3 Keys to Achieving Sound Governance

Practitioners of enterprise risk management need to push for good governance because it reduces the biggest risks a company faces.

Of the many definitions of governance, the simplest ones tend to have the most clarity. For the purpose of this piece, governance is a set of processes that enable an organization to operate in a fashion consistent with its goals and values and the reasonable expectations of those with vested interests in its success, such as customers, employees, shareholders and regulators. Governance is distinct from both compliance and enterprise risk management (ERM), but there are cultural and process-oriented similarities among these management practices. It is well-recognized that sound governance measures can reduce the amount or impact of risk an organization faces. For that reason, among others, ERM practitioners favor a robust governance environment within an organization. A few aspects of sound governance are worth discussion.  These include:  1) transparency and comprehensive communications, 2) rule of law and 3) consensus-building through thorough vetting of important decisions. Transparency  Transparency lessens the risk that either management or staff will try to do something unethical, unreasonably risky or wantonly self-serving because decisions, actions and information are very visible.  An unethical or covert act would stand out like the proverbial sore thumb. Consider how some now-defunct companies, such as Enron, secretly performed what amounted to a charade of a productive business. There was no transparency about what assets of the company really were, how the company made money, what the real financial condition actually was and so on. Companies that want to be transparent can:
  • Create a culture in which sharing of relevant data is encouraged.
  • Publish information about company vision, values, strategy, goals and results through internal communication vehicles.
  • Create clear instructions on a task by task basis that can used to train and be a reference for staff in all positions that is readily accessible and kept up to date.
  • Create clear escalation channels for issues or requests for exceptions.
Rule of Law Good governance requires that all staff know that the organization stands for lawful and ethical conduct. One way to make this clear is to have “law abiding” or “ethical “as part of the organization’s values. Further, the organization needs to make sure these values are broadly and repeatedly communicated. Additionally, staff needs to be trained on what laws apply to the work they perform. Should a situation arise where there is a question as to what is legal, staff needs to know to whom they can bring the question. The risks that develop out of deviating from lawful conduct include: financial, reputational and punitive. These are among the most significant non-strategic risks a company might face. Consider a company that is found to have purposefully misled investors in its filings about something as basic as the cost of its raw materials. Such a company could face fines and loss of trust by investors, customers, rating agencies, regulators, etc., and individuals may even face jail time. In a transparent organization that has made it clear laws and regulations must be adhered to, the cost or cost trend of its raw materials would likely be a well documented and widely known number. Any report that contradicted common knowledge would be called into question. Consider the dramatic uptick of companies being brought to task under the Foreign Corrupt Practices Act (FCPA) for everything from outright bribes to granting favors to highly placed individuals from other countries. In a transparent organization that has clearly articulated its position on staying within the law, any potentially illegal acts would likely be recognized and challenged. How likely is it that a highly transparent culture wherein respect for laws and regulations is espoused would give rise to violations to prominent laws or regulations? It would be less likely, thus reducing financial, reputational and punitive risks. The current increase in laws and regulations makes staying within the law more arduous, yet even more important. To limit the risk of falling outside the rule of law, organizations can:
  • Provide in-house training on laws affecting various aspects of the business.
  • Make information available to staff so that laws and regulations can be referenced, as needed.
  • Incorporate the legal way of doing things in procedures and processes.
  • Ensure that compliance audits are done on a regular basis.
  • Create hotlines for reporting unethical behavior.
Consensus-Building Good governance requires consultation among a diverse group of stakeholders and experts. Through dialogue and, perhaps some compromise, a broad consensus of what is in the best interest of the organization can be reached. In other words, important decisions need to be vetted. This increases the chance that agreement can be developed and risks uncovered and addressed. Decisions, even if clearly communicated and understood, are less likely to be carried out by those who have not had the chance to vet the idea. Consider a CEO speaking to rating agency reviewers and answering a question about future earnings streams. Consider also that the CFO and other senior executives in separate meetings with the rating agency answer the same question in a very different way. In this scenario, there has clearly not been consensus on what the future looks like. A risk has been created that the company’s credit rating will be harmed. To enhance consensus-building, companies can:
  • Create a culture where a free exchange of opinions is valued.
  • Encourage and reward teamwork.
  • Use meeting protocols that bring decision-making to a conclusion so that there is no doubt about the outcome (even when 100% consensus cannot be reached).
  • Document and disseminate decisions to all relevant parties.
During the ERM process step wherein risks are paired with mitigation plans, improved governance is often cited as the remedy to ameliorate the risk. No surprise there. Clearly, good governance reduces risk of many types. That is why ERM practitioners are fervent supporters of strong governance.

Donna Galer

Profile picture for user DonnaGaler

Donna Galer

Donna Galer is a consultant, author and lecturer. 

She has written three books on ERM: Enterprise Risk Management – Straight To The Point, Enterprise Risk Management – Straight To The Value and Enterprise Risk Management – Straight Talk For Nonprofits, with co-author Al Decker. She is an active contributor to the Insurance Thought Leadership website and other industry publications. In addition, she has given presentations at RIMS, CPCU, PCI (now APCIA) and university events.

Currently, she is an independent consultant on ERM, ESG and strategic planning. She was recently a senior adviser at Hanover Stone Solutions. She served as the chairwoman of the Spencer Educational Foundation from 2006-2010. From 1989 to 2006, she was with Zurich Insurance Group, where she held many positions both in the U.S. and in Switzerland, including: EVP corporate development, global head of investor relations, EVP compliance and governance and regional manager for North America. Her last position at Zurich was executive vice president and chief administrative officer for Zurich’s world-wide general insurance business ($36 Billion GWP), with responsibility for strategic planning and other areas. She began her insurance career at Crum & Forster Insurance.  

She has served on numerous industry and academic boards. Among these are: NC State’s Poole School of Business’ Enterprise Risk Management’s Advisory Board, Illinois State University’s Katie School of Insurance, Spencer Educational Foundation. She won “The Editor’s Choice Award” from the Society of Financial Examiners in 2017 for her co-written articles on KRIs/KPIs and related subjects. She was named among the “Top 100 Insurance Women” by Business Insurance in 2000.

MORE FROM THIS AUTHOR

Read More