Bonus Material: 5 Steps To Better Risk Management
What Is Governance In Business: Introduction
When we get behind the wheel of a car, we adhere to a certain set of rules. We stop when we see a stop sign, we give the neighboring lane the right of way when we see a yield sign, we stay on our designated side of the road…but what happens when someone ignores one of those rules? Sometimes, nothing; other times, fatal catastrophe.
We all have our own interests in mind while driving, but without drivers following the rules that are in place to keep us safe and make things more efficient for all, the road would be a much scarier place.
Roads are an excellent microcosm of what governing bodies do. When we hear the term “governance,” we tend to think about people putting rules in place on a micro level in order to gain some semblance of control over their area of responsibility on a macro level. So how do people in charge decide on the rules that we’re all expected to follow?
Good governance does not just refer to making only the “correct” decisions; it’s about truly using the best possible processes to inform your decision making. Depending on your area of responsibility, the decisions you make have the potential to impact your employees, customers, stakeholders and the community at large.
In this guide, we’ll discuss governance as it relates mostly to organizations. We’ll explain “what is governance,” the definition of governance, and some various types of governance. Then, we’ll delve into how to solve for some common challenges of corporate governance.
Governance is defined by the processes used to make and implement decisions. This is the broadest explanation of the term; in order to fully understand it, let’s examine the different types of governance that can exist.
Types of Governance
There are infinite types of governance. So long as an entity has been delegated any amount of power over another, there exists a certain type of governance.
In history class, you most likely learned about the various forms of governance as it pertains to ruling a state: monarchy, democracy, oligarchy, authoritarianism, and totalitarianism.
HR professionals also govern. Their governing efforts may include how their employees should prioritize their projects, holding an ethics council, deferring to a board of financial advisors, and clearly defining how operations should be executed.
IT governance, for instance, refers to the method that an organization uses to control and direct information technology. Practices within IT governance vary widely by industry, but a few common practices include compliance, audit, asset management, quality assurance, information security.
Corporate governance refers more specifically to the framework of practices by which a company or organization ensures fairness and transparency with its stakeholders. These stakeholders most likely include customers, employees and their associated community (American Progress).
There exists both explicit and implicit agreements between the corporation and its stakeholders in order for responsibilities to be properly distributed. There also need to be procedures in place for resolving conflicting interests, proper supervision and various other controls in order to properly impose a system of checks and balances.
In short, corporate governance is a method of governing a company much like a sovereign state. Its own set of customs and laws are applied to its employees from the highest and lowest levels. It’s intended to increase accountability and prevent massive disasters from occurring.
Historically, poor corporate governance has been tied to failures in risk management. Some notable examples are the Target breach, the Volkswagen emissions failure and the Wells Fargo account scandal. These highly publicized scandals indicate more than a financial and reputational hit for the associated companies, because each case directly impacted a wide variety of stakeholders. Enterprise risk management, or ERM, is a solution that encourages companies to protect their shareholders through good governance.
Corporate Governance & ERM
Governance functions were designed to create a standardized process for managing the risks that organizations face most prevalently. In operations, these risks include financial misstatements, fraud, vendor management, disaster recovery, security threats, non-compliance, human error and so much more.
ERM is a framework — it shouldn’t be a siloed function, but rather a collaborative approach to all governance areas. Its focus is on creating a standardized structure and taking a risk-based approach to objectively prioritizing risks across all functions and levels at an organization.
Good Governance Challenges
Information is scattered. Housing risk, performance, and compliance information on various spreadsheets and word documents using different methods and tools throughout the organization makes it hard to even locate — let alone compare and aggregate — the necessary information.
Misalignment of priorities. Unfortunately, stakeholders’ priorities aren’t always aligned with the overall goals of the organization. Because of this, it can be difficult to know which tasks are important to whom and which activities are considered top priority. Without proper alignment, it’s impossible to accurately prioritize activities and their associated risks. A lack of transparency makes risk, performance and compliance information hard to discover, collect and maintain.
Siloed activities. Within every organization, business areas are conducting governance activities. Unfortunately, each of these areas are conducting these activities under different names based on different assumptions and standards by different methods.
Unknown relationships. Understanding the relationships between all the activities and related resources of our everyday, and how we are personally connected to the activities and resources of others is incredibly complex. Understanding the risk, performance and compliance consequences of all of these activities and resources, as well as where existing risk lies is even more difficult. This is why we sometimes feel we are in meetings all day discussing loss events that have already happened, rather than identifying emerging future risks.
Organizations need to build a robust ERM framework, or taxonomy, which provides a holistic view of all the information and relationships across the organization. Taxonomy structures and preserves the integrity of information, so even as changes occur in multiple parts of the organization, managers can compare risks like apples to apples.
Accountability is a fundamental requirement of good governance. We rely on businesses every day, and they have an obligation to assess risk, implement the appropriate controls, monitor their effectiveness and report to the board. If the process owners at the organization are not answerable for the consequences of risks, they can negatively impact customers, employees and investors.
LogicManager is fighting to make a change: we believe that ERM and GRC is the key to implementing and sustaining good governance, and our mission is to provide the tools and services that make this possible. Our all-in-one ERM software can help your business integrate governance and risk areas.
Want to see for yourself? You can find out more about our comprehensive GRC solutions here.