Rebuilding Trust Through Better Risk Monitoring

September 23, 2011 2 Comments

A recent op-ed article in the Financial Times by noted author and professor, Frank Portnoy, raises the question about the need to hold corporate managers personally accountable for gross negligence when they do not monitor risks. Mr. Portnoy proposes having senior executives at major banks certify that they are actively monitoring the risks taken in areas such as trading desks that have resulted in recent losses due to rogue trading activities. He summarizes his view in the following way.

Current rules permit directors and officers to avoid personal liability for gross negligence. That is a wise rule for most business decisions: courts are generally not skilled at assessing business judgment. But risk is different. Why should a bank manager who is grossly negligent in supervising risk avoid liability?

Shareholders might never be able to understand the risks of modern banks, and current regulatory approaches will not give them much confidence. But if they knew that senior managers had agreed to be personally liable for gross negligence in monitoring risk, they might trust the banks more. Without trust, it is hard to see how banks can recover.

Mr. Portnoy is correct to promote the notion of greater accountability for monitoring risk. However, attaching personal liability to executives may not necessarily be the best method. It would be very difficult to define what is an adequate level of risk monitoring since it really differs for every institution. That is why the industry is so heavily regulated. However, Mr. Portnoy is certainly on point in the fact that stronger risk monitoring is needed to rebuild trust in banks.

Filed under Corporate Governance, Enterprise Risk Management Tagged with , , ,

Another Example of the Value of Risk Management

September 15, 2011 4 Comments

It seems that some financial institutions have not fully learned the lessons from past rogue trading incidents such as the ones that occurred at Societe Generale and Barings. Officials at UBS announced today that they are facing massive losses at the hands of a lone trader. Here’s what BBC reported this morning.

Police in London have arrested a 31-year-old man in connection with allegations of unauthorised trading which has cost Swiss banking group UBS an estimated $2bn (£1.3bn). Kweku Adoboli, believed to work in the European equities division, was detained in the early hours of Thursday and remains in custody. UBS shares fell 8% after it announced it was investigating rogue trades. ZKB trading analyst Claude Zehnder said the news would damage confidence in UBS. “They obviously have a problem with risk management.”

This is yet another example of the value of having a strong risk and control program. While it is difficult to control external events, companies can certainly implement proper internal controls to protect from massive losses such as this one.

Filed under Enterprise Risk Management, Fraud, Risk and Control Programs Tagged with , , , ,

Increasing Your Risk Awareness

August 25, 2011 Leave a comment

Companies of all sizes are searching for direction as they seek growth during these tumultuous economic times. Some companies are looking for better ways to deploy capital while others are simply fighting for survival. It is during times such as these that many do not take the time to seek perspective on the risks that they face. However, the strongest companies realize that having a solid understanding of their unique risks is vital to their continued success. These companies also realize that the risks they face are ever-changing – both internally and externally.

The first step to developing a better understanding of risk is to conduct an Enterprise Risk Assessment based on the company’s strategic objectives. This risk assessment will serve as the baseline for measuring risk responses going forward and also as the foundation for a broader Enterprise Risk Management (“ERM”) program. As a company implements their ERM program, it is critical that a culture of risk awareness rather than risk aversion is promoted. A “risk aware” culture embraces risk as the flip side to the reward they seek.

However, simply identifying, measuring and mitigating risks is only part of achieving “risk awareness”. An effective way to gain this perspective is to examine how the business is evolving in relation to its overall strategic direction through the Risk Awareness Cycle (see figure below). At any given time, a product, service or an entire company is in one of four stages of evolution – Order, Complexity, Chaos or Simplicity. Within each of these stages, risks take different forms. In addition, to continue as a viable enterprise, movement from one stage to the other is essential. Without movement, an enterprise will lose forward momentum and ultimately fail.

To learn more about how you can increase your company’s risk awareness, visit www.WheelhouseAdvisors.com.

Risk Awareness Cycle

Filed under Enterprise Risk Management, Strategic Risk Tagged with , ,

SEC Launches Office of the Whistleblower

August 18, 2011 Leave a comment

Just more than a year after the Dodd Frank Wall Street Reform and Consumer Protection Act was signed into law, the Securities & Exchange Commission (“SEC”) has established a new office to handle one of the major provisions of the act.  The Office of the Whistleblower was publicly launched last week.

To aid in the submission of whistleblower tips, the new office has created a website that provides details on how whistleblowers should provide information and what whistleblowers should expect. According to the website the SEC, “… is authorized by Congress to provide monetary awards to eligible individuals who come forward with high-quality original information that leads to a Commission enforcement action in which over $1,000,000 in sanctions is ordered. The range for awards is between 10% and 30% of the money collected.”

Potential whistleblowers are encouraged to report their issue through a company’s internal compliance program before contacting the SEC.  In fact, according to the final rules, the SEC will consider increasing the overall award amount if the whistleblower utilizes the internal compliance channels.  The following is an excerpt from the SEC’s whistleblower rule book.

