5 Ways to Improve Board Risk Oversight

While leaders communicate the company’s vision, mission, core values and commitment to ethical behavior, what really drives the culture and resonates with employees is what they see and hear every day from their supervisors. If the behavior of middle managers contradicts the messaging and values conveyed from the top, it won’t take long for lower-level employees to notice. Because the top-down emphasis on responsible business behavior in an organization is only as strong as its weakest link, it is vital that the tone at the top be trans­lated into an effective “tone in the middle” before it can reach the rest of the organization.

Three dynamics drive this collective culture, or the “tone of the organization”:

1. Don’t assume that both tone in the middle and tone at the bottom are aligned with tone at the top. Alignment is the name of the game. The greater the number of layers of management in the organi­zation, the greater the risk of incongruities in the respective tones at the top, middle and bottom. Likewise, there’s a greater risk of executive management being unaware of serious financial, operational and compliance risks that may be common knowledge to middle managers and rank and file employees. Information is often distorted as it moves up the management chain, creating disconnected leaders.

2. Don’t assume everyone is engaged. The extent of engagement is vital to building a strong, ethical culture. A lack of engagement drives absenteeism, turnover, fraud, misappropriation of assets, safety incidents, quality defects and loss of customer focus.

3. Recognize the stakes: Many financial, operational and compliance risks are embedded in the organization’s processes. Many decisions are made and many actions are undertaken on the front lines by middle managers and their teams, not by executive management. The decisions to act or not to act present opportunities for excellence, as well as the potential to undermine the organization. To the extent these actions result in policy violations and significant omissions, they pres­ent risks in a wide variety of areas, such as product or environmental liability, health and safety, trading, employee retention, or security and privacy concerns. Risks can fester and smolder when repeated errors and omissions occur within processes, creating the potential for significant surprises later.

To address these “tone of the organization” dynamics, executive management and directors should:

  • Make every effort to implement a strong tone at the top. Without this starting point, it’s game over. Be aware of inappropriate performance pressures, a myopic short-term focus on profitability or a “fear of the boss” within the ranks. In certain areas of the organization, management may look the other way when people act inappropriately rather than take fair and appropriate disciplinary action. Issues may exist even when executive management is of the view that a strong tone at the top exists.
  • Ascertain whether the organizational structure supports or impedes the culture. For example, flattening the organization may reduce the risk of executive management being unaware of embedded risks. Compensation arrangements may encourage inappropriate risk-taking behavior (e.g., competing metrics, such as cost and schedule, trumping safety).
  • Consider conducting a periodic assessment oftone in the middle and tone at the bottom. Seek periodic independent assessments of the organiza­tion’s culture and tone up and down the organization to affirm the belief system driving behavior. Address any lack of alignment with leadership.
  • Ensure the organization has effective escalation processes. An ethics survey noted the percentage of an organization’s employees who witnessed misconduct at work was 45 percent in 2011, down from 49 percent in 2009. Of those employees, 65 percent reported the misconduct they saw, up from 63 percent in 2009. While the rate of escalation is improving, there is still room for improvement.[4]
  • Act on the warning signs in audit reports. Internal audit can play a key role in monitoring the tone of the organization either as part of a comprehensive assess­ment or through aggregating relevant findings from multiple audits in different areas. Incongruities among the tones at the top, in the middle and at the bottom warrant reaffirmation of core values and beliefs.

Questions for Directors

Following are some suggested questions that boards of directors may consider, in the context of the nature of the entity’s risks inherent in its operations:

· Is the board alert for warning signs that the tone at the top may not be optimal (e.g., turnover of key executives, tolerance of significant control issues, a warrior culture, a shortsighted focus on profitability and evidence of an overly dominant chief executive)?

· Does executive management work closely with middle, line and functional managers to ensure everyone is effectively aligned in terms of the organization’s vision, mission, core values and strategy, so the right messag­ing and behavior are stressed across the organization?

· Are there effective escalation processes to ensure significant problems are recognized and addressed at the appropriate level of the organization?

Jim DeLoach is a member of Protiviti’s Executive Council to the CEO and assists companies with integrating risk management with strategy setting and performance management.

Read: www.ethics.org

Read: http://www.protiviti.com/en-US/Documents/Newsletters/Bulletin/Bulletin-V4-I4-Protiviti.pdf

Read: http://www.poole.ncsu.edu/erm/index.php/articles/entry/board-risk-oversight/