Risk, Sovereignty, and Anxiety … 1 RISK MANAGEMENT AFTER THE FINANCIAL CRISIS Abstract Despite its ambivalent role during the global financial crisis of 2008, risk management has continued its expansion. Previous contributions, reflecting the general role of risk management, have emphasised how its potency rests on the reproduction of certain values of transparency and accountability as well as images of manageability (Power, 2007). This paper reflects the current literature and focuses on the power effects of risk management at an organizational level. We base our argument on two conceptual pillars: the notion of a “permanent state of exception” as conceptualized by Italian social theorist Giorgio Agamben (1998, 2005), and the relatively novel concept of “elite panic” (Clarke and Chess, 2008). We argue that a dispositif of risk management shapes organizational (im)balances of power which reproduce larger societal values and determine organizational responses to the rise of risk management. We conclude that a logic of potential danger of fear lies at the heart of risk management. This logic can be used as a discursive resource and adds to, but also gradually replaces other forms of management control. Keywords: Risk Management, Management Control, Financial Crisis, Agamben, State of Exception, Elite Panic Risk, Sovereignty, and Anxiety … 2 1. Introduction “[Henry] Paulson [US secretary of the treasury 2006-2009], who had been living on barely three hours of sleep a night for a week, was beginning to feel nauseated. Watching the financial industry crumble in front of his eyes—the world he had inhabited his entire career—was getting to him. For a moment, he felt light-headed. From outside his office, his staff could hear him vomit.” (Sorkin, 2010, p. 298) The Gesellschaft für deutsche Sprache (Association for the German Language) voted the term “alternativlos” (roughly translated: alternativeless1) to be the non-word (Unwort) of the year 2010. In its press release the association explained that the word “counterfactually suggests that in a decision making process a priori no other alternatives are available.” The word was nominated for its frequent use by German Chancellor Angela Merkel and other German politicians when referring to numerous topics such as the war in Afghanistan, the reduction of state spending on social services, but particularly decisions taken during the financial crisis, e.g. the bail-out of banks. What do Henry Paulson’s stomach problems and Angel Merkel’s rhetoric have in common to make them the prologue to our paper? Not only have both repeated occurrences to do with the global financial crisis of 2008 but also they give anecdotal evidence for the helplessness of elites in the face of extreme events more generally. This paper reflects such events, risks, crises, responses, and the use of power, but particularly the role(s) of risk management in such situations2. No other term has received such a significant echo in the media during the global financial crisis of 2008 than that of risk management (Lewis, 2008; Millo and MacKenzie, 2009). In the 20 years or so prior to this event, the importance and approaches to risk and its management had already steadily increased (Bhimani, 2009; Gephart Jr et al., 2009; Scheytt et al., 2006). Standardized approaches, such as the COSO framework (COSO, 2004), ISO 31000 (International Organization for Standardization, 2009) or Basel II/III (Basel Committee on Banking Supervision, 2006), have globally disseminated and have further strengthened the trend. Instrumental, as well as social discussions of risk and risk management practice, have inundated not only academic journals but also practitioner 1 All translations by the authors. Note that “alternativlos” is a neologism as the grammatically correct term would be “alternativenlos”. 2 For another example of confusion and panic by so-called experts cf. Roberts and Jones (2009), who discuss the reactions of Alan Greenspan in the face of the financial crisis. Alan Greenspan, at that time of President of the US Federal Reserve Bank expressed in an official hearing to members of the US senate for example that that the economic models he believed in for 50 or so years have been disproved by the financial crisis, and that he, even after heavily twisting his mind for weeks and months, does not have a clue about how to explain the behavior of actors on financial markets. Risk, Sovereignty, and Anxiety … 3 magazines, indicating that risk management has now become a ubiquitous practice (Hood et al., 2004; Power, 2004b). Empirical work has also highlighted the proliferation of risk management into different domains such as higher education (M. Huber, 2008; Power et al., 2009) , prisons (Hood et al., 2004), hospitals (Woods, 2009), the banking industry (Gulamhussen and Guerreiro, 2009; Soin and Scheytt, 2008), law enforcement (Poletti Hughes, 2009), and auditing (Robson et al., 2007), among others. In contrast to the continuing rise of risk management, the financial – later economic – crisis has manifested that the “risk management of everything” (Power, 2004b) is not a mechanism to secure individuals and/or organizations from the threats that come with a late modern society. Rather, during the global financial crisis of 2008 it has turned out that the last consequence of modern risk management is a “risk management of nothing” (Power, 2009), a failure of mechanisms actually aimed at preventing from the worst consequences of risks, as enthusiasts would claim; or a complete implosion of the organizational risk appetite, as critics would state (cf. earlier critique from McGoun, 1995). In the aftermath of the financial crisis, risk management practices have been the target of sharp criticisms (Lewis, 2008; Millo and MacKenzie, 2009; Sorkin, 2010). Not only in the media, but also in academic discussions it is regularly argued that the models of economic risk management, developed since the 1980ies, have not only not protected the economic world against risks but have been one of the sources of the fundamental problems that economies around the globe are facing today (cf. Kappler et al., 2010). The question this paper addresses is how we can understand a startling observation: Despite its deconstruction in practice, risk management is far from being a dead idea. Why, in the face of its obvious deficits and failures, is risk management still high on the agenda of managers in corporations and other organizations? Why is the only apparent answer to the failure of risk management merely ‘more of the same’?3 Whereas the impetus for our reflections originates in the observation of the role of risk management during financial crisis, the nature of this paper is mainly conceptual. Our 3 An instance for this perpetuated logic in doubt is the recently presented of the Basel III regulation which de facto just strengthens Basel II’s approach to risk management. Risk, Sovereignty, and Anxiety … 4 inquiry will start with a critical discussion of risk management concepts, specifically the works of Michael Power and colleagues (Power, 2004b, 2007, 2009; Power et al., 2009). Advancing prior insights, we will discuss notions of power, which we argue as necessary to explain the persistence of risk management after the global financial crisis. To do so, we underpin the power-related effects of risk management by referring to the theories of social scientist Giorgio Agamben (1998, 2005), whose interpretation of sovereignty and the underlying “state of exception” can be understood as an analogy to the totality of (new) risk management regimes. We, then, refer to the discussion on the notion of “elite panic” (Clarke and Chess, 2008) in order to explain the role of confusion and anxiety as the foundation of a new ‘reign of risk’. Taking inspiration from Agamben’s conceptualizations we interpret risk management, a project which focuses on rendering dangers and threats amenable to managerial intervention, as a “permanent state of exception” (Agamben, 2005). We will argue that an ensuing dispositif of risk management shapes organizational (im)balances of power, reproducing larger societal values and determining organizational responses to the rise of risk management. We conclude that a logic of potential danger and fear lies at the heart of risk management, which is employed – albeit not always voluntarily – as a discursive resource: some managerial decisions are “alternativeless” in the face of risk. Through this facet, risk management has as managerial practice the power to augment or challenge more traditional forms of normalizing management control. Following Agamben, our discussion thus re-introduces an element of sovereign power into theories of management control which have become accustomed to focusing on disciplinary power. The remaining parts of the paper are structured as follows: In the next section we will provide a review of the existing literature scrutinizing risk management as an important aspect of managerial governance. The third section will then introduce the reflections of Giorgio Agamben on the permanent state of exception and discuss its parallels with logics of risk and risk management. The successive section will discuss the recent debate revolving around the term elite panic citing the global financial crisis of 2008 as an example for the occurrence of elite panic. In the fifth section, we Risk, Sovereignty, and Anxiety … 5 discuss the implications of the concepts that our argument is based on, and end with brief conclusions. 