Corruption, Risk and Business Strategy. Which one manages the others?

by Richard Bistrong, Anti-Bribery Consultant & Speaker

Corruption, Risk and Business Strategy. Which one manages the others?Since I stared writing about issues relating to compliance at the front line of international business, I have found myself looking more and more at the role of business strategy as a significant foundation of anti-bribery compliance. It seems that with every enforcement action comes the to-be-expected rogue employee corporate statement “we don’t tolerate corruption, this was the work of (insert how many people engaged in bribery).” With few exceptions, such as the Chief Medical Officer of GSK who stated to Reuters that GSK might need to build a new sales model designed to “eliminate sharp marketing practices,” (link here to my post on GSK),  I have yet to hear a corporate pronouncement that says, (in so many words) “our business model is broke, and such corrupt behavior is an unintended consequence, we are going to fix it.”

As I started blogging about this subject, came an introduction by Charlie Helps, Senior Adviser at DAC Beachcroft LLP’s Governance Advisory Practice (link here), to Alan Kennedy, Author, The Alpha Strategies. At Charlie’s recommendation, I read Alpha, and having been a participant in numerous strategic planning sessions, with “top-shelf.” (read: high cost) facilitators, I was immediately impressed by the Alpha Model, just as I was unimpressed by previous “strategic planning” initiatives, which resulted in no meaningful change other than a number of action items which through attrition, melted away with strategic issues unaddressed. Sound familiar?

So, I asked Alan if he would not mind joining me for a Q and A, as perhaps providing value to those corporations and field level business groups that are confronting the dynamics of business strategy and corruption at the front lines of business. (the full Q and A is available via PDF by linking here).

RB: Hello Alan, and thank you for participating in this Q and A, So, first, what is the Alpha Strategy?

AK: Thank you for your kind words Richard, and the chance to speak to your audience. The Alpha Strategies is a new book on strategy, its structure and communication. It is available online,  We start by defining “strategy” as a choice of action rather than the more popular definition as “value creation” or “competitive advantage”. Using our simple definition, it becomes possible to see that there are 8 “choices” common to every business, be it for-profit or nonprofit. In other words, strategy can be seen as a system. The system consists of 8 strategies and 3 types of strategy.

RB: As I shared in my intro,  having to sit through what seemed like endless meetings with expensive facilitators who were supposed to make a dramatic impact on strategic thinking, only to have those concepts “melt away” over time, marked with a return to the “the normal,”  what makes Alpha different?

AK: What makes the Alpha model different is that it enables an understanding of the current strategy system of a business or nonprofit. Conventional approaches to strategic planning proceed immediately to tackle new strategy development after a cursory review, at best, of an organization’s current state. The conventional approach assumes that decision-makers already understand how existing strategy is being implemented and the challenges implementation is facing. But here’s the troublesome thing. Study after study shows this is simply not the case.

Boards and management do not understand current strategy! In the absence of a deep knowledge of existing strategy, strategic planning will fail. How can planners properly identify which strategies might need changing? What’s more, no one can explain the rationale for the proposed new strategies because they cannot relate them to the existing strategies. This means the strategic plan dies, unread and forgotten, in some folder on the shared drive while folks in the business lines get on with doing what they were doing before the new strategic plan came out. Or as you say, “all returns to normal”. Our model avoids this flaw by focusing first on the structure of the existing strategy system, not on strategy development. Once the existing system is well understood, it becomes much easier to identify the external factors most impacting the system.

RB: That makes a great deal of sense, after all, how can you know where you are going, if you don’t know the current state of affairs. Also, it would seem that if there is a fundamental flaw in strategy, including one that promotes or tolerates corruption, and you don’t take a look at current strategy, it goes undetected.

So, where does risk, in general, fit into the Alpha model?

AK: A relevant question, at a time when Boards are struggling with how to provide proper oversight to risk from issues such as cyber attacks, corruption, disruptive technologies and the looming prospect of protracted low growth. We take the position that risk is one of the 8 strategies found at the core of any business or nonprofit. As such, risk becomes a strategy to be managed. That’s the first difference with how we look at risk.

RB: I am not sure I understand?

AK: Conventional thinking tackles risk as an event beyond anyone’s control. This thinking completely disconnects risk, being an unacceptable event, from strategy, being choices of action. Since choices of action are the source of all risk, conventional thinking makes risk management very problematic. Consider this. A typical risk workshop today starts backwards with an identification of every possible risk that could impact the business. And then those risks are prioritized. But based on what, we ask? Our risk workshop begins with an identification of specific strategies. Once those strategies and the activities being undertaken to implement them are well understood, then it is possible to look at the risks attracted by each choice of action.

RB: So, what of corruption risk?

AK: With respect to your question on the “risk” of corruption, it is a risk typically associated with sales or procurement; thus, we would want to first understand how the sales folks are actually executing the sales process in their assigned territory and the challenges they face. This would yield the basis for understanding the risks they face, in this case, the risk of corruption.

RB: That is an interesting observation. I have seen all too often where they are disconnected. In other words, management sets the business strategy, globally or regionally, and says “execute.” Oh, and also, “here is how we are going to compensate you for achieving plan.” Then comes the “and don’t break the law,” with whatever compliance practices, training and documentation might be in place. What I don’t hear is someone raising a “red-flag” and saying “slow down, that growth strategy in a region x with the associated compensation plan is actually putting us in a position where executing strategy and not breaking the law are in potential conflict. “

What about culture and values? We can’t have a conversation about strategy without paying homage to the “tone at the top.” Where does that fit within Alpha?

AK: I think you are exactly right about culture and values coming straight from the top. To understand the culture of any firm, we identify its dominant strategy or Alpha. The connection between culture and strategy is that culture reflects accepted behaviors. Strategy, being the choice of action, is what determines the behaviors that will be acceptable. As for values, I think the term is synonymous with expectations. Imposed expectations are the driver of all strategy implementation. Thinking back on your focus on corruption, you can easily see how imposed expectations (a.k.a. “values”) impact corruption risk. How often in your career did you hear the chilling directive: “Just get it done! Make those numbers. I don’t want to know the details or how you do it!”

RB: Indeed! I can’t help but ask one final question, in all your experience, what is the single most common and consequential mistake that you see companies making when engaging in the strategic planning process?

AK: Without question, from what we see, the most common mistake in strategic planning is failing to understand the current strategy system already in place. This leads to uninformed decision-making on changing strategy. The real problem is that there is no common definition of strategic planning. And the definitions that are typically offered are so academic and vague that they offer no real guidance as to what constitutes a strategic plan. We define strategic planning as a review of the current 8 strategies being implemented. Once that is known (and we have yet to see an organization able to reach easy agreement on current strategy until after a lot of discussion). Only then it is possible to identify specific external forces impacting performance of each of the strategies. It is the conclusions drawn on the likely impact of external forces that drives the need to consider changing strategy. Folks are regularly told by the so-called experts “You need a strategic plan.” The reality is, there is already a strategy system in place and being implemented in every company, whether or not there is a written plan in place.

The question should be “Do you understand your present strategy system?”

RB: I think that is a great way to end, and I wonder how many organizations ever really look inward and to see where that system might be in fact a foundational “red-flag” in terms of corruption risk. So, for those who want more Alpha, how do they find you?

AK: Thank you, Richard for the opportunity to speak to The Alpha Strategies., @strategyscribe

Written by:

Richard Bistrong,  Anti-Bribery Consultant & Speaker

Richard Bistrong, Anti-Bribery Consultant & Speaker on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.