The success of an ethics and compliance program depends on the support of internal partnership functions – human resources, security, IT, legal, finance, procurement, ESG and others. Given this reality, ethics and compliance has a variety of “seats at the table.” As a result, ethics and compliance has the opportunity to build important partnerships and influence the overall corporate governance framework.
The last five years has included an increased focus on corporate risk management. For years, companies paid “lip service” to the idea of risk management. In many cases, companies implemented “immature” risk management systems that do not stand up to scrutiny and assessment. These programs are often understaffed with a singular focus on enterprise risk management.
This is not the end of the story, however. Companies are pushing for improved risk management with a holistic perspective – beyond the immature enterprise risk management perspective. Instead, overall risk management is fast becoming a priority with more sophisticated techniques and analysis for risk management.
This transformation in risk management was underscored by the pandemic and supply chain disruptions. Given the impact of the pandemic on companies, risk management has taken a lead role in the corporate governance framework. Risk management planning has become a vital part of business sustainability. This important function will become even more critical in the ESG context where sustainability and overall risk management is critical.
In this context, E&C professionals stand as ready-made experts. E&C professionals know how to manage compliance risks, and they are well familiar with the process of conducting a risk assessment and tailoring controls to mitigate those risks. This expertise is invaluable to the holistic risk management process.
The steps needed to put together a holistic risk management process are fairly obvious.
First, a company needs to bring together the internal stakeholders in risk management. Starting from the business side, risk-based experts who have responsibility in the business functions – marketing, business development, sales, financial (FP&A), research, procurement and supply chain and other key business functions.
Second, a company has to collect risk experts from important support functions – legal, ethics and compliance, human resources, internal audit, security and other related functions.
With a risk management committee consisting of all key players at the table, a company will be able to empower a critical risk management function. This requires companies to invest in this operation. A holistic risk management operation is based on a line-of-sight perspective across the organization. It brings a risk management perspective that assesses and balances key business risks that includes overall continuity, supply chain and legal and compliance risks.
This is the future for risk management. E&C professionals are key players in this constellation and experts in this field. With a holistic risk management process that provides valuable assessments, response strategies and other important functions, corporate planning, crisis management and overall business efficiency can be achieved.
All of this may sound like another one of my profound grasps of the obvious – but what may seem obvious appears to have escaped numerous corporations. A holistic perspective is difficult to achieve when entrenched interests embedded in an organization resist changes to the risk management process.