No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Is Your Company Focused on the Right Risks?

4 Strategies to Address the Changing Landscape

by Jim DeLoach
November 3, 2020
in Featured, Risk
underwater mines

With the onset of a terribly disruptive pandemic and risks related to ESG matters taking center stage, the pace of change has quickened and the stakes for making correct strategic choices have increased. Protiviti’s Jim DeLoach poses an important question: Are our risk management and risk oversight processes still fit for purpose?

Two years ago, a joint report[1] shared recent survey findings from both the National Association of Corporate Directors and Protiviti about the shifting risk landscape, highlighting five risk areas that demand increased focus: innovation and technology disruptions, growing cyber threats, competition for talent, evolving economic conditions and political and regulatory changes. The report asserted that enterprise risk management (ERM) approaches used by many companies may no longer be sufficient to address these risks.

Fast-forward to today, and these same issues remain relevant, but they’re also being manifested in entirely unexpected ways. In fact, those companies that are devoting more attention to digital transformation, cultivating an innovative culture, gaining and sustaining the trust of their employees and customers, strengthening cybersecurity and privacy and preserving their financial health have been more likely to navigate the dangerous seas of 2020, a year no one will remember fondly.

Make no mistake: CEOs are operating under extreme stress in a profoundly strenuous climate that has disrupted supply chains and created unprecedented new workforce environments, concerns and anxiety. The pandemic and the ensuing economic distress it has wrought have invalidated for many industries the ability to use historical information and trends as a basis for supporting judgments and forecasts. It has forced innovations that must be implemented in a fraction of the time it took prior to the pandemic’s onset. Simply stated, it has created a dynamic in which everyone must be comfortable being uncomfortable, meaning all functions – including risk management – must elevate their game.

While the joint report outlined a roadmap for boards to consider in strengthening their risk oversight in today’s complex and unpredictable marketplace, that roadmap is applicable to management teams as well. Below, we cover the four points defining that roadmap; they apply today as much as they did two years ago. We have updated them to include references to management teams.

1. Revisit the Risk Governance Model, Director Skill Sets and Management Team Composition

Depending on the nature of the enterprise’s risks and the extent of expected change in its risk profile, the board and management team should assess whether they have access to the requisite expertise and experience – on the board and executive team or through external advisers – necessary for success. The board should rethink how it organizes itself for risk oversight, including the delineation of responsibilities among the various committees and at the full board. The CEO needs to ensure that the executive team and management ranks are peopled with talent that brings diverse perspectives, is customer-centric, acknowledges market realities, thinks strategically and out-of-the-box, is effective in earning trust and can lead and inspire in times of uncertainty.

For example, with digital disruption affecting many businesses, do senior executives and directors have sufficient understanding of digital business models, digital ecosystems and the potential for hyperscaling digital platforms that facilitate rapid growth to reinvent the company’s business model?

2. Focus on Behavior: Make Culture an Enterprise Asset as Well as an Oversight Priority

Culture is almost always the source of reputation and financial performance outcomes, as it is a potent source of strength or weakness for an organization. A strong culture is a critical asset for any brand, and it is just as important as effective strategy-setting and performance. Executive management should understand the culture at lower levels of the organization and whether the mood in the middle is aligned with the tone they set at the top. The board should be informed of any disconnects and the plans to create alignment.

Concerns that this topic may be “too soft” for objective assessment should not distract the  focus on the real question:

Does the CEO really want to know the unvarnished truth about people’s perceptions across the entity, and is he or she prepared to act on that knowledge?

What gets measured and monitored matters. A “speak up” culture that encourages transparency and sharing of contrarian data and bad news entails convincing employees that it can be done without fear of repercussions to their careers or to their compensation. Use of confidential, anonymous surveys is a best practice. When coupled with responsive action plans to remedy identified issues in a transparent manner, candid, open, constructive interactions with and feedback from employees engender confidence and trust.

3. Focus on the Quality and Contribution of the ERM Process

Given the impact of COVID-19 on the company, the expected recovery for the industry and the nature and relative riskiness of the organization’s operations, does the risk management process:

  • Focus on extreme but plausible scenarios that would test the company’s agility and resiliency to pivot its strategy?
  • Delineate the critical enterprise risks from the day-to-day risks of managing the business?
  • Establish accountability for results in managing key risks?
  • Foster an open dialogue to identify and evaluate opportunities and risks?
  • Offer actionable, reliable and timely information for decision-making?
  • Help position the company as an early mover in responding to market opportunities and emerging risks?
  • Require extensive manual effort to generate the reports used in executive team and board meetings?
  • Deliver value for senior management and the board in informing decision-making and risk oversight?

