Governance

“How do you explain linking Governance to
Risk Management?”

From RiskVeda’s point of view, governance is the architecture of leadership used by top people within an organization to guide and oversee achievement of its long-term objectives.

“Governance” is much misunderstood because of its association with “corporate governance”, the definition and application of which has dominated the governance conversation for the past several years. But governance at the corporate level is only one application of this discipline.

Governance is produced through the collective efforts of people at the top of an organization – owners, directors, and executive management, as the case may be depending on whether the entity is, for example, a sole proprietorship, a family owned company, or a publicly held corporation.

Regardless of who occupies the top, governance is functionally the same in each type of entity; the degree of formalization and mode of operation however, will differ according to the distribution of responsibility between owners, directors and top management as determined by discretion or law.

Governance includes the following key activities:

  • Definition of purpose, values and long term direction;
  • Identification of key risks and development of risk policies;
  • Formulation of strategy and its linkage to purpose, direction and risk;
  • Developing financial plans and budgets and reviewing performance;
  • Deciding and managing capital adequacy relative to risks assumed;
  • Ensuring the sufficiency and competence of top management;
  • Allocation of authorities and approval of high risk exposures;
  • Managing the financial compensation/risk-taking relationship;
  • Reviewing risk management performance and controls effectiveness;
  • Application of a dynamic risk-based accountability system.

The board’s role is always about how an enterprise’s key risks are managed. This requires directors to comprehend and embrace an institution’s risks and for the board to operate with the structure, processes, and competencies to effectively supervise risk management.

RiskVeda’s governance expertise, based on consulting experience, is about building the governance architecture as described above, whether or not an organization is incorporated. In the case of a public company board, which requires the most formalization due to transparency, accountability and disclosure concerns, we prepare the board on three fronts:

  1. Where and how to engage the CEO on enterprise risk management.
  2. How to organize and resource itself to provide effective risk-based governance.
  3. How to mitigate operational risks that threaten board effectiveness.

We have worked with boards to enhance their capability on all three fronts. In particular, we emphasize practices to overcome the pervasive reality that directors often lack inner knowledge of an entity’s business to constructively intervene in problem solving and decision-making.

In successful companies, the board complements management towards fulfilling its role, and vice-versa. The work that RiskVeda does in governance is to make organizations successful.