Participation in internal compliance systems. The Commission will assess whether, and the extent to which, the whistleblower and any legal representative of the whistleblower participated in internal compliance systems. In considering this factor, the Commission may take into account, among other things:
(i) Whether, and the extent to which, a whistleblower reported the possible securities violations through internal whistleblower, legal or compliance procedures before, or at the same time as, reporting them to the Commission; and
(ii) Whether, and the extent to which, a whistleblower assisted any internal investigation or inquiry concerning the reported securities violations.

Companies should use this opportunity to communicate the importance of reporting issues through internal channels before reporting to the SEC.  For those companies that do not have a well constructed compliance program, now is the time to build one.

Filed under Enterprise Risk Management Tagged with , , ,

Perilous Times Require Strong ERM Programs

August 11, 2011 1 Comment

Each day as we read the news across the globe, it is apparent that the business environment continues to be laden with a myriad of risks. Without advance preparation, companies looking to advance their strategies will find themselves at the mercy of some unforeseen event that will threaten their success or perhaps their very survival. In times like these, it is critical to have a strong enterprise risk management (“ERM”) program that is woven into the fabric of a company’s strategy as well as its day-to-day business operations.

However, implementing an effective ERM program today is no easy task. Faced with an uncertain regulatory and economic outlook, many companies struggle to create a cost-effective, focused program that will provide the necessary insight to anticipate the most critical risks.  While each company and industry may be unique, there are a few common steps that can be taken that will lead to a more effective ERM program.

1. Start with the strategic plan – focus ERM efforts on where the company is going, not where it has already been

2. Create a simple framework and process that is easily understood – too many companies try to make ERM more complicated than it needs to be

3. Demonstrate importance of the program with a C-level champion – whether it is a new Chief Risk Officer, the CFO or even the CEO, a key leader must lead the charge

4. Tie risk management objectives and metrics to existing performance metrics – business goals require incentives and risk management objectives are no different

5. Invest in cost-effective enabling technologies – a wide range of risk management technology solutions exist today and choosing the wrong solution can result in cost overruns and poor results

By taking these steps, you will certainly be headed in the right direction on your ERM journey. However, the ultimate success factor is maintaining a long-term commitment to ERM as a valued business discipline. To learn more about creating a successful ERM program, visit www.WheelhouseAdvisors.com.

Filed under Enterprise Risk Management, Sustainability Tagged with , ,

ERM Adds Strategic Value

August 2, 2011 Leave a comment

As enterprise risk management (“ERM”) becomes a more widely accepted practice, many companies are realizing the value of including a risk viewpoint in their strategic planning exercises. In the past, many executives viewed risk management purely as a loss avoidance exercise.  However, now that ERM is providing a broader view of risks and allowing companies to become more resilient, companies are more willing to incorporate the employment of calculated risks into their strategy formation.  A recent study by the Economist Intelligence Unit provides the following insight into this changing view of ERM.

One important indication that a shift might be occurring, however, is that 75% of executives think that risk considerations are playing an increasingly important role in strategy at their organisations. This suggests that rather than playing a preventative role—avoiding financial losses, for example—risk management could be moving towards an enabling role that contributes more fully to corporate strategy.

To navigate risks for both the shorter and the longer term, many firms are beefing up their risk management systems. ABB, for one, is increasingly moving away from a decentralized risk management model and putting in place a more group-wide strategy. “We’ve put in place a centralized enterprise risk management program over the last 12 months, and viewing holistically all the risks we face in the organisation,” confirms Mr Hall. “What we realized in the financial crisis, particularly from a financial point of view, is that the best way to manage risk is centrally.”

Martin ten Brink, a director at Shell, a British oil giant, says his company intends to refine some aspects of its enterprise risk management system in the coming year, particularly the pricing of risk. Furthermore, he says, Shell is improving the way it gauges risk velocity. The firm is targeting “a better understanding of the speed with which a risk can materialize and impact business performance.”

Wheelhouse Advisors is uniquely qualified to help companies build ERM programs that can be a source of strategic value. To learn more, visit www.WheelhouseAdvisors.com.

Filed under Enterprise Risk Management, Strategic Risk Tagged with , , ,

Demand for ERM Continues to Grow

July 19, 2011 Leave a comment

More companies are beginning to realize the value of Enterprise Risk Management (“ERM”) as a discipline that can propel a business forward rather than hold it back. In the recent past, many ERM programs focused primarily on revisiting problems from the past or examining all risks regardless of size. While these types of exercises can keep people busy, they rarely benefit a company that is trying to navigate forward to achieve successful outcomes. However, according to recent comments by a risk expert at the Risk and Insurance Management Society, ERM is evolving into a highly valued business practice. Here is what she had to say in an interview conducted by propertycasualty360.com.

Today, a growing perception that ERM “is a business discipline that can advance an organization’s [big-picture] objectives” is driving higher adoption rates across all types of organizations, says Carol Fox, director of strategic and enterprise-risk practice with the Risk and Insurance Management Society.

While there is also a perception that risk managers are having difficulty getting invited to a seat at the C-suite table, Fox believes that most corporate leaders, with only rare pockets of resistance, are eager for expert input about the strategic risks the organization faces.

“With all the external pressures—whether it’s Dodd-Frank, shareholders or the disclosures required now by the SEC for public companies—there is plenty of demand, visibility and support at the board level and at senior-management level” for ERM, she says.

As more board members and senior executives become acquainted with the usefulness of a well-designed ERM program, the discipline will become a “must have” for companies looking to compete in the new economy.

Filed under Board of Directors, Enterprise Risk Management Tagged with , ,

When Assessing Risk, Don’t Forget the People

July 11, 2011 Leave a comment

The Conference Board released a report today about the need for stronger integration of human capital risks into a company’s overall enterprise risk management program.  Too often, these risks are left to the human resources department to manage alone with little understanding of the potential impact to a company’s entire operation.  After surveying 161 leading companies worldwide, here is what the researchers discovered.

At most companies, human capital accounts for at least half of operating costs and can have a significant impact on business results. However, the study finds that human capital risk (HCR) — which can range from unionization/labor relations to offshoring and outsourcing to staffing in a pandemic — tends to be siloed in human resources departments, away from the companywide assessment and mitigation processes of enterprise risk management (ERM). This arrangement prevents information about HCR from having a role in the comprehensive, aggregate view of risks, root causes, interactions, and impacts through which leaders set priorities and determine overall strategy.

Out of eleven risk categories, executives ranked HCR as having the fourth highest impact on business results, ahead of financial, reputational, supply chain, and IT risks. This high ranking is evidence that HCR should be taken seriously as an enterprise risk.  However, less than one-third (31 percent) of companies believe they effectively assess human capital risk, and 24 percent believe they do an ineffective job.

During an economic crisis such as the one we have experienced, many companies lose sight of what really drives a business – people.  Understanding the risks associated with the primary business driver is certainly a no-brainer.

Filed under Enterprise Risk Management, Operational Risk, Talent Tagged with , ,

Now Is Not The Time to Reduce Investment in Risk Management

July 2, 2011 Leave a comment

As we head into the second half of 2011, the economic recovery here in the US and abroad is taking hold much more slowly than most expected. Given the modest recovery, some executives may be looking to slash expenses to boost profitability and achieve their near-term goals. However, while tempting, cutting staff and investment in the wrong areas may prove to be a company’s undoing. For financial services companies, this is particularly true in the area of risk management because they are still mending their practices in the wake of the recent financial crisis.

According to the Financial Times, US regulators are keenly aware of what may be on the minds of bank executives and are issuing warnings to avoid cutting risk management budgets. According to Michael Alix, a senior vice-president at the Federal Reserve Bank of New York who heads the risk-management function within the regulator’s financial-institutions supervision group, the regulators are paying close attention to any plans to lower investment in risk management programs. “We haven’t seen it yet, but we’re vigilant,” says Alix.

Sacrificing the progress made in strengthening risk management programs at this precarious stage of recovery is certainly short-sighted and could lead to even greater problems for companies looking to weather the next storm.

Filed under Enterprise Risk Management, Financial Crisis, Government Regulation Tagged with , , ,

Collaboration is Key for GRC Success

June 6, 2011 Leave a comment

An interesting study on the current state of Governance, Risk Management & Compliance (“GRC”) programs has just been released and the results are quite revealing. Entitled “The Role of Governance, Risk Management & Compliance in Organizations”, the study was conducted independently by the Ponemon Institute for EMC.  The study covered four primary domains – IT GRC, Operations GRC, Finance GRC and Legal GRC – and surveyed 190 GRC practitioners across the United States.

One of the primary findings was the fact that organizations are still limited by their ability to collaborate and communicate risk information across the enterprise. Part of the problem lies in the lack of a comprehensive strategy to improve collaboration. Beyond the lack of a strategy, organizations are also limited by their technological support of GRC programs. Here’s what the Ponemon Institute surmised.

We believe this study reveals the importance of an enterprise-wide strategy and increased collaboration among domains to meeting eGRC objectives. Currently, only 20 percent have an enterprise-wide strategy and collaboration among GRC areas is far from perfect. Only 28 percent of respondents say their organizations enjoy frequent collaboration or cooperation among GRC areas. However, the good news is that only 12 percent say GRC areas operate in silos in their organizations.

In order to address the barriers related to collaboration, it has been recommended that organizations make it a priority to encourage people from the various lines of business to talk together and establish “risk ambassadors”. The need to gain visibility and control through effective cross-enterprise eGRC collaboration is important to reducing gaps in how risk is assessed and managed.

Finally, according to respondents, managing risk is and will continue to be the biggest eGRC focus for their organizations. This is understandable because organizations are finding that the cost of complying with the plethora of regulations can be daunting. Taking a risk-based approach toward compliance requirements enables them to focus their resources on the most at-risk areas of their business and achieve real value from their eGRC activities.

Building the right processes, involving the right people and utilizing the right technology are all key to achieving the sort of value that GRC programs should provide. Wheelhouse Advisors is uniquely qualified to bring these key elements together for your organization. Email us at NavigateSuccessfully@WheelhouseAdvisors.com to learn more.

Filed under Enterprise Risk Management, GRC Software, Risk and Control Programs Tagged with , , , , , , ,

Older posts

Follow

Get every new post delivered to your Inbox.

Join 40 other followers