Risk Governance

ISO 31000:2018 30 Minutes

Risk governance refers to the frameworks, processes, and structures that organizations use to identify, assess, manage, and communicate risks effectively across all levels. It integrates risk management into decision-making, ensuring that risks are aligned with the organization’s objectives and that stakeholders are informed and involved. Risk governance establishes accountability and responsibility for risk-related decisions. It is rooted in principles of transparency, fairness, accountability, and inclusiveness, ensuring that risk management practices are not only systematic but also aligned with ethical standards and the organization’s overall goals. At its core, risk governance provides a structured approach to managing risks that could affect the organization’s ability to achieve its objectives. It emphasizes clear communication, consistent evaluation of risks, and the integration of risk considerations into strategic and operational planning. By doing so, it ensures that risks are proactively managed rather than reactively addressed, supporting sustainable growth and resilience.

Corporate governance

Corporate governance aims to ensure accountability and responsibility for running an organization efficiently, effectively, and ethically. It helps protect executives and employees as they perform their duties and builds trust among stakeholders by showing that the organization can achieve results that matter to them. Corporate governance involves many aspects, with risk management being a key part of an organization’s success. Most countries have rules requiring organizations to follow corporate governance standards. These rules are particularly strict for publicly listed companies, registered charities, and government entities. For example, companies listed on the London Stock Exchange must follow the UK Corporate Governance Code issued by the Financial Reporting Council. The goal of corporate governance is to ensure accountability, efficient performance, and ethical practices, and to protect employees and executives in their duties. It also builds stakeholder trust by demonstrating the organization’s ability to meet goals that matter to them. Countries take different approaches to enforcing corporate governance. Some use a “comply or explain” system, where organizations either follow the rules or explain why they didn’t and describe alternative methods used to achieve the same outcome. Other countries require full compliance with strict rules, allowing little to no flexibility. Corporate governance standards are responsibilities placed on the board of directors through laws and codes of practice. To improve governance, organizations might create a code of ethics for directors, establish delegation of authority documents, and require annual conflict-of-interest declarations. Board members may also receive governance training. Organizations typically form specialized committees with clear roles and memberships to support governance. These committees, often sub-groups of the board, might include a risk management committee, audit committee, disclosures committee, nominations committee, and remuneration committee. Regular reports on governance matters are presented at board meetings, often by the company secretary.

OECD principles of corporate governance

The OECD Principles of Corporate Governance are internationally recognized guidelines aimed at improving corporate governance practices worldwide. First introduced in 1999 and regularly updated, these principles provide a framework for companies, regulators, and policymakers to promote transparency, accountability, and fairness in corporate operations. The principles are designed to help organizations build trust with stakeholders, including investors, employees, and the public.Corporate governance refers to the system used to direct and manage organizations. It involves processes, controls, decision-making, and accountability at all levels, particularly at the highest level of an organization. Corporate governance ensures that senior management carries out their responsibilities effectively and ethically, with a strong focus on risk management as part of the overall structure. Good corporate governance emphasizes openness, honesty, and accountability in decision-making. This applies to all types of organizations, whether they are large or small, public or private. The Organization for Economic Cooperation and Development (OECD), an international body, has developed principles for corporate governance. These principles highlight the importance of protecting stakeholder rights, treating all stakeholders fairly, and ensuring their role in governance. They also stress the need for transparency and disclosure, with boards of directors being responsible for implementing these principles. The BS 13500 governance standard emphasizes that effective governance contributes to the success of both organizations and society. This standard encourages organizations to go beyond merely avoiding problems by defining responsibilities to different stakeholders and serving as a checklist for establishing a strong governance system. While having a governance framework does not guarantee success, it helps promote positive values and behaviors that support organizational effectiveness. Here is an overview of the OECD principles:

  • A robust framework should promote transparent markets, uphold the rule of law, and clearly define responsibilities among authorities, regulators, and stakeholders. It must also be adaptable to the legal, institutional, and cultural context of the country.
  • Protect the rights of shareholders, including the ability to vote in general meetings, transfer shares, and participate in major corporate decisions. Facilitate effective shareholder engagement and provide mechanisms for addressing grievances.
  • All shareholders, including minority and foreign shareholders, should receive equal treatment. Prevent insider trading and abusive practices. Ensure that voting rights are clearly defined and properly executed.
  • Recognize the rights of stakeholders as established by law or mutual agreements. Encourage active cooperation between the corporation and stakeholders to create sustainable wealth and employment.
  • Ensure timely and accurate disclosure of all material matters regarding the company, including its financial situation, performance, ownership, and governance. Provide access to information about policies on business ethics, related-party transactions, and risk management practices.
  • The board should guide corporate strategy, monitor management, and be accountable to shareholders and stakeholders. Board members should act in good faith, with due care, and in the best interests of the company. Boards should ensure compliance with legal and ethical standards, manage conflicts of interest, and oversee the integrity of financial reporting and risk management.

OECD principles of corporate governance

  • Effective corporate governance framework: Promote transparent and fair markets, efficient allocation of resources and be consistent with the rule of law and support effective supervision and enforcement
  • Rights and equitable treatment of shareholders: Protect and facilitate the exercise of shareholder rights and ensure equitable treatment of all shareholders, including minority and foreign shareholders
  • Institutional investors, stock markets and other intermediaries: Sound incentives throughout the investment chain and provide for stock markets to function in a way that contributes to good corporate governance
  • Role of stakeholders in corporate governance: Recognize the rights of stakeholders established by law or through mutual agreements and encourage active co-operation between corporations and stakeholders
  • Disclosure and transparency: Timely and accurate disclosure is made on all material matters, including the financial situation, performance, ownership and governance of the company
  • Responsibilities of the board: Strategic guidance of the company, the effective monitoring of management by the board and the board accountability to the company and the shareholders

London Stock Exchange Corporate Governance Framework

The London Stock Exchange (LSE) Corporate Governance Framework is built to guide companies in achieving high standards of transparency, accountability, and ethical behavior. This framework emphasizes the importance of robust governance structures for listed companies to build investor confidence and maintain market integrity. Companies listed on the LSE are expected to adhere to key principles outlined in the UK Corporate Governance Code, developed by the Financial Reporting Council (FRC). The UK Corporate Governance Code focuses on principles such as:

  • Leadership: Companies must have a clear division of responsibilities within the board to ensure leadership accountability and effective decision-making.
  • Effectiveness: Boards should include a balance of skills, diversity, and experience, with regular evaluations of performance to maintain effectiveness.
  • Accountability: Companies must implement sound systems of internal controls and risk management, with transparent financial reporting.
  • Remuneration: Executive pay should align with company performance, shareholder interests, and long-term success, avoiding excessive or inappropriate rewards.
  • Engagement: Companies should foster constructive relationships with shareholders and consider the interests of wider stakeholders, including employees and customers.

Listed companies must either comply with the principles of the UK Corporate Governance Code or explain any deviations in their annual reports, following the “comply or explain” approach. This ensures flexibility while promoting high governance standards. Additionally, the LSE encourages listed companies to integrate Environmental, Social, and Governance (ESG) considerations into their governance practices. This aligns corporate governance with broader societal goals and sustainability objectives, reflecting evolving investor priorities and global best practices.

The London Stock Exchange (LSE) provides guidance on corporate governance with a focus on making boards more effective. According to the LSE, corporate governance is about managing the organization efficiently and defining the roles and responsibilities of senior managers and board members. The LSE framework emphasizes two key aspects:

  1. The duties, obligations, and rewards of board members.
  2. Meeting stakeholder needs, which include their rights, involvement, and open communication.

The guidance highlights several important aspects of board responsibilities, including:

  • Deciding who sits on the board.
  • Ensuring board members are accountable.
  • Setting clear limits on authority delegated by the board.
  • Fairly compensating board members.

Board members are expected to fulfill their duties in five key areas to meet stakeholder expectations:

  • Developing and implementing strategies.
  • Promoting corporate social responsibility.
  • Managing risks effectively.
  • Overseeing audits and ensuring risk assurance.
  • Providing complete and accurate disclosures.

This framework ensures that boards operate responsibly while addressing the needs of stakeholders and maintaining organizational transparency.

The OECD principles and the LSE corporate governance framework outline the key requirements and structure for implementing corporate governance. However, the specific actions taken to meet stakeholder expectations in areas like strategy, corporate responsibility, audit, risk management, and disclosure may differ between organizations. Risk management should be seen as part of the broader corporate governance system. While the LSE framework identifies risk management as a distinct component, it also plays a role in supporting other areas like strategy, social responsibility, auditing, and reporting. Non-executive directors have a crucial role in corporate governance. The audit committee, typically made up of non-executive members, acts as the third line of defense. To be effective, non-executive directors are expected to:

  • Uphold the highest ethical standards.
  • Support executives in leading the organization.
  • Oversee and evaluate the actions of executives.
  • Question, discuss, and make decisions impartially.
  • Consider different perspectives from both inside and outside the board.
  • Build trust and respect among board members.
  • Advocate for strong corporate governance practices.
  • Ensure compliance with relevant governance codes.

These efforts help strengthen the organization’s governance and maintain accountability.

