The financial crisis exposed a multitude of risk management failures. At too many firms, risks were ignored, misjudged or misrepresented. Rosy scenarios and perverse incentives created risks that were catastrophic when the music stopped.
With hindsight, we can identify regrettable decisions made by governments, government agencies, regulators, rating agencies and individual firms. Because so many people were to blame for many acts of omission or commission, it can be difficult for directors to decide where their responsibility for their company?s risk management begins and where it ends.
Where the board?s responsibility for risk management ends is anyone?s guess, given the intense, ever-expanding demands on boards being made by investors, lawmakers, regulators, rating agencies and other constituencies.
But where the board?s responsibility for risk management begins is clear ? the board must insist that management create and maintain a strong risk management culture throughout the company. Without a strong risk management culture, no amount of investment in risk information, risk analytics, risk experts or compliance systems will protect a company from potential disaster or from missed opportunities for well-founded growth.
In a strong risk management culture, people make better risk decisions because they have the capability and desire to do so, not simply because they are expected to follow rulebooks or formulas. A strong risk management culture displays the values, behaviors and capabilities that are necessary for effective risk management:
- Vigilance ? Being alert to emerging threats and opportunities
- Agility ? Deciding and acting in time
- Collaboration ? Being able to work together effectively on risk issues
- Communication ? Sharing information and ideas about risks
- Discipline ? Knowing and doing what is right from a risk perspective
- Talent ? Attracting and motivating people who have the necessary risk knowledge and skills
- Leadership ? Inspiring, supporting, practicing and rewarding good risk management
Among these, top management leadership is the critical factor and a precondition for success. The board must ensure that top management is, in fact, leading the charge to build a strong risk management culture. Leadership is not sloganeering or window dressing. Leadership requires clear statements of values and objectives and a sustained commitment that leads to substantial changes in how the company does business. The risk management culture should be embedded not only in risk-monitoring and compliance systems, but also in business decision-making and incentive systems.
Compliance functions cannot, by themselves, impose a strong risk management culture on a reluctant organization. But compliance functions can play a crucial role in helping the board monitor and evaluate the performance of management in building sound risk management practices throughout the company.
Many attributes of a strong risk management culture are readily observable and should be monitored by the board with assistance and independent advice from compliance and risk functions.
For example, is good risk management an important factor in making decisions on compensation and promotions? Do businesses and risk functions routinely communicate and collaborate with one another on risk issues? Does the company have a highly qualified chief risk officer who monitors enterprise risk exposures, who has the clout and independence to actively contribute to business decisions and who has access to the board without management present?
Has the internal audit function conducted an in-depth review of the company?s enterprise risk management practices and presented it to the board within the last 12 months? Does the company have a disciplined process to gather and evaluate forward-looking intelligence on emerging trends and possible events could have a material impact on the business?
Do business proposals to the board and top management include a credible risk analysis of competing alternatives? Do strategic plans incorporate the risk characteristics of different products and lines of business? Is pricing sensitive to risk? Do capital plans include stress scenarios and are these discussed with the board? Has the board and top management agreed on the company?s appetite for risk and a way to determine whether the company is within that limit?
The examples above are just a small sample of the observable attributes of a strong risk management culture. It is critical that the board look for these attributes in the company?s culture, identify weaknesses and ensure that management is accountable for correcting them. In these volatile times, building a strong risk management culture is a mission-critical priority for the board.
The views expressed herein are those of the author and may not necessarily reflect the views of FTI Consulting, Inc. or its other professionals.
**********
About the Author
Dan Borge is a director in the FTI Consulting Forensic and Litigation Consulting practice and is based in Washington, D.C. Mr. Borge has over 25 years of experience in enterprise risk management, corporate governance and strategic planning. Contact Dan at Dan.Borge@fticonsulting.com or 202-312-9100.
?
Tags: corporate risk management, risk management, risk management failure
libya celtic thunder cowboys cowboys deus ex human revolution review deus ex human revolution review neil young
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.