2. The rise of risk management Risk Management has been widely discussed in positive, but also critical research as a backbone of good governance in both the public and private sectors (Hood et al., 2004; Hood et al., 2001; Miller et al., 2008); as a cornerstone of modern management control (Bhimani, 2009; Gephart Jr et al., 2009; Scheytt et al., 2006); and as both a source and possible solution to recent financial turbulence (Millo and MacKenzie, 2009; Power, 2009). Risk management is regularly heralded as being more important than ever before (Lam, 2006; Woods, 2009). And indeed, the expansion of risk management over the last 20 years has been impressive. Emerging from a fairly limited use in banks and other financial institutions, risk management today has permeated many parts of different types of organizations. This is especially so when called Enterprise-wide Risk Management (ERM), financial regulation (the Basel treaties, Sarbanes Oxley), international standards with quasi-juristic validity for internal control (the COSO framework or Turnbull report), or public governance (usually called ‘riskbased regulation’ (Black, 2005, 2008), e.g. in British universities’ or European food regulation). Following Power (2007, 2009; Power et al., 2009) and others, this rise of risk management is firmly rooted in the pervasive logic of reputation and precautionary risk, which appeals to contemporary images of manageability. Paradoxically, the various idiosyncratic uncertainties surrounding risks have led to highly standardized responses. This is argued to be threatening insofar as alternative versions of reality that do not fit the standardized patterns of observation are ignored. Thus, weak signals might be ignored and critical risks cannot be managed anymore – especially since standard risk management procedures are mostly insufficient to identify, not to say manage, low likelihood/high impact risks. But this is not the only weakness of current risk management concepts. In the following, we will argue that positivist, but also (parts of) the critical literature could potentially benefit from relating their concepts to an organization-level concept of power. Risk, Sovereignty, and Anxiety … 6 Ever since Knight (2002/1921) introduced the famous distinction between risk and uncertainty, risk management has been high on the agenda of finance practitioners and scholars (McGoun, 1995). Up until the mid-1990ies normative risk management theory mostly remained confined to terminological elaborations and technical considerations based on theories of finance, occasionally drawing on behavioural insights such as those of March and Shapira (1987). Fuelled by highly publicized scandals and subsequent economic turbulence, the focus broadened to include more general questions on internal control. New risk categories were emphasized, most prominently operational and reputational risks. When applied to domains outside finance departments, both in companies and in public organizations, traditional statistical-driven techniques gave way to much broader and often more fuzzy methodologies. The risk map cemented its place in executive reports, and the COSO framework and its siblings gave abstract guidelines for structuring risk-based internal control. On a more fundamental level, scholars from various disciplines have discussed the proliferation of risk as a category of thought. Sociologist Ulrich Beck (1992) diagnosed society at large with a growing focus on risks. Political scientists such as Christopher Hood and colleagues have discussed the influx of risk regimes on the public sector in depth (Hood, 2002; Hood et al., 2004; Hood et al., 2001). With respect to risk management as such, and the critical reflection of its practices, the work by Michael Power and colleagues forms a central pillar of discussion. In his studies, Power (2004b, 2005, 2007, 2009; Power et al., 2009) traces the historical and ideological background for the proliferation of ideas of risk management and their connection to world-level ideals of transparency and accountability. His contributions provide both, analyses of the industry behind the dissemination of the trend, and the organizational responses the preoccupation of risk has prompted. We will now briefly address these two important points. First, Power shows how the mechanisms of ‘inventing’ and disseminating a risk category work. His most frequent example is operational risk (Power, 2005, 2007) for both historical and conceptual reasons. Historically, a large number of actors, organizations and meta-organizations have participated in the genesis of this risk category. From the powerful Basel Committee passing Basel II, Risk, Sovereignty, and Anxiety … 7 introducing the new entity operational risk to its framework, and thereby forcing the banking industry to adopt the category, over consulting companies to various professions, operational risk was and still is used to gain or defend influence and control. Conceptually, operational risk defies straight forward definitions and thereby opens spaces for different groups of actors to fill this void with interpretations amenable to their interests. It is easy to see that on both of these levels, historical and conceptual, these mechanisms may apply to risk and risk management in general. An industry composed of regulators, consultants, academics and managers more or less intentionally collaborate to institutionalize risk management as good practice. The ambiguity surrounding the term risk facilitates multiple local interpretations (Bhimani, 2009, p. 3; Collier and Berry, 2002, p. 274) and thus provides various actors with an empty canvas upon which they can pursue their interests. Second, Power casts a critical eye over the organizational responses that the expansion of risk management has evoked and links them to wider societal changes. These mechanisms become clearest when the notion of reputational risk is scrutinized (Power, 2007; Power et al., 2009). As reputation is an effect for which the causes can be multiple and often obscure, it serves as a powerful discursive resource. Power argues that focusing on reputation actually implies focusing on blame (cf. Hood, 2002). In principle, any individual or organizational activity (or non-activity, respectively) can potentially impair an organization’s reputation. This logic enables as well as forces management to permeate operations it was traditionally alien to. For instance, university management has further expanded into academic concerns through reactivity to rankings (Espeland and Sauder, 2007; C. Huber, 2009; M. Huber, 2008; Power et al., 2009; Sauder and Espeland, 2009). Similarly, Corporate Social Responsibility has become detached from purely ecological concerns and become a tool of stakeholder management (Banerjee, 2008; Power, 2007, p. 130-139). The managerial scope hence expands in a certain direction, drawing on collective ideals of transparency, auditability, manageability and a fundamental trust in numbers (Porter, 1995). In Power’s terms, the rationale does not essentially rest on whether (risk) management can fulfil its functionalistic promise of securing such goals – for which evidence is weak (Pfeffer, 1997; Power, 1997, 2004a). Rather, the focus is on con- Risk, Sovereignty, and Anxiety … 8 forming to expectations and avoiding potential blame by drawing on standardized, legalistic versions of risk management. The organizational myopia and defensiveness of such an attitude perversely entrap organizations to ignore weak signals which point towards risks, especially if the latter do not fit the narrow logic of auditability. In extremum, this leads, in Power’s words, to the “risk management of nothing” (2009) as, in the standardized world of risk management, crucial risks are not managed at all – as the global financial crisis of 2008 has shown. Employing a slightly different vocabulary than Power, international studies scholars Aradau and van Munster (2007; 2008) have drawn on similar mechanisms when discussing the dispositif of precautionary risk. As political scientists they employ different examples to Power, most notably the US-led war on terror. Still, the basic rationale is the same: in the name of a potential risk (in this case terror), a certain form of governmentality (here new-right politics instead of neo-liberal management4) is expanding into areas it has not inhabited before. The pervasive logic of risk is, again, inescapable and tempting a specific set of responses, while at the same time eliminating all others. The familiarity of this argumentation to Power’s explanations shows how connections drawn to wider societal values are a striking representation of our time. Empirical studies suggest a slightly different view to the aporetic interpretation of risk management as inescapable, but faulty technical-moral project in late modern society. However, only few empirical studies have so far scrutinized the effects of risk management at an organizational level. Among them, the works of Mikes (2009, 2011), Arena et al. (2010), Wahlström (2009), Woods (2009) and Collier and Berry (2002) are of specific interest in this context. Contrasting Power’s seemingly pessimistic assessment of risk management, the evidence they present is far from univocally negative. For instance, Mikes (2009) develops two alternative “calculative cultures” based on two case studies in the banking sector. She distinguishes “ERM by numbers” and “holistic ERM” as distinctive attitudes towards the implementation of ERM. Whereas the former, ERM by numbers, results in a rather instrumental approach to risk management, the latter, holistic ERM, is based on a calculative 4 That new right rationales wed well with neo-liberal ones has been discussed before (O'Malley, 1999). Risk, Sovereignty, and Anxiety … 9 scepticism and yields encouraging results portraying “a pragmatic, non-dogmatic, experimental approach to risk measures“ (p. 36). Collier