What’s a Significant Business Risk? Not Discussing Risk
No matter where you turn lately, the headlines have been focused on the situation surrounding News Corporation’s News of the World. The tabloid closed its doors recently in the wake of a massive voice mail hacking scandal. What’s interesting to me about this story is that a 168 year-old business fell because staff (and whomever else was in the know) was willing to subordinate their judgment and professional ethics in the interest of gaining a competitive edge to meet organizational goals.
It’s an extraordinary case, but for me it poses some important questions: to what lengths is my staff willing to go to move the business forward? What message does our board and management team communicate about our ethical commitment and the risks we are willing—and not willing—to take? What are we doing to make sure we don’t end up in a situation like that of the News of the World?
Here’s a solution many of us have been considering lately: enterprise risk management (ERM).
ERM seeks to rope all teams into the discussion of risk to help organizations consider all possibilities: successes, failures and even “the thing we never expected, but we had the sense to plan for.” At a very fundamental level, ERM is a communications effort that involves everyone in the organization, from the board of directors, to senior management and front-line employees. The board and senior management communicate their risk appetite to staff, which sets the stage for the organization’s risk tolerance overall.
In this July 13 article of Business Finance magazine, Accenture's Chris Thompson put it this way: “Well, most importantly, it's a tone from the top of the house. If risk management is important, then it's going to be part of the fabric of the company. We can call that a risk culture.”
And Thompson goes on to argue that when your culture is communicative and analytical in making informed risk decisions, the organization’s performance is boosted.
Many AICPA members are seeing the risks of doing business grow more complex and recognize ERM as a way to get ahead by considering all possibilities surrounding risk. What’s your organization doing to implement ERM and elevate risk into day-to-day dialog?
For more on the future of ERM, see the AICPA’s Top Ten “Next” Practices for Enterprise Risk Management 2010 Survey Results report.
Carol Scott, CPA, Vice President - Business, Industry and Government, American Institute of CPAs.