The Real Cost of Failing to Report the Customer Franchise in Corporate Risk Registers
The business blindspot & the lost fuel of marketing maturity
Prologue
Not many of my readers will know that I spent a portion of my career advising companies on risk. From tech risk consultancy, and later leading the business risk advisory practice at the world’s largest broker, running behavioural risk research (where I first fell in love with behavioural economics) , through to managing a cyber security organisation; I spent a lot of time looking at how risk is managed. Or mismanaged. At one point I was contracted to teach Risk Governance to New Zealand’s Insitute of Company Directors. And I say this:
The governance or lack thereof, when it comes to the customer franchise is a monstrous blindspot for businesses. And, I reckon, it robs the marketing (and CX et al) profession of the fuel needed to foster maturity.
Violins or Hard Work
Let me start by saying what we already know. The functions of both executive leadership and corporate governance are uber hard.
Cue the violins.
I do apologise. It genuinely is hard. But then so much of business, is. We certainly grapple with Digital Darwinism far more than we ever did when the term was first coined by Schartz back in 1999. I get it. Boards are cautious. The epic pace of change in markets, supply chains, technologies, society, regulation, and the workforce, make company directorships a far less forgiving occupation than once upon a time.
But there would be far fewer references to violins in this piece if, for goodness sake, we didn’t keep shooting ourselves in the proverbial foot. And the foot, in this case, is our inability to transform the governance of our organisations, despite the constantly changing terrain that those organisations find themselves in.
Has there really been, despite all the literature about modern board compositions, that much of an evolution?
Aside from the gender inequality that still plagues both board and executive appointments, skills inequality looms equally large, as it has for years. It does occur to me by the way, that perhaps we can solve both at the same time…
In their article “Adapting your board to the digital age”, McKinsey makes the observation that:
Many directors are feeling outmatched by the ferocity of changing technology, emerging risks, and new competitors.
So when the diversity of knowledge and experience is so sparse, by stubborn design it seems, then the fundamental job of effective company governance is inherently undermined. The assessment of risk. The commercial balance. The structural integrity of value creation, and protection. The relevant instruments. All of it.
There is work to do.
Assessing Risk
At the board level, most organisations still assess risk, first and foremost, as and when it appears on the balance sheet. In other words, they have utterly abdicated their responsibility of managing it at all.
By the time a risk is presenting so materially in your organisation that you can read about it in your financials, the horse has not only bolted, but it is has married, raised its foals, and is sitting in a back paddock smoking a pipe and dreaming of his youth.
To offset, and yet compound, this most obvious of failings, many boards will then ask the executive to supply them with a “Top 10 Risk Report”.
And so, to fulfill process over function, executives will report 10 critical risks, irrespective of whether there were 10 risks assessed as critical, or whether there were 4, or whether there were 31. We see all kinds of silliness as a result, from under-reporting, over-reporting, combining multiple risks in one description, confusing the systems of control, and so on. Thus, a lot of corporate risk management is poor to start with.
But not always. In organisations that do know what they are doing, risks are identified, assessed, controlled, and treated from the bottom-up. The assessment process occurs at the inherent, controlled, and treated states, and based on how the organisation is calibrated in terms of its risk appetite (what it is willing to accept), and risk tolerance (what will end the business as it is known), the executive reports those risks that exceed the policy thresholds.
Wala! The executive and their management teams manage the operational risks, and those that become strategically material, are escalated for board oversight.
Not. Rocket. Science.
Contrary to this, what we saw in the GFC was a combination of disinterested boards intoxicated by exotic financial instruments, and that chose to confuse tolerance for appetite. A more common term to explain that to you your children is, greed.
And the world exploded.
So here we are. More than a decade on from the start of that crisis, and supposedly wiser. Yet, while it’s certainly true that many organisations are more risk-averse, that shouldn’t be confused with wisdom, because try as you may, you won’t often find a meaningful assessment of risk that supports their position; aggressive, conservative, or otherwise.
Instead, you will still see a minimalist mindset, management-speak gobble-de-gook, and hope that all will be well.
But hope ain’t a strategy.
Risk is good.
Not managing your risk is a dangerous leap.
_____________________
Evel Knievel
The Customer Franchise
So, if we understand that the practice of risk assessment is largely broken in large swathes of our biggest organisations, it should be no surprise that many don’t even bother to assess customer risks. At all.
You might get lucky, and find a ‘market risk’ assessment. But if you think that will mean actual customer intelligence to inform revenue security and the like, then your luck just ran out.
Trust me, I know. I used to conduct assessments for companies, and I can tell you that even accounting for external consultants' reports (some useful, some less so), it largely consists of round-table group-think akin to a psychologist’s case study in classical confirmation bias.
