a strong Continuous Improvement (CI) mind-set and capability, together with our business partners, to ruthlessly identify and eliminate waste, supporting our intent to “do more with the same in a sustainable way”. How do you manage these processes? In our finance operations organisation we have appointed process vice presidents, each with overall responsibility for a global process, such as “reporting and analysis”. This is quite different to individual service centres being responsible for different segments of the overall process or, alternatively, doing the whole process but for just one part of the company – say downstream activities or a geographical region. Each VP’s objective is to deliver sustainable “world-class” performance when benchmarked independently against “world’s best practice”. Within this responsibility we are aware that we operate as part of an E2E chain and each part of the process also needs to add value to the business and to be in the best enterprise interest. This aligns with the broader finance agenda, where we strive to be collaborative partners to the business and help influence business performance. Can you give some examples of the difference that shared services are making? A focus on global standardisation is the key in understanding costs and driving them down. In the past, many businesses had their own local and discrete way

of doing things, but these can invariably be standardised without compromising local effectiveness – the implementation of global ERPs, as well as building scale in the centres, are acknowledged as key enablers. Another aspect that is hugely important is CI as a catalyst of change, driving finance towards world-class process excellence and championing the development of a delivery mind-set in the organisational DNA. The ambition to “continuously improve” is one of the key enablers supporting the strategic ambitions of the enterprise. Finance has been a pacesetter in the CI field and as businesses/functions increasingly enter the same journey, they have been learning from the finance experience. In finance operations, we have invested heavily in lean sigma and have established significant capability in our organisation that we now use to the benefit of others. The drive for better performance is relentless. For instance, we are now taking a forensic look at ERPs and the way we use them. Increasingly, we are »



Excellence in Leadership | Issue 1, 2013

‘The shared service model is about combining the best elements of market and a hierarchical approach’

moving from operational shared services to embrace more high-level work. As we have built up our expertise within the SSC we are now able to provide CI support to other areas of the finance functions, and indeed into the wider business. This is an additional value that we did not fully foresee at the beginning of the SSC journey. How do Service Level Agreements (SLAs) work? In finance operations, we do not operate with SLAs, although we strictly monitor performance using metrics that have been set to an externally benchmarked standard. They were important in the early days when we were trying to establish the operations to scope the service parameters, and in doing so to explain our value proposition internally. As the SSC project matured, we now have direct accountability to the CFO. We have a strategic mandate to operate selected activities and controls and have the support to drive the migration and change programmes required. Not having SLAs is surprising, and is somewhat unusual in shared services. Is this because your customers are essentially within the finance function? In part that is true, but we also have significant interactions with business units, individual employees within Shell and external customers. It comes back to the previous point about being able to look at the situation more holistically and balance up those often opposing dimensions of challenge, change, conformity and cost. The shared service model is about combining the best elements of market and a hierarchical approach and this is one example of where we have been proactive in establishing the right balance. I suspect we’ll be touching on this again when you ask me about performance management.

Is it correct to say that management of the finance function is more of a balancing act than it used to be? Well, I think there has always been some discretion in how people actually do the job, but that discretion often came at the cost of close personal supervision and a lot of expensive non-standard systems. Nowadays, the span of control is very much wider than it used to be and familiarisation/training periods for all levels of staff are much more effective. ERP systems and workflow-monitoring technology have allowed personal control within a single location to be replaced with a more “virtual visibility”, based on electronic control. This means that our people can still be empowered to do their best in the E2E process, while their manager has the ability to monitor the exceptions and drill down into the detail as necessary. The key driver is doing your best for the company in a dynamic world, and that means balancing challenge and change with conformity and cost. So where does the notion of the market come in? In finance operations we operate a branded captive model, but we are never complacent and we strive to be recognised as a respected business partner. That is why we strictly monitor our performance to externally benchmarked, world-class measures and continually foster collaborative relationships with our colleagues as we work towards a common agenda that will positively contribute to the performance of the enterprise. Ian Herbert is deputy director of the Centre for Global Sourcing and Services at The School of Business and Economics, Loughborough University, while Lin Fitzgerald is the professor of management accounting. The authors would like to thank the General Charitable Trust of CIMA for its assistance with this article.

GEORGE CONNELL Connell is Shell’s vice president of strategy and Glasgow SSC lead. He has been with the energy giant for 15 years. He has an MBA in accounting and finance from the University of Glasgow.

Photography: Getty Images



Navigating the storm clouds Insurance giant Aon sets out the biggest risks facing finance teams, while insurance consultant FM Global outlines which businesses are most at risk from natural catastrophes… s business becomes increasingly fast moving and the environment it operates in grows in complexity, the risks that companies face are constantly changing. Aon, the UK’s largest insurance broker and provider of risk-management services, has identified the top risks facing finance departments in 2013.


Businesses around the world have seen a surge in regulation since the financial crisis as regulators have attempted to curb corporate excess. These regulations, ranging from Basel III rules on the amount of capital banks have to hold to changing company tax regulations and the Solvency II Directive, will require finance staff to work closely with colleagues in tax, treasury and compliance departments. In doing so, says David Crofts, managing director at Aon Global Risk Consulting, finance can drive the development of “financial planning, budgets and consolidated forecasts” to account for the costs associated with new regulation.


Companies’ pension deficits are growing fast, due to falling returns from financial markets. In fact, the total pension deficit at the UK’s largest companies has more than doubled over the past year, according to analysis by actuarial consultants Lane Clark & Peacock. The combined deficit rose from £19bn at the end of June last year to £41bn at the end of May. “Pensions can be a problem for finance departments because lots of company pension schemes have deficits,” Crofts says. Help may be at hand for UK companies, though. In December, UK chancellor George Osborne announced a review of the methods companies use to assess the financial health of retirement schemes following complaints from business that low interest rates are

artificially pushing final salary pension funds deeper into the red. This review may make it possible for companies to slash the deficits on their pension schemes, particularly if the UK government allows companies to take a longer-term view of projected returns.


A rise in the price of commodities, such as cocoa, sugar and oil, was number eight in the top ten risks facing companies, according to a global survey compiled by Aon in 2011. Rises in commodity prices increase companies’ raw material costs. Rio Tinto, the mining company that recently announced multi-billion-dollar write-downs, partly blamed the markdown on high energy and raw material costs. Therefore, finance departments must keep a close eye on cost changes in these areas and should consider factoring the risk of change into their business strategies.

KEY MESSAGES The 2011 risk management survey by Aon questioned nearly 1,000 executives from companies worldwide. A chief risk officer or a chief financial officer provided most of the answers. Here are the top ten business risks highlighted in the report: 1 2


Cyber risk is also a growing problem for companies, according to Aon. This is supported by the findings of a global survey by accountancy firm KPMG,which found that attacks on businesses jumped from 8 per cent of total security incidents in 2010 to 52 per cent in 2012. Increasingly, finance heads will be responsible for data security. The level of cyber risk depends on how much confidential customer data a company stores on computer systems and how much it trades online.


Companies can check how well they are prepared for various risks compared with other companies by completing an online test provided by Aon. Its risk maturity index – – provides a benchmark on risk management. It enables organisations to shape their risk management processes to improve financial performance and is widely used by board directors.

3 4 5 6


8 9


Economic slowdown. Regulatory/ legislative changes. Increasing competition. Damage to reputation/brand. Business interruption. Failure to innovate/meet customer needs. Failure to attract or retain top talent. Commodity price risk. Technology failure/system failure. Cash flow/ liquidity risk.


