FIFA: A Lesson in Corporate Governance

Show Me: Jump to:

FIFA: A Lesson in Corporate Governance


At the conclusion of the 2014 FIFA World Cup matches in Brazil I wrote an article about the complexity of the system used to qualify teams for play in the World Cup. Little did I know that the arcane system used to determine how teams accumulate points that establish who plays in the tournament was the tip of the iceberg of corruption in international soccer!
The article is listed below as a reprint; however, there are a few points in this article that point out that FIFA had a systemic problem with corruption. First, the system for selecting teams required an advanced degree in algebraic equations. Complexity is frequently a sign that something is amiss either with poor management controls or a symptom of a façade of credibility. Ironically, the teams advance to the final championship games through this grueling mathematical gymnastics with grace and dignity even though the choice of the final competitors who play for the World Cup may be drawn by lots thrown into a hat!
On June 2, 2015 Sepp Blatt, the 17 year president of FIFA stepped down within days of winning a new term to lead the scandal ridden organization. FIFA has now joined the ranks of Tyco, Enron and many other institutions whose reputation and credibility has been ruined because of fraud and corruption.
The frequency and longevity of fraudulent behavior in large institutions may not be more prevalent but it sure feels like senior executives are looking out for the own self-interest and fiduciary responsibility is old fashion or at least delegated to the corner office of staffers who have little to not control to prevent or manage enterprise risk.
The lesson that I drew in the previous article is that complexity does not make a risk management program more effective. In fact, complexity hides prevents the real problems for bubbling to the surface because organizations are too buried in administrative minutia to have real conversations about the behaviors that lead to fraud and corruption.
Activity does not equal better outcomes! Has the risk management community and regulators who oversee large institutions become blind to real risk because of a focus on an impressive array of FIFA like systems that hide the real problem? We pride ourselves on the three lines of defense and enterprise risk frameworks but miss the real problem. Humans behaving badly!


What the FIFA World Cup teaches us about Risk Management
July 7, 2014
By James Bone
Even if you are not a Futbol fan, or soccer fan as we know it in the U.S., you no doubt paid attention to the progress of the US team’s successes in the World Cup in Brazil. The excitement of play and the exacting analysis of TV commentators is interesting to watch but hard to follow in part because of the complex scoring system used in the FIFA World Cup standings.
In an attempt to better understand how the World Cup scoring system worked I went right to the source,
Here is what I found: First of all, let me say that the scoring system and World Rankings of teams who compete in the FIFA World Cup is stunningly complex. Here is the formula used to calculate points for the FIFA World Ranking:
P = M x I x T x C x 100.
M. Points for a victory (3 pts. – Win; 1 pt. – Draw; 0 pts. – loss)
I. Importance of a match (Friendly – 1.0 pt.; World Cup qualifier – 2.5 pts.; Continental final or FIFA Confederation Cup competition – 3.0 pts.; and, World Cup final – 4.0 pts.)
T. Strength of opposition [200 – ranking position of opposition / 100]
Only the top 149 teams are assigned a value of 2.00; all other teams receive a minimum weighting 0.50
C. The strength of a confederation [There are six separate confederations which are each given a weight from 1.00 – 0.85 after each FIFA World Cup event]

Based on the complexity of the scoring system one would assume that the brackets in the World Cup would be determined by which teams ranked highest. One would be wrong! The ranking system appears to simply determine the 32 qualifying teams who will compete in the World Cup.
A Final Draw is conducted of the 32 teams to decide which team is placed into one of 4 groups which must then be rebalanced after the draw to sort out the correct number of teams placed in each group of play. Once the competition begins an even more confusing system is used to determine who advances in the World Cup.
Here is how it works: The two teams with the most points in each group make it to the Round of 16. If teams are level on points, the first tiebreaker is goal differential. The next tiebreaker is goals scored. If that number is the same, then the result of the head-to-head match is determinative. If the head-to-head game ended in a draw, then finally, lots are drawn.
Got it so far?
How could an archaic and complex system like this have anything to do with risk management? Well, if your risk assessment program resembles this scoring system you know you have a real problem.
It is no wonder that at least one of the groupings earned the moniker, “The Group of Death”. This is when one group is selected with an unusually heavy weight of top competitors. The US team found itself in the Group of Death and almost escaped defying the odds.
So what are the lessons for risk managers? First of all, complex or elaborate risk scoring systems do not result in better outcomes. If you can’t easily explain how you assess risks to senior management you may have created a “FIFA”. Complexity does not ensure accuracy and in many cases may hide the weaknesses inherent in your risk assessment program.
Next, complex risk systems may unintentionally predetermine outcomes because of a bias the designers used in determining what should rise to the top. I am not suggesting that FIFA has rigged the outcome of World Cup events; others will judge the fairness of the system for themselves.
What I am saying is that over-engineering a process tends to incorporate a bias or the inherent biases of designers into the ultimate outcome(s) whether they are aware of it or not. When designing a process to assess how results develop over time the program design should err toward capturing randomness as opposed to assumed outcomes based on past experience or fairness.
Don’t create your own version of a “Group of Death” simply because you know these risks exist. FIFA-proof your risk program to gain credibility with senior management and ensure that you haven’t predetermined the risk outcomes in your program.
Futbol may never be as popular as American football or baseball in the US but you have to admit that some of the matches were exciting to watch, especially the drama of the US team or your other favorites in the World Cup! Gooooooooaaaaaaaallllllllll!

James Bone is executive director of TheGRCBlueBook, the largest online directory of GRC tools for risk, audit, compliance and IT professionals, and a risk consultant for an international financial services firm.

<a href=””>Feed Shark</a>


Related Articles

Related Premium Articles