and Berry (2002), similarly to Arena et al. (2010), argue that specific contexts and “unique circumstances, histories and technologies of the organizations” (Collier and Berry, 2002, p. 295) cause significant differences with respect to the effects of organizational risk management. Given the pervasiveness of the mechanisms discussed by Power, these stark local variations are surprising. How can this discrepancy between individual cases and societal developments be explained? A possible reason for this gap between theory and empirical evidence might be found in Power’s methodology. As Ericson and Leslie (2008) remark, Power’s argument mainly remains on a governance level. This methodological approach has been criticized before (Maltby, 2008). We differ from these critiques as we acknowledge Power’s methodology as being suitable for the questions that are addressed: changes in corporate and social life at large in contemporary western (mainly British) countries. However, when applied to questions related to realities inside organizations his work remains somewhat schematic. Conceptually, his notion of power rests on broad, mostly sociological, theories, loosely related to governmentality studies (Miller and Rose, 2008, 2010). What is needed, we argue, in order explain the institutional drift towards risk management as central management control practice are theories of power which focus more explicitly on the level of organizations. While the nucleus of such an idea underlies Power’s reflections, more distinct considerations about the role of power can enhance the understanding of the gap between risk management theory and empirical evidence. Theories of power have been a central concern, for example in organization studies, for a long time (Alvesson and Deetz, 2006; Clegg, 1975, 1979; Clegg et al., 2006; Knights and Roberts, 1982; Lukes, 1974/2005; Munro, 2000). We can not and do not want to add yet another review of organizational concepts of power in this paper, as this would result in a rather lengthy excursus, given that the discipline of organization studies derived its initial critical impetus from two of the most prominent theorists of power, Max Weber and Michel Foucault. Instead, we will draw on one con- Risk, Sovereignty, and Anxiety … 10 cept of power which is specifically useful for reflecting power effects in relation to risk and risk management. Through this, we will also discuss by which idiosyncrasies the logic of risk management is shaped in contrast to other, more traditional, forms of management control. For this, we present a theory of power which we argue is specifically suitable to understand these characteristics: Giorgio Agamben’s work on the state of exception. 3. The state of exception This section will first elaborate on what we see as the decisive peculiarity of risk management in comparison to other management control practices: namely, its’ focus on exceptions rather than norms. We will then go on to discuss Giorgio Agamben’s theory on the permanent state of exception which we argue reflects the mechanisms underlying contemporary risk management concepts. Risk management stands out among other contemporary management control concepts for two reasons. The first is its current expansion, both as a set of methods and as a timely idea, into new domains. The second reason lies concealed in the potentiality of the idea of risk itself, namely that risks are something which is coming ‘from the outside’. That is to say, risks are in organizational life mostly perceived as coming from outside the normal processes of organizing, or even from the outside of the organization. Also, a risk can, per se, not be real – the moment it becomes real it is transformed from risk into damage. Thus, risk is fundamentally about the potentiality of the outside, be it the fear of blame, the dreading of machine failure or the anticipated possibility of declining stock prices. In short: risk is, at its heart, an exception and not the norm. Opposing this is the view, that, most traditional forms of management control focus on producing and regulating normality (and not exceptionality), for example in individual behaviour or in operations. Miller and O’Leary (1987), draw on the example of standard costing, have most prominently shown how the construction of normalized subjects is central to management accounting and control – a theme well known to accounting scholars by now (Cameron, 2010; Jeacle, 2003; Ogden, 1997). Employing foucauldian insights, Miller and O’Leary explain how archetypical the normalizing Risk, Sovereignty, and Anxiety … 11 logic is for most mainstream control techniques in the last century, and also show how disciplinary power is at the heart of this form of rule. We argue that it is the exceptionality of risk that forms the basis of its potentiality and, at the same time, differentiates risk management from all other management control techniques. Risk management focuses on exceptions rather than the norm. It thereby re-introduces an element of non-standardized reasoning, discretion, or, as we will name it in the following, sovereign power into the debate. Sovereign power does not imply the rule at free will by the sovereign. Yet still, risk management opens up a loophole for the fears, panics and anticipations of some actors inside and outside of organizations. It gives them some power to augment normalizing control practices. Of course, disciplinary regimes of power (or more advanced forms of power, as Brivot and Gendron (2011) discuss) remain important. And, traditional risk management even strengthens them to some extent through the standardized concepts it renders uncertainty amenable to managerial intervention with. However, a touch of sovereign power comes into the mix as the identification of risks is, owing to the infinite number of risks imaginable, in need of a selection process which is beyond meaningful standardization. Crucially, while risk management techniques are standardized, in principle, a loophole for the rule via exception is created inside these mechanisms. In the following, we further develop our understanding of the relationship between risk (management) and power by relating to Giorgio Agamben’s notion of sovereign power and the state of exception. Italian philosopher Giorgio Agamben rose to international prominence in 1998 when the English translation of Homo Sacer (1998), the first volume of his still on-going magnum opus, was published. The follow-up volume, State of Exception (2005), strengthened his recognition by social scientists around the globe (Calarco and DeCaroli, 2007; Dean, 2010b; Lemke, 2011; Prozorov, 2007; Ten Bos, 2005). Agamben builds on Foucault’s work on governmentality and biopolitics (Foucault, 1998, 2008, 2009). For this purpose Agamben offers detailed genealogies drawing on various sources such as ancient Roman law (1998), political sciences (2005), Christian theology (2011a), linguistics (2011b) Risk, Sovereignty, and Anxiety … 12 and the accounts of Primo Levi, survivor of the holocaust (2002). In this section we depict some basic aspects of his work and refer them to our concept of risk management. Agamben starts his inquiry into governmentality and biopolitics with an obscure figure of ancient Roman law: the homo sacer (Agamben, 1998). Conceived as a punishment, human beings declared to be such homines sacri were excluded from law. They could be killed with impunity but could at the same time not be sacrificed to any god. The latter is important because it, too, serves the exclusion of the homo sacer from law, as at the time ‘normal’ death penalties had a sacred and purifying function (p. 87ff). Forbidding purification through ritualised death intended to exclude the punished person from law itself. For Agamben this temporal abrogation of law is crucial as it constructs an individual as standing at the same time inside and outside the law. The curious mechanism which the law of homo sacer creates a situation in which the antagonisms of law and anomy, the suspension of social order, are secretly intertwined and become mutually dependent. In order to fulfil the law, i.e. to exclude somebody from the law totally, the anomy, the not-law, needs to be incorporated into the law. Law and anomy are then “simultaneously antagonistic and functionally connected“ (Stavrakakis, 2010, p. 90). For our purposes, Agamben’s theory becomes most viable when it comes to the various manifestations of the recursive relationship between rule and exception. For instance, he directly links sovereign power and biopolitics when discussing how the decision of what constitutes ‘bare life’ is used to exclude parts of a population. The most dramatic example for this being the eugenic attempts of managing the Volkskörper (body of people) by the Nazis for which less anti-Semitic versions can also be found in other countries such as the UK and the USA at the start of the twentieth century (Rose, 2007, p. 24). His most horrific example is that of the Muselmann in Auschwitz, human beings physically and mentally so close to death that the line separating life and death becomes blurred (Agamben, 2002). Despite the ethical gravity of these instances, the mechanism at work which links law and anomy beyond demarcation becomes clearest in his work on the State of Exception (2005) which starts off with a reference to a specific argument in the work of Carl Schmitt. Risk, Sovereignty, and Anxiety … 13 In 1922 Carl Schmitt, German political philosopher and glowing national socialist, defined the sovereign as “he who decides on the state of exception” (Agamben, 2005, p. 1). Taking this as a starting point Agamben aims to conceptualize a theory of the state of exception which he sees as missing