As supply chains grow evermore complex and global, they face a greater threat from unpredictable natural catastrophes. Cedric Lenoire, manager of business risk consulting at insurer FM Global, looks at the sectors that are most at risk from nat-cats‌

33 Excellence in Leadership | Issue 1, 2013

Lenoire is manager of business risk consulting at insurer FM Global.



he economic losses suffered around the world due to natural catastrophes (nat-cats) reached a record high in 2011 – more than a third of a trillion US dollars – exceeding the previous record of 2005 by 46 per cent. Companies with global supply chains are increasingly exposed to nat-cats, both at home and abroad. As a result, they are looking closely at their supply networks, challenging partners to demonstrate their resilience. It is important to recognise that some industries are more sensitive to supply chain risks than others. By using qualitative analysis, looking at the challenges of different businesses and drawing on client experience, we have identified the industries that are particularly vulnerable by not having risk management strategies in place. These are the sectors where risk management is needed the most to ensure that market share, reputation and, ultimately, the bottom line, is protected when a disaster occurs.

Photography: Getty Images


The strategic orientation chosen by many automotive manufacturers around the world relies on just-in-time principles and single-source arrangements to control costs and maintain profitability. From a risk perspective, a supply chain disruption is therefore more likely to have immediate and severe consequences. The floods in Thailand, for example, affected around 450 car manufacturers. Many suffered major losses in profit and market share. Toyota was unable to produce around 220,000 vehicles in the one-month period after the tsunami, meaning that

GM took the top spot in the market, while Toyota dropped to number four.


Many electronics companies rely on suppliers based in Asia – a continent heavily exposed to nat-cats. This puts them at great risk from supply chain disruption. Companies such as Toshiba and Sony stopped production at their Thai factories, leading to major financial losses. Sony had to reduce its 2011 full-year operating profit outlook by 90 per cent and reported an unexpected loss of $354m for the third quarter of the year. There are, however, positive lessons to be learned from those companies with good risk management practices. For example, analysts say the floods in Thailand were the main reason why Seagate Technology was able to recapture the worldwide lead in hard disk drive shipments in the final quarter of 2011. Seagate chose to locate its HDD manufacturing plant in Thailand on higher ground. Because of this, the company was less affected by the floods and was able to continue business as usual, becoming the market leader as a result


Pharmaceutical companies face unique challenges when it comes to risk management. The regulatory constraints associated to the nature of the products they manufacture explains their ability to manage such events with limited adverse impact. A loss of key processes or suppliers used to make a specialist care drug, for instance, is likely to take years to replace due to the heavy regulatory approval process needed to get production back to full capacity. As a result, pharma companies must manage their risks if they do not want to be left vulnerable to a competitor stepping in and

taking over market share when generic versions of the drug can be offered to patients when the patent protection has expired. Businesses need to focus on loss prevention and develop well-engineered risk management solutions in order to stay competitive and remain financially strong. The combination of a resilient business model and a strategic risk management framework with strong executive support is a key source for success. To achieve this, senior managers must ask themselves the following questions: 1 Have we influenced the culture of our organisation with business-driven risk management practices? 2 Have we designed our business model to be resilient and therefore more competitive? 3 Have we examined how we can mitigate risks within our product design and manufacturing processes? 4 Have we made the necessary commitment to addressing supply chain risk? 5 How well does our company collaborate with its suppliers to assess and mitigate risk? 6 Does our corporation have the appropriate business continuity and disaster recovery plans in place for supply chain disruptions? The important thing to remember is that the majority of property loss is preventable and adequate risk management today can ensure business resilience in the future. In fact, having loss prevention strategies in place, as well as investing in property risk and supply chain management, will give companies a competitive advantage in today’s everchanging world.


Sleepwalking into a resource crunch

Tom Delay, chief executive of the UK’s Carbon Trust, suggests businesses must learn from sustainability champions such as B&Q, Puma and M&S and adapt their business models to avoid the consequences of resource shortages‌


Excellence in Leadership | Issue 1, 2013

Photography: Getty Images

EIL OPINION The World Wildlife Fund’s “Living Planet Report 2012” found that, as a whole, humanity extracted resources more than 52 per cent faster than they could be regenerated, and demand for these resources is expanding, too. According to the US National Intelligence Council’s “Global Trends 2030” report, demand for food, water and energy will grow by approximately 35, 40 and 50 per cent respectively by 2030, owing to an increase in the global population and changing consumption patterns. The impact of this crunch is potentially huge for businesses, dramatically influencing the products and services they provide and the prices they charge for them. We recently commissioned a study that questioned C-level executives in Brazil, China, South Korea, the UK and the US about their companies’ approach to sustainability. When resource shortages become reality, 60 per cent of organisations think the cost of their products and services will need to increase, 55 per cent that they will need to engage in fewer markets and 43 per cent that they will deliver a less varied service or product offering. Yet most major enterprises are a long way from addressing the resource crunch. The majority of executives we spoke to do not believe they will need to make significant changes in their business operations to combat resource scarcity until 2018. Forty-three per cent do not monitor the risks to their business of environmentally related shocks, such as energy price rises and environmental disasters, and more than 50 per cent have not developed goals to reduce their company’s consumption of water, waste production or carbon emissions. One reason that companies are stalling on taking action on resource and sustainability appears to be that they still see this as an obligation and a cost. Nearly half (47 per cent) of the executives we surveyed believe that acting on sustainability issues decreases profits. However, we know from our extensive work on carbon that good management of resources can lead to new commercial opportunities and thriving businesses. You only need look to the high-profile examples of pioneers in sustainability, such as B&Q, M&S and Puma, to see just how effective a transparent and proactive approach to sustainability can be in distinguishing brands, building reputations and enhancing consumer loyalty. This is particularly true today, with social media amplifying customers’ thoughts and opinions to a wider audience than was previously possible. As companies begin to look for alternatives to the resources they are consuming, they can even uncover

more innovative products, processes and business models. A fast-moving consumer goods company, for example, may improve its manufacturing processes, minimise (or share) logistics, outsource the provision of physical assets used in manufacturing, reduce packaging, or educate consumers in minimising the in-use phase (e.g. the use of energy or water) and encourage consumers to recycle. With this in mind, optimising the use of raw materials should be on the agenda for all senior executives. While understanding how to adapt to the looming challenges can be daunting, there are numerous ways to begin tackling this, including: 1 Identifying those resources that would expose you to the greatest risk if their availability were to rapidly diminish and/or their price to increase. 2 Setting policies that take steps to reduce the use of these natural resources and incentivising partners to do the same. 3 Providing best practice advice to help suppliers. Setting targets and reporting results at board level can ensure they are seen as of strategic importance to the business. According to our research, the sustainability buck stops with the board in only 4 per cent of organisations. 4 Financially incentivising staff to meet targets on sustainability. Currently, only 13 per cent of board directors are remunerated for achieving sustainability objectives. 5 Ensuring the company has a dedicated individual whose role includes overseeing resource usage. A quarter of the businesses we analysed stated that no one is responsible or accountable for sustainability within the company. One sign of progress is that the UK is better placed to deal with a resource-constrained world than the other countries polled and is setting an example. UK businesses spend the most on sustainability and are the most likely to have a programme with targets and reporting practices in place. They are also the most confident that there is a business case for managing and reducing carbon emissions, water and waste. Currently, many organisations seem to accept that they will have to make significant changes to their business because of resource scarcity, and that these changes could impact their profits, however few are taking action to avoid this. Now is the time to start evaluating how resource scarcity will impact your business – and avoid sleepwalking into a resource crunch.

TOM DELAY Delay is the chief executive of the UK’s Carbon Trust.


