The Role of Boards in Driving Risk and Governance in Organizations – PART I
The effectiveness of an organization is dependent on the strategic and risk management influence brought to bear by its board. With the national focus shifting to the selection of public boards and committees, this is a great time to consider issues related to effective governance, risk management and the important role the board and directors play. While many will be interested in seeing who makes it to these boards there are more fundamental considerations such as how well do they understand and appreciate the rudiments of strategic leadership, corporate governance and risk management. In this, the first of a series of articles, I will consider some foundational issues that are often at play in private entities, but applicable to all types of types of organizations. I will seek to draw examples, contrast matters, and highlight nuances between the private and public sectors.
RISK PRINCIPLE AND PUBLIC BODIES
The principles of risk management, once reasonably understood, can be applied any aspect of life and does in fact applies but all too often without the awareness if the persons involved. From a national perspective, given the magnitude of the issues faced by the country, every single aspect of decision making must reflect sound and prudent risk taking and risk management. One major lynch pin principle of risk management is understanding and operating at a holistic level recognizing that there are always spillovers, interdependence, frictions and very importantly triggers in various parts of every system. The selection of board and committees therefore is intrinsically tied to the effort to secure a more resilient economy. Any approach that treats aspects of government decision making as abstract exercises will immediately generate inconsistent signals, creating fissures, therefore putting the effectiveness of the total system and risk. Public sector reforms are often given great impetus through government agencies largely because they enjoy some level of autonomy from the often-colossal cultural pressures of central government. Incubating and nurturing paradigm shifts, demanding new levels of transparency and accountability, generating new outputs of productivity, must necessarily start at the epicenter of all organizational culture, the board/committee. The issues discussed below may be useful in informing the thinking behind impending selections or at a least assessing the effectiveness thereof.
The moment the board of an organization is mentioned or considered, the conversation or thinking is now firmly within the realm of corporate governance. The system of governance is the means by which board of directors secure the assurance that they are effectively executing their role as agents of and custodians for the shareholders of an organization, in the case of public boards the citizenry and taxpayers in general. No system of governance can be effective without a robust, well-developed, effective and efficient system of enterprise risk management. Welcome to the world of circular reasoning where dynamism, nimbleness, flexibility and most importantly understanding defines not only organizational effectiveness but also board and governance excellence. This is more readily observed in the private sector with the public sector institutions often lagging for a variety of reasons including inadequate board composition, lack of competency and technical understanding. The private sector is by no means immune to poor performance and these are the same factors at play where ineffectiveness is observed.
RISK AND GOVERNANCE
The Committee of Sponsoring Organization (COSO) defines risk management as follows. “A process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of the entity’s objectives.” This definition should be seared on the minds of every person who holds a directorship position whether in for-profit or non-profit arrangements or have desires to do so. Too often in my personal experience, I have seen directors who are simply clueless, at one extreme, or otherwise not sufficiently knowledgeable to be effective stewards of the organization's strategic purpose and intent. Whatever the stated objective of the organization is, risk management is designed to maximize management’s ability to achieve it.
Too often directors, executive managers and even practitioners see the risk management process only as a means of reducing risk. They become arrested to that view and, as a result, display great paralysis is accepting the requisite level of risk that will best position the organization to thrive. Properly assessed, risk management is about enhancing value, creating growth, facilitating the ability to take on more risk for greater reward, within the confines of the organizations risk appetite. Within the spectrum of this argument, it should be appreciated that protecting or restricting the loss is value creating. Public sector entities are often not profit driven but the same principles apply. To secure and deliver excellence in service, public goods or facilitative systems, risk management must be consistently effective.
The OECD provides a definition for corporate governance. “Corporate governance involves a set of relationships between the company’s management, its board, its shareholders and other stakeholders. It provides the structures through which the objectives of the company are set, the means of monitoring those objectives and monitoring performance are determined.” This too should be clearly understood by directors. Corporate governance represents the full gamut of planning (setting objective) creating strategies and safeguards for enhancing achievement (risk management and satiety) and managing the result vis-à-vis clear benchmarks and performance matrices (monitoring). Effectively every aspect of a company’s operation, system and processes contributes to the effectiveness of governance.
