Oversight of Risk Culture is the key to compliance
Over the past years especially after the financial crisis
expectations for oversight-control has shot up. The regulatory and stakeholder
attention is focused on the need to improve the company's oversight of Governance,
risk management and compliance activities related to appetite and tolerance
levels. Moreover, now the focus is on developing frameworks and roadmaps
to document the board and senior executives' attention to risk ad compliance
structure in the organisation.
The increasing focus on risk oversight
and risk culture by almost all stakeholders is popularly labelled as "Tone-at-the-top".
It ensures that the right tone of the compliance, control, or culture,
are the critical areas of responsibility, accountability and transparency.
The collective signals on each component set the tone.
Setting the tone (standard) starts in the boardroom with good governance
and rigorous compliance discipline that goes a long way in stimulating
a strong corporate culture throughout the organisation.
The board and the directors are gatekeepers, and the right tone provides
the top for board oversight of business risk culture and the focus on
the inquiry before processes fail or go wrong.
Root cause of non-compliance
Weak company culture is often the, continued cause of governance failures,
deficient risk and control management. The challenge then is to diagnose
the missing components of the enterprise's risk culture and what actions
to take if it is found to be deficient.
The result is that directors are now being accused of fiduciary failure
for allowing "high-risk accounting because the financial crisis has raised
the compliance culture bar significantly in the reporting area. Regulators
and oversight authorities have now reached a consensus that boards should
be evaluated and put on the regulatory hot seat if they fail to take steps
to oversee management's risk culture, appetite, and tolerance.
To address the global regulatory storm, senior management and the board
of directors are required to assess actively the risk appetite and risk
culture framework. An annual assessment of the boards' effectiveness in
overseeing their company's risk culture is also a prerequisite.
Therefore, the annual evaluation efforts should be made by senior management
to understand the organisations' compliance culture on the cultural norms.
Attitudes and behavior related to risk and compliance culture associated
with awareness, tolerances, and moving from risk mitigation to risk optimization
are primary components of the assessment.
Copenhagen Compliance, therefore, recommends a workshop on how to develop
a roadmaop and framework and to discuss the following questions:
- How has the board agreed the company's risk appetite?
- How has the board assessed the company's culture?
- How does the board control that the company has a "speak-up"
culture
- How does the board control that the organization has systematically
learnt from past mistakes?
- How do the company's culture, code of conduct, human resource policies
and performance reward systems support the business objectives and
risk management and internal control systems?
- How has the board considered whether senior management promotes
and communicates the desired culture and demonstrates the necessary
commitment to risk management and internal control?
- How is inappropriate behavior dealt with? Does this present how
to monitor significant risks for all involved?
- How does the board ensure that it has sufficient time to consider
risk, and how is that integrated with a discussion on other matters
for which the Board is accountable?
The attached roadmap and framework will facilitate how to conduct the
workshop. Click
Here
At the 9th annual European GRC Summit
at the World Trade Center in Stockholm on the 23rd and 24th November
Mr. Per Lekvall, Chair of the International Committee of the Swedish Academy
of Board Directors will speak on the subject: The Nordic Corporate Governance
- A Shareholder-Oriented Governance Model. ">Register
now!