Is your business environment just too complicated to get to grips with? Helen Nixseaman and Richard Porter discuss how you can handle the risks

CEOs recognise that complexity is potentially damaging to their organisations, creating significant risk and preventing them from achieving the agility they need to react in rapidly changing markets. Risk managers also need to address complexity, and ensure that they are able to develop an organisation-wide approach to the different categories and levels of risk to which complexity gives rise.

A fundamental step to managing complexity effectively is to understand the many different forces that affect the organisation, at different times and in different contexts. This means identifying how complexity is affecting the organisation, in particular focusing on how complexity is impeding the achievement of strategic objectives. Although many businesses are engaged in isolated projects to tackle pockets of complexity, few have yet embarked on a high-level analysis of the structural, operational and behavioural aspects of their organisation, in which complexity (and its attendant risks) is likely to manifest itself.

Addressing a more complex, riskier, world

Though business can hardly ever have been described as simple, there is a growing realisation among business leaders today that complexity is a major source of potential risk within their organisations, which could harm their ability to implement strategy and achieve their business goals. In recent years, the need to compete globally has driven acquisition strategies, joint ventures and globalised supply chains, and these, along with offshoring and outsourcing, have given rise to very much more complex organisational and operational patterns than ever before.

The rise of complexity sits squarely on the radar of senior management as a priority issue. In the ninth PricewaterhouseCoopers CEO survey, conducted in 2005, more than 1400 business leaders around the world identified complexity as a particular challenge:

- 77% said that managing complexity was a high priority for their organisation
- 91% of CEOs believe that specific capabilities are required to manage complexity
- only five per cent believe that they have the capabilities to manage complexity effectively.


Large international organisations are by their very nature complex. But much of the complexity that businesses have acquired or developed within their organisations can give rise to a range of risks that present some potentially critical disadvantages that can impede business strategy and diminish their ability to react swiftly to changing market conditions or opportunities. Some of the symptomatic indicators of excessive organisational complexity include:

- slow decision-making and second guessing of decisions
- lack of clarity for responsibilities and reporting lines
- weak accountability
- costs ratios out of line with peers
- a multiplicity of systems
- inadequate (or excessive) controls
- surfeit of data and a corresponding lack of business-critical information
- costing and pricing difficulties.


Increased awareness of the threat that complexity represents is accompanied by an acceptance that in dynamic global markets complexity is an inevitable adjunct to innovation and competition. There is a recognition that complexity is not only something to be reduced through simplifying business structures and processes, but is a condition to be harnessed and managed where it adds value and creates competitive advantage.

The two faces of complexity

Complexity arises from a wide variety of sources (see diagram). It can be imposed upon an organisation from the outside - for instance through the regulatory environment. Or it can be internally generated - for example through acquisitions, or by entering new markets.

Complexity can be classified as both destructive and constructive. In the PricewaterhouseCoopers CEO survey, business leaders recognised that managing the value-creating complexity that arises from commercial activity is a high priority. Constructive complexity may help mitigate risk (such as portfolio management or hedging), or may help to deliver competitive edge. However, constructive complexity will be aligned to the businesses value drivers, will be clearly understood and will be actively managed both on performance and risk angles.

Destructive complexity in its crudest forms may be duplication or redundancy - witness IT spaghetti and the mass of systems that are inherent in modern businesses. Or it may be organisational, with ever more convoluted decision-making processes, which often result in second guessing and slow decision making. Destructive complexity can add operational risk, as it is usually unintended and therefore unmanaged. Those companies who do not monitor key complexity indicators will be unlikely to have monitored subsequent risk interdependencies and will not be able to mitigate the very real risks.

Therefore, one of the critical abilities that companies need to develop is to identify the indicators of the complexity they face and to differentiate between where they should embrace complexity as a constructive force and where complexity is destroying value and creating significant risk exposure.

The overwhelming majority of respondents to the PricewaterhouseCoopers CEO survey say that the level of complexity in their organisations is higher today than it was three years ago. As businesses have grown and expanded, their organisational structure has developed into a complex matrix of companies, divisions and business units. Control becomes hard to establish, and governance lacks clarity, with global and local concerns and interests often clashing. Operating globally and deploying new process delivery approaches, such as outsourcing and offshoring, have further increased organisational complexity. This proliferation of entities is shown by the company structures with which many businesses now operate. To illustrate this, an analysis of the UK's largest listed groups provides a useful insight.

