Strong organizational governance is a crucial component of sustainable operations, and is defined by the processes senior leadership follows when making and implementing strategic decisions. Without strong governance, it’s impossible to operationalize internal policies, decreasing efficiency, increasing the likelihood of compliance violations, and exposing the organization to unnecessary vulnerabilities.
To learn more about how involved boards are in their organization’s risk management processes, we surveyed more than 300 risk, governance and compliance professionals across industries. We asked them to evaluate how involved their boards are in risk management strategy, in addition to how much of an impact poor risk management has had on their organizations. Results of the survey indicate that while nearly all organizations uncover a need for strategic changes after performing assessments, a majority of boards are not as involved in this process as they should be (if at all).
Historically, poor organizational governance has been tied to failures in risk management like the Target breach, the Volkswagen emissions scandal, and the Wells Fargo accounts scandal. These scandals have been highly publicized because they mark more than a financial and reputational hit for associated companies. In each case, poor governance directly impacted a wide variety of stakeholders. Integrated risk management solutions encourage organizations to protect their shareholders through good governance.
The results of this survey indicate a core contributor to these scandals: a lack of centralized risk management. Good governance bridges the gap between board-level policy and the execution of that policy at the front lines; the most robust policy can’t have a tangible impact unless it’s implemented in daily operations.
In order to receive the full benefit of risk management efforts, organizations must engage all areas of the business. This cannot be accomplished without support from the board of directors and the engagement of senior leadership.
Those that do maintain mature risk management programs realize up to a 25% increase in firm value compared to companies without such programs.