Relationship Between Risk Management and Corporate Governance

Nicholas J Price
6 min read
Risk-taking drives corporations to push ahead and make steep gains. When risks pay off, profitability makes shareholders and stakeholders happy. Technology has created greater global interconnectivity, which is an asset for most businesses. Consequently, interconnectivity makes the perspective of risk-taking extremely complex. The changing landscape of risk is creating a global conversation about how principles for corporate governance need to evolve to respond more appropriately to the relationship with risk management.

The world's corporations are keeping a keen eye on how large corporations are managing and responding to risk failures so they can avoid the same mistakes. They're learning that companies tend to underestimate the cost of risk failures internally, as well as externally. In many cases, corporations are also underestimating the cost of time that managers need to address damage control.

Banks and other financial institutions have long set the standards for good corporate governance principles. While the world has much to learn from their strategies and missteps, the governance principles they've established don't necessarily translate well for all types of businesses. As the conversation continues, corporations are trending toward wanting to take a broader-based approach toward corporate governance principles to suit more diverse situations.

Recent Risk Failures Cause Increased Attention to Risk

While the corporate world is taking note of risk failures, they are also taking a close look at how companies that have faced major risks are boosting their efforts around risk management. At a conference of peers in 2012, the Organisation for Economic Co-Operation and Development (OECD) accepted feedback from corporate executives from 27 jurisdictions on their views of corporate governance practices as they pertain to risk management.

The vast majority of the group agreed that they'd like to see a new approach toward developing corporate governance principles related to risk management, particularly as it pertains to managing reputational risk. The general sentiment of the group was that the current corporate governance models cater to the financial sector. Thus, current corporate governance principles haven't proved to be reliable during serious financial crises. Participants largely agreed that today's boards need to place a heavier focus on identifying, monitoring and managing catastrophic risks, irrespective of the chance of such risks actually occurring.

Corporate executives acknowledged that they typically take a less organized approach to reputational risk, which tends to remain part of their business functions. They also recognized that this approach places a stronger emphasis on people rather than procedures, and that it may not be the best overall approach as it stands. In light of major corporate risk failures, many executives favor more of a bottom-up approach to reputational risk management, rather than the current top-down approach. Making the switch would mean that management would play a more supportive role and be more involved in coordinating efforts toward risk management. Essentially, corporations would encourage employees to report risk concerns to managers, who would communicate and coordinate information to be addressed by the appropriate parties.

The conference also yielded the start of a conversation about what new corporate governance principles could look like as they begin to evolve.

Forming the Design of Corporate Governance Principles for Today and the Future

Corporate governance principles could take on many different forms. Most likely, changes will be fluid and evolving for the foreseeable future. Despite vast changes, corporate governance principles need to be structured, integrated and balanced. Corporations will continue to look at the roles of existing reward structures and how they align with financial and non-financial risk. Recent risk failures have taught us that all corporations are vulnerable and that they need to prepare just as stringently for low chances of catastrophic risk as for higher chances of major risks.

Existing reward structures for corporate executives tend to correspond to how well they manage financial risk as it relates to internal controls and audit functions. The new standard for reward structures may include not only rewarding the success of businesses, but also rewarding managers for having a keen awareness of risk management. This means that corporations may begin reducing financial incentives, such as stock options for managers who regularly engage in excessive risk-taking.

Companies may also factor in how well managers pay attention to reputational risk in addition to financial risk, and how strategic risks manifest as operational risks. Let's take a closer look at what this might look like in practice.

Corporate executives are giving thought to forming guidelines as basic steps to new approaches to managing risk. Many executives are encouraging their companies to establish some common risk language that they can use throughout the company. Using commonly accepted terms for risk management will aid them as they set new standards for risk management. In turn, new standards for risk management will help them to balance qualitative and quantitative perspectives as they devise standards for measuring risk.

The future of corporate governance may move toward a broader perspective of standards that are more practical and useful for all types of businesses, including banks and other financial institutions. Such issues as outsourcing and supplier-related risks are examples of risks that apply to most businesses that haven't been addressed very much in governance in the past.

Additionally, corporate governance of the future may place a heavier emphasis on catastrophic risk even when the risk is low. Just because the probability of a catastrophic loss is low doesn't mean a catastrophe won't happen. Good corporate governance principles may account for standing ready to manage any potential catastrophe at any given time.

Wrapping Up the Connection Between Risk Management and Corporate Governance

Once the financial crisis of 2008 hit, changes in the financial world came swiftly, and things have been changing ever since. At the same time, advances in technology have continued to evolve, creating vast amounts of new opportunities and new complex risks. Corporate governance changes should have come alongside these drastic changes, but governance best practices have been slow to evolve with the changing financial and corporate landscape.

As new corporate governance principles begin to take shape, corporations need to bear in mind what their overarching goals are ' to create the optimal level of value for their customers and shareholders. Ultimately, the relationship between risk management and corporate governance is about stewardship.

What is the Governance Cloud?

Board directors are obligated to perform a host of varied duties and responsibilities. Diligent developed a suite of governance tools to help them fulfill their responsibilities accurately and efficiently. The Governance Cloud ecosystem of products includes:

As board directors, leadership teams and general counsels continue to express their needs to digitize governance processes, Diligent will be the partner to grow with them. Collectively, these tools enable corporations to achieve a fully digitized and integrated governance ecosystem to mitigate risk, plan for strategic growth and ultimately, govern at the highest level.