Is Risk Culture the missing link between Good Governance and Corporate Resilience?
Presented by
Date: xx September 2016
Word Count
Please add table of contents and page numbers for all the sections on completion
Acknowledgements
I will add
Executive Summary
What is good governance?
What is risk culture?
What is resilience?
Why do companies with good governance fail?
I will try to make a case for an embedded culture of risk management , understanding of a company’s tolerance and appetite for risk being the key final ingredient to long term organisational resilience
Good governance is critical to the success of an organization. This is evident in the failures of some major corporations in the world because of poor governance. However, good governance has been difficult to implement in practice because of the lack of a universal definition of the term. Subsequently, control models such as COSO and CoCo have been devised to help organizations to develop sound governance mechanisms. One critical aspect of good governance is risk management. Organizations may have difficulty managing their risk because of their failure to understand their risk culture. This misunderstanding stems from a confusion between meaning of organizational culture and risk culture. Consequently, some organizations focus on organizational culture and neglect risk culture. In light of this, organizations such as the Institute of Risk Management have devised frameworks and models to help organizations to define their risk culture, as well as develop effective risk management mechanisms.
What Is Good Governance
The definition of corporate governance varies according to the perspectives of various authors. However, the underlying theme in the definitions is that corporate governance pertains to the processes involved in running a company. The components of corporate governance include ethics, good management practices, accountability, information, responsibility, integrity, laws, financial accountability, investment protection, shareholder action, transparency and internal control systems. Corporate governance may take place externally through markets, investment decisions, regulations and external audit, or internally through control models and internal audit (Fernando, 2009, p. 108). Although corporate governance plays a crucial role in the success of organizations, it cannot cure organizational failure because of incompetence or poor decision-making and strategy.
The four pillars of governance include the board, management, external audit and internal audit. In addition, good governance takes into account the considerations of other stakeholders in the organization such as the shareholders, lenders, employees, government and society in general, regulators and consultants. Furthermore, good governance is founded on the principle of separation of duty (Pfister, 2009, p. 110). In this case, the roles of the Chief Executive Officer (CEO), who manages the enterprise, and the Chairman, who manages the board, must be separate. Additionally, remuneration and contracts are a central aspect of good governance. Investor activist groups argue that CEOs should be given fixed term contracts not exceeding two years, as opposed to rolling contracts (Fernando, 2009, p. 152). The investor activist groups also oppose severance agreements between CEOs and companies because such agreements reward CEOs for failure. Aside from this, good governance practices dictate that a qualified appointments committee should be responsible for making all board appointments. Another important aspect of good governance is with regard to non-executive directors (NED), who should not have any direct management responsibility to the organization. Furthermore, good practice calls for NEDs to make up a majority of the board, and the Chairman should be a NED.
Another hallmark of good governance is the use of control models such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the criteria of control (CoCo) framework. COSO originated in the United States (US) in 1992 with the goal of codifying good internal control systems practice.
Figure 1: The COSO Cube
PURPOSE
MONITORING & LEARNING
CAPABILTY
COMMITMENT
ACTION
CoCo, which was devised in 1995, is the Canadian improvement on COSO. The two control models help organizations to implement corporate governance using Control Self-Assessment (CSA). In addition to COSO and CoCo, the United Kingdom (UK) Corporate Governance Code 2014 and the Sarbanes Oxley Act 2002 helps organizations to adhere to good governance principles.
Subramanian (2015) argued that the lack of a universal definition of successful corporate governance and the myriad of regulations from private and public policymakers hamper the achievement of best practices in good governance. In light of this, Subramanian (2015) identified three principles as the foundation for defining good corporate governance. The first principle is that boards should have the right to the long-term management of the company. This is because one of the key failures of modern corporate governance is its focus on short-term performance. The second principle is that boardrooms should be comprised of the best possible candidates. On the same note, boards should be diverse in age, gender and culture to benefit from multiple boardroom perspectives. The third principle is that boards should give shareholders a say in the running of the company. This is because boards have a tendency to defend the corporation even when it is not in the interests of the shareholders. According to Subramanian (2015), the three principles are the basis of a Corporate Governance 2.0 system, which is meant to alleviate the problems in the current practices in corporate governance.