in political theory. At the heart of the Schmitt/Agamben-thesis is a compellingly simple idea: by defining (explicitly) an exception one/the sovereign (implicitly) defines the norm and the line of demarcation separating both. Agamben goes on to show that this has essential consequences for a legal system. By defining something which lies outside itself, the legal system aims to go beyond what it actually can be. When a (democratic) government suspends the basis of its own legitimation, the rule of law, by declaring the state of exception, fundamental questions are raised. What gives any democratic government the right to act this way, if not the law? And even more threatening for legal order: how can the proclamation of the state of exception be decided upon, if the law, per definition, is not applicable? Agamben carefully documents how various forms of states of exception are incorporated in modern states’ constitutions. For Agamben this is dangerous for any democratic legal order because the existence of a sovereign, who decides upon the state of exception on his/her/their own discretion and can thereby suspend the rule of law, is a mechanism of fascist dictatorship. Provokingly, he exposes how these principles move democracies dangerously close to dictatorial orders and merely sees a difference in degree in both forms of government.5 Advancing Schmitt’s thesis even further, Agamben argues the permanent state of exception to be the paradigm of contemporary governmentality for which he discusses various examples. In 2003 the book, State of Exception, draws on the then relatively new reactions to 9/11, especially the concentration of terror suspects deprived of most legal rights in the camp in Guantanamo Bay. Agamben also sees the redefinition of death in the debate around the medical notion of brain death as an instance in which the definition of an exception reconstitutes the “normal” rule. Here, again, his argument touches what has been recently discussed as biopolitics (cf. Munro, 2011). 5 Remember that Henry Paulson, US secretary of the treasury 2006-2009, suggested to enact martial law during the hot phase of financial crisis. Risk, Sovereignty, and Anxiety … 14 While this argument has in general been acknowledged for capturing important mechanisms of modern government (Dean, 2010a), Agamben drew heavy criticism for the “excessive dramatization” (Lemke, 2011, p. 56) of his argument by choosing alarmist examples (Ten Bos, 2005; Werber, 2002). Critics argue that comparisons between contemporary governments and the Nazi regime and its concentration camps are at best overly dramatizing and at worst misleading. We do not agree with this criticism. Following Dean (2010b) we understand the mechanisms at the heart of Agamben’s exceptionalism as “a ‘diagram’ of power” (p. 465). Taking Agamben’s phrasing of “the state of exception as a paradigm of government” seriously, we may see many instances of exceptionalism in many aspects of contemporary governmentality both on the large scale Agamben describes and in much more mundane practices inside organizations. We take Agamben’s argument as a pattern or a diagram which cannot only be applied to legal order on a large scale but can be also used on much less dramatic examples, without misunderstanding every organization as concentration camp. Rather, we follow in our interpretation Ortmann (2003) who translates Agamben’s discussion of rule and exception in legal history into contemporary rule-based organizing in general. Applying Agamben’s thesis on issues of management in and between organizations, one can envision the realm of management control, being based on a plethora of rules with the ends of “governing” an organization, as an interesting field of study. And, there is one concept within management accounting which has been repeatedly used as a loophole for states of exception to permeate “normal” organization order: risk (Aradau and Van Munster, 2007; Dean, 2010b). As discussed earlier, Power (2007) demonstrates the pervasiveness of risk as an organizing logic. As in principle any risk is thinkable, any precautionary measure is, at least within socially agreed and institutionalized limits, justifiable. This is a powerful argument for introducing various forms of exceptions into organizational routines. These exceptions rarely have to be taken back as it is seldom that a risk simply ceases to “exist”, given its socially constructed nature (cf. Hilgartner, 1992). Here the aspect of permanence of the state of exception comes into play. For Agamben, it is – at the end: infinite – status which makes the state of exception most threatening to other, for instance demo- Risk, Sovereignty, and Anxiety … 15 cratic, forms of government. Scholars of governmentality such as François Ewald (1991) have emphasised the normalizing effects of risk management, resting on the basis of calculations of probability. Thus we see a paradox with regard to risk and its management: while the concept itself deals with exceptions, these are managed in a normalized and increasingly standardized way. As Hacking (1990) and later De Goede (2005) have shown, statistical methods and procedures have been developed with great effort to render uncertainty calculable. Various risk management practices have been established as warrantor of taming uncertainty, regardless of their mixed methodological persuasiveness (McGoun, 1995). Subsequently, traditional forms of management and exceptions outside their traditional grasp have been intertwined beyond differentiation in the form of risk management. In Agamben’s words, they have entered “a threshold of indistinction” (1998, p. 174). Thus, our thesis so far is that risk management is essentially a permanent state of exception as uncertainty and events outside the reach of management are intertwined with regular forms of management, conventionally aimed at normalizing the inside of an organization. Crucially, these mechanisms offer legitimacy to a new array of intervention at all aspects of organizations including areas to “which organizations are traditionally insensitive” (Power, 2007, p. 198). Following Power, these interventions are defensive and legalistic, reflecting world-level values of transparency and auditability, and are giving rise to technocratic forms of management in domains formerly alien to (formal) management. However, and still, the considerations so far do not indicate, why and when a sovereign starts skipping normalizing ways of ruling and drifts into the field of extreme absolutism. With respect to the notion of elite panic, we will discuss the background to this in the next section. 4. Elite panic The idea of the permanent state of exception is one which, at first glance, constitutes an absolute power of the sovereign. Our thesis does not aim to displace but rather augment disciplinary regimes of power as important theory for understanding the power-effects ensuing from management accounting and control. Before we will dwell on this issue in-depth, however, we have to emphasize Risk, Sovereignty, and Anxiety … 16 that it is important to notice that no sovereign is immune to power effects and far from being able to reign at free will. In order to theorize this we will now draw on the concept of elite panic. The compellingly simple idea behind the concept of elite panic is that not only “normal” people can panic and make hastened decisions but also those in position of (in)formal power in any given situation. While this statement is kind of a platitude for psychologists, its consequences for the study of risk management are rather unexplored. The term elite panic itself is mainly used by US-American social scientists (among others Clarke and Chess, 2008; Tierney, 2008) in sociologically oriented disaster studies. With reference to a number of diverse disasters, Solnit (2010) for example argues that the main problem during disasters are the reactions of the political elite. For her study she draws on a number of disasters, like the earthquake in San Francisco in 1906 and in Mexico City in 1985, the terrorist attacks on New York and Washington in 2001, and particularly the devastation of New Orleans by hurricane Katrina in 2005 and concludes that it is panic and subsequently ‘wrong’ actions by the political elite that turned disasters finally in catastrophes in each of these cases. ‘Wrong’ actions by political elites can occur prior to a disaster, for example by badly allocated resources for rescue and counteraction or bad preparedness in general; or, and of more relevance in our context, in the direct aftermath of a disaster, by ‘wrong’ decisions made by the elite when fighting the effects of a disaster. Simultaneously, she illustrates that normal people – those who suffer most from a disaster – behave much more socially sensitive, and in most cases not as raw and criminal as political elites fear. Chaos and violence is hence to a lesser extent the result of aggressive criminality or a lack of legitimate (state) power, but more of the panic of elites facing a lack of governability in the aftermath of a disaster. Those fears are, moreover, amplified by sensation-seeking mass media, as can be most clearly traced in the media coverage of the effects of hurricane Katrina. With respect to the contradiction between the observable social sensitivity of the ‘men on the street’ and the powerful elite in catastrophes, Solnit comes to the conclusion that there is kind of a fragile “paradise in hell”: “These accounts demonstrate that the citizens any paradise would need – the people who are brave enough, resourceful enough, and generous enough – already exist. Risk, Sovereignty, and Anxiety … 17 The possibility of paradise hovers on the cusp of coming into