These questions help focus leaders on the robustness and maturity of the organization’s risk management process and whether it is making a difference. Negative answers raise concerns as to what exactly the process is accomplishing in terms of running and managing the business.

4. Ensure Management Integrates Risk Considerations into Strategy, Performance and Decision-Making

The unique aspect regarding an exposure to disruptive change is that it presents a choice: On which side of the change curve do we want to be? Organizations must make a conscious decision about whether they are going to be the disrupter and try to lead as a transformer of the industry or, alternatively, whether they are going to play a waiting game, monitor the competitive landscape and react appropriately and in a timely manner as an agile follower to defend their market share.

These market realities suggest strongly that management should ground its decision-making and the board its risk oversight with a solid under­standing of the enterprise’s key strategic drivers and the significant assumptions underlying the strategy.

With the steady drumbeat of change and technological advances, the ability to respond rapidly to new market opportunities and emerging risks can be a major competitive advantage. Conversely, failure to remain abreast or ahead of the change curve can place an organization in the position of becoming captive to events rather than charting its own course. Therefore, directors need to ensure that risk and risk management are not appendages to strategy-setting, performance management and decision-making.

In summary: We encourage everyone to look up the joint report,[2] as its message applies today. Boards should take a fresh look at how they are approaching risk oversight, including how the company’s ERM is informing that oversight. With risk management practices for many industries largely rooted in the prior century, the big question is this:

Are we prepared to improve our risk management and risk oversight or, alternatively, do we face the challenges of the next three to five years in the digital age with what we’ve been doing over the last 10 years?

The nature, velocity and persistence of risks have changed. Consequently, it’s time for management teams and their boards to revisit their governance model and skill sets and refresh the focus of their risk management and oversight. To that end, senior management should enhance the quality of risk management processes using new technologies. Management should also focus on better integrating risk considerations into strategy-setting and execution, performance management and decision‑making processes. Most important, closer attention must be given to sustaining a strong risk culture. The board should expect to be informed of management’s progress on these fronts.

Questions for Senior Management and Boards of Directors

Following are some suggested questions that executive management and boards of directors may consider, based on the risks inherent in the entity’s operations:

  • Is our risk management and risk oversight well organized for the age of technological acceleration and supported by the diverse expertise and experience we need in order to discharge our respective responsibilities effectively?
  • Are we mindful of signs of organizational resistance to change? Are we encouraging leaders throughout the organization to embrace change and lead the necessary transformations to remain competitive?
  • Does the ERM process bring new value and insights to our dialogue and facilitate risk-informed decision-making? In other words, does it tell us things we don’t know on a timely basis when we need to know them?
  • Are we satisfied that risk management is sufficiently integrated with strategy-setting and execution, performance management and monitoring and critical decision-making processes?

[1] Is Board Risk Oversight Addressing the Right Risks? Strategies for Addressing the New Risk Landscape, a joint report by National Association of Corporate Directors (NACD), Protiviti and NC State University’s ERM Initiative, July 9, 2018, available on NACD online to both subscribers and others at  https://www.nacdonline.org/insights/publications.cfm?ItemNumber=58605.

[2] Ibid.


Tags: Board CompositionBoard of DirectorsBoard Risk OversightCorporate CultureEnterprise Risk Management (ERM)
Previous Post

Gartner Says High Levels of Change for Employees Has Created Compliance Risk

Next Post

No One Likes a Super Spreader … of Personal Data

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

shifting sands risk

Shifting Sands: Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape

by Jim DeLoach
February 22, 2023

The global risk landscape has rarely been more unsettled over the past half-century than it is right now, and a...

Fox_McDonalds Delaware Chancery Court Case_f

McDonald’s Delaware Court Decision Will Change CCO World Forever

by Corporate Compliance Insights
February 9, 2023

Podcaster and compliance expert Tom Fox digs into the details of a recent Delaware Chancery Court decision and how it...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

Next Post
silhouettes of faces with binary overlay

No One Likes a Super Spreader … of Personal Data

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT