The Corporate Governance Risk Framework


There are different ways of looking at Governance and Risk. The various aspects of Corporate Governance and Risk are revealed by the todayís complex world. The different perspectives and opinions require a holistic approach to comprehend the depth of governance and risk. This requires a Framework to encompass the total picture.

A framework will consolidate the different perspectives and formalize the processes required for structured implementation of Risk and Governance.

Organisations are normally driven by incitements to fulfil the requirements of Shareholder Satisfaction. Goal-driven decisions aimed at profitable growth is the name of the corporate game. But do profits alone satisfy the investor and other Stakeholders. Now they all receive feedback or response from the human organization, the external markets, and customers. All stakeholders feel a desire to respond to it.

The problem we encounter here is that this is a closed circuit. Authorities and analysts approve and report based on the findings and details within the circuit, between the human organization, markets and customers and growth.

Does the circuit provide for virtually unchecked survival and growth of an company.

The company does not exist in a vacuum. There are several instances that have a stake in the well being of the company. It exists in the context of the external environment which consists of social forces which drive public policy which in turn create competitors that fuel the capital markets.

We therefore created another systems oriented feedback circuit. This time a negative feedback circuit, serving as a governor or a controller on the company.

The culmination of those two feedback circuits produce this chart, which is a systems depiction of the positive and negative feedback circuits of the company, its drive for growth, and survival in the environment which has the dampening and stabilizing effect on that growth and survival.

An understanding of the cause and effect and feedback nature of the organization as it interacts with its environment is a critical component to the whole concept of systems thinking. It is a prerequisite to understanding what risk really is and figuring out how to organize decision-making to minimize that risk and to maximize potential opportunity.

Corporate Governance is often defined as how we assign responsibility for managing risk, by making use of contemporary prudent management and conventional wisdom. But conventional management only provides a fragmented view on the issues involving Risk and Governance.

What lacks in our ability to provide continuous prudent judgements is the failure to anticipate, understand and take action around the intended and unintended consequences of our choices and decisions. It is not sufficient to lay off risk to insurance or capital markets. To retain our ability to manoeuvre and manage risk and at the same time be in compliance is vital to a managerís success.

Therefore we need to redefine the conventional approach to Corporate Governance and Risk. Firstly we have to come to terms with the two topics are two sides of the same coin.

Governance relates to the decision-making processes under varying degrees of uncertainty while Risk is the outcomes of those decisions.

Based on the decision making process and the outcome of decisions we can develop a framework for governance, taking into consideration the elements of the entire process.

Then we need to define the important elements that go into providing effective decisions and understanding the outcomes.

The important elements in this connection are the risks associated with such decisions. The next elements are the varying degrees of uncertainty and at varying levels of the company involved.

Decisions at the same time must contemplate or anticipate the consequences or outcomes over long periods of time. Together with the organizationís ability to anticipate, understand and take action around the result of their choices and decisions.

After the definition process, we need to at the same time to integrate the concepts of governance and risk simultaneously. We must also identify and understand the cause and effects together with the feedback (response) and learning that lead us to embrace from a systems perspective.

All of the above provides the basis for the development of a system of governance and risk Framework.

The Combined Company was the next major discovery in our journey to understand the issues of governance and risk. We define the term The Combined Company to incorporate the environment in which the company must operate and which the environment creates in many respects the kinds of risk that an organization must contemplate, including the investors and the public, customers, suppliers and competitors, existing and emerging regulators and rating agencies and other forms of network partners.

We concluded that we are all connected and that our actions, and the consequences of those actions, must be understood. We must understand the implications of our decisions across the combined company. We must understand that none of the participants in the combined company may be ignored and finally understand the value chain always contains participants in the combined company.

Our thinking came together into what we call the Governance Model. We were searching for a framework into which to cast decision-making under varying degrees of uncertainty within the combined company and in the context of the overall environment.

The Governance Model provided us with that framework whereby we could anticipate and understand and take action around the intended and unintended consequences of our choices and decisions. The Governance Model became a systems model and provided us with a structure dealing with decision-making under varying degrees of uncertainty.

The Governance Model provides us with a framework for considering the type of decisions that are made including the consequences of those decisions in a cause and effect feedback way.

We broke down the nature of our decision-making and therefore the kinds of outcomes that we would incur along the lines of: Strategy, which are outcomes associated with the future.

Execution of that strategy which provides outcomes that may be, or at least should be, knowable which further defines operations. Current outcomes associated with the present and then finally how bring it all together into a system of Organization, Management Process, and Information.

At each level of the Governance Model are choices and decisions, and potential outcomes of those choices and decisions in terms of potential rewards and risks. We have to identify the choices and decisions made at each level, we can anticipate and understand and take action around the consequences of those choices and decisions.

At each level of decision under varying degrees of uncertainty, there is a need to anticipate and understand consequences. We need categories of generic big decisions which any organization must contemplate. There is no limit to the total number and type of decisions faced by an organization but these are the kinds of decisions that organizations make every day and around which they must anticipate consequences.

Making change is to begin with the nature of the change. Transitional change is incremental. Step-by-step change is slow but governed. However the big transformational change, where the forms of all processes of the organization require modification will always be in focus of the stakeholders.

We go through generic or classic phases of implementation, followed by how we might actually influence the Governance Model in the real world. Like COSO understanding the use of the Governance Model is to implement itself. When in function and using it, we actually created the system of governance by which an company might be managed.

Once the Governance Model and the System of governance are understood and accepted within an organization, so that the big decisions that Boards and Senior Executives need to make in order for the governance model to be successful.

Boards and Executives need a framework and process for evaluating their choices and making big decisions. We have here that framework and that process. Boards also require trust, dialogue and engaged debate regardless of the framework and the process which constitutes the character of good governance.

The framework, and the process, the two provides the basis for trust, dialogue and engaged debate.

Lastly, and at the end of the day, we are all part of the problem we are trying to solve. As COSO points out the Tone at the Top is critical. The trust, the dialogue, the engaged debate, and then to take responsibility for the consequences of their actions is controlled and structured by the Framework.

The Tone at the Top prevails and permeates the entire company it is critical and without it no governance model or system of governance will be operational or effective.