being, so much so that it takes powerful forces to keep such a paradise at bay.” (2010, p. 7) It is not our aim to criticize Solnit’s somewhat romantic view on the spontaneous social structures that emerge among people that feel no longer subdued to a sovereign. Likewise, we do not argue that the decisions made by panicking political elites fighting the Hobbesian primitive state that might unfold during extreme crises are wrong or right. The examples Solnit draws on show, however, that elite panic, although not being an ingredient of the toxic mixture that causes crises, is the origin of what we call the politics of crises: panicking elites start to fight their own fear of losing power and influence by attempts to re-construct their sovereignty.6 We argue that this holds not only for natural or environmental catastrophes, but also, and to a much greater extent , for ‘man-made’ (Turner and Pidgeon, 1997) or ‘manufactured’ (Beck, 1992) disasters. That is to say, man-made disasters have a much greater potential to shake the institutional order of a society or an organization. For example, the financial crisis was not an environmental disaster but a variegated mixture of complex financial instruments, internal control and governance issues, public policies, and questionable decisionmaking, all linked in peculiar ways with risk management which made risk management the object of much criticism in the subsequent public discussion. The complex and variant interplay between (potential) elite panic and (potential or feared) public panic can result in different institutional responses to extreme events. In general, the reaction of institutional powers, be it hurricane Katrina’s devastating effects or the financial crisis, shows that elite panic varies over time and space. Clarke and Chess (2008, p. 999-1006) differentiate three specific relationships between elites and panic in the face of extreme events. The first postulated relationship between elites and panic is elites fearing panic. Clarke and Chess give examples (for instance the non-evacuation of citizens during the nuclear Three Mile Island incident in 1979) for decision makers not taking certain actions or withholding information because they fear mass panic. During the global financial crisis such behaviour became evident as well. As stock markets are generally 6 It is well known, for example, that the first trucks reaching the flooded centre of New Orleans after the hurricane were not loaded with drinking water or food, on whose delivery the locked-in survivors desperately waited for, but with armed members of the National Guard, sent to re-construct order. Risk, Sovereignty, and Anxiety … 18 thought to react very sensitively to information indicating financial turbulence, crucial information was effectively withheld from the public and counter measures were postponed. Afterwards, the fear of causing a panic, and thus provoking a global financial crisis, was frequently stated as reason for this dangerous behaviour. As Sorkin (2010) reports, this idea infected both the executives of Lehman Brothers around Richard Fuld and the team of the secretary of the treasury, Henry Paulson, in their attempts to manage the financial crisis during its infancy. Ironically, a more open policy, acknowledging the danger of the situation just might have yielded better results. Second, elites can cause panics. Being directly opposite to the first characterization, it might sometimes be in the interest of decision-makers to evoke panic. In the global financial crisis, one could observe a cynical twist to this mechanism. After the Lehman meltdown, other Bankers sternly painted a picture of a global disaster should governments chose not to bail-out financial institutions. Their interconnectedness, it was argued, would create a domino-effect with implications beyond calculability. It is hardly surprising that the initial public opinion towards tax-payer money being invested into companies which pay enormous executive compensations was at best mixed. By creating a panic about the implications of further bankruptcies, governments were pressurized into the ‘logic’ of bail-outs. For our purposes, it is irrelevant whether this was the right course of action or not. What is interesting to see is that panic was frequently used as a discursive resource to utilise the perceptions of non-elites in a war of interests and economic ideologies (free-market purists vs. proponents of state interventions). If one was to look for evidence for this, mass media can deliver innumerable examples: basically any front page of any major newspaper of that time would do. The third version of the relationship between elites and panic is the most powerful one: elites panicking. Risk management is employed with the intention to make uncertainties understandable and thus manageable. Perversely, some procedures of (financial) risk management can be so complex that they make elites face their own cognitive limitations, as Alan Greenspan, long-time head of the Fed, once famously admitted in a CNBC interview after the crisis. If what Power called “myths of manageability” are exposed as such, this can be a traumatic experience. When the feeling Risk, Sovereignty, and Anxiety … 19 of helplessness – and later: “alternativelessness” – spreads and the bad news keep on coming, elites seemingly behave as anybody else and panic. And it comes with no further surprise that Henry Paulson, US secretary of the state 2006-2009, vomited every time yet another blow to the economy was reported. Coming back to the issue of risk management and its utilization for justifying absolute sovereignty, we suggest panic no longer to be seen as a by-product of extreme crises, but as a ‘manufactured’ dispositif of elites to regain, maintain or extend their sovereignty. Discussions among experts, politicians and managers about risks and their ‘correct’ management can be understood as discursive practices that manifest the institutional striving for a renewed reign of risk. This also reveals the often proclaimed self-amplifying nature of risk management (cf. Power, 2007), in that the failure of risk management systems result in nothing else other than claims for better risk management, which, paradoxically, substantiates statements that there is more risk that has to be managed. As we will explain in the following section, permanent arguments for better risk management, heralded in institutional responses to crises, amplified by mass media, and adopted by a mobilized public, can be understood by a sovereign as a discursive resource for the ever tightening risk management regimes – with a permanent state of exception as the ultimate condition of organizations and society. From this perspective, risk management is perceptible as managerial practice obliterated by the financial crisis, but becomes perceptible as powerful apparatus for political or managerial elites to cordon off sovereignty. 5. The dispositif of risk management We have now come to a point in our argument in which we have all the ingredients at hand to answer the questions which drove our inquiry from the start: Why, in the face of its obvious deficits and failures, is risk management still high on the agenda of managers and politicians? Why is the only apparent answer to the shortcomings of risk management seemingly, more of the same? To structure our answer to these observations we will proceed in two steps. First, we will discuss how Risk, Sovereignty, and Anxiety … 20 the specific logic of fear and exception lead to something which we term the dispositif of risk management. We will see that this argument re-introduces ideas of sovereign power into the debate of management control which has largely focused on disciplinary or more subtle forms of power (Brivot and Gendron, 2011; Martinez, 2011; Miller and O'Leary, 1987). Second, we will discuss some aspects of sovereign power by which a Weberian understanding of power is transcended and by which a notion of risk management as a complex set of (im)balances of power is approached. 5.1 Suspension in the name of risk In its most basic understanding, risk management is designed to tame uncertainty, the threat that any sort of business planning is not working as intended (Collier and Berry, 2002, p. 274; Collier et al., 2006, p. 2). Other than most traditional forms of management control, risk management focuses not on the planned or functioning aspects of corporate life but, as we argued earlier, on exceptions. Risk management has cemented itself as a permanent state of exception, as the focus on possible negative influences on (business) activities is increasingly becoming a part of what is called good corporate governance and sound internal control mechanisms. Note that risk management differs from most forms of common management control instruments through two aspects: the focus on exceptions rather than normalization and the specific calculative practices attached to the concept.7 Transferring Agamben’s argument to the risk management issue, we argued that risk management constitutes a permanent state of exception as risk is always a potential manifestation of an exception. Risk management then is a way of introducing the risky exception into logics of organizing. Agamben has taught us the consequences of such developments. We now want to extend this thesis by discussing the dispositif of risk management. The foucauldian notion of dispositif cannot be readily translated into English but roughly equals a set of mechanisms/apparatus of power (Agamben, 7 It is through this second attribute that risk management retains its defensive character even when it is termed risk and chance management. To manage chances with the same mechanisms as risks only gives more power to the rule of this state of exception. For example, as Huber (2009) points out for the PWC informed guidance for risk management in British universities, the definition of risk as both chances and risks can be merely ceremonial. Risk, Sovereignty, and Anxiety … 21 2009)8. With its standardized procedures, risk management offers an apparatus of social techniques which is deemed legitimate. To understand the dispositif of risk management we return to our initial discussion of the critical reflection on risk and risk management. As Power and colleagues have shown, uncertainties are transformed into risks through a standardized set of procedures and are then addressed with standardized measures. Subsequently, we suggest that risk management, as a management control practice, implies two developments: its own expansion and, second, a set of procedures which conform to certain images of manageability. These are the key specificities of the dispositif of risk management that we focus on in the following. First, concerning its expansion, the precautionary logic of risk management implies that eventually all facets of organizational life can be subject to it. And indeed, the impressive rise of operational risk (Power, 2005, 2007), has shown this expansion. In principle any organizational activity can be made subject to risk management and there is evidence for such an imperialistic trend. Patetta Rota (2010) provides “a short guide to ethical risk” in which traditional risk management techniques (1. retain, 2. mitigate, 3. avoid, 4. transfer; p. 66) are suggested to tackle ethical issues in organizations. In the same series of short guides to business risks other topics are advised to become subject to risk management instruments. These include “climate risk”, “employee risk” “kidnap and ransom risk”, “tax risk”, “equality risk” and “information risk”. Also, new types of organizations become frequently colonized with risk management, one example being universities (Power et al., 2009), another prisons (Hood et al., 2004). Second, regarding the procedures or risk management, all these different domains and organizations are deemed in need of management through similar techniques and instruments. As Power shows, the responses to uncertainty become standardized, irrespective of their idiosyncrasy. What is more crucial than such specificities is that world level values of transparency and accountability are addressed and myths and images of functionality and manageability are upheld. If, as pro- 8 Foucault defines a dispositif as “a thoroughly heterogeneous set consisting of discourses, institutions, architectural forms, regulatory decisions, laws, administrative measures, scientific statements, philosophical, moral, and philanthropic propositions-in short, the said as much as the unsaid.” (Foucault, 1980, p. 194; quoted in Agamben, 2009, p. 2) Risk, Sovereignty, and Anxiety … 22 posed, the dispositif of risk management is spreading and introducing a permanent state of exception, the question is bluntly: why is this important? What are the effects of ruling via this dispositif and perpetuating a state of exception? As discussed earlier, Giorgio Agamben’s work provides some warnings. The concept of the permanent state of exception refers to the mechanism of power which describes how rule and exception, law and anomy, become intertwined and mutually constitutive. Agamben shows the workings of this diagram of power in different circumstances. Transferring this mechanism to the world of management, we need to ask to which law risk management is anomy to. Superficially, an answer could be traditional normalizing management techniques such as standard costing. While this might be true on an instrumental level, we want to emphasize a more fundamental point. Power points us towards what is suspended by the rule of risk management: every form of management which is not inherently linked to world-level values of transparency, accountability and manageability. Given Power’s pervasive arguments that these values reflect myths and moral judgements rather than functional solutions to inevitable problems, the dangerousness of this trend can be estimated. Here we find the full explanatory power of Agamben’s reasoning. The definition of an exception simultaneously defines what is “normal” and the border which separates norm and exception. Thereby, (re)defining organizational activities as risks and endorsing standardized practices as only sustainable responses to these risks shifts these activities, no matter how un-business-like they originally were, into the realm of suspicion. The idiosyncratic characteristics of these activities are not important for this logic; rather, it is important, whether or not the activities conform to the values of transparency, accountability and manageability. In other words: If an activity cannot be auditable and has not rendered itself amenable to managerial intervention, it is excluded from what is legitimate or thinkable. Through this complex mechanism, risk management, if understood in this imperialistic version, serves the exclusion of all that is not conforming to a narrow and myopic logic of managerial intervention. Risk management becomes totalitarian, although flawed in its methodology and alien in its functional mechanism to other management control practices. For, as Agamben Risk, Sovereignty, and Anxiety … 23 agrees with Schmitt, the sovereign is the one who decides on the state of exception, so the power constellation should shift drastically towards the ones utilizing risk management. However, the phenomenon of power is not so easily appropriated. 5.2 The panicking sovereign Is the dispositif of risk management to be used at free will or even more pointedly, used at all? Paraphrasing Schmitt/Agamben one can argue that when risk management is defined as a permanent state of exception, the sovereign of an organization is who controls risk management. And indeed, in organizations the advocates of risk management have gained influence. Evidence of this is the growing number of Chief Risk Officers in corporations (Power, 2007, p. 82ff). If taken at face value our adapted Schmitt/Agamben thesis would imply that the managers of risk could reign at free will as sovereigns, which would correspond to a Weberian conceptualization of power. However, two complications contradict this conceptualization of power: the nature of contemporary risk management and the dynamics of elite panic. First, as discussed above, the dispositif of risk management as a 20th and 21st century management technique is placed firmly in the realm of the values of transparency, accountability and certain images of manageability that it reproduces. As risk management is recursively constituting the technical-moral project it is based on, it can only take specific forms dictated by such a project. Furthermore, any management intervention in the name of risk must adhere to the same values. The result? The danger of myopia of risk management discussed earlier: Given the impossibility to address risks in any other way than prescribed by logics of accountability, blame avoidance and more generally the dispositif of risk management, all other, say more creative, attempts of managing uncertainty beyond defensiveness and paranoia are rendered unthinkable. For management control more generally, this implies a continued emphasis on an administrative form of objectivity (Porter, 1995) and the denial of any sort of innovative versions of progress. From a power perspective this gives the advocates of risk management only ostensible freedom. At first instance, they can only rule as sovereigns as long as their actions conform to the same notion of auditability and the same images of manageability. Thus, actors become entangled in a web of pressures which Risk, Sovereignty, and Anxiety … 24 forces them to become agents of the reproduction of exactly that rule which allowed them to get into positions of power. While this restricts the power and freedom of elites/the sovereign in the measures they can take, it still implies that, given that their rule conforms to the limited set of legitimate actions, risk management endorses elites with the power to expand their rule into new domains or organizations and promote the logic of action they are herald to. However, this is not necessarily a steady mechanism as soon as the dynamics of elite panic come into play. Relating the concept of elite panic to the state of exception one can argue that, when extraordinary measures are taken, this is not necessarily as an act of free sovereign will. In the world of management, institutional pressures originating from crises and economic downturns can lead elites to act in panic. The global financial crisis of 2008 provides powerful evidence of this. It is easy to identify occurrences evoking panic and the subsequent standardized reactions9 as amplifying both the economic downturn and the related panic (Lewis, 2008; Millo and MacKenzie, 2009). When elites panic and, as reaction start to fight the panic of their own and others, a more-of-the-same approach is likely. In summary, the freedom the sovereign gains through risk management as a permanent state of exception is restricted by the measures that are legitimate and the social dynamics driving the implementation of the state of exception. And, by this, the scope of what is seen as legitimate fundamentally changes within the transition to the ‘new’ state of exception. Seen through the lens of organizational theory this lets us identify a complex (im)balance of power when it comes to risk management practices. On the one hand, elites gain power because they can draw on a range of responses which are legitimate due to the permanent state of exception. Controlling these responses is a mechanism of power because it enables the suspension of alternative logics of action that do not conform to values of transparency, accountability and certain images of manageability. The pervasive logic of precautionary risk enables elites to restrict the freedom of others. Elites, however, are not completely free in their choice of actions as we have noted with regards to legitimacy of responses. On the other hand, these limitations to the acceptable actions of 9 As the crisis revolving around the potential bankruptcy of the state of Greece is showing at the time of writing, even the concept of bail-out, initially heralded as a once in a lifetime event, is becoming increasingly part of the standard repertoire of (trans)national governments. Risk, Sovereignty, and Anxiety … 25 elites open degrees of freedoms for those subject to the powerful elites. In an abstract sense, these degrees of freedom could undermine the total power of elites. Yet again, this freedom must not be over-estimated as the actions of the subordinate are themselves bound by the need of auditability – otherwise they face the same dangers as elites do. This constellation results in complex (im)balances of power which determine the shape that responses to uncertainties take. In effect, this explains the mixed evidence empirical studies such as Mikes (2009, 2011), Arena et al. (2010) and Wahlström (2009) demonstrate. We have to make a brief, more theoretical remark. Given the dialectic between the individual freedom of actors and restraining mechanisms, one might be tempted to understand our conceptualization of power as addressing the old question of agency vs. structure as a recursive relationship. However, the strong emphasis on the moral-technical project of risk management (Power, 2007), its strong reference to world-level values of transparency, accountability and manageability hints towards a dispositif of risk management. Indeed, following Agamben, the main feature of the permanent state of exception is not the intra-organizational struggles but the amplification and reenforcement of the normalizing governmentality that the logic of exceptionalism promotes. It is important to recognize, thus, that the governmentality of risk is not just a structure against which actors act but as constituting and defining the actors, creating them as subjects, in the first place. In summary we have argued that risk management retains its power from its very core logic of focusing on exceptions. Coinciding with powerful world-level values of transparency and accountability and certain images of manageability, risk management is part of a dispositif which entails its own expansion and perpetuation. When focusing on an organizational level, this implies a reintroduction of sovereign power into the debate of management control. As the sovereign is not free to act at will, bound by values of defensive accountability and elite panic, we may argue, not least inspired by the global financial crisis of 2008, that the true sovereign is fear itself. Risk, Sovereignty, and Anxiety … 26 6. Conclusions In this paper, by referring to and further elaborating the existing literature on the organizational nature of risk and risk management we problematized the power effects of risk management at an organizational level. We based our argument on the work of Italian social theorist Giorgio Agamben on what he has coined as “the permanent state of exception” (1998, 2005) as well as the discussion of the concept of “elite panic” (Clarke and Chess, 2008). We have argued that a dispositif of risk management shapes organizational (im)balances of power which reproduce larger societal values and determine organizational responses to the rise of risk management. Risk management, which is held to be dealing with dangerous exceptions, thereby stands in contrast to most traditional forms of management control with their emphasis on normalization. We concluded that a logic of potential danger and fear lies at the heart of risk management. Risk management can thus be used as a discursive resource to add to, undermine or even replace more traditional forms of management control. Taken together, this explains why, despite the manifold criticism it has had to face since the global financial crisis of 2008, risk management still retains its momentum. Thus, only when underlying values of accountability and transparency are more fundamentally challenged, risk management might lose its momentum. Until then, one might ponder whether there is no way to meaningfully face uncertainty in organizations beyond paranoia and defensiveness. We want to suggest that our argument opens space for meaningful behaviour as found in empirical studies such as those by Mikes (2009, 2011) or Arena et al. (2010). Tying in with Power’s work, we do not propose that all practices of risk management are dysfunctional and paranoia is the only outcome of its firm rooting in notions of accountability and auditability. However, when faced with the socio-dynamics of risk management portrayed above, practitioners will need to understand the pressures they face and the perverse outcomes succumbing to these pressures might have. Reconstructing a sensible approach to uncertainties will need to go beyond the myopic gaze of standardized approaches (Power, 2009). To do so, three conceptual issues would have to be simultaneously addressed. First, the standardized procedures of risk management Risk, Sovereignty, and Anxiety … 27 would need to be questioned and augmented or replaced with more anticipatory, fine-tuned activities which focus on the reception of weak signals (Weick and Sutcliffe, 2007), rather than being obsessed with the avoidance of blame. Second, the effects of restricting actions to conform to moraltechnical projects of transparency, accountability and manageability need to be reflected. As we have shown, these values form a strong apparatus of governmentality whose questioning is pivotal to any alternate practice. Third, practitioners would have to micro-politically fight for their degrees of freedom, either as sovereigns or non-elites, in order to be able to creatively tackle uncertainties. With our argument we wanted to re-introduce alternative approaches to dealing with uncertainties into the debate. Which course of action is deemed appropriate must be determined by experts facing various challenges – debates which themselves are influenced by the permanent struggles for power. Risk, Sovereignty, and Anxiety … 28 References Agamben, G., 1998. Homo Sacer: Sovereign Power and Bare Life. Stanford: Stanford University Press. Agamben, G., 2002. Remnants of Auschwitz: The Witness and the Archive. New York: Zone Books. Agamben, G., 2005. State of Exception. Chicago: University of Chicago Press. Agamben, G., 2009. What is an Apparatus and other essays. Stanford: Stanford University Press. Agamben, G., 2011a. The Kingdom and the Glory: For a Theological Genealogy of Economy and Government. Stanford: Stanford University Press. Agamben, G., 2011b. The Sacrament of Language. Stanford: Polity Press. Alvesson, M., Deetz, S. A., 2006. Critical Theory and Postmodernism Approaches to Organization Studies. In: Clegg, S., Hardy C., Lawrence, T. B., Nord, W. R. (Eds.), The Sage handbook of orgnanization studies. London: Sage, pp. 255-283. Aradau, C., van Munster, R., 2007. Governing Terrorism Through Risk: Taking Precautions, (un)Knowing the Future. European Journal of International Relations 13, 89-115. Aradau, C., van Munster, R., 2008. Taming the future: the dispositif of risk in the war on terror. In: Amoore, L., de Goede, M. (Eds.), Risk and the War on Terror. London: Routledge, pp. 23-40. Arena, M., Arnaboldi, M., Azzone, G., 2010. The organizational dynamics of Enterprise Risk Management. Accounting, Organizations and Society 35, 659-675. Banerjee, S. B., 2008. Corporate Social Responsibility: The Good, the Bad and the Ugly. Critical Sociology, 34, 51-79. Basel Committee on Banking Supervision, 2006. International Convergence of Capital Measurement and Capital Standards: A Revised Framework, Comprehensive Version. Beck, U., 1992. Risk Society: Towards a New Modernity. London: Sage. Bhimani, A., 2009. Risk management, corporate governance and management accounting: Emerging interdependencies. Management Accounting Research 20, 2-5. Black, J., 2005. The Emergence of Risk-Based Regulation and the New Public Risk Management in the United Kingdom. Public Law 3, 512-548. Risk, Sovereignty, and Anxiety … 29 Black, J., 2008. Risk-based Regulation: Choices, Practices and Lessons being Learned: OECD. Brivot, M., Gendron, Y., 2011. Beyond panopticism: On the ramifications of surveillance in a contemporary professional setting. Accounting, Organizations and Society 36, 135-155. Calarco, M., DeCaroli, S., 2007. Giorgio Agamben: Sovereignty & Life. Stanford: Stanford University Press. Cameron, G., 2010. Accounting and the construction of the retired person. Accounting, Organizations and Society 35, 23-46. Clarke, L., Chess, C., 2008. Elites and Panic: More to Fear than Fear Itself. Social Forces, 87(2), 9931014. Clegg, S., 1975. Power, Rule and Domination. London: Routledge & Kegan Paul. Clegg, S., 1979. The theory of power and organization. London: Routledge & Kegan Paul. Clegg, S., Courpasson, D., Phillips, N., 2006. Power and organizations. London: Sage. Collier, P. M., Berry, A. J., 2002. Risk in the process of budgeting. Management Accounting Research 13, 273-297. Collier, P. M., Berry, A. J., Burke, G. T., 2006. Risk and management accounting: best practice guidelines for enterprise-wide internal control procedures Research Executive Summaries Series (Vol. 