Understanding Governance Risks
How many boards, let alone risk officers, think about the risks to their organization if the governance by the board and top management is ineffective?
Certainly, people talk about the potential for the wrong tone at the top. Frankly, I doubt that members of the board will be able to detect those situations where top executives talk a good game but walk to a different tune; where they put the interests of their pockets ahead of the reputation and long-term success of the organization; where they are prepared to take risks with the organization’s resources without risk to their own..
But governance risks extend well beyond that
Failures to have the time to question and obtain insight in how the organization actually works can leave the enterprise without effective risk management, information security, internal auditing, and more.
Failures to provide the board the information it needs when it needs leaves the directors blind, although they may think they can see.
The governance committee of the board should, in my opinion, consider risks related to governance processes every year. It should engage both the risk and internal audit teams to ensure a quality assessment is performed. Legal counsel should also be actively engaged as issues might have consequences if they are not handled well; for example, any assessment that the board has gaps in director knowledge, experience, or ability to challenge the executive team cannot be communicated outside the firm.
Do you agree? I welcome your comments.
Leave a Reply
Norman Marks on Governance, Risk Management, and Audit 
Excellent comment. Governance Risk has to be dealt with in RM, in the risk strategy, apetite and the limits. Definitely not easy to assess but as important as the strategic risks (by the way, I would deal with it together with the strategic and reputational risks).
Yes I agree. Here in the UK we’ve had a scandal over an alleged imposing of islamic values in state schools – I don’t want to comment on the content, more to note the media’s general comment that it was a ‘failure of the schools’ governance’. They state this is if governance is a simply pass / fail process. What if the governing body was doing what the governors wanted. i.e. the processes and implementation of the board’s direction and control was fully delivered? Perhaps they mean governance by the state of these state schools? I guess my point is that governance is still used as some vague, mysterious, thing, when in fact it is a simple process of direction and control. It’s delivery, like most processes, is more complex. That is the point you are picking up I think. I can’t remember the last time I looked at governance as just a control process (i.e. minutes, papers, a board plan etc), it’s a much more cultural and complex process than that.