The Tower and the Square: Understanding hierarchies and networks for improved organisational governance.

In his 2018 book, historian Niall Ferguson[i] details the medieval development of Siena’s three main institutions: The Piazza del Campo, a marketplace bustling with commercial activity and information exchange; the Palazzo Pubblico, or town hall, from where the Italian republic was governed; and the Torre del Mangia, overlooking the piazza projecting the state’s secular power. From the Torre, the Podesta and the Council of Nine oversaw the trading in the piazza below. From the Pubblico, it regulated commercial disputes and dispensed justice (in secular matters). This analogy introduces the topic of hierarchies and networks, and how understanding both at an international, national and organisational level is vital to effective governance and resilience in an increasingly disrupted world.

Hierarchies????????

Historically, organisations have been structured according to power hierarchies which were considered, sometimes without question, as being the most efficient and effective way for achieving their objectives. Even when recognition of culture, employee behaviour, character attributes, and the dynamics of power distribution are factored into organisational structure, hierarchies persist. However, the notion of a fixed organisation structure has changed despite evidence of poor operational performance in a fast-evolving, technology-driven environment. ?The wrong organisational structure can hinder the flow of information up and down the hierarchy, resulting in sub-optimal performance. The focus on vertical structure has implications for developing a system of effective governance because internal horizontal information flows are not reflected in a typical organisation chart, as shown in Figure 1.

Internal Networks

It is well known to anyone working in a modern organisation that information flows horizontally and vertically. Employees, being social creatures, form groups within the hierarchy and across functional teams that constantly share information ranging from the trivial (gossip) to the vital (fraud). These informal pockets of information shed valuable light on how an organisation is governed. Oftentimes, an employee may observe that the actions of a superior are contrary to the organisation’s code of conduct, but because of uneven power distribution, they fail to escalate for fear of reprisal (even with whistleblower protections). Instead, they may discuss the actions with colleagues ‘around the water cooler’ as it were, and this information will flow horizontally across the organisation to be talked about widely but seldom actioned unless prompted by an external ‘shock’. Governance professionals rely on information sent up the hierarchy to make value judgements about how well an organisation is controlled and, a lot of the time, this information has been sanitised because of the belief that those who manage the organisation hate ‘bad news’. When the bad news becomes catastrophic, with reputation on the line, management’s first port of call is to the governance professional, asking why the bad news wasn’t known in the first place. Subsequent investigations reveal that the information was known but never escalated. It is only now that management understands the real organisation structure, as seen in Figure 2.

The scenario presented in the preceding paragraph mirrors the situation documented by Ken Matthews’ AO[i] in his recent investigation into NSW water management and compliance. On the 24th of July 2017, ABC’s Four Corners reported allegations of water mismanagement in the Barwon-Darling region of NSW. The program focused on extracting large volumes of water for irrigation and the impacts on downstream water users. It suggested that water purchased with taxpayer funds for environmental purposes was being diverted for private irrigation and alleged that certain irrigators had pumped water from the river system when not permitted or in quantities more than their entitlements. It reported an irrigation channel allegedly constructed on Crown land without approval. It also alleged that meter tampering was common in the region and that compliance and enforcement efforts were ineffective.

The program interviewed a former departmental staff member who alleged that a proposed region-wide compliance and enforcement campaign had not received the necessary support from senior officials. Known individual compliance cases have remained unaddressed to the present day. Many of the issues identified by the program, particularly management's reluctance to pursue cases of alleged non-compliance, were more than two years old. These cases would have been ‘discussed around the water cooler’ even after the compliance staff had left the department.

Following the program, the NSW Minister for Water announced an investigation into the allegations aired by the ABC. Among the lengthy list of failures, it was found that the issues (‘bad news’) that were not raised up through the hierarchy were due to defects in organisational design, which hindered vertical information flow, and a reluctance of managers in the know to raise them until they were revealed by the ABC (the ‘shock’). Of the many accepted recommendations to improve NSW water management were several concerning departmental governance[ii]. These include a review of the Code of Conduct and matters relating to culture, ethics and workplace behaviour. There is a focus on improving staff selection for senior positions, employee induction and ethical behaviour training. In addition, there are recommendations to improve staff feedback processes, including an independent “Speak Up” whistleblower program as “[t]he healthiest organisations readily give and take advice up and down the line [my emphasis]”[iii]. These recommendations, though logical and no doubt required, appear to only focus on the hierarchical structure of the organisation.

Recognising the existence of horizontal networks, however, opens additional possibilities to improve organisational governance. For the governance professional, this information can be captured by formalising these networks through working groups and communities of practice. These would be staffed by employees from a cross-section of the organisation where the power distribution is minimal. In my experience in chairing such groups, information vital to the organisation’s governance has been much more forthcoming than it would have been otherwise (e.g. employees failing to declare conflicts of interest). Such information can then be shared within the hierarchy to support existing vertical controls or through an independent body such as the organisation’s Audit & Risk Committee. The power distribution between this body and management is low because its relationship is horizontal rather than vertical. Being independent, the Committee has no need to conceal ‘bad news’ and so acts, or should act, as an advocate for improved governance outcomes.

