In a recent post I pointed to the power of narrative as a risk. In a recent exchange, Bart Schwartz, chairman of Guidepost Solutions (as well as a corporate monitor, which represents another trend – or at least a job title – of interest for 2012), shared some ideas related to how boards might strengthen their compliance contributions.
Do CFOs, risk officers, internal audit chiefs and other GRC executives need to present facts and figures to keep boards informed of risk? Certainly. But perhaps the impact of these numbers will sink in deeper if they are accompanied by anecdotes Economics, illustrations and other elements that connect with our human need for engaging stories.
● Boards should increase their scrutiny of major risks that have not blossomed – “not because the risk is any less” Schwartz explains, “but because management may have become too accustomed to the risk and too blasé about managing it.”
I’ve been talking to risk management, compliance and internal auditing experts this month to get a feel for how they expect their realms to evolve during the next 12 to 18 months. I’ve heard some interesting ideas. I’ve also heard the same interesting idea repeated more than once; and, as the saying goes, “here’s how journalists (or bloggers) count to three: one, two Economics, trend.”
● Boards should set up a compliance and risk committee focused on the interplay between an effective enterprise risk management program and a compliance program that helps mitigate those risks to the company’s strategy, reputation, financials and operations.
Board members typically receive 200 to 300 pages of information, much of it risk-focused, to review each month, according to a Protiviti article. “Despite this abundance of data, quality analysis to steer recipients to salient points is often missing.” This shortcoming prodded the risk consulting firm to develop a customizable risk index that tells a crucial story through the elegant simplicity of a single number. The index does so by addressing two crucial questions boards need answered:
1. Is our organization riskier today that it was yesterday?
2. Is our organization likely to become riskier tomorrow than it is today?
In addition to the suggestion that boards should request more anecdotes related to risk issues from their executive partners, Bart Schwartz, chairman of Guidepost Solutions, and Ken Handal, president of GRC at Guidepost Solutions, shared several other recommendations, including the following:
● Boards should ensure that they have the time and tools to bring these issues and solutions to the forefront in their deliberations.
Storytelling is a powerful tool, as Schwartz’s recommendation confirms. But his point also suggests that the traditional forms of risk information (namely, facts and figures) presented to the board often fall short of their intended objective: keeping the board effectively informed about the organization’s changing risk profile. This shortcoming may also qualify as a trend, as I’ve also reported before.
Count storytelling within the realm of risk management among one of the many trends (including lean GRC, behavioral risk management, principled performance, correlations between business ethics and the bottom line and the death of SAS 70 audits) I’m examining right now.
Three More GRC Tips for Boards
Schwartz suggests that boards of directors should request “more anecdotal information, rather than relying on statistics when reviewing the effectiveness of a compliance program.” (For a few other suggestions on the board’s approach to GRC issues, see the sidebar below.)
Related:
0 comments:
Post a Comment