2020 Study of Advancements in Enterprise Risk Management and Corporate Board Governance
“Infusing the Human Element into Enterprise Risk Management”
This study is the first of its kind to examine advancements in risk performance of corporate board’s risk & audit committees and the risk function. The study includes an exhaustive lit review of corporate boards and enterprise-wide risk management.
The findings are provocative and explain the structural, legal and conceptual limitations that have hindered good risk management at the board and ERM level and provides insight into how to enhance risk management at the board and chief risk office level.
There were a few surprises in this study that help amplify the current state of risk management. My first observation is risk management is thriving even though the discipline of risk has evolved organically or borrowed from other disciplines that are unrelated to traditional risk practice.
This helps explain why corporate risk management has not advanced to the C-suite in the same manner as business disciplines of accounting, finance, and marketing for example.
Secondly, there is a void in existing academic study on the functions, processes, tools and measures of risk performance at the risk and audit committee level. Additional research is needed to evaluate the processes used by board committees to address key risks for the enterprise.
How can board governance improve financial reporting of the risks that matter to key stakeholders? How is risk information created? Is the information derived purely from internal audit or is there an aggregation of key risks? Are key risks communicated through the CEO, risk/audit committee or senior risk executives? What are the mechanisms to decide how to mitigate key risks or accept them on an on-going basis? How does the board measure its own performance in risk reduction? Does the board use risk-adjusted returns on investments?
These and other questions are not addressed in empirical evidence in existing research suggesting a number of strategies can be deployed to better measure board governance performance beyond trailing metrics of financial results, debt financing or other matters that may be arbitrary to the actual results of the firm. Firms who demonstrate better board risk governance will be better prepared to achieve greater performance for all respective stakeholders .
Enterprise-wide risk management is an emerging discipline of institutional study that lacks a grounding in science. Enterprise-wide risk management could become a branch of organizational science or organizational behavioral science.
Organizational science is both a science and a practice, founded on the notion that enhanced understanding leads to applications and interventions that benefit the individual, work groups, the organization, the customer, the community, and the larger society in which the organization operates.[1] [2]
Organizational behavior (OB) is the multidisciplinary study of the employee interactions and the organizational processes that seek to create more efficient and cohesive organizations.[3] Both of these disciplines may be good candidates in which enterprise-wide risk management could become a branch of study and research. It is very surprising that ERM is not rooted in the existing sciences of today.
Lastly, I am surprised that one of the most recent advancements in risk practice, Prospect Theory, is not recognized as an innovation in risk management. Behavioral science addresses the one element that all other risk frameworks ignore, intentionally or inadvertently, the human element. The common denominator of all decisions, success or failure rests with the human element.
If risk management is about the quality of decisions about strategy, risk, controls and so much more why has the risk management industry missed the one element we should not ignore — the people in the organization? A cognitive risk framework for cybersecurity and enterprise-wide risk management was created by the author to fill the gap in existing risk frameworks.
2020 has been fraught with change and disruption creating a great deal of uncertainty which creates opportunity for good risk management and board risk governance to provide clarity through the fog. Never before have the tools and technology to manage risks been better suited for this time. I hope that this study provides new insights into current risk practice and opportunities to advance your risk program with better clarity as you plan for the future.
A downloadable copy of the study is here. https://documentcloud.adobe.com/link/review?uri=urn:aaid:scds:US:a39d1141-6e1e-4e3f-88a6-c99b33709a81
[1] https://orgscience.uncc.edu/
[2] https://definitions.uslegal.com/o/organizational-science/
[3] https://online.usi.edu/articles/mba/what-is-organizational-behavior.aspx
