Linking Governance, Risk Management, & Reporting

Miami University is the nation’s first academic institution to integrate these three very important areas being addressed by executives, boards of directors (BOD), regulators, and lawmakers in business today.  Several observations and experiences illustrate the value in linking these three areas:

• All reputable frameworks for enterprise risk management that we have encountered (COSO 2004, in particular) emphasize that enterprise risk management is destined to fail without dedicated ownership by senior management and proper oversight by the BOD.  Indeed, many organizations are forming separate risk committees under the BOD and most sets of BOD committee charters that we have examined place strategic, operational, reporting, and compliance risks as the responsibility of one or more BOD committees.
• The governance aspect of this linkage focuses primarily on the role of the BOD and senior managers as stewards of investor capital and other stakeholder “investments” in the organization (e.g., employee and customer loyalty, community dependence, alliance partner strategic/operational objectives, regulator reputations, etc.). The failures at Enron and WorldCom, as well as major transitions and challenges at organizations in struggling industries—automotive and airlines, for example, have far-reaching effects. Those individuals charged with governance likely will continue to face many challenges. These challenges include effective stewardship for investors and other stakeholders in being able to properly oversee and own processes for managing threats to investor and other stakeholder interests.  Additional challenges include developing the best strategy for enhancing transparency involving such processes.
• Organizations worldwide are adopting at an exponential rate transparent reporting of their management of risks that affect stakeholders. For instance, over 2,000 organizations worldwide issue corporate sustainability reports. General Electric, which issued its first such report (i.e., deemed a Citizenship Report) in 2005, and a second in 2006, sees these reports as a key component in managing its stakeholder reputation. CEO Jeff Immelt commented to us in November of 2005 that he is firmly committed to enhancing GE’s transparent reporting of issues that affect stakeholders (i.e., stakeholder risks) going forward as a key element of its reporting process. Other organizations, like the major petroleum companies, have continued to evolve their stakeholder reporting to help address the key concerns of stakeholders, including investors. To address this issue, the Enhanced Business Reporting Consortium was formed in 2005—by organizational partners such as NASDAQ, the Business Roundtable, and the AICPA—to see whether the increasing stakeholder demand for reporting nonfinancial business measures might help serve to evolve “financial” reporting to “business” reporting.

Overall, organizations tend to be more effective in one or two of these areas (e.g., corporate governance) and not as effective in the other areas (e.g., enterprise risk management and business reporting).  In some instances, organizations have not effectively developed processes for any of the three areas and in a few rare cases, organizations have taken a lead role in each area.

Last modified on 4/18/08 | Content maintained by CBE