Insights
Why does every Global 2000 Company not have an Enterprise Mission Control Centre for the Board and Executive Team?
By Tim O’Hanlon
PART 1: CONSULTING
In my opening post to welcome members to this group, I spoke about being an engineer and the incredible controls built into the bridge of a super tanker, the cockpit of an airbus or mission control for space exploration. Decades ago, I was part of Naval Logistics Command, straight after I qualified, and experienced the sophisticated engineering that went into the command-and-control side of the warships that were maintained in Simonstown dockyard.
So, why doesn’t every Global 2000 company have a mission control for the boardroom with sophisticated engineering for command-and-control purposes? Here are some observations I would like to make about this question:
Firstly, I’m sure these companies have what they believe is a command-and-control capability that works fine but I would hazard a guess that it is not fit for purpose knowing what I do and this is what I want to share with this group. In my follow-up posts I want to unpack the specification I have worked on for nearly a decade that I believe is needed. I want to look under the bonnet and get the thoughts of group members about this.
There are plenty of reasons that the benchmark for optimum boardroom command-and-control falls short. The specification I want to share in future posts has 7 pillars and 42 workstreams. I would equate this in agile terms to 7 portfolios and 42 theme teams if we were looking at digitising the full solution. Now assume that these 7 portfolios required a budget of £50 million over 5 years to set up the platform, design the integrated data architecture and build the functionality. Budget-wise I am probably way off the mark but it illustrates that you need deep pockets and a long-term view if it is to see the light of day.
Is this why none of the global consulting companies have done this? Their focus is on short term targets to keep their stakeholders happy. Nothing focusses the mind of boards and executives more than annual results. There’s a lot at stake – executive incentives, shareholder behaviour, analyst reports, media coverage, etc. That’s what we must find a solution to overcome.
These companies must surely know that every solution they have delivered from the subprime crisis onwards is adding to the command-and-control overhead because none of it gets fully integrated into a proper “mission control.” From Reg-Tech, to Fin-Tech to GRC-Tech to ESG-Tech, it just goes on and on building silos for boardrooms to try and keep a lid on.
One of the global consulting companies says on their website “We help clients set strategies in motion that unify business and technology architectures, generate growth and enable competitive advantage.” The precursor to this statement is that the business architecture must first be sound before you enable it through technology. The business architecture of the boardroom is central here.
PART 2: REGULATORS & AUDITORS
It doesn’t help that regulators are not looking at the problem in a systemic way either. They too must surely know how many regulations are in the regulatory universe of the industries they are targeting and know the costs and growing challenges of complying with them. Surely, they must know that the unintended consequences of every regulation they add to that universe increases the risk of compromised command-and-control at board level.
At some point we must take a step back and ask ourselves if we have not reached the point of insanity here: doing the same things over and over and expecting a different result. Regulators and consulting companies must look at their target audience and start asking themselves the question: what is it we need to do differently in the future to create a sustainable, virtuous rather than vicious cycle for solving the boardroom challenges that we currently ignore and leave behind in our wake because of our preoccupation with short term results?
So, the growing millions of pages of regulations that are in circulation have no chance of being properly internalised and maintained by the regulators’ target audiences. Each regulation adds another burden to the command-and-control function unless it can be fully digitised, integrated and automated into the operating models in those companies that are impacted. To illustrate this in a future post, I would like to unpack the latest non-financial reporting requirements on climate change that were introduced in the Companies Act in April last year. There are 8 requirements that showcase how fragmented the approach will be without the correct integration into a carefully designed command-and-control structure for the boardroom.
Then there are the internal and external auditors who play a role here. Surely, at the heart of whatever you are auditing must be a command-and-control system and practices that are sound? So, what does this mean? I studied the Steinhoff failure where the chairman, Christo Wiese, personally lost four billion dollars in shareholder value through his CEO that spent over 7 years defrauding the company. When interviewed, the chairman was asked if he would have done anything different knowing what he does now and his response was that he had external auditors in the separate jurisdictions, he had his own internal auditors in the various companies, plus there were regulators and other stakeholders that did not pick it up.
So, how could he be blamed? Well, just like the reprogramming of the 737 MAX to stop future in-flight failures, at least they had a standard to base their assessments on and apply corrective action to. Unless we create a similar standard for command and control of the boardroom, the idea of zero defects through continuous improvement like Deming did for the Japanese car industry post WWII seems a long way off.
PART 3: RISK & COMPLIANCE
In Part 1, I covered the consulting companies that should look beyond the short-term delivery of results for their clients and shareholders. Their short-term preoccupation leaves boards and executive teams with siloed solutions that are not integrated into the command-and-control in the boardroom. Instead of each contract creating an opportunity to improve this architecture, it does the opposite by increasing cost, complexity and risk of boardroom governance.
In Part 2, I covered the role regulators and auditors play. Regulators, keep generating more regulations even though they know companies are battling with their overloaded regulatory universes. Boards and executive teams, keep hoping their auditors will pick up any major problems and that the perfect storm, made up of all the worst-case factors combining all at once, doesn’t hit the company on their watch. The problem is that auditors can’t assess boardroom governance if there is no universal benchmark for a command-and-control operation comprising a detailed, systemic, digital specification.
In Part 3, I want to talk briefly about the risk and compliance operations in these Global 2000 companies. They play an important role, along with audit, in combined assurance that is a key element of the compliance framework in all these companies.
I don’t like to talk about Three Lines of Defence as it is a highly reactive framework. As an engineer, I have always considered preventative maintenance and building in redundancy as the basis on which you achieve zero defects. It allows the aviation industry to have 32.2 million flights in 2022 with just five fatal accidents (IATA figures). That tells us that flying is among the safest activities we can engage in. I would like to see the boards and executive teams applying a similar approach.
Why? Obviously, having sustainable flight safety results guarantees ongoing demand from travellers who feel safe. So, getting the same results because of sound functioning boardrooms can only mean positive outcomes for everyone. Aside from the investment and delivery time to digitally transform the boardroom (see my earlier post), there are a lot of in-house challenges that the risk and compliance teams face that must be overcome if command-and-control is to achieve this kind of success.
I produced a video 4 years ago for clients to assess gaps. It covers the 17 challenges that I have dealt with over the years while driving large scale regulatory transformation programmes. I have provided a transcript of the body of this content under Insights: After viewing the challenges I’m sure you will agree that there is a lot that must be considered in the risk and compliance operations and they are only one of the seven pillars I cover in the blueprint for digital transformation of the boardroom.