When we go back to the legal origin of the phrase, we see that it’s the word ‘exception’ rather than ‘prove’ that causes some confusion. By exception, we usually mean 'something unusual, not following a rule'. What it means though is 'the act of leaving out or ignoring'.
In business, we spend a lot of time and money on creating rules including generating systems and processes, quality assurance, training, developing policies and instituting rules around governance. We do so as a protection against foreshadowed risks that may expose the business, the company and the directors to financial or (heaven forbid) incarceration penalties associated with “leaving out or ignoring” the possibility of an event that might occur if there were no rule to govern the likelihood of that event.
Today, despite significant reservations about the external regulatory environment, given risk, the pendulum has swung in favour of decisions being made to observe rules that protect against consequences of not having that rule, generally at an unjustifiable cost as against the perceived benefit.
For instance, an agency requires everyone to lodge a form to receive a benefit. You can set up a massive bureaucracy to check each form or you can implement a self-assessment process with appointed external expert agents, where acceptance is received with the caveat that audits will be conducted and heavy penalties apply if the form is incorrect. Managing risk does not necessarily mean that the system has to be ridiculously expensive or inefficient to cover off that risk.
Of course, every business needs to identify its 10 highest risks and weigh them as high, medium or low and then compare after conducting objective tests, those ratings against the assessed position. The question is, what operational or capital measures does the business need to take to mitigate that risk without unreasonably impacting on revenue targets and the cost of doing business?
If we begin implementing rules by or to cover off on the exception and make decisions which roadblock operational effectiveness and efficiencies, the business model can be negatively impacted to the point where competitiveness declines and business closure becomes imminent.
Conversely,we have seen businesses shut down because of poor behaviour and practice, which once discovered, destroyed that business. News of the World - the biggest selling UK newspaper in its day, is a good example of this. The paper printed as its core ‘food’ for public consumption, articles and reports that would be best described as scandal ridden. When it became known that these articles were based upon rampant phone hackings, the paper was abruptly shut down in July 2011.
This case study is at the extreme end of failure. Management failed to adopt a culture that embraced tried and true values, behaviours and governance. As the misconduct was systemic, it is clear there was a lack of independent measures that enabled identification and termination of the misconduct.
The impact of such a case on the business world, whether it be on board members, the executive or the company’s auditors has somewhat led to the establishment of new obstacles against risk taking. This is often the result of a knee-jerk reaction, infecting management processes and decisions and stifling sensible commercial practice. It is part of the human condition that places fear as the key driver for many decisions at Board and Executive level, even if the risk is, all things being equal, low.
Critical to mitigating risk without impeding business progress is the development of a value system which drives best practice in a framework founded on an ethical culture. If everyone adopts good corporate values, you can be less risk averse and arrive at decisions built on that five letter word, “trust”. It can take years to build a value system that represents a significant infrastructure of EQ inculcated into the business resulting in positive behaviours that minimise risk in a trusted environment.
Business owners and board members who feel less encumbered in their decision- making, based on calculated risk are often dragged back to ‘rule by exception’ through regulation by statutory organizations such as the Fair Work Commission, APRA, ASIC and the ATO. These days, just an announcement can produce the required effect but at what cost to productivity, investment decisions and economic prosperity? That is not to say that in a secular democracy, we do not need rules and regulations as a foundation for a safe, just and equitable society. Clearly we do, but the question is ‘to what degree?”
Once the exception becomes the rule, the economic impact can be very damaging.
Countries prepared to accept that 99.9% of entrepreneurs conduct their businesses with an innovation mindset and the pursuit of excellence will do better than those countries that build roadblocks by following a particular strict ideology . The adoption of such a system prevents best practice and sustainable growth. A good example of this is Mao Zedong and the Chinese “cultural revolution” that beside human misery destroyed the Chinese economy in the process.
Due to our dependence on technology, there is really no room to move but to employ risk software to defend the integrity of systems and data against the “new devil” – the hacker. Nevertheless, in order to operate with a degree of effectiveness within our 21st century modern society, we must avoid becoming paranoid about everything we do.
Sadly, credit card fraud has become almost an expectation these days and is a budgeted cost of operating a lending business. We all pay for this type of fraudulent behaviour in higher transaction costs, fees and interest charges.
Self-assessment is ultimately a better way to balance the needs of efficiency and positive outcomes instead of building fences against misconduct by creating complex and oppressive rules that support ‘the exception’. A good example of this is the introduction of self-assessment of tax returns by the ATO some years ago. The system is supported by registered tax agents and qualified accountants with rulings and audits, an important check and balance against any adverse consequences of the rule rather than the exception being the rule.
Of course, as services have come to dominate GDP in Australia, we tend not to think about equipment failure and other physical situations until they happen. A case in point is the tragic air disaster at Essendon airport (February 2017). Questions post the accident:
- Should they have built the DFO so close to the airport?
- Was the runway wide enough to cover off in an emergency situation?
- What happened with the plane and why couldn’t the plane land safely with one engine?
- Should we permanently close down the airport to prevent this happening again?
The bottom line is that insurance companies take premiums and their actuaries calculate future claims risk and yes, sadly and in some cases tragically, there are claims.
As difficult as it is to avoid an emotional response, we must avoid knee-jerk reactions that could lead to the closure of businesses and lost jobs arising from overregulation.
Measures to mitigate risk must be employed for sure. Calculated risk must be assessed objectively without destroying the motivation to take risk and make positive decisions that improve lives and generate success.
So next time you have to make a building-block decision or develop a business model, ask yourself this: Is there enough air to make this project or business successful by focusing on creating rules that advance the targeted outcome? Many will want to take the safe way out and merely pursue decisions that focus on the exception, with the purpose of eliminating risk, producing in all likelihood, an unsuccessful outcome.
Ultimately, I recommend that when contemplating that important business decision, have both sides in the room - the entrepreneur and the risk manager. Hopefully with the best rule you can go by - apply common sense, you will get the balance right for a win/win.