In an increasingly globalised business environment, firms looking to expand into new markets must assess and manage a variety of political risks. Tim Cooper asks the experts how it can be done – and quizzes Donald Stewart, FD of

DAF Trucks Brazil, on how his business set about the challenge…


Illustrations: Dutch Uncle



Excellence in Leadership | Issue 1, 2013


3.6% In late 2012, the IMF forecast that the world economy would grow by 3.6 per cent this year. Of such importance are political risks, however, it warned this was dependent on three volatile issues: the US avoiding a fiscal cliff, European politicians holding the eurozone together, and the approach taken by China’s leadership. Source: IMF

he importance of managing political risk is intensifying as growth in developed economies stagnates and companies increasingly seek a presence outside their home markets. Meanwhile, analysts agree that the world is becoming a more volatile place, exacerbating the potential risks involved. DAF Trucks, one of the world’s largest producers of heavy trucks, is highly experienced in this area. As well as having a large market share in Europe, DAF, which is a subsidiary of US company PACCAR, is a leading truck manufacturer in Australia, New Zealand, Russia, Taiwan, South Africa and Turkey. It had been studying Brazil for ten years and, around three years ago, decided to enter the market – so set about identifying political risks in the country. Donald Stewart, diretor de finanças, DAF Caminhões Brasil, explains: “We spent two years sending people from several divisions to research the region and write our business plan prior to launching the investment. Engineers visited customers and manufacturers of similar equipment that we have relationships with. We used consultants for legal and tax topics. “We have global relationships with many suppliers, including European suppliers for DAF that also operate in Brazil, so we talked with the supply base. As topics arose, we used our consultants’ contacts to meet with relevant parties, such as the Brazilian Development Bank, to discuss financing rules.” DAF identified a wide range of existing or potential politically related challenges in the region. For example, growing competition from imports has led the government to start imposing strict barriers in the form of regulations, higher taxes and duties, to name but a few. “We’re having to work through these,” says Stewart. “The truck industry also has governmentsupported customer financing rules, provided through the Brazilian Development Bank, that manufacturers must comply with. We discovered that it is crucial to

buy from within Brazil, versus importing, as many of Brazil’s taxes and import duties are designed to encourage local purchasing and manufacture.” DAF plans to complete a production facility in Brazil this year and is setting up a dealer network and an after-market parts division, too. It aims to employ 500 workers in the plant alone, and to set up links with the local community and partners, such as universities and technical colleges. The research and partnerships DAF has created will enable it to adapt to change and give it a good idea of the macro-political risks it may face in the future. DAF is also focusing on managing potential future risks through what it calls the “crucial pillars” of staff experience, culture and training. “I’m working in my second country in a foreign subsidiary of PACCAR – previously I worked in Mexico,” says Stewart. “Business practices in other countries vary, based on a wide range of factors, such as culture and law, and it is important that the parent company understands this as it thinks about its operations abroad. This way, training can be adapted to specific needs and a proper risk assessment can be maintained with specific factors related to the country, industry or other relevant areas.” The foundation of political risk management is a good system of ethics, training and internal control, adds Stewart. “If the company culture is geared towards adhering to corporate policies on ethics, proper business conduct and anti-bribery – for example, the US Foreign Corrupt Practices Act (FCPA) – then the risk should be lower. Bear in mind that, for local employees, complying with the Sarbanes-Oxley Act requirements and/or FCPA may be a new thing.”


When entering new territories, perception is often as important as reality, Stewart says. For example, gift-giving in some parts of the world is standard practice, but you should examine your company’s practices to make sure it does not violate, or even give the perception of conflicting with, home country laws such as the FCPA.


Excellence in Leadership | Issue 1, 2013

In addition to internal audit and control programmes, a company can help itself by maintaining good levels of communication and attention to detail so that all parties know what is going on. The number of countries experiencing escalating political violence is up 36 per cent compared to a year ago, according to the 2013 Global Political Risk Map, produced by consulting firm Maplecroft and insurer Marsh. This trend is likely to continue, given the heightened risk of regime instability in a growing number of countries. The map highlights political risks across 197 countries, including conflict, terrorism, macroeconomic stability, rule of law, regulatory and business environments, including expropriation risk, resource security and infrastructure readiness. Much of the escalating violence is due to the “spillover effects” from political violence and terrorism spreading from Libya and Syria into Mali, Lebanon and Algeria, and elsewhere in western and northern Africa and the Middle East. One particularly important risk for companies to watch out for is resource nationalisation. Marsh and Maplecroft say that foreign investors face an increasing risk of expropriation in countries across the Middle East and North Africa, where societies are attempting to drive regime changes. Ruling powers often use expropriation and resource nationalism to pacify social discontent that may threaten their rule. Alyson Warhurst, CEO of Maplecroft, says: “Companies with direct foreign investments are operating in a fast-changing, volatile environment that has the capacity to deliver game-changing instability with negative financial consequences. The recent Algerian terrorist siege, the ongoing European debt crisis, Argentine and Bolivian expropriations of energy assets, the raging civil war in Syria, attacks on the US embassy in Egypt and its consulate in Libya, and reverberations stemming from momentous leadership changes in China, illustrate the dynamic nature of today’s global political risk landscape.” Given this environment, it is imperative that businesses stay abreast of the issues in their regions and have plans to protect their interests from the threat of political changes.

THE ROLE OF FINANCE The extent to which senior finance executives are driving the management of political risk varies hugely, depending on the company and individual concerned. James Smither, head of political risk practice at Maplecroft, says best practice states that CFOs should have close involvement in managing political risk, but that they often do not get as involved as they should. “Often, the decisions to move into new territories are taken, for example, in response to a competitor winning a deal, or a licence in a new territory coming up for grabs,” he says. “The risk management side has to run to catch up and make sure it is driven by sound analysis. “Best practice is to make sure all functions take part in a balanced discussion of the pros and cons of new markets, leading to an informed decision, and not one taken for short-term reasons.” For each threat you have identified to your business, Smither says you should measure the likelihood of occurrence and the impact it would have on the business. “Risks that have a high likelihood but low impact need less management,” he says. “Then you have risks that are high impact but extremely unlikely – for example, an expropriation. Between those two extremes there are many risks to prioritise.”


One way to address political risks is to increase your sphere of influence in the new territory. Analysts tend to warn against trying to influence macro-political events directly as it could backfire, but grouping together with competitors to ensure fair trade terms can work well. Smither says: “In both Peru and Australia the mining sectors successfully banded together to oppose punitive taxes and regulations. Resource nationalisation is a big trend because emerging economies have tight finances and it’s an easy target. “Companies have to convey the message that there is a huge upfront cost in the development of a mine, or oil or gas project, for example. The profits just pay back the investment. If you are not making as much profit, you won’t be investing as much back into the local economy.” »


Excellence in Leadership | Issue 1, 2013

‘What you learn from the experienced dealers is the amount of footwork they put in before, then during the deal, to speak to all influencers’

Robert McKellar, director of consultancy Harmattan Associates, says CFOs should make sure any move into a new territory is tied closely to overall corporate strategy. “They are looking at whether the risk is too high in the global portfolio. The financial exposure is the end result of many other things – for example, reputation, personnel and control over your intellectual property, which may have a political element if there are regulations prescribing that you have to work with a local partner.” CFOs can act as an essential counterweight, as many companies have made mistakes in this area, says McKellar. “For example, we had a company working in a part of Africa that became embroiled in a civil war and it looked bad by association with the government,” he says. “The company had to exit the country because there was a shareholder revolt. Companies need a strategy that sets risk tolerance and certain benchmarks they won’t go beyond. They should do this very proactively because these things can go belly up quickly.” Alastair Rimmer, partner and global head of strategy at PwC, explains ways in which to manage other types of political risk. “Can you predict regime change? Not entirely,” he says. “But you can identify whether a change would be likely to mean a dramatic change of economic policy. “Another important risk is the safety of your employees in the event of political or terrorist violence, for example. Consultants will tell you the level of risk in different countries and how to minimise it by travelling a certain way or only going to certain places. Bigger companies that work in inhospitable places tend to have a lot of that research or expertise in-house, but there are specialist firms. “As well as the risk of regime change, you get risks such as government interference – will the authorities allow a deal to happen with an outside investor, or withdraw support now and/or in the future?”

