A quick search of the internet will pull up
tons of material on risk management and internal controls, to help you improve
your business. All organizations, be they private sectors, not-for-profit or
public sector bodies have to adhere to whichever set of governance codes they
fall under. One example is the UK Corporate Governance Code that is published
by the Financial Reporting Council for listed companies that either have to
comply or explain why not. The Sept 2012 version includes code C.2.1 which
states:
‘The board should, at least annually, conduct
a review of the effectiveness of the company’s risk management
and internal control systems and should report to shareholders that
they have done so. The review should cover all material controls, including financial,
operational and compliance controls.’
So, we have the codes and we have a good
take-up, which means everything should be fine. But if you want to improve your
risk management and internal controls, you will want to find out if your
workforce needs any more training in this topic. I recently carried out a very
informal experiment to see if I could spot any obvious room for improvement in
the way business risk is being managed. One rainy winter evening, I scanned the
Times Newspaper (16th January 2014) and extracted the following snippets of
information:
§ Front
page: Hundreds of teachers accused of sex crimes.
§ Police
crime figures gave been stripped of the official quality assurance mark by the
statistics office after recent claims they were fiddled.
§ US
investigators interviewed staff at Citigroup in London as they stepped up an
inquiry into alleged manipulation of foreign exchange markets.
§ News
page 15: Staff at a care home tied a grandmother to a chair to stop her
wandering, according to a report that said more than a quarter of families had
claimed that relatives had suffered poor treatment in care homes or by careers
in their own homes.
§ Page
18: The official regime of four-yearly inspections is failing to ensure the
welfare of animals in Britain’s 300 zoos and animal parks, a study has found.
§ Page
21: Liberal democrat women reacted furiously last night after the party
announced that it would be taking no further action against a peer accused of
sexual harassment.
§ Page
23: In a ruling late on Friday night, which has received relatively little
attention here, the appeals court in New Orleans ruled that the settlement
reached by BP in 2012, hours before the trial over the disaster was due to
start at the New Orleans district court, should stand – even if it meant that
people and businesses who have suffered no loss due to the oil spill will
benefit.
§ Page
28: Solid gold bathroom fittings, a fraudulent mausoleum and a vast
subterranean cache of booze have brought down one of China’s most powerful
generals and caused the People’s Liberation Army’s worst corruption scandal for
years.
§ Page
30: Washington. The US military has suspended 34 officers in charge of
launching nuclear missiles for cheating at a proficiency test.
§ Business
page 36: On credit rating agencies. ‘The world has changed dramatically since
the collapse of the US sub-prime market in 2008, which triggered the credit
crunch. Jose Pocas Esteves, the ARC chief executive, said, ‘ARC and its five
founding partners believe that the old methods and approaches are no longer
sufficient for the post-Lehman financial sector landscape.’
§ Page
39: it has long been suspected that too many fund managers make too much from
clients for doing too little. Now this theory is to be tested rigorously.
§ Law
page 53: The RSPCA is one of the most popular charities in the UK… yet a key
part of its activities (prosecutions) has seen its image tarnished. A series of
cases has led to criticism that it is over zealous and politically or
financially motivated….The charity has now announced a review of its
prosecution work…
§ Sport
page 58: Bernie Ecclestone, the Formula One chief executive, is expected to
face formal charges over secret payments to a German banker, it was reported
last night.
The problem is that risk is something that just
won’t go away and no one is exempt. My sample is a quick look at one newspaper
on one particular day. Regulators act as referees and to slightly misquote the
late, great football manager, Bill Shankly:
‘The problem with referees is that they know
all the rules but don’t always understand the game.’ Learn this here
now.
We really need to get real since many
employees ‘game’ their targets, their result and most of what they do at work
to suit themselves. I can’t think of many people who put the needs of their
employer above their own personal interests. Which means your improvements to
risk management and internal control have to be set within the culture at work,
to make any real sense. One way forward is to re-write the Corporate Governance
Code to move away from an annual accountant-centric event that means very
little to most people, to a more straightforward version. My suggested re-write
of the code would be:
‘The board should establish a control
strategy that is resilient in responding to the changing risk landscape and
which ensures all employees retain key risks to acceptable levels through the
design, implementation and review of sound controls. The control strategy
should guard against fraud, waste, reckless behavior, excessive caution,
short-termism and suboptimal results; and be subject to on-going review and
disclosed to shareholders on an annual basis.’
In this way we would hope to see four things
firmly in place in all organizations:
1)
A board that takes responsibility for the risk culture in their organization.
2)
Management and teams who understand their key risks and the difference
between acceptable and unacceptable behavior.
3)
A suitable range of controls that help guard against fraud, waste,
reckless behavior, excessive caution, short-termism and suboptimal results.
4)
A transparent review process that ensures the above is happening.
If these four things are happening the hope
is that there will be fewer headlines that undermine all kinds of
organizations, and which ultimately damage the reputation of global economies.
I asked whether there is a need to train employees to improve the way they
manage risk and sharpen their business controls. I feel the answer is; ‘yes
there is’ – which is why Business Controls Training will continue to develop a
range of standalone e-learning courses for elearningmarketplace.co.uk.
No comments:
Post a Comment