External Networks

An organisation doesn’t exist in isolation, rather it is but a link in a chain and as these chains expand, they form networks whereby the actions of individual links influence the overall network either directly or indirectly to varying degrees. Organisations have stakeholders: shareholders or constituents, suppliers, customers, regulators, competitors, and emergency services, all of which form part of a network, some of which are international in scope, where every action has a certain reaction elsewhere. While an in-depth explanation of network theory is beyond the scope of this article, understanding one’s place within the network is vital to good governance and organisational resilience.

When organisations tackle the thorny issue of business resilience (i.e. the ability of an organisation to recover its business-as-usual activities following a severe disruption), many tend to craft their strategies to deal with emergencies and crises as if they are isolated entities with no other stakeholder group being affected. This approach fails to appreciate their position within their network and their linkages to other entities and neglects to factor in exogenous disruption activity that directly or indirectly impacts the organisation’s resilience. How many organisations have tested their working-from-home capabilities to ensure a productive work rate of 80 per cent or higher in the event of a major disruption to public transport? How many organisations have mitigation strategies to enable customers to access goods and services following a natural disaster that diverts staff from one point-of-sale location to another?

The top ten organisational disruption events identified in 2023 by Allianz are given in the table above. Effective mitigation strategies need to account for network linkages between organisations and between disruption events. For example, on the 12th of May 2017, a global cyber-attack occurred in which a virus encrypted data on infected computers and demanded a ransom to allow users to regain control[i]. Among those organisations affected were parts of Britain’s National Health Service (NHS) and international shipper FedEx Corp[ii]. Both organisations are in the same network: the latter forms part of the former’s supply chain. An investigation into how the cyber-attack affected the NHS found that “at least 81 out of 236 trusts across England were affected. A further 603 primary care and other NHS organisations were infected by [the virus], including 595 GP practices”[iii]. Disruptions included 6,912 cancelled NHS appointments, however it was not known how many local GP appointments were cancelled, or how many ambulances and patients were diverted from the accident and emergency departments that were unable to treat them[iv] (network linkages). The costs of managing the disruption included rebooking appointments, additional IT support provided by NHS local bodies or IT consultants, and the cost of restoring data and systems affected by the attack[v]. The cost to network dependents is not yet known. Clearly, this cyber-attack resulted in serious disruptions to the NHS’s supply chain and affected multiple stakeholders within its network. The cost of disruption to FedEx Corp caused by the cyber-attack has been estimated at US$300 million[vi]. It would be interesting to see the extent to which the NHS and FedEx consider their network linkages in their respective business resilience plans. ?

Conclusion

This article highlights the importance of internal and external networks for hierarchal organisations. Informal, internal networks possess information about organisational governance that may not always filter up through the vertical levels of management where meaningful action can be taken. Information can be blocked by an inappropriate organisational structure or deliberately blocked by an individual. There is a tension between natural networks and hierarchies that, as Niall Ferguson observes, “is as old as humanity itself”[vii].

????????? The success or failure of any organisation is becoming increasingly influenced by the actions of other organisations within the global economy. No organisation operates in isolation, but the interconnectivity of organisations in every field of human endeavour, across borders and time zones, is increasing, and recognition of being part of a wider network is the key to becoming resilient.

Governance professionals ought to invest in formalised horizontal networks to capture the rich sources of information that exist in every organisation. The Greek Philosopher Epictetus said, “We have two ears and one mouth so that we can listen twice as much as we speak”[viii]. Horizontal information supplements and validates vertical information, which improves decision-making and reduces risk, and, as such, information vital to successful governance should be sourced from every organisation’s Four Corners.

[i]National Audit Office. 2017. Investigation: WannaCry cyber attack and the NHS. https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/ (accessed 9 March 2018).

[ii] Graham, C. 2017. NHS Cyber-attack: Everything you need to know. https://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/ (accessed 9 March 2018).

[iii] National Audit Office. 2017. Investigation: WannaCry cyber attack and the NHS https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/ (accessed 9 March 2018).

[iv] Ibid.

[v] Ibid.

[vi] Schlangenstein, M. 2017. FedEx Cuts Profit Forecast on $300 Million Hit From Cyberattack. https://www.bloomberg.com/news/articles/2017-09-19/fedex-cuts-profit-outlook-on-300-million-blow-from-cyberattack (accessed 9 March 2018).

[vii] Ferguson, N. 2017. The Square and the Tower: Networks, Hierarchies and the Struggle for Global Power. Allen Lane: Milton Keynes. 425.

[viii] GoodReads. 2018. Epectetus. https://www.goodreads.com/quotes/738640-we-have-two-ears-and-one-mouth-so-that-we (Accessed 15 March 2018).

[i] Mathews, K. 2017. Independent investigation into NSW water management and compliance. https://www.industry.nsw.gov.au/__data/assets/pdf_file/0019/131905/Matthews-final-report-NSW-water-management-and-compliance.pdf (accessed 9 March 2018).

[ii] Ibid. 8.

[iii] Ibid, 14.

[i] Ferguson, N. 2017. The Square and the Tower: Networks, Hierarchies and the Struggle for Global Power. Allen Lane: Milton Keynes. 425.