“We are witnessing unprecedented change in the corporate governance world: new perspectives on boardroom composition, higher levels of stakeholder engagement, more emphasis on emerging risks and strategies, and the increasing velocity of change in the digital world.” (1) Board members attention focuses more and more on the risk oversight of companies, Deloitte actually identified risk oversight as one of the top priorities for Board members in 2014 (2), a clear evolution, if not a revolution from the traditional role of board. What is the reason for such a shift in focus?The answer is twofold.
First, regulators have pushed risk to the top of directors’ agendas by introducing increasingly stringent regulations and forcing companies to set up broad and comprehensive control processes for which the board is responsible. That requires vast efforts not only in terms of practical implementation, but also due to the sheer volume of reporting that comes with it.
Second, there is a growing interest and demand for transparency and principled corporate leadership from the general public. With the development of social media and the rising speed of information exchange, any governance breach can become a major reputation crisis. Senior management simply cannot ignore the potential damage to their brand; implementing an efficient corporate governance system has become an obligation in itself, independently of underlying regulations.
At the heart of the matter lies the idea of oversight. The board is responsible for the company’s overall risk exposure and must define the corporate governance rules that will have to be enforced, usually embodied in a code of conduct. If this code of conduct is to be more than just a pretty document and truly define the way the organization will conduct business, it needs to be enforced throughout the company all the way down to the operations level.
Deploying the corporate governance throughout the operations is the task of GRC (Governance, Risk and Compliance) departments such as Compliance, Risk Management, Internal Control or Internal Audit. Their task will be to implement the code of conduct’s rules and policies and to monitor the risk structure of the company and report to the board, providing sufficient information for efficient oversight.
Corporate Governance thus hinges on the work provided by GRC departments and the way they are able to provide the board with insight on one side and implement its vision on the other side. Since Corporate Governance is a priority of boards, empowering and making GRC departments more efficient should be a priority too.