He agrees that a “nuanced” approach to managing this is to identify who the “influencers” are that you need to keep onside. As in the case of DAF, Rimmer says it is essential to consult widely. “It goes wrong when someone flies into a region, does a deal and flies out the next day. If you have people on the ground for years in advance and build a network of local advisers and partners, the chances are they will understand the situation and know what to avoid. “There is a big gulf between those with experience and those who are doing their first and second deals. What you learn from the experienced dealers is the amount of footwork they put in before, then during the deal, to speak to all influencers. For example, you don’t speak to governments at one level, but at a multitude of levels to get their approval. Other influencers are the regulators, suppliers, customers and unions.” Lastly, insuring against political risk is another important area to consider. Adam Choppin, president of Fronteira Global Consulting, says: “Buying insurance against standard corporate risks would be the CFO’s decision. It can be expensive, but companies tend to under-insure for political risks, such as expropriation and government regulation. Every time a bank is bailed out in the European Union or the US plays political games with its debt, that is a political risk that companies are exposed to. There are countless examples around the world. “But political risk is everywhere, you shouldn’t be afraid of it. Many companies overlook good opportunities in emerging markets for fear of risks that aren’t as serious as they think. You just have to manage it properly.” As DAF’s venture into Brazil shows, that is neither an easy nor a short-term task.


Cyber security More money is being invested in the fight against cyber attacks, but real progress will only be made when governments and industry dovetail their efforts to tackle the threat


hile there have been plenty of news stories about what companies are doing to reduce their exposure to cyber threats, the role of governments in battling cyber terrorism and malicious software has been noticeably absent – at least until a few years ago. Experts generally remark that governments have been slow to show leadership with regards to cyber security, and there are still many vociferous critics who claim that current efforts fall woefully short of what is necessary: bigger budgets, joined-up leadership, a greater investment in training, education and resources, international co-operation and buy-in and backing from the private sector.

Photography: Getty Images


Progress is being made around the globe, however. In January this year, for example, Australian prime minister Julia Gillard announced that AUS$1.46bn had been set aside by the Australian federal government to strengthen cyber networks as part of a national security strategy. In addition, a new Australian Cyber Security Centre will be established by the end of this year that will combine existing cyber security capabilities across the attorney general’s department, defence, the Australian Security Intelligence Organisation, the Australian Federal Police and the Australian Crime Commission in one location. Gillard also announced that she has established the Office of the Cyber Policy Co-ordinator to provide leadership and co-ordination. Canada launched its cyber security strategy in October 2010. It aims to invest in securing government systems, as well

as partnering with other governments and industry to ensure that systems that are vital to “Canadian security, economic prosperity and quality of life” are protected. It also includes boosting education and awareness to help Canadians keep their personal information safe and secure when online, at home and at work. At its launch, the government announced a CAN$3.5m investment for the round-the-clock Information Protection Centre to combat all types of hackers and cyber attacks. This investment was part of “Budget 2010: Leading the Way on Jobs and Growth”, which allocated CAN$90m over five years and CAN$18m in ongoing funding towards the cyber security strategy. However, the scheme appears to be floundering. In February this year, Richard Fadden, director of the Canadian Security Intelligence Service, told a Senate committee that the country could be overwhelmed within two years by exponential growth in counter intelligence and cyber attacks. “If cyber espionage continues to evolve, I will have difficulty managing our resources… it’s developing very, very rapidly,” he said.


The UK has also had its cyber security strategy reviewed – not all of it positively. In February this year, the country’s government spending watchdog, the National Audit Office (NAO), warned that the UK’s fight against cybercrime is being hampered by a lack of skilled workers – in fact experts have said that it could take “up to 20 years to address the skills gap”. The internet economy in the UK accounts for more than £120bn – a higher proportion of GDP than in any other G20 country, the NAO said. But it warned that the cost of cybercrime is estimated to be between £18bn and £27bn a year. The NAO’s report says that the number of IT and cyber security professionals in the UK has not increased in line with

the growth of the internet and that the situation may continue to falter as there is currently a lack of promotion of science and technology subjects at school, leading to a low uptake of computer science and technology courses by university students. The report also identified other challenges faced by the government in implementing its strategy, including influencing industry to protect itself, increasing awareness among individuals and getting the government to be more agile and joined up. Professor David Stupples, director of London City University’s Centre for Cyber Security Sciences, says that the NAO’s criticism is “harsh”. “It will certainly not take the UK 20 years to bring its skill set up to speed,” he says, However, Prof Stupples agrees that “the way IT is taught in the UK is with a focus on getting students used to software packages, rather than understanding code and how to develop software, which is the case in the US, the Far East and India, so in that respect we are behind the curve”. Ross Parsell, cyber security expert at Thales UK, the country’s second largest defence electronics supplier, says: “To tempt talented people into a career in cyber security, the government must get them while they’re young. The UK government’s recent announcement that it is to make computer science a core subject in British schools is a step in the right direction.”


The UK’s cyber security strategy was launched in 2011 with a fund of £650m, and it has seen several other developments take shape that form part of its long-term goal to secure the UK’s online activities and protect its business environment and critical infrastructure. For example, last November CESG, the information assurance arm of GCHQ, which is the centre for the UK government’s signal intelligence activities, and the Centre for the Protection of »


National Infrastructure, launched the “cyber incident response” scheme for organisations to turn to for assistance when they have suffered a cyber security incident. BAE Systems Detica, Cassidian, Context IS and Mandiant have been chosen to provide the response services in a pilot scheme. And in January this year the UK joined more than 70 companies and government bodies across 25 countries and signed up to the World Economic Forum’s cyber resilience principles, which were created in 2012 to ensure that countries are able to cope with potential major (terrorist) cyber attacks. Despite some of the shortcomings of the strategy recognised in its report, the NAO says that the UK has developed several key initiatives to help tackle cybercrime. For example, Action Fraud, the UK’s national fraud reporting centre, received 46,000 reports of cyber-enabled crime, amounting to £292m of attempted fraud, the report said. And the Serious Organised Crime Agency, the UK’s law enforcement agency, had captured more than 2.3 million compromised debit or credit cards since 2011, preventing a potential economic loss of more than £500m. New regional police cybercrime centres and a trebling of the size of the Police Central e-crime Unit had also helped boost the UK’s capability to combat attacks, the watchdog said. While still in its infancy, the UK’s cyber security strategy has broadly been welcomed. Alex Blowers, director of legal and policy at Nominet, one of the world’s leading internet registry companies, says: “The government’s approach of partnership with industry is more proactive than other methods and should therefore bring more effective results. Simply setting standards and measuring compliance is a very limited method of assessing cyber security.” But there are still critics. “There is probably a lot more going on in the background that we should or cannot be briefed upon. I hope so, as in my view our UK strategy has to be better than everyone else’s,” says Bill Trueman, CEO of UKFraud, a corporate fraud and risk management consultancy. Another critic is Paul Simmonds, co-founder of the

Developments in the EU The European Union (EU) has made key advances in better protecting citizens from online crimes, including establishing a European Cybercrime Centre (EC3), proposing legislation on attacks against information systems and the launch of a global alliance to fight child sexual abuse online. On 7 February this year the European Commission (EC) gave details of its cyber security plan, designed “to protect open internet and online freedom and opportunity”, which it published alongside an EC-proposed directive on network and information security. The cyber security strategy – called An Open, Safe and Secure Cyberspace – “represents the EU’s comprehensive vision of how best to prevent and respond to cyber disruptions and attacks”, says the EC. The strategy has five priorities: achieving cyber resilience; drastically reducing cybercrime; developing cyber defence policy and capabilities related to the EU’s Common Security and Defence Policy; developing the industrial and technological resources for cyber security; and establishing a coherent international cyberspace policy for the EU. The strategy also aims to develop and fund a network of national “cybercrime centres of excellence” to facilitate training and capacity building. The proposals mean that more companies operating in Europe across a wide range of industries would be required to report cyber security breaches. Under current EU rules, only telecoms companies and data controllers have to adopt security measures, and telecoms companies alone are required to report significant security incidents. The proposed directive intends to information security thought leadership group the Jericho Forum. “If I think about it, a year on from the much-lauded £650m of extra funding for UK cyber security, there is not one project or deliverable I could put my hand on and say that it’s a direct result of this extra money,” he says.