Boards and directors should accept and understand that they will not always be able to move the governance needle forward by themselves and at with the current level of knowledge (personal or institutional) and should therefore avail themselves of training and support. It does not matter how great the systems and processes are, active awareness of the intricacies of how governance and risk management works and the critical role of directors of crucial. A useful best practice approach is for new directors to be treated to a comprehensive and properly structured orientation process and refreshers for existing directors.
Effective governance firstly demands that directors and other players within the organization understands that there is no “one size fits all”. The governance is reflective of the culture, the issues and the style of the organization. Assessment of boards, the efficacy of corporate governance often fail on the basis that evaluators create a separation (sometimes fatally clinical) between the performance of directors and what is observable in performance achieving the objectives of the organization. Maintaining this connection, and ensuring that there are certain critical elements present will signal the potency of the system of governance in play. An effective system of governance is fundamentally built on the principles of honesty, transparency, accountability, responsibility, independence, fairness and social responsibility. Consider the many instances where in either the private or public sector you may have experienced organizations devoid of any semblance of these.
The best boards operate with a high level of independence, treasures transparency, and operate with and unblemished atmosphere of fairness. Public boards tend to struggle with independence in that many directors may feel tied to the views that are counterproductive to the wellbeing of the organization. In the private sector, board enjoy a level of unfettered autonomy, which is difficult to achieve in the public sector. However, the extent to which this strived for and achieved, holds significant benefit for the entity. This is so crucial because central to and effective risk management system is the cultural and ethical values embraced by the board and the organization. These values holds significant influence over approaches to internal controls and management; the organizational structure and reporting line; board performance and the way is sees its accountability to a range relevant stakeholders; and importantly accountability how the board itself discharges its responsibility and carries out its mandate.
THE EFFECTIVE BOARD
Taking into account the foregoing it is to be anticipated that both private and public boards, as stewards to shareholders/owners, will demonstrate the level of effectiveness that will justify their selection. Boards and do this by consistently demonstrating higher success rate of financial performance. An entity that is consistently losing money is at some important levels destroying value. In the private sector, this usually have a finite duration however, in the public sector it may continue ad infinitum, a clear indication that some aspect of the business model is faulty. Effective boards work hard to create a robust and viable framework aimed at meeting the business objectives. Consequently, the organization is flexible, adjusting, creative rather than maintaining rigid system that is observable as being unproductive over significant time horizons. Because of the nimbleness and focus on internal systems, the organization is expected to gain competitive advantage within its competitive arena. Public goods and service are often delivered with competitive pressures but this should not prevent a board from seeking to be best in class benchmarked to similar operations or across jurisdictions.
To be ensure that there is organization is value creating, the ultimate objective of risk management and governance, the board, working with senior management, must provide practical ways to guide decision making at all levels of the organization. To the extent that a board may feel it has an inability to do so is indicative of the level of failing, as a board, that is possible. This takes on greater perspective when considered against the backdrop of the expectation that there must be serious work done to build morale, build a valuable reputation and create an enduring legacy of performance and success.
While normally expected in the private sector, the standard is not always, though it should, the same in the public sector and consequently one should not be surprise with the results, the generally contrasting outcomes. However, all organizations, public and private, stands to benefit from careful implementation of robust risk and governance systems. When board and directors understand the “nuts and bolts” of risk management and governance and when shareholders and those who appoints insist on the effective application thereof, organizations tend to thrive. Securing thriving performance however demands a viable risk culture, the foundation on which all performance or lack thereof, rests. In Part II, I will take a risk culture and enterprise risk management.
© Hubert Edwards 2021
Hubert Edwards is the Principal of Next Level Solutions Limited (NLS), a management consultancy firm. He can be reached at firstname.lastname@example.org. Hubert specializes in governance, risk and compliance (GRC), Accounting and Finance. NLS provides services in the areas of enterprise risk management, internal audit and policy and procedures development, regulatory consulting, anti-money laundering, accounting and strategic planning. This and other articles are available at www.nlsolutionsbahamas.com