2). Birmingham: CIMA. COSO, 2004. Enterprise Risk Management. De Goede, M., 2005. Virtue, Fortune and Faith: A Genealogy of Finance. Minneapolis: University of Minnesota Press. Dean, M., 2010a. Governmentality (2nd edition ed.). London: Sage. Dean, M., 2010b. Power at the heart of the present: Exception, risk and sovereignty. European Journal of Cultural Studies 13, 459-475. Ericson, R., Leslie, M., 2008. The architecture of risk management. Economy and Society 37, 613-624. Espeland, W. N., Sauder, M., 2007. Rankings and Reactivity: How Public Measures Recreate Social Worlds. American Journal of Sociology 113, 1-40. Risk, Sovereignty, and Anxiety … 30 Ewald, F., 1991. Insurance and Risk. In: Burchell, G., Gordon, C., Miller, P. (Eds.), The Foucault Effect. Chicago: University of Chicago Press, pp. 197-210. Foucault, M., 1980. Power/Knowledge: Selected Interviews and Other Writings, 1972-1977. New York: Pantheon Books. Foucault, M., 1998. The Will to Knowledge. London: Penguin. Foucault, M., 2008. The Birth of Biopolitics: Lectures at the Collège de France 1978-1979. New York: Pelgrave MacMillan. Foucault, M., 2009. Security, Territory, Population: Lectures at the College De France 1977-1978. New York: Palgrave Macmillan. Gephart Jr, R. P., van Maanen, J., Oberlechner, T. (2009). Organizations and Risk in Late Modernity. Organization Studies 30, 141-155. Gulamhussen, M. A., Guerreiro, L., 2009. The influence of foreign equity and board membership on corporate strategy and internal cost management in Portuguese banks. Management Accounting Research 20, 6-17. Hacking, I., 1990. The Taming of Chance. Cambridge: University Press. Hilgartner, S., 1992. The Social Construction of Risk Objects: Or, How to Pry Open Networks of Risk. In: ShortJ., Clarke, L. (Eds.), Organizations, Uncertainties and Risks. Boulder, CO.: Westview Press, pp. 39-53. Hood, C., 2002. The Risk Game and the Blame Game. Government and Opposition 37, 15-37. Hood, C., James, O., Peters, B. G., Scott, C., 2004. Controlling Modern Government. Cheltenham: Edward Elgar. Hood, C., Rothstein, H., Baldwin, R., 2001. The Government of Risk: Understanding Risk Regulation Regimes. Oxford: Oxford University Press. Huber, C., 2009. Risks and Risk-Based Regulation in Higher Education Institutions. Tertiary Education and Management 15, 83 - 95. Risk, Sovereignty, and Anxiety … 31 Huber, M., 2008. Colonised by risk: the emergence of academic risks in British higher education. In: Hutter, B.M. (Ed.), Anticipating Risks and Organizing Risk Regulation. Cambridge: University Press, pp. 114-135. International Organization for Standardization, 2009. ISO 31000: Risk management: principles and guidelines. Jeacle, I., 2003. Accounting and the construction of the standard body. Accounting, Organizations and Society 28, 357-377. Kappler, E., Scheytt, T., Huber, C., 2010. Risikomanagement trotz nicht abwendbarer Risiken. Jahrbuch für Rechnungswesen und Controlling 26, 529-547. Knight, F. H., 2002/1921. Risk, uncertainty and profit. Washington, D.C.: Beard Books. Knights, D., Roberts, J., 1982. The Power of Organization or the Organization of Power?. Organization Studies 3, 47-63. Lam, J., 2006. Managing risk across the enterprise: Challenges and benefits. In: Ong, M. (Ed.), Risk Management, A Modern Perspective. Burlington: Elsevier. Lemke, T., 2011. Biopolitics: An Advanced Introduction. New York: New York University Press. Lewis, M., 2008. Introduction. In: Lewis, M. (Ed.), Panic! The story of modern financial insanity. London: Penguin, pp. 3-13. Lukes, S., 1974/2005. Power: A Radical View (2nd edition ed.). London: Palgrave Macmillan. Maltby, J., 2008. There Is No Such Thing as Audit Society: A Reading of Power, M. (1994a) 'The Audit Society'. ephemera 8, 388-398. March, J. G., Shapira, Z., 1987. Managerial Perspectives on Risk and Risk Taking. Management Science 33, 1404-1418. Martinez, D. E., 2011. Beyond disciplinary enclosures: Management control in the society of control. Critical Perspectives on Accounting 22, 200-211. doi: 10.1016/j.cpa.2010.06.016 McGoun, E. G., 1995. The History of Risk "Measurement". Critical Perspectives on Accounting 6, 511532. Risk, Sovereignty, and Anxiety … 32 Mikes, A., 2009. Risk management and calculative cultures. Management Accounting Research 20, 18-40. Mikes, A., 2011. From counting risk to making risk count: Boundary-work in risk management. Accounting, Organizations and Society, In Press, Corrected Proof. doi: 10.1016/j.aos.2011.03.002 Miller, P., Kurunmäki, L., O’Leary, T., 2008. Accounting, hybrids and the management of risk. Accounting, Organizations and Society 33, 942-967. Miller, P., O'Leary, T., 1987. Accounting and the construction of the governable person. Accounting, Organizations and Society 12, 235-265. Miller, P., Rose, N., 2008. Governing the Present. Oxford: Polity Books. Miller, P., Rose, N., 2010. Rejoinder to Alan McKinlay. Organization Studies 31, 1159-1163. Millo, Y., MacKenzie, D., 2009. The usefulness of inaccurate models: Towards an understanding of the emergence of financial risk management. Accounting, Organizations and Society 34, 638653. Munro, I., 2000. Non-Disciplinary Power and the Network Society. Organization 7, 679-695. Munro, I., 2011. The Management of Circulations: Biopolitical Variations after Foucault. International Journal of Management Reviews, In Press, Corrected Proof. doi: 10.1111/j.14682370.2011.00320.x O'Malley, P., 1999. Volatile and Contradictory Punishment. Theoretical Criminology 3, 175-196. Ogden, S. G., 1997. Accounting for organizational performance: The construction of the customer in the privatized water industry. Accounting, Organizations and Society 22, 529-556. Ortmann, G., 2003. Regel und Ausnahme: Paradoxien sozialer Ordnung. Frankfurt am Main: Suhrkamp. Patetta Rotta, C., 2010. A Short Guide to Ethical Risk. Farnham: Gower. Pfeffer, J., 1997. Pitfalls on the road to measurement: The dangerous liaison of human resources with the ideas of accounting and finance. Human Resource Management 36, 357-365. Risk, Sovereignty, and Anxiety … 33 Poletti Hughes, J., 2009. Corporate value, ultimate control and law protection for investors in Western Europe. Management Accounting Research 20, 41-52. Porter, T. M., 1995. Trust in Numbers: The Pursuit of Objectivity in Science and Public Life. Princeton: Princeton University Press. Power, M., 1997. The Audit Society - Rituals of Verification. Oxford: Oxford University Press. Power, M., 2004a. Counting, Control and Calculation: Reflections on Measuring and Management. Human Relations 57, 765-783. Power, M., 2004b. The risk management of everything : rethinking the politics of uncertainty. London: Demos. Power, M., 2005. The invention of operational risk. [Article]. Review of International Political Economy 12, 577-599. Power, M., 2007. Organized uncertainty : designing a world of risk management. Oxford ; New York: Oxford University Press. Power, M., 2009. The risk management of nothing. Accounting, Organizations and Society 34, 849855. Power, M., Scheytt, T., Soin, K., Sahlin, K., 2009. Reputational Risk as a Logic of Organizing in Late Modernity. [Article]. Organization Studies 30, 301-324. Prozorov, S., 2007. Foucault, Freedom and Sovereignty. Aldershot: Ashgate Publishing. Roberts, J., Jones, M., 2009. Accounting for self interest in the credit crisis. Accounting, Organizations and Society 34, 856-867. Robson, K., Humphrey, C., Khalifa, R., Jones, J., 2007. Transforming audit technologies: Business risk audit methodologies and the audit field. Accounting, Organizations and Society 32, 409-438. Rose, N., 2007. The Politics of Life Itself: Biomedicine, Power and Subjectivity in the Twenity-First Century. Princeton: Princeton University Press. Sauder, M., Espeland, W. N., 2009. The Discipline of Rankings: Tight Coupling and Organizational Change. American Sociological Review 74, 63-82. Risk, Sovereignty, and Anxiety … 34 Scheytt, T., Soin, K., Sahlin-Andersson, K., Power, M., 2006. Introduction: Organizations, Risk and Regulation. [Article]. Journal of Management Studies 43, 1331-1337. Soin, K., Scheytt, T., 2008. Management Accounting in Financial Services. In: Hopwood, A.G., Shields, M.D., Chapman, C.S. (Eds.), Handbooks of Management Accounting Research (Vol. 3): London: Elsevier, pp. 1385-1395. Solnit, R., 2010. A Paradise Built in Hell: The Extraordinary Communities That Arise in Disaster. New York: Penguin (Non-Classics). Sorkin, A. R., 2010. Too Big To Fail: The Inside Story of How Wall Street and Washington Fought to Save the FinancialSystem- and Themselves. New York: Penguin. Stavrakakis, Y., 2010. Symbolic Authority, Fantasmatic Enjoyment and the Spirits of Capitalism. In: Cederström, C. & Hoedemaekers, C. (Eds.), Lacan and Organization. London: mayfly Books, pp 59-100. Ten Bos, R., 2005. Giorgio Agamben and the community without identity. The Sociological Review 53, 16-29. Tierney, K., 2008. Hurrivane Katrina: Catastrophic Events and Alarming Lessons. In: Quigley, J.M., Rosenthal, L.A. (Eds.), Risking House and Home: Disasters, Cities, Public Policy. Berkeley: Berkeley Public Policy Press. Turner, B., Pidgeon, N., 1997. Man-Made Disasters. London: Butterworth/Heinemann. Wahlström, G., 2009. Risk management versus operational action: Basel II in a Swedish context. Management Accounting Research 20, 53-68. doi: 10.1016/j.mar.2008.10.002 Weick, K. E., Sutcliffe, K. M., 2007. Managing the unexpected (Second Edition ed.). San Francisco: John Wiley & Sons. Werber, N., 2002. Die Normalisierung des Ausnahmefalls: Giorgio Agamben sieht immer und überall Konzentrationslager. Merkur 56, 618-622. Woods, M., 2009. A contingency theory perspective on the risk management control system within Birmingham City Council. Management Accounting Research 20, 69-81.