Good governance, good organisation.
Good governance allows you to control risk. Poor governance results in unmitigated risks and unforeseen consequences. It can be incredibly costly – not just financially, but from a personal perspective as well.
You don’t know what you don’t know. You will be blind to risk events facing your business if you don’t consider them, how likely they are to occur and the consequences you could be facing if they do eventuate.
The consequences of unmitigated risk can range from the collapse of a business, destruction of assets, environmental ruin and death of people. If that’s not enough to motivate you to think about risk, think about this… Regulatory requirements for boards and responsible officers also have serious outcomes. You can be personally responsible for poor governance.
An important part of risk management and governance is the monitoring of business results. This includes auditing financial results as well as policy, process and procedural outcomes.
Risk monitoring can be considered in terms of the following matrix:
Those risks that have a high compliance (e.g. people are following set processes and procedures), and the processes themselves are appropriate to address the risk are probably fine – big tick. Those that rate a low on both scales are not fine (big cross) and effort needs to be directed towards addressing these. Re-engineering needs to occur either on the people compliance front or the process appropriateness front for the other quadrants.
You may have noticed that even where there is a tick against appropriateness and compliance, you can still get outcomes that you are not happy with. How do you know that a process is appropriate until an adverse consequence happens? That is why you need to also monitor outcomes.
What about small organisations?
Sure, small organisations have risks. They probably have proportionately larger risks than big organisations! Consider ‘key man’ risk as a prime example for small business. If an owner/operator or business principal were to get hit by the proverbial bus, then the risk of the business failing would be significant. This is less likely to have an impact where there are a large number of people available to fill a gap.
No matter the size of the organisation, if you are not thinking about risk then at best you will be inefficient. At worst, there will be high levels of risk that you have no control over.
What you gain from good governance
Good governance results in more control and awareness of risk events. Businesses can be proactive in addressing risk and in doing so reduce the potential cost of adverse consequences.
Reactively dealing with the consequences of risk events is almost inevitably higher than a little bit of pre-planning and preventative action. Losing files on your computer is a perfect example. If you have a safe and secure backup of your lost information, then the lost files are a temporary inconvenience. If you don’t, then here’s hoping you haven’t just lost a year’s worth of work!
How far does governance go? (Line of Sight)
In large organisations, boards have a governance role and the executive team manages the operations.
The board sets the risk appetite of the business. In practise, this means:
- Developing a vision and mission
- Developing and overseeing the risk management system
- Helping set parameters for policies, processes and procedures (with the executive team writing them) that enable execution of the strategy and mission
- Accepting or rejecting policies
- Accepting or rejecting strategies proposed by the executive team
- Monitoring outcomes of the risk management system including KPIs and targets
- Monitoring risk management processes
- Determining the competencies required to execute/undertake those processes and procedures
- Building a rewards structure that encourages people to provide personal leadership in the execution of those competencies.
We call the cascade from creation of vision and mission, right down to personal leadership Line of Sight between what an organisation is striving for and what people do.
Need help with setting up your corporate governance? Contact us today.