Anthony J. Padilla, MBA,CFE Managing Partner, Risk Advisory Group - - PowerPoint PPT Presentation

Supporting Effective Boardroom Leadership Identifying Unique Opportunities to Improve Board Governance

Risk Management and CSR

Anthony J. Padilla, MBA,CFE

Managing Partner, Risk Advisory Group

ENTERPRISE RISK MANAGEMENT and CSR

SECTION 1

EFFECTIVE GOVERNANCE PRACTICES

• The current environment,
• Board responsibility for ERM grows,
• Functions in the organization that Support and Report,
• Identifying effective board approaches/structures to address ERM
• Unique structure/approach to support board and management's ability to handle ERM

SECTION 2

CORPORATE SOCIAL RESPONSIBILITY (CSR) AND GLOBALIZATION

• Environmental Ethics,
• Shifting Expectations,
• FCPA, UK Bribery Act, Case

ENTERPRISE RISK MANAGEMENT and CSR

THE CURRENT ENVIRONMENT

Effective Enterprise Risk Management presents the most formidable challenge to boards’ capabilities, requiring they question management’s representations and its own understanding of the risk/reward conundrum in the industry they serve.

ENTERPRISE RISK MANAGEMENT and CSR

Board’s and Enterprise Risk

Today, a public company Board of Directors faces:

 Growing shareholder activism,  Increased scrutiny by regulators  Heightened expectations from the public about their oversight of management,  CEO and executive compensation  Challenges to their understanding and handling of ever evolving risks their

corporations face

 Social responsibility, stateside and abroad, is gaining greater visibility

This has led to increased pressure to perform or to step down from board duties. Many have decided the risks involved in board membership outweigh the perceived and actual benefits.

ENTERPRISE RISK MANAGEMENT and CSR

THE CURRENT ENVIRONMENT The National Association of Corporate Directors NACD 2014-2015 Public Company Governance Survey identified the following key findings:

• One in four directors (24%) believe that their board has failed to assign risk
• versight to the correct group
• Almost half (48%) of respondents have assigned risk responsibility to the

Audit Committee

• One third (34%) indicated risk responsibility is assigned to the full board
• However, only 30% of those responding believe that risk oversight should be

assigned to the Audit Committee, while 52% say it should be the full board’s responsibility

ENTERPRISE RISK MANAGEMENT and CSR



Innovation/Obsolescence Risks



Reputation Risk



Environmental Risk



Country (international) Risk



Program/Project Risk



People/personnel risk



Operational Risk



Regulatory Risk



Contractual Risk



Litigation Risk



Financial Risk



Credit Risk



Risk of Fraud



Transaction Risk



Stakeholder/Public Risk (Ethics, Corporate Governance)



Product/Market Risk



Interest Rate Risk



Cyber Security / T echnology/IT Risk



OTHERS?

EXAMPLES of Universal Risks that Companies Face:

ENTERPRISE RISK MANAGEMENT and CSR Controllable /Internal

• Innovation/Obsolescence Risks
• Reputation Risk
• Program/Project Risk
• People/personnel risk
• Operational Risk
• Contractual Risk
• Financial Risk
• Credit Risk
• Transaction Risk
• Stakeholder/Public Risk (Ethics,

Corporate Governance)

• Product/Market Risk
• Product/Market Risk
• Interest Rate Risk

Limited Control /External

• Country Risk
• Interest Rate Risk
• Regulatory Risk
• Litigation Risk
• Cyber Security /

T echnology/IT Risk

• Risk of Fraud/Corruption

ENTERPRISE RISK MANAGEMENT and CSR

ORGANIZATIONAL INTEGRITY™ DEPARTMENTS or FUNCTIONS THAT ADDRESS RISK in COMPANIES

• Internal Audit
• (Enterprise) Risk Management - CRO
• Legal
• Regulatory Compliance
• Organizational Design/Development
• Policy and Procedures
• Human Resources
• Sarbanes-Oxley (SOX)
• Contract or Procurement departments
• Continuous Improvement
• Fraud Detection/Prevention
• Project Management Office (PMO)

ENTERPRISE RISK MANAGEMENT and CSR BOARD COMMITTEE OFTEN RESPONSIBLE FOR RISK OVERSIGHT

• Assign responsibility to the Audit Committee, which already handles financial maters, including

Internal Audit and SOX compliance PROS: This Committee already handles significant Risk activities Experienced financial expert is on this committee Forty Eight(48%) percent of companies surveyed do this already* CONS: Committee already has highest level of responsibility – piling it on Committee has high turnover despite higher compensation and insurance 

Form a new Committee responsible for enterprise risk oversight



Give it to the full board

*2014-15 NACD Public Company Governance Survey (National Association of Corporate Directors)

BOARD COMMITTEES RESPONSIBLE FOR RISK OVERSIGHT Assign responsibility to various or new committees (decentralized) PROS: Lessens burden on the Audit Committee Engages more directors in overseeing crucial risk issues CONS: Questionable level of understanding enterprise risk (knowledge and expertise) affecting the Industry and company Creates greater reliance on management’s representations of risks facing the

• rganization

Raises issues about effective training and skills needed for Directors to fully understand the risk environment a company faces

ENTERPRISE RISK MANAGEMENT and CSR

ENTERPRISE RISK MANAGEMENT and CSR

CONTRADICTION IN SURVEY RESULTS UNDERSCORES BOARD UNCERTAINTY



General satisfaction in quantity and quality of information except– Cyber Security



One-third (32%) of survey respondents were not satisfied with the quality of information



Over half (52.1%) were also dissatisfied with the quantity of information provided stating .



