Understanding Governance Risks
How many boards, let alone risk officers, think about the risks to their organization if the governance by the board and top management is ineffective?
Certainly, people talk about the potential for the wrong tone at the top. Frankly, I doubt that members of the board will be able to detect those situations where top executives talk a good game but walk to a different tune; where they put the interests of their pockets ahead of the reputation and long-term success of the organization; where they are prepared to take risks with the organization’s resources without risk to their own..
But governance risks extend well beyond that
Failures to have the time to question and obtain insight in how the organization actually works can leave the enterprise without effective risk management, information security, internal auditing, and more.
Failures to provide the board the information it needs when it needs leaves the directors blind, although they may think they can see.
The governance committee of the board should, in my opinion, consider risks related to governance processes every year. It should engage both the risk and internal audit teams to ensure a quality assessment is performed. Legal counsel should also be actively engaged as issues might have consequences if they are not handled well; for example, any assessment that the board has gaps in director knowledge, experience, or ability to challenge the executive team cannot be communicated outside the firm.
Do you agree? I welcome your comments.