Supporting Effective Boardroom Leadership Identifying Unique Opportunities to Improve Board Governance Risk Management and CSR Anthony J. Padilla, MBA,CFE Managing Partner, Risk Advisory Group
ENTERPRISE RISK MANAGEMENT and CSR SECTION 1 EFFECTIVE GOVERNANCE PRACTICES - The current environment, - Board responsibility for ERM grows, - Functions in the organization that Support and Report, - Identifying effective board approaches/structures to address ERM - Unique structure/approach to support board and management's ability to handle ERM SECTION 2 CORPORATE SOCIAL RESPONSIBILITY (CSR) AND GLOBALIZATION - Environmental Ethics, - Shifting Expectations, - FCPA, UK Bribery Act, Case
ENTERPRISE RISK MANAGEMENT and CSR THE CURRENT ENVIRONMENT Effective Enterprise Risk Management presents the most formidable challenge to boards’ capabilities, requiring they question management’s representations and its own understanding of the risk/reward conundrum in the industry they serve.
ENTERPRISE RISK MANAGEMENT and CSR Board’s and Enterprise Risk Today, a public company Board of Directors faces: Growing shareholder activism, Increased scrutiny by regulators Heightened expectations from the public about their oversight of management, CEO and executive compensation Challenges to their understanding and handling of ever evolving risks their corporations face Social responsibility, stateside and abroad, is gaining greater visibility This has led to increased pressure to perform or to step down from board duties. Many have decided the risks involved in board membership outweigh the perceived and actual benefits.
ENTERPRISE RISK MANAGEMENT and CSR THE CURRENT ENVIRONMENT The National Association of Corporate Directors NACD 2014-2015 Public Company Governance Survey identified the following key findings: One in four directors (24%) believe that their board has failed to assign risk - oversight to the correct group Almost half (48%) of respondents have assigned risk responsibility to the - Audit Committee One third (34%) indicated risk responsibility is assigned to the full board - However, only 30% of those responding believe that risk oversight should be - assigned to the Audit Committee, while 52% say it should be the full board’s responsibility
ENTERPRISE RISK MANAGEMENT and CSR EXAMPLES of Universal Risks that Companies Face: Innovation/Obsolescence Risks Litigation Risk Reputation Risk Financial Risk Environmental Risk Credit Risk Country (international) Risk Risk of Fraud Program/Project Risk Transaction Risk People/personnel risk Stakeholder/Public Risk (Ethics, Corporate Governance) Operational Risk Product/Market Risk Regulatory Risk Interest Rate Risk Contractual Risk Cyber Security / T echnology/IT Risk OTHERS?
ENTERPRISE RISK MANAGEMENT and CSR Controllable /Internal Limited Control /External • Innovation/Obsolescence Risks • Country Risk • Reputation Risk • Interest Rate Risk • Program/Project Risk • Regulatory Risk • People/personnel risk • Litigation Risk • Operational Risk • Cyber Security / • Contractual Risk T echnology/IT Risk • Financial Risk • Risk of Fraud/Corruption • Credit Risk • Transaction Risk • Stakeholder/Public Risk (Ethics, Corporate Governance) • Product/Market Risk • Product/Market Risk • Interest Rate Risk
ENTERPRISE RISK MANAGEMENT and CSR ORGANIZATIONAL INTEGRITY™ DEPARTMENTS or FUNCTIONS THAT ADDRESS RISK in COMPANIES • Internal Audit • (Enterprise) Risk Management - CRO • Legal • Regulatory Compliance • Organizational Design/Development • Policy and Procedures • Human Resources • Sarbanes-Oxley (SOX) • Contract or Procurement departments • Continuous Improvement • Fraud Detection/Prevention • Project Management Office (PMO)
ENTERPRISE RISK MANAGEMENT and CSR BOARD COMMITTEE OFTEN RESPONSIBLE FOR RISK OVERSIGHT Assign responsibility to the Audit Committee, which already handles financial maters, including • Internal Audit and SOX compliance PROS: This Committee already handles significant Risk activities Experienced financial expert is on this committee Forty Eight(48%) percent of companies surveyed do this already* CONS: Committee already has highest level of responsibility – piling it on Committee has high turnover despite higher compensation and insurance Form a new Committee responsible for enterprise risk oversight Give it to the full board * 2014-15 NACD Public Company Governance Survey (National Association of Corporate Directors)