level the playing field by applying to “all owners of critical infrastructure”, including banks and stock exchanges, transport companies, energy providers, key internet companies and health and public service organisations. The proposed cyber security strategy would also require EU member countries to set up national authorities charged with defending against online attacks, sharing information with each other, law enforcement agencies and data protection authorities, and to issue public warnings about impending online threats. But the proposals have their doubters. Tunne Kelam, MEP for the European People’s Party, says: “Surprisingly, the strategy does not call on all member states to develop and adopt their national cyber security strategies without delay. More than half of the member states still lack state-level cyber security strategies.” DigitalEurope, the European digital technology industry association, is also unsure how well the reporting requirements might work in practice, particularly as there is a lack of uniformity about how incidents are currently reported. The association says that it has seen “a general change in approach in the draft Network and Information Security Directive from working hand in hand with industry, to top-down, unidirectional reporting obligations and requirements”, and has warned that: “If the scope of the proposed incident reporting mechanism is too wide and burdensome, it could weaken trust at a time when we need to build on real-time information sharing and collective response.”


Much of the success of the UK’s cyber security strategy – and of those of other governments around the world – rests on the willingness of organisations to come forward and report cyber breaches. And »


therein lies the problem: governments do not have the resources to tackle cyber risks by themselves and it is going to be difficult to get companies to play ball and share information, either voluntarily or by forcing their co-operation. For example, the European Union’s attempt to widen mandatory reporting in data breaches is unlikely to be a voluntary scheme, while experts say that there could be a risk that the guidelines on what constitutes a “breach” and a “necessary disclosure” may become alarmingly prescriptive and burdensome (see box, page 43, “Developments in the EU”). Nick Razey, chief executive at Next Generation Data Europe, a data centre specialist, says: “Governments are going to find it difficult to get industry to share information with it about cyber attacks. There are a large number of companies that do not feel that cyber security is an important issue for them, so they are unlikely to engage, and there is no real incentive for those that do recognise the threat to share information about data breaches so other organisations can learn from their mistakes.” Others are more optimistic. “While companies may be reluctant to share information initially, this will improve once the system of disclosure takes root. It is still early days after all,” says Tony Reeves, cyber security expert at PA Consulting Group. Seth Berman, executive director at IT forensics expert Stroz Friedberg, says: “Greater information sharing between the private sector and government is the only way that cyber security can really be improved. Governments simply do not have the resources or skills at hand to tackle cyber risks on their own. They need companies to come forward and report incidences of hacking, malware and distributed denial of service attacks so that they are aware of the risks and can warn others to take the necessary precautions.” Berman says that mandatory reporting – either using public or private disclosure – may help governments to better coordinate a suitable response to cyber threats. “Countries need to be able to foster a culture of disclosure, and that can be through mandatory public reporting – which can be embarrassing for those

companies affected – or through mandatory anonymous disclosure. This can also be used in tandem with encouraging companies to come forward in return for reduced fines or regulatory action.

“The point is simple: governments need real-time information to warn other companies and industry sectors, and forcing disclosure on cyber breaches is a good way of doing it.”

Developments in the US It is unsurprising that the world’s largest economy and military power would tag cyber risk as a threat to both of these areas, and in February this year President Barack Obama took another step forward to ensure that cyber security remains a core defensive issue. On 12 February, President Obama signed an “executive order” to strengthen the cyber security of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cyber security practices with industry partners. The executive order requires federal agencies to produce unclassified reports of threats to US companies in a “timely manner”, while also establishing a voluntary programme to promote the adoption of the cyber security framework, and calls for a review of existing cyber security regulation. The order also directs the National Institute of Standards and Technology to lead the development of a framework of cyber security practices to reduce cyber risks to critical infrastructure. The US approach to coordinating a government response to cyber risks gained solid foundations in May 2009 when President Obama declared the US’s digital infrastructure a “strategic national asset” and made protecting this infrastructure a national priority. As part of this effort, the Obama administration created the National Cyber Security & Communications Integration Center, published its guidance –“Blueprint for a Secure Cyber Future” – in December 2011 and set up the role of cyber security coordinator. This was added to in July 2011 when the US Department of Defense designated cyberspace as another “operational domain” that the military will be

trained to defend in the same way it defends land, sea and air. President Obama’s latest announcement is generally seen as a positive development, although there is still more work to be done. Jose Granado, principal and security practice leader at Ernst & Young, says: “While this executive order is a good start and further affirms the reality of cyber security as a widespread issue that touches almost every industry, it is not the ‘silver bullet’ we often seek. “Going forward, we anticipate that there will be further discussions about what organisations need to report and what information they must share, as well some bumps in the road as they work toward implementation. While much of the discussion over cyber security has focused on critical infrastructure industries, such as government, financial services and power and utilities, the medical industry, along with third-party suppliers, also remains a significant concern.” There have also been calls from leading business groups for the US government to hold diplomatic talks with countries where cyber terrorism is originating. In the wake of large-scale cyber attacks being waged against The New York Times, the Wall Street Journal and the Washington Post that were believed to have originated from China, the US-China Business Council said in February that its members – which include manufacturers Boeing and Caterpillar, and financial services giants Citigroup and JPMorgan Chase – want the US and Chinese governments to hold regular annual summits to address the growing problem of cyber attacks that threaten to undermine trade between the world’s two largest economies.



Excellence in Leadership | Issue 1, 2013

Keeping the board awake at night – the boardroom’s risk agenda Recent corporate scandals have put risk governance back in the spotlight. Gillian Lees, head of corporate governance at CIMA, explores how companies should assess and mitigate their risks

Photography: iStockphoto, Jos Verhoogen


n “The Challenge of Risk Governance” (Excellence in Leadership, issue 2, 2012), I discussed how important it was for boards to make a step change in how they engaged with risk. That seems to be well accepted, but the real problem now lies in answering a crucial question: “What do we do about it?” Current evidence shows that boards and their organisations are still getting tripped up by “risk events” that result in a range of serious consequences, including loss of trust and reputation, as well as financial costs. You don’t have to look too hard to find examples, such as the Libor fixing scandal, the discovery of horsemeat in burgers, News International’s mobile-phone hacking and the technical problems afflicting the Boeing Dreamliner, to name but a few. No sector is immune. Two of the biggest media stories in the UK over the past year have involved major public-sector organisations – the BBC’s handling of a celebrity paedophile over many years and the failure of a hospital to care for its patients. It would be wonderful to share the risk governance tool or framework that would help boards and executive management address risk systematically at board level – and in a way that provided them with some assurance that even if things still went wrong, they could demonstrate that they had made reasonable and understandable efforts in the circumstances. This would at least provide some protection from the severe reputational consequences that

are such a feature of corporate scandals. The bad news is that while there have been significant developments in risk management practice over the past 20 years or so with the introduction of frameworks such as COSO Enterprise Risk Management, there is little out there aimed at risk governance. The good news is that research by the Cass Business School on behalf of Airmic provides some strong clues as to the type of risk issues that need to be handled at board level, helping us to develop the right solutions. The report, “Roads to Ruin – a Study of Major Risk Events: Their Origins, Impacts and Implications”, investigated 18 high-profile cases over the past decade, involving companies such as BP, Airbus and Enron, and identified seven key issues that are described as dangerous underlying risks that caused the crises. The crucial point about these underlying risks is that they are in addition to those that typically appear on risk registers. What they have in common is that they relate to the behaviour of the board itself. For example, inadequate leadership ethos and culture. In other words, the board is both a mitigator and a source of risk. Perhaps the most serious cause of failure is the existence of a “glass ceiling” that restricts the communication of risk information to the board. Translating these findings into practical tools is challenging, but the rest of this article reviews some of the approaches we are taking, together with the questions and issues that are emerging along the way.

