We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Ignorance Is No Longer an Excuse for Poor Board Oversight

Vote 0 Votes
Glass Building.jpg

Gerry Grimstone, keynote speaker at the IIA's recent conference in London, has a message for senior executives.

"You can't easily blame a board member for not knowing something," Grimstone said. "But you can blame a board member for creating a culture where he doesn't know something."

Grimstone spoke at length about the latest example of poor board oversight, Volkswagen's recent side-steps in ERM and increasingly costly emissions scandal. "Do you really think there weren't people who didn't know that was going on?" he asked. "This wasn't something that one rogue trader did on a Friday afternoon - this is much more extensive than that."

To foster an environment in which key risks are identified and mitigated, what processes must be put in place to effectively manage risk?

The truth is that even the most robust Enterprise Risk Management programs will suffer if they're not supported by a sustainable infrastructure. An organization can, and often must, conduct hundreds of risk assessments over the course of a year. Without a method of standardizing and relating front-line input, assessments become little more than an organizational survey, hiding valuable insights in disparate spreadsheets.

Grimstone also discusses the "tone from the top;" a need for an organizational culture where assumptions are challenged and ethical risk management practices are acclaimed, not neglected.

Organizations can measure their adherence to proven risk management principles with tools like the RIMS Risk Maturity Model(RMM). The RMM's framework asks risk managers to assess a company's ERM program by comparing it to best practices, such as whether risk management competency is part of performance reviews or the degree to which the company promotes internal self-governance.

Boards cannot be scouring the front lines for unreported risk, so it's the job of risk management to be diligent in the risk assessment process and notify senior leadership if the program lacks the necessary maturity. A mature ERM program is a safety net. It protects boards and senior leadership from accusations of negligence by demonstrating a clear dedication to uncovering risk. It also provides transparency and assurance of on-time and on-budget achievement of corporate performance objectives.

 For more information about what elements compose a mature ERM program, visit our solutions page or watch our webinar, "5 Steps to Improve Your ERM Program."

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives