At the conclusion of the 2014 FIFA World Cup matches in Brazil, I wrote an article about the complexity of the system used to qualify teams for play in the World Cup. Little did I know that the arcane system used to determine how teams accumulate points that establish who plays in the tournament was the tip of the iceberg of corruption in international soccer!
There are a few points in the article that point out that FIFA had a systemic problem with corruption. First, the system for selecting teams required an advanced degree in algebraic equations. Complexity is frequently a sign that something is amiss, symptomatic of either poor management controls or a façade of credibility. Ironically, the teams advance to the final championship games through these grueling mathematical gymnastics with grace and dignity, even though the choice of the final competitors who play for the World Cup may be drawn by lots thrown into a hat!
On June 2, 2015, Sepp Blatter, the 17-year president of FIFA, stepped down, just days after winning a new term to lead the scandal-ridden organization. FIFA has now joined the ranks of Tyco, Enron and many other institutions whose reputation and credibility has been ruined because of fraud and corruption.
Given the frequency and longevity of fraudulent behavior apparent in large institutions and the common practice of relegating fiduciary responsibility to staffers with little to no control in preventing and managing enterprise risk, it sure feels like senior executives are looking out for their own self-interest.
The lesson that I drew in the previous article is that complexity does not make a risk management program more effective. In fact, complexity prevents the real problems from bubbling to the surface because organizations are too buried in administrative minutia to have real conversations about the behaviors that lead to fraud and corruption.
Activity does not equal better outcomes! Have the risk management community and regulators who oversee large institutions become blind to real risk because of a focus on an impressive array of FIFA-like systems that hide the real problem? We pride ourselves on the three lines of defense and enterprise risk frameworks, but miss the real problem. Humans behaving badly!