This forms part of CIMA’s work with the Tomorrow’s Good Governance Forum, which will be launching a new report, “The Boardroom and Risk”, in June.


While it is accepted that the board needs to set the high-level risk policies, such as risk appetite and risk culture, the water starts getting rather muddy when questions arise about which risks the board should focus on, how much information it should have and what it actually needs to discuss. We’ve already seen from the “Roads to Ruin” work that behavioural risks need to be factored into the equation. But where does the board draw the line between its responsibility versus that of the management? One view is that boards should focus on strategic risk, while management does the operational “stuff”. But this does not always help. For example, the BP Deepwater Horizon incident was a major “risk event”. Although it was related to operational issues, you could not argue that it was of no interest to the board. The fundamental principle is that boards need to determine what risks are material in terms of their impacts. In its 2011 “Boards and Risk” paper, the UK Financial Reporting Council (FRC) indicated that “boards must focus especially on the risks capable of undermining the strategy or long-term viability of the organisation, or damaging reputation”. So if we take the BP example, it becomes clear this was »


Excellence in Leadership | Issue 1, 2013

an example of a major risk event that had a significant impact on reputation, thus falling within the board’s area of interest. The key thing here is to identify material risks in the context of the specific business – and perhaps even more importantly, understand how they connect with each other. The board can really add value by seeing risks from this broader perspective.


This was the accusation levelled at the former BBC director-general in his handling of the Newsnight crisis, but it could equally apply to those boards that have failed to ward off trouble. The real value that a skilled board can add is to discuss, debate, ask questions and constructively challenge management about risks and opportunities. The board information pack should have this in mind. So while it is essential that the board has sight of the risk register for reference, it also needs a very focused report that helps the board to grasp the material changes since the last meeting and provokes discussion and questions on what might have been missed. CIMA is currently trialling a framework that does just this and intends to launch it later this year. A key finding so far is that the process of preparing information in this format is a challenging but constructive discipline for executive management in terms of the questions posed to them. This recognition of the need to facilitate discussion is also acknowledged by the FRC; in its forthcoming review of its guidance on internal control (often referred to as the Turnbull guidance), it has signalled its intention not to make detailed prescriptions, but instead to flag issues in a way that makes boards and management think intelligently about risk. A valuable exercise is to appraise existing risk information that goes to the board in terms of how well it passes the “curiosity” test. For example, does it contribute to a meaningful, strategic discussion? Does

it provoke challenging questions? If the answer is no, it might be time to review the format. Our experience so far shows that a good first step is to streamline the information on the “less is more” principle.


In terms of the risks that threaten the long-term viability of the organisation, the board needs to consider the big global risks. In recent months, I had the opportunity to listen to the UK government’s chief scientific officer, Professor Sir John Beddington, at the Institute of Risk Management’s annual lecture. He gave the audience a glimpse into how governments deal with risks such as pandemics, volcanic eruptions, antibiotic resistance and severe space weather. Covering similar territory is the World Economic Forum (WEF) “Global Risks Report 2013”. It is well worth a look as part of your environmental scanning process. The striking and consistent point that emerged from each was that many of the individual risks have not actually changed very much. What really matters – and therefore what really needs to be understood – is how these risks interact with each other to create novel risks. A further challenge is translating such information into practical responses at an organisational level. These are such major risks that an organisation cannot deal with them single-handedly. On the other hand, ignoring them is not appropriate either. John Scott, chief risk officer of Zürich Global Corporate and one of the authors of the WEF report, illustrated how this can be done for the key scenarios in this year’s WEF report at a recent presentation to the Tomorrow’s Good Governance Forum. Digital fires in a hyperconnected world – this case refers to cyber risk, critical information infrastructure failures and the viral spread of information – or misinformation. The origin may be organised crime seeking financial

gain, or governments trying to obtain intellectual property. Business response – focus on the practical with emphasis on data privacy and security. Even simple steps like a clear desk policy can be valuable to prevent loss of information. The dangers of hubris on human health – the key issues here are pandemics and antibiotic resistance. Business response – while it is clearly beyond the capacity of individual companies to come up with measures such as incentives to reduce overuse, what they can do is focus on business continuity planning. Testing economic and environmental resilience – this was by far the most complex set of circumstances, bringing together stresses on the global economic system and the environmental system. Business response – with a broader set of triggers, this one is by far the most challenging for an individual organisation to handle. However, an important first step is to invest in scenario planning, using such resources as the WEF report as part of strategic planning, simply to get a handle on how supply chains and other aspects of the business might be affected. The essential task for the board here is to provide the external “eyes and ears” of the organisation and ensure that these macro risks are on the radar. Risk governance is a multi-faceted task, incorporating the setting of the right policies and tone from the top, risk identification and mitigation, monitoring and assurance and crisis management. An essential aspect of this is for the board to have clarity over which risks it should be focusing on; this should then drive the provision of the right information to support meaningful board debate.


Excellence in Leadership | Issue 1, 2013

Rooting out corruption Corrupt behaviour in any organisation represents a threat to both its bottom line and its reputation. Tanya Barman, head of ethics at CIMA, examines whether firms are doing enough to protect themselves against the risks of corruption


Excellence in Leadership | Issue 1, 2013


tudies by the World Bank have found that “the business sector grows significantly faster where corruption is lower and property rights and the rule of law is safeguarded. On average, it can make a difference of about 3 per cent per year in annual growth for

the enterprises.” From a risk perspective, bribery and corruption exposes organisations to costs elsewhere in the business model. Once you are party to corruption, you’ll find yourself caught in an ever-increasing pattern of off-book payments. Furthermore, the repercussions of being caught out are significant. Being found as corrupt not only puts severe dents in your bottom line, it also has long-term reputational costs when it comes to dealing with partners, customers and employees. Anti-bribery legislation is increasing globally, as are the fines. A review of recent cases in the United States brought under the Foreign Corrupt Practices Act (FCPA) shows an increase in international reach and the number of cases being brought to court, as well as some eyewatering, multi-million-dollar fines and settlements. Some of these cases involve personal criminal charges that have resulted in a prison sentence – in 2011, one executive was sentenced to a record 15 years. The upside is a lot of time to reflect on a different course of action. Here’s a ranking of the fines and settlements involving companies that you may not wish to feature in:

The top ten corporate offenders Siemens (Germany): $800m in 2008 KBR/Halliburton (USA): $579m in 2009 BAE (UK): $400m in 2010 Snamprogetti Netherlands BV/ENI SpA (Holland/ Italy): $365m in 2010 5 Technip SA (France): $338m in 2010 6 JGC Corporation (Japan): $218.8m in 2011 7 Daimler AG (Germany): $185m in 2010 8 Alcatel-Lucent (France): $137m in 2010 9 Magyar Telekom /Deutsche Telekom (Hungary/ Germany): $95m in 2011 10 Panalpina (Switzerland): $81.8m in 2010

Photography: Getty Images

1 2 3 4

Source: Listed by Richard L Cassin in the FCPA blog pages at the end of December 2011

TANYA BARMAN Barman is responsible for CIMA’s ethics and responsible business policy strategy and programme for its members and students.