Survey: “The indicated lack of information regarding cyber risk may pose a problem even for directors knowledgeable about cyber issues. Although most respondents indicated that they had at least some knowledge regarding cyber security risks, many felt they could still improve their understanding.”

It was management’s failure to truly understand and communicate the global risks it faced during the derivative crisis which underscored the collapse of the credit

• markets. The board’s failure to interpret and understand those same risks

compounded the problem and resulted in Dodd-Frank

Although the issue of managing risk is management’s responsibility, what can a board do to address incongruence, lack of accountability and uncertainty?

ENTERPRISE RISK MANAGEMENT and CSR

NACD Risk Oversight Guidance for Boards

 Align Strategy with Risk  Improve Risk Mitigation Techniques  Develop Risk Identification Skills  Enhance Risk Monitoring Capabilities  Define Crisis Response Steps  Understand Management’s Risk Modeling and  Identification of Risks  Re-evaluate Communication with Management about overall Enterprise

Risk

ENTERPRISE RISK MANAGEMENT and CSR

SOLUTIONS TO CONSIDER and CHALLENGES

1) Create a new Risk Oversight Committee responsible of overall enterprise risk and populate it with Board members who understand risk 2) Disperse risk oversight amongst various committees (25% do this per NACD); specialized training will be needed to bring members up to speed to:

• Evaluate management’s own understanding and management of risk
• Interpret the information provided by management
• Be able to provide guidance for management’s overall handling of key risks

3) Lastly, the board can rely on third party consultants to help in understanding risks, which brings its own set of concerns What are the issues or challenges with each of these?

ENTERPRISE RISK MANAGEMENT and CSR

UNIQUE SOLUTION TO CONSIDER

Appoint Expert Professionals in various disciplines to Boards to address least understood and least controllable risks: Enterprise Risk, IT/Cyber Security;, Global Risk,

Regulatory Risk, etc. Old school of thought – A board should not be a “shadow” organization mirroring management’s structure.

What this approach does:

1)

Creates a direct interface role on the board with key management responsible for those activities, similar to the Audit Committee and the CAE

2)

Establishes uniform approach, easily replicable across boards in all industries – eliminates inconguity

3)

Ensures consistency and clarity of information, strengthening the synergy between management and board

4)

Erects a unified front/defense against regulatory intrusion and

5)

Increases leverage and confidence to deal with external stakeholders about direction, control, mission, etc. What public and private companies face today is an exploding risk universe with growing regulatory impact. The objective is a return to effective self governance under a unified approach to doing business.

ENTERPRISE RISK MANAGEMENT and CSR

CORPORATE SOCIAL RESPONSIBILITY (CSR) “The voluntary actions a corporation takes to improve the lot of its various stakeholders.”

 The fundamental question : Do corporations have a responsibility beyond

maximizing profits for their shareholders?

Argument for:



Corporations benefit from being a part of society, and therefore should address societal concerns Argument against:



The costs involved in shouldering societal concerns and taking on issues beyond profit maximizing behaviors . The RESPONSIBILITY PARADOX : Globalization spreads the reach of corporations throughout the world, which broadens CSR and results in the CSR Vs. Stockholder conflict

ENTERPRISE RISK MANAGEMENT and CSR

Hot topics in CSR

• Globalization in all aspects of business
• Energy
• Environment – Carbon Footprint
• Poverty
• Community Outreach
• Human Rights
• Emerging Nations
• Corruption
• Cyber Security

ENTERPRISE RISK MANAGEMENT and CSR

A Carbon Footprint is a measure of the impact human activities have on the environment in terms of the amount of greenhouse gases produced, measured in units of carbon dioxide.

The pie chart above shows the main elements which make up the total of an average person's carbon footprint. A Carbon Footprint is made up of the sum of two parts, the direct / primary footprint and the indirect / secondary footprint.

Source: http://www.carbonfootprint.com/carbonfootprint.html

ENTERPRISE RISK MANAGEMENT and CSR

GLOBALIZATION & CORRUPTION

Battle against corruption is at the forefront of CSR, and has taken on worldwide implications and actions

 SEC and the Department of Justice (through the Foreign Corrupt

Practices Act (FCPA))

 The UK Bribery Act of 2010  World Economic Forum  Interpol  Organization for Economic Cooperation and Development (OECD)  Transparency International  Organization of American States  United Nations

ENTERPRISE RISK MANAGEMENT and CSR

FOREIGN CORRUPT PRACTICES ACT (FCPA) OF 1977

 Principal tenets of FCPA:

1) Ensure proper recordkeeping and internal accounting controls are in place 2) Prohibits U. S. companies and subsidiaries, officers, directors, and employees from “influencing” (bribing) foreign officials

THE UK BRIBERY ACT of 2010

 Extends to bribery of anyone in a position of influence  Expands the reach to include intent to influence, gain favor or business and is

not permitted by local statute

 Requesting, receiving an offer, or accepting a bribe extends to recipient not

just the offeror

ENTERPRISE RISK MANAGEMENT and CSR

The case of the contaminated pet food:

 Ingredients manufactured by Chinese suppliers looking to cut costs  The Chinese plant was inspected by the USDA  Pet food mixed and packaged by the Canadian manufacturer/distributor  Product purchased and sold by major U.S. corporations under different labels

Who do you blame? With far flung corporations, multiple contributors (knowing and unknowing) along the way, how do you attach responsibility? Stakeholders extend beyond end users/customers of products to include: vendors, suppliers, distributors, employees, shareholders, creditors, communities (national and international), governments

ENTERPRISE RISK MANAGEMENT and CSR

QUESTIONS?