Manifestations of complexity

Between them, the largest 100 groups listed in the UK (FTSE 100) have more than 15,000 corporate entities. Of those, nearly 50% are economically dormant. The reasons for this are largely historical, in essence the result of acquisitions and growth over time that have caused legacy companies to proliferate within group organisations. Though in the course of mergers and acquisitions, assets and economic activity may have been transferred from one company to another, the legal structures of the now inactive entities remain. Aside from the cost of maintaining these companies (estimated at around £4000 per year each), the continued existence of many inactive companies within a group structure raises a number of questions about transparency and governance. After the corporate collapses of the last few years, regulators are taking a much closer interest in corporate structures than previously. Businesses that find it hard to explain the reasons for their complicated corporate structures face considerable risk. In addition, complex corporate structures are costly to maintain and, in the face of ever tightening margins, harder to justify.

Complexity and controls

Further evidence of the layers of organisational complexity bedevilling organisations has been provided by the financial controls documentation and testing that many large businesses have undertaken in order to comply with the requirements of Sarbanes-Oxley Section 404. One of the revelations for businesses has been the discovery of just how complex the controls environment within their businesses has become. It is not unusual for companies to have found many thousands of 'key controls' deployed throughout the business along with a proliferation of duplicated and inefficient systems operating in parallel, including thousands of spreadsheets and manual patches and processes. Typically, businesses have found extensive duplication, weak accountability and indistinct ownership. Many have discovered just how complex their organisations are below the surface and are taking steps towards achieving more streamlined processes and controls that will enhance accountability and clarify roles and responsibilities.

The risks arising from controls complexity are significant. The greatest risk of a poor control environment is that a business's governance structure may be severely inhibited, with management relaying on poor or incorrect data with which to steer the business.

The risks of complexity

Complexity builds over time. As businesses focus on their strategic imperatives, it is easy for systems and processes to proliferate across the organisation. Complexity creates the risk that organisations will become unwieldy, lower their capacity to make effective decisions, and ultimately damage their ability to compete. It is a condition that one of the most successful CEOs of all time, Jack Welch of GE, recognised when he outlined his own crusade against the tendency for bureaucracy to overwhelm large organisations "We are trying to get the soul and energy of a start-up into the body of a $60 billion, 114 year old company" he said in a BusinessWeek interview. Complexity in the wrong place can destroy value and create risks by stifling the precise qualities of efficiency, innovation and agility that businesses aim to achieve.

Many businesses are addressing complexity within their organisations by focusing on specific functional areas. According to the PricewaterhouseCoopers CEO survey, the most common areas are: IT systems, organisational structure, financial reporting and controls, administrative systems and customer sales and service. By reducing destructive complexity in these areas, businesses can begin to manage risks more effectively and to achieve significant efficiency gains and cost advantages.

Simplification is not everything

The challenge of complexity requires more than stand-alone initiatives in specific functional areas. The reduction of risk associated with complexity is critical, but this needs to be accompanied by an understanding of where constructive complexity can be harnessed and managed to generate value.

While many companies are engaged in specific activities to reduce complexity in certain areas of the organisation, few are attempting to take a broader view and understand complexity across their whole organisation. Rather than focusing solely on the exclusion of complexity, a more balanced approach seeks to identify where it should be managed and where it can be eliminated.

- Helen Nixseaman and Richard Porter are partners in risk assurance services at PricewaterhouseCoopers, E-mail: helen.nixseaman@uk.pwc.com

Assessing Complexity

Answering the following questions can help guide the assessment of complexity:

- What factors, for example clients, markets, culture, are driving complexity in your business?
- How does your current business model compare with the ideal for your market place?
- What is the gap between how you want to run your business and how it is being run today?
- What are the key indicators you use to understand complexity? How simple is it to gather these?
- How do you assess the interdependencies of risks created by complexity?


The answers can help businesses to understand how complexity is impacting their strategic abilities and where their major risks lie. The next step is to take that analysis and develop programmes that help the organisation to position itself to face and manage the risks and opportunities that operate in an increasingly complex business world.