INFO Further information and links to support, information and case studies in relation to mitigating bribery and corruption risks are available at: - bribery - helplines - unglobalcompact. org - -

Similar to the FCPA, the UK’s Bribery Act, introduced in 2011, makes it illegal to offer or receive bribes. Importantly, it also includes a new offence of failing to prevent bribery, for which the company is liable if an employee, or even a third party, pays or receives a bribe. Policies based on “box-ticking” will not be enough as companies will have to prove they have “adequate procedures” in place to prevent bribery, such as training for staff, risk assessments and promoting an anti-corruption culture with clear leadership from the top. Despite this, a recent poll of procurement managers and directors of companies of various sizes across the UK by the FIDS (Fraud, Investigations and Disputes Services) team at Ernst & Young found that only 56 per cent had heard of the Bribery Act. And of those, only just over half (52 per cent) actually vetted suppliers to ensure they had suitable anti-bribery policies in place. As corruption is most likely to be carried out by third parties, intermediaries or agents, that’s a lot of risk. On the flip side, GoodCorporation, which works globally with companies on anti-corruption programmes, is finding that supply chain and procurement risks are being monitored more meticulously. Furthermore, some firms are taking extreme measures to protect their businesses, severing relationships with higher-risk third parties or even pulling out of countries that have high levels of corrupt practices. Although there have been no high-profile global cases brought under the UK Bribery Act to date, there are reports of higher self-reporting once internal bad practice has been uncovered. The Serious Fraud Office has revealed that the number of companies selfreporting themselves in relation to bribery has risen from two in 2010, to seven in 2011 to 12 in the fiscal year ending 31 March 2012. In recognition of the overall cost to business, the wider economy and society of corrupt practices, principle ten of the United Nations Global Compact is: “Businesses should work against corruption in all its forms, including extortion and bribery.” UNGC has plenty of resources available to help you to drive anti-corruption initiatives through your business and supply chain. And you wouldn’t want to be remembered as being associated with the first significant settlement under the UK Bribery Act, would you?


Partners to the business Many organisations now claim their finance function is a ‘business partner’. But what does the term really mean, and how does finance ensure it is contributing to the big decisions? Arif Kamal, FD of GL Hearn, Vicky Godliman, FD at Trustmarque Solutions, and Peter Harris, co-founder of Hotel Chocolat, explain how it works in their businesses…


Excellence in Leadership | Issue 1, 2013



FD, GL Hearn

Photography: Getty Images

have been in the business a long time and when I joined finance was largely seen as a support service sitting on the sidelines, mainly to provide information to the wider business. That has changed in the past five years and finance has found itself much more a player on the pitch, rather than just watching from the sidelines. That required a cultural change within the business and it wasn’t easy for everyone to accept. When finance became an equal partner in the process – helping teams to decide on the best course of action to take – that was a new thing for many people. And it was driven by a number of different factors. There was a perception in the business that while managers were making decisions when it came to the outcomes, finance just came in to pick up the pieces; but when finance got involved from the start, then blame or credit could be shared equally. So the push came from the business for finance to be more proactive and involved, and at the same time there was a big push from my finance team to help the business make critical decisions. The team here definitely want to be involved. They no longer feel they are a support function, but a fully fledged part of the strategic engine of the business. They want and need to be involved in those discussions. And there are benefits. From our point of view, even when you’re recruiting a team to handle a project, you might start by looking at the technical expertise that is needed. But we’re now looking at the implications of cost and the allocation of central overheads and finance costs – the whole picture. Finance can bring a unique perspective to that – it is the only function that understands the whole spectrum

of the business and can advise on what is the best course of action. So that’s a key benefit; when decisions are made, finance is not coming from a silo, but with a broad view to the whole health of the business. We now have a protocol that all decisions need finance’s input. And our group FC is heavily involved in meeting with the business units, usually on a monthly basis, in order to understand what they’re doing, as well as helping them with forecasting and planning. And those actions are all being taken with a view to reducing cost. It has almost become a “finance buddy” system. There has been the perception that by allowing finance teams into decision-making roles outside finance you are eroding the importance of challenges coming from the finance function, that it “goes native”. There can be a bit of that, because if you’re involved in the development and then the decision-making, it’s probably going to be hard to provide an effective challenge. We get round that by having certain members of the finance function helping business units out, but overall responsibility lies with the FD, who has the opportunity to critique and challenge at any time. I can ask how and why those decisions have been made. And that’s why I feel that an FD has to have a hands-off approach, to look at the bigger picture and stay out of the nitty-gritty. I’ve developed team members to take on a business partnership role and that’s a good thing. They improve and grow in confidence, as does the FD, who gets a sense of achievement as well. For newcomers, we tell them we expect them to get out there and be a business partner – you can’t just sit in the finance team and not influence and get involved in the wider business. »


‘I’ve developed team members to take on a business partnership role and that’s a good thing’


Excellence in Leadership | Issue 1, 2013



FD, Trustmarque Solutions

few years ago I learned a good lesson from a colleague; he always used to say that when you are making a decision you should balance the worst that can happen with the upside. He encouraged me to consider the impact on all parties and that’s how I encourage my team to approach any kind of decisionmaking process. Usually, it falls to the finance team to gather the facts, assess the situation and to obtain the key information required to be able to make a decision. The most important aspect is then to actually make a decision. Finance roles are becoming more generalist, at times you’re more of a business adviser and partner than specifically focusing exclusively on finance. As an FD I get lots of questions of a more general business nature and that means, for me and my team, commercial awareness is a key attribute. When I’m recruiting into the team I always look for that corporate background and commercial awareness – it’s definitely something that sets you apart and gives

you the confidence to be able to make decisions. Good people who are ready to play that business adviser role are hard to find. As I have said, I will always support the team in the decision that they make. As long as they’ve done it with my guidance and coaching, and done what they’ve believed to be the right thing to do, then that’s fine. Ultimately, it’s all about finding the people who are prepared to make a decision without being reckless. At Trustmarque, we have 17 people in the finance team and there are only four who have any kind of finance qualification. The rest have a broad range of experience, from procurement to credit management, across a broad industry spectrum. Rather than just looking for people who have completed their studies and are, on paper, qualified, we consider whether they have the experience and the commercial awareness to be able to adapt and thrive in a business like this. The finance team are instrumental within the business in developing a better approach and providing the business with the support it needs in a rapidly changing environment. »

‘It’s all about finding the people who are prepared to make a decision without being reckless’



Excellence in Leadership | Issue 1, 2013



Co-founder, Hotel Chocolat he expression “back to the floor” is one we use here and it’s very important. We encourage people from across the business to visit the retail stores so that they are better able to understand the pressures on those on the front line. We make sure that happens on a regular basis and pay particular attention to encourage finance team members to get out of the office at busy times so that they can get a clear view of what the people working in the shops are facing. When they do that, they always come back motivated. The central element here is the importance of understanding what pressures others in the business are facing. Working in the shop is just the most visible way of gaining that understanding. We need our finance function to understand how we as a business interact with our customers, what they want from us and how we serve them. I think, having run it for a while, that both sides benefit from the programme. It tells the finance team member what a customer-facing business is all about. And for the retail, developing a direct relationship with the finance team creates a better bond and team-oriented atmosphere. They become a person rather than a person down the phone or the sender of an email.

I think it’s sometimes true that back office staff in general, and finance in particular, can lose sight of what it is the business really does, which is to deliver great products and service to the customers. So in addition to understanding the non-financial aspects of the business, they get out there, serve the customers and talk to the store staff about what they need and what motivates them. Within that, there are more specific issues that finance needs to understand and play a partnership role. For example, how each individual store interacts with the business and what they need from us at head office. And it shows up quickly – if we are asking the stores to do something cumbersome or time-consuming then we need to know about it. I think it’s important for me to get a structure in place to make sure that the business partnering efforts happen in a regular and worthwhile way. By going back to the floor, we are really getting under the skin of the business. I don’t subscribe to the stereotypical view of finance as a unit that prevents things happening. We want to see all parts of the business – design, marketing, procurement, whatever – understanding the importance of the customer interface. Finance are just as much a part of that – they’re no more difficult to encourage out of their unit. In fact, many of our finance people are among the keenest to break out of the boundaries that are traditionally put in place and to develop a better understanding of what we do generally.

‘We encourage people from across the business to visit our retail stores’



Excellence in Leadership | Issue 1, 2013


Ethics: cost or return

Anti-bribery law

Habits for a more productive finance team

7 May Milton Keynes

23 May Haydock

12 June Edinburgh

With an increased focus on the ethical conduct of business and the importance of reputation and risk, management accountants need to be aware of guiding their organisations in the right direction.

