We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Increased Board Accountability is Real

Vote 0 Votes

By this point, the Volkswagen scandal is old news (we first blogged about it last October). Yet details about the case continue to emerge, most recently about board accountability. As of last week, a Volkswagen "internal probe into its emissions-cheating scandal found no evidence of wrongdoing by members of senior management..." In other words, VW's Board didn't know about the deception until it was too late.

This might appear to be a good thing, but actually VW is making its situation worse. Why? As we discussed in last week's webinar, regulators now consider risk management negligence an offense equal to fraud. We also discussed this issue last November, when we blogged about how ignorance is no longer an excuse for poor board oversight.

The alternative to negligence (besides upping the ante and adopting a robust risk management program) is full disclosure of poor risk management. Thanks to the SEC's 2010 disclosure rule, boards won't be considered negligent if they publicize their company's lack of risk management.

As I discussed at April's Enterprise Risk Management Thought Leadership Summit at St. John's University, up until 2010, board accountability for risk management extended only to actions executed at the executive level. Starting in 2010, a number of federal and state regulations extended liability for material risks to any level. The requirement for accurate disclosure of their effectiveness in managing risk also appeared. Boards suddenly found themselves accountable for much more than they had been.

The Volkswagen saga is far from the first example. Consider the following recent events:

  • 1. Nordion Inc., a global health science company, failed to adhere to its internal controls procedures, which is negligence. Even though the company self-reported to and cooperated with the SEC, it still paid $375,000 in penalties related to board accountability.

  • 2. Chipotle's inadequate quality controls, which weren't disclosed, led to a host of salmonella outbreaks linked to multiple locations. The company suffered regulatory penalties, a major hit in market value, and is being sued by its shareholders for risk management negligence.

  • 3. Dwolla, a small, private company, paid a civil penalty of $100,000 for risk management negligence, even though no incident occurred. This case is particularly illustrative of the importance of risk management (or disclosure of its inadequacy); it doesn't take a data breach or bacterial outbreak for the ax to fall.

  • 4. Volkswagen reported the "innocence" (i.e. negligence) of its board regarding the emissions scandal. As a result, thousands of workers walked off numerous plants, asserting that "'Responsibility for the diesel crisis lies with decision makers at headquarters and not with the workforce.'"

All of these events line up with what we've been anticipating. Boards that don't perform their due diligence regarding risk management are now being held accountable.

Tune in to our next live webinar on June 1st for more info about ERM programs and related current events. Then, download our free eBook on streamlining governance activities to learn more about information collection, effective communication, and increased transparency.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives