Operationalizing your compliance program requires rigor around risk management. This means moving beyond simple risk assessments into a full risk management process. This is a three-step process of forecasting, risk assessment and risk-based monitoring. Many compliance practitioners fail to begin the risk management process with the critical step of forecasting.
At its heart, every business tries to plan for its future. It is a critical aspect of any management of any organization, non-profits, privately owned and of course, publicly traded companies. It is important that management be able to set out what it opines will happen in the next three, six, twelve and twenty-four months. Noted health care process expert Ben Locwin has said this “is really something that the businesses try to wrap their heads around in such a way that they can shunt resources where they think is appropriate in order to meet these future demands. Forecasting really at its heart is an educated guess and really as much as it becomes a reliable model more so and less so a guess, is based on the quality of the input data.” It is a process through which you are attempting to “prognosticate what the future will bring to you”. Unfortunately, forecast models are only as good as the data which are put into them or the GIGO (Garbage In, Garbage Out) Principal.
Locwin said that forecasting “should be broadly defined as a technique to estimate future aspects of any sort of business or operation.” He divided forecasting methods into two major categories; qualitative and quantitative. While both methods use past or historical data, in the quantitative method, “you would use time series analysis, for example, to see how certain trends appear in the data in the past.” Contrasting the qualitative method, which Locwin said is “a more subjective, and you’re using less collective data which has been, let’s say, put into some sort of time series plot. It could be finances fluctuating over time or maybe it’s various incidences. In the context of anti-corruption compliance specifically, this would include various instances of bribery and corruption that have been occurring. How would you document these over time? When were there spikes? Those spikes, related to what types of actions by your organization?”
Under either approach whether you are using the qualitative or quantitative method for forecasting, Locwin noted “what you’re really trying to do is say that, “We expect that the trends that we’ve seen will be somewhat predictive of future behavior.” Otherwise, if you don’t consider that past behavior is in some ways indicative of future performance, you would not engage in any forecasting whatsoever.”
Forecasting typically will raise risks (and opportunities) which you might consider going forward. However, it does not assess or monitor these risks. Those are handled by risk assessments and risk monitoring. Locwin cautioned that simply because something is forecast does not mean will occur. He cited to Nobel winning physicist Niels Bohr for the following, “Prediction is difficult, especially about the future.” Locwin went on further to explain, “Whenever you’re trying to say how something will go, really the best you can do is try to look at past data and try to say what’s going to happen with that. In my prior probabilities, my prior knowledge tells me this, and therefore what will that mean for the final outcome?”
This last point led Locwin noted “what we can all do as an industry in order to insulate ourselves from overly adverse outcomes is to be more agile and adaptable in how we respond to the changes that are coming. Standing immutable behind hardline policies can make the necessary operational changes difficult to absorb and lead to more variance and extended costs in the long run. This concept is known as anti-fragility, where the idea isn’t to become more impervious to change and market forces, but to be more adaptable to these changes. The ancient philosopher Heraclitus of Ephesus said, “Change is the only constant.” This is true in pharma as well. Closing our eyes, covering our ears and hoping the changes will pass us over are not viable strategies. However, expecting the change and being adaptable and resilient to its effects are strategies for success. Just ask Charles Darwin.”
So while today’s lesson on risk in compliance begins with forecasting you should consider the research by Guy Mayraz, who ran a series of experiments at Oxford University’s Experimental Social Science center. The first lesson is the bias towards predicting what people hope will happen. If you want your business to increase, you have to believe your transaction/investment/deal will always make m oney. After all, have you have ever seen a business plan that was designed to lose money?
The second lesson derived from Phillip Tetler’s the Good Judgment Project and almost sounds like someone channeled their inner Howard Sklar and his maxim of “Water is Wet”. It is that “self-critical, open-minded forecasters do a better job than narrow-minded overconfident ones.” He goes on to further note that dwelling on our own fallibility is not something people do very well; whether it involves hanging out with our friends or on cable news. The result is that “Confident, eye-catching forecasts are the snack food of analysis”. Unfortunately, this is even more true in the business world.
Finally, forecasters must always remember that more than one outcome is possible. A strong possibility may be a possibility but it is not a certainty. One way to overcome this bias is to develop alternative scenarios. Richard Lummis, host of the podcast 12 O’Clock High-a podcast on business leadership has called this the “devil’s advocate” role at the business planning table and that every scenario-planner should create at least two contradictory alternatives to their rosier, positive scenario. Super forecaster Tetlock has noted that “Superforecasting Requires “Counterfactualizing””.
The ultimate point is that in any forecast there must be preparedness for contra-events. Elizabeth Holmes, founder of Theranos, famously said that if you have a Plan B as a back-up, you have already lost. I find that to be worse than not helpful in any setting, particularly the business setting. No matter what your forecasting or scenario planning model shows, prepare for other results. For any Board of Directors overseeing a compliance program or managing any type of risk, it all begins by asking questions.
Three Key Takeaways
- Risk management is a process and forecasting is the first step in that process.
- GIGO and the only constant is change.
- Forecasters must always remember that more than one outcome is possible.
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.