This presentation will cover recent topics in anti-bribery law and how they can be enforced in your organisation.

This event will introduce you to strategies to address some common issues in, but not exclusive to, the finance function. These tactics offer significant yet small changes to kick-start more output. eastmidlandsandeastanglia northwestenglandandnorthwales

Further events CIMA CPD Summer Academy London, 5-6 June This two-day event is designed to help finance professionals maximise their CPD learning and also provides an opportunity to network with peers. It will cover a range of topics, including updates in strategic management accounting and IFRS, a skills and talents session to boost your career and a sustainability workshop.

The past, present and future of the Welsh economy (joint event with AAT) Caerphilly, 12 June This event will be held in the magnificent Great Hall of Caerphilly Castle and will feature talks on the past, present and future of finance and the economy in Wales. southwestenglandandsouthwales

Who cares wins: corporate social responsibility (CSR) – (joint event with IoD and Aston Business School) Birmingham, 19 June Learn more about CSR and how other organisations create and implement their corporate social responsibility policies that make an impact.


Excellence in Leadership | Issue 1, 2013



Photography: Plainpicture

Our next edition of Excellence in Leadership will feature comment and analysis from a host of global CFOs and other senior finance professionals on the strategies that drive their organisations – and how those strategies are implemented


Excellence in Leadership | Issue 1, 2013

CIMA offices CIMA Corporate Centre 26 Chapter Street, London SW1P 4NP Tel: +44 (0) 20 8849 2251 Email: CIMA Australia Paul Turner: country manager 5 Hunter Street, Sydney, NSW 2000, Australia Tel: +61 (0)2 9376 9902 Email: CIMA Bangladesh Zareef Tamanna Matin: manager Suite-309, RM Center (3rd Floor), 101 Gulshan Avenue, Dhaka-1212, Bangladesh Tel: +8802 8815724 +8802 8816306 Email: Zareef.Matin CIMA Botswana Moses Sikwila: country manager Plot 50374, Block 3 1st Floor, Southern Wing, Fairgrounds Financial Centre, Gaborone, Botswana Tel: +267 395 2362 Email: gaborone CIMA China: Head Office Li Ying Vicky: regional director Unit 1508A 15th Floor, AZIA Center, 1233 Lujiazui Ring Road, Pudong, Shanghai, PRC. 200120 Tel: +86 (0)21 6160 1558 Email: infochina CIMA China: Beijing Xina Zhang: manager Room 605, 6/F Guangming Hotel, 42 Liangmaqiao Road, Chaoyang District, Beijing 100004 Tel: +86 (0)10 8441 8811 Email: Beijing@ CIMA China: Chongqing Flora Hu: manager Room 2107, Tower 4, Chongqing Tiandi, No. 56, Ruitian Road, Hua Long Qiao, Yuzhong District, Chongqing 400010 Tel: +86 (0)23 6371 3538 Email: Infochina CIMA China: Guangzhou Ivy Ou: manager

Room C, 5th Floor, 293 Middle Guangzhou Avenue, Guangzhou 510600, P.R. China Tel: +86 (0)20 87360960 CIMA China: Shenzhen Eric Pan: manager Room 1121, Tower A, International Chamber of Commerce, Fuhua Yi Lu, Futian District, Shenzhen 518048 Tel: +86 (0)755 8293 1445 Email: Shenzhen CIMA Ghana Paul Aninakwah: country manager 3rd Floor, Ayele Building, IPS/ATTRACO Road, Madina, Accra, Ghana Tel: +233 (0)30 2543283 Email: accra CIMA Hong Kong Damian Yip: director Suite 2005, 20th Floor, Tower One, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong Tel: +852 (0)2511 2003 Email: hongkong CIMA India Arati Porwal: chief representative Unit 1-A-1, 3rd Floor, Vibgyor Towers, C-62, G Block, Bandra Kurla Complex, Bandra (East), Mumbai - 400 051, India Tel: +91 22 42370100 Email: CIMA Ireland Denis McCarthy: director 5th floor, Block E, Iveagh Court, Harcourt Road, Dublin 2, Ireland Tel: +353 (0)1 6430400 Email: CIMA Malaysia: Head Office Irene Teng: regional director Venkkat Ramanan: head of CIMA Malaysia Lots 1.05, Level 1, KPMG Tower, 8 First Avenue, Bandar Utama, 47800 Petaling Jaya, Selangor Darul Ehsan, Malaysia Tel: +60 (0)3 77 230 230/232 Email: kualalumpur CIMA Malaysia: Penang Tan Chiew Ann: manager Suite 12-04A, 12th Floor Menara Boustead Penang, No. 39 Jalan Sultan Ahmad Shah, 10050 Penang, Malaysia Tel: +60 (0) 4 226 7488/8488 Email:

CIMA Malaysia: Sarawak Doreen Tan, manager Sublot 315, 1st Floor, No. 21 Jalan Bukit Mata, 93100 Kuching, Sarawak, Malaysia Tel: +6082 233 136 Email: CIMA Middle East Geetu Ahuja: regional head Office E01, 1st Floor, Block 3, PO Box: 502221, Dubai Knowledge Village, Al Sofouh Road, Dubai - UAE Tel: +9714 4347370 Email: middleeast CIMA Nigeria Musliu Olajide: manager Landmark Virtual Office, 5th Floor, Mulliner Towers, (former NNPC Building) 39 Alfred Rewane Road, Ikoyi, Lagos, Nigeria Tel: +234-1 4638353 (ext 518) Email: lagos

Kenya Email: gmathesh@

CIMA Singapore Shavonne Sim: manager 3 Phillip Street, Commerce Point, Level 19, Singapore 048693 Tel: +65 68248252 Email: singapore CIMA South Africa Zahra Cassim: country head 1st Floor, 198 Oxford Road, Illovo 2196, South Africa Tel: +27 11 788 8723 Email: johannesburg

CIMA Pakistan Javaria Hassan: country manager No.201, 2nd Floor, Business Arcade, Plot No. 27-A, Block-6 PECHS, Shahra-e-faisal, Karachi, Pakistan Tel: +92 21 3432 2387/89 Email: pakistan

CIMA Sri Lanka Bradley Emerson: regional director Radley Stephen: country head 356 Elvitigala, Mawatha, Colombo 05, Sri Lanka Tel: +94 (0) 11 250 3880 Email: colombo

CIMA Pakistan: Lahore Sahar Saqiq: manager Flat No: 1,2-1st Floor, Front Block-3, Awami Complex at 1-4, Usman Block, New Garden Town, Lahore, Pakistan Tel: +92 42 35940311-16

CIMA Sri Lanka: Kandy Roshini Wirasinghe: manager 229 Peradeniya Road, Kandy, Sri Lanka Tel: +94 (0) 81 222 7883 Email: kandy

CIMA Pakistan: Islamabad Zunaira Riaz: manager 1st Floor, Rehman Chambers, Fazal-e-Haq Road, Blue Area, Islamabad Tel: + 92 51 2605701-6

CIMA UK David Rowsby: regional director 26 Chapter Street, London SW1P 4NP Tel: +44 (0) 20 8849 2251 Email:

CIMA Poland Jakub Bejnarowicz: country manager Warsaw Financial Centre, 11th Floor, ul. Emilii Plater 53, 00-113 Warsaw, Poland Tel: +48 22 528 6651 Email: poland CIMA Russia Fiona Harvey: director

CIMA contacts: Canada Tel: +905 553 0346 Email: members@

Office 4009, 4th Floor, Moscow 105064, Russian Federation Tel: +7495 967 93 28 Email: russia

New Zealand Tel: +64(0)48017132 Email:

CIMA Zambia Kennedy Msusa: country manager 6053 Sibweni Road, Northmead, Lusaka, Zambia Tel: +260 (211) 290 219 Email: lusaka

Excellence in Leadership April 2013  
Excellence in Leadership April 2013  

Excellence in Leadership April 2013