Data? As in real data? Generated by real customers? In their context? Nup. Never part of the equation.
Which is a great pity. Because if the customer franchise was governed properly, then many organizations would be so much more healthy, and I think, the marketing profession would be both held to a higher standard, be forced to mature as a consequence, and resourced significantly better too.
Basic Methodology
Now, there's an awful lot that goes into this, but I’ll touch briefly on one aspect. Applying decent criteria and mapping processes using the simple 5 x 5 risk matrix is commonplace in most forms of operational risk, and so should be for the customer franchise too.
That in itself is quite simplistic but is light years ahead of where most companies are at today. In a mature use of that model for the customer franchise, you might expect to see key criteria (used to make those assessments) include things like:
> Lifetime Customer Values
> Churn Propensity Rates
> Brand Sentiment
_ _ _
Personally, I’d like to see the customer franchise reported using a 5 by 10 matrix, instead of the typical 5 by 5 example above, which is constrained to dealing with only the adverse effects of a risk event.
This is because in many areas of business, when you manage risk well, it is not simply about mitigating consequences but about driving into positive outcomes. The customer franchise is perfect for this because inherently, we are trying to optimise for growth. After all, that’s what marketing and CX et al, are all about.
Get it wrong, we’ll see a decline in areas like conversion rates and loyalty. Get it right though, and we see increases in revenue, better income security, higher-value customers, greater repeat business, perhaps even advocacy, and so on.
In a 5 by 10 matrix, the X-axis is not only a range in severity (to the right), but also uses a range in favourability, to the left.
For example, if you have a risk of churn due to the inability to respond to a customer inquiry within a given time, the first goal might be one of neutrality (churn = 0 -1) through implementing the right controls, but after a set of treatments (more controls to enhance the outcome), the net gain may be increased spend.
> Inherent risk severity assessment: Major
> Controlled risk severity assessment: Insignificant
> Treated risk favourability assessment: Growth
Provides another lens on the 4 P’s don’t you think? You can already see the inputs to a business case, can’t you? And to controls that require marketing and CX technology, and maturity models, right?
If you don’t, you should. Here’s another example.
Governance Drives Maturity
Imagine for a moment, that brand sentiment in a key market, having been established as a lead risk indicator for revenue decline, was reported meaningfully to the company board on a routine basis.
Now imagine the flow on.
- Business cases for the leading tools around sentiment detection and journey analytics would flow as a controls investment
- Critical reviews of company conduct in core operations, and within campaigns and messaging, would be meaningful and penetrating
- The definition of “engagement” would require far more professional consideration than simple email open rates on unsolicited comms, as is so common
- The measurements of interaction success would demand deeper thought, analysis, and reporting models
I could go on. I bet you could too.
Certainly, the notion of a Customer, representing little more than a point-in-time transaction or a “conversion target” — and therefore increasing the risk of negative sentiment — would depreciate rapidly, and with it, those oh-so-common vanity metrics that offer no business value whatsoever.
And as a consequence, a lot of frankly BS product marketing promises from a heap of martech vendors would come in for a lot more scrutiny too.
***
Here’s The Key Message
The primary learning here is that when a professional discipline, critical to any business, is given due attention (not passing lip service) at the governance level, it natively demands more of the professionals involved.
And when that happens, those professions are forced to mature.
So there is a valid argument, I think, that so much of the immaturity in the marketing world, still mired as it is in an industrialized and transactional mindset borne of Henry Ford and co, is only allowed to continue because it does not yet have a seat at the grown-ups table. Not really.
Now, to be fair, I have spoken to company directors about their failure to govern the customer franchise, and they have argued in return, that they simply can’t rely on consistent inputs from the marketing department, in the same way, that they can from the accounting department. To be frank, that’s a piss weak excuse.
But it’s also true. And that’s on us.
Two Core Questions
Many in marketing and other customer proferssions understand that their work exists to serve the business imperative for growth, but very few understand the risks that threaten the growth objective.
The investments that they seek, and the tech that they desire, are almost never presented in terms that make sense in a risk/reward equation. And in fact, they rarely even assess digital capability from the perspective of an Objective, Risk, and Controls standpoint, which means that they are prone to following techy trends and populist spend decisions.
Sound familiar?
But while boardrooms remain mired in an old worldview, lacking both balance and subtance in key skills, they aren’t able to truly demand any better. They don’t evn know they need to. They are effectively, self-neutered.
End result? At the governance level, companies are playing Russian roulette with fundamentals like revenue security and sustainability.
I leave you with two core questions:
- Why are there not more marketing professors for example, active or retired, serving as non-executive directors?
- And why don’t we teach young marketing leaders, to convey customer strategy in the boardroom terms of risk and control?
Yes, there is work to do.