ENTERPRISE RISK MANAGEMENT and CSR BOARD COMMITTEES RESPONSIBLE FOR RISK OVERSIGHT Assign responsibility to various or new committees (decentralized) PROS: Lessens burden on the Audit Committee Engages more directors in overseeing crucial risk issues CONS: Questionable level of understanding enterprise risk (knowledge and expertise) affecting the Industry and company Creates greater reliance on management’s representations of risks facing the organization Raises issues about effective training and skills needed for Directors to fully understand the risk environment a company faces
ENTERPRISE RISK MANAGEMENT and CSR CONTRADICTION IN SURVEY RESULTS UNDERSCORES BOARD UNCERTAINTY General satisfaction in quantity and quality of information except – Cyber Security One-third (32%) of survey respondents were not satisfied with the quality of information Over half (52.1%) were also dissatisfied with the quantity of information provided stating . Survey: “The indicated lack of information regarding cyber risk may pose a problem even for directors knowledgeable about cyber issues. Although most respondents indicated that they had at least some knowledge regarding cyber security risks, many felt they could still improve their understanding.” It was management’s failure to truly understand and communicate the global risks it faced during the derivative crisis which underscored the collapse of the credit markets. The board’s failure to interpret and understand those same risks compounded the problem and resulted in Dodd-Frank Although the issue of managing risk is management’s responsibility, what can a board do to address incongruence, lack of accountability and uncertainty?
ENTERPRISE RISK MANAGEMENT and CSR NACD Risk Oversight Guidance for Boards Align Strategy with Risk Improve Risk Mitigation Techniques Develop Risk Identification Skills Enhance Risk Monitoring Capabilities Define Crisis Response Steps Understand Management’s Risk Modeling and Identification of Risks Re-evaluate Communication with Management about overall Enterprise Risk
ENTERPRISE RISK MANAGEMENT and CSR SOLUTIONS TO CONSIDER and CHALLENGES 1) Create a new Risk Oversight Committee responsible of overall enterprise risk and populate it with Board members who understand risk 2) Disperse risk oversight amongst various committees (25% do this per NACD); specialized training will be needed to bring members up to speed to: - Evaluate management’s own understanding and management of risk - Interpret the information provided by management - Be able to provide guidance for management’s overall handling of key risks 3) Lastly, the board can rely on third party consultants to help in understanding risks, which brings its own set of concerns What are the issues or challenges with each of these?
ENTERPRISE RISK MANAGEMENT and CSR UNIQUE SOLUTION TO CONSIDER Appoint Expert Professionals in various disciplines to Boards to address least understood and least controllable risks: Enterprise Risk, IT/Cyber Security;, Global Risk, Regulatory Risk, etc. Old school of thought – A board should not be a “shadow” organization mirroring management’s structure. What this approach does: Creates a direct interface role on the board with key management responsible for those activities, similar 1) to the Audit Committee and the CAE Establishes uniform approach, easily replicable across boards in all industries – eliminates inconguity 2) Ensures consistency and clarity of information, strengthening the synergy between management and board 3) Erects a unified front/defense against regulatory intrusion and 4) Increases leverage and confidence to deal with external stakeholders about direction, control, mission, etc. 5) What public and private companies face today is an exploding risk universe with growing regulatory impact. The objective is a return to effective self governance under a unified approach to doing business.
ENTERPRISE RISK MANAGEMENT and CSR CORPORATE SOCIAL RESPONSIBILITY (CSR) “The voluntary actions a corporation takes to improve the lot of its various stakeholders.” The fundamental question : Do corporations have a responsibility beyond maximizing profits for their shareholders? Argument for: Corporations benefit from being a part of society, and therefore should address societal concerns Argument against: The costs involved in shouldering societal concerns and taking on issues beyond profit maximizing behaviors . The RESPONSIBILITY PARADOX : Globalization spreads the reach of corporations throughout the world, which broadens CSR and results in the CSR Vs. Stockholder conflict
Recommend
More recommend