Corporate governance for a bank

Corporate governance in a bank refers to the framework of rules, practices, and processes through which the bank is directed and controlled. It ensures the bank operates efficiently, ethically, and in the best interests of its stakeholders, including depositors, shareholders, regulators, and the broader financial system. For banks, corporate governance is especially critical because they manage public funds and play a vital role in the stability of the economy. Good governance in banks helps build trust, reduce risks, and promote financial integrity.Corporate governance and risk management in financial organizations, like banks, are tightly controlled and regulated. Most financial institutions create their own corporate governance guidelines. These guidelines usually cover the qualifications and responsibilities of directors, the roles and authority of board committees, and plans for evaluating board performance and managing senior leadership succession. The corporate governance structure typically includes principles to guide the board of directors. These principles outline how board members should handle conflicts of interest, maintain confidentiality, and comply with laws and regulations. To ensure good governance, it is crucial to provide proper training and orientation for board members. New board members usually go through a program that covers:

  • Legal and regulatory requirements
  • Risk management practices
  • Capital management and financial reporting
  • Human resources and compensation policies
  • The roles of internal and external audits and the audit committee
  • Communication strategies, including branding

The global financial crisis pushed banks and financial institutions to reassess their corporate governance standards. For example, a review of a major national bank highlighted criticisms and governance failures, prompting improvements in their approach. Key elements of corporate governance in a bank include:

  1. Board Oversight: The board of directors is responsible for guiding the bank’s strategy, approving risk policies, and ensuring that management performs its duties effectively. A mix of executive and non-executive directors enhances objectivity and accountability.
  2. Risk Management: Banks face unique risks, including credit, market, operational, and liquidity risks. A sound governance framework requires robust risk management systems, with a risk management committee often overseeing these efforts.
  3. Regulatory Compliance: Banks are subject to stringent regulations to ensure financial stability and protect customer interests. Corporate governance ensures that banks comply with laws, standards, and guidelines from regulatory bodies like central banks or financial authorities.
  4. Transparency and Disclosure: Timely and accurate financial reporting and disclosure of key information are essential for maintaining trust and meeting regulatory requirements. Banks must provide clarity on their financial health, risk exposures, and governance practices.
  5. Stakeholder Interests: Governance practices in banks must balance the interests of various stakeholders, including shareholders seeking returns, depositors requiring safety, and regulators ensuring systemic stability.
  6. Ethical Conduct and Culture: Promoting an ethical work culture and holding leadership and employees accountable for their actions is critical in preventing fraud, misconduct, or conflicts of interest.
  7. Internal Controls and Audit: Strong internal controls help safeguard assets, detect irregularities, and ensure the accuracy of financial reporting. The audit committee, often comprising non-executive directors, oversees internal and external audits.

By adhering to strong corporate governance principles, banks can foster financial stability, enhance stakeholder confidence, and contribute to economic growth.

Corporate governance for a government Organizations

Corporate governance in government organizations focuses on ensuring transparency, accountability, and ethical behavior in the management and operations of public sector entities. These organizations are responsible for delivering public services and managing public funds, making effective governance essential to maintain public trust and achieve their objectives.

Government organizations often follow specific governance frameworks or codes established by national laws and regulations. These frameworks typically outline the roles and responsibilities of key stakeholders, such as board members, senior executives, and oversight bodies. Government organizations often have boards or governing councils responsible for strategic oversight. These boards may include independent members who bring expertise and objectivity to decision-making. Training and capacity-building for board members and staff are crucial to maintaining high governance standards. By adhering to these principles, government organizations can ensure the efficient use of resources, build public confidence, and achieve their goals effectively while maintaining accountability and integrity.

Key elements of corporate governance in government organizations include:

  1. Accountability: Public sector organizations must demonstrate accountability to taxpayers and stakeholders. This involves clear reporting structures, regular audits, and compliance with laws and policies.
  2. Transparency: Decisions and processes should be open and accessible to the public, ensuring that the organization’s actions are understandable and justifiable.
  3. Ethical Conduct: Government organizations are expected to uphold high ethical standards. Codes of conduct and ethics policies guide behavior and decision-making to prevent conflicts of interest and corruption.
  4. Risk Management: Identifying, assessing, and managing risks is critical to ensuring that public funds are used effectively and that services are delivered without unnecessary disruptions.
  5. Performance Management: Setting goals, monitoring progress, and evaluating outcomes are vital for maintaining efficiency and effectiveness in delivering public services.
  6. Stakeholder Engagement: Actively involving citizens, employees, and other stakeholders in decision-making processes ensures that the organization remains aligned with public needs and expectations.

For government organizations, strong corporate governance is often a requirement. In many cases, the main reason for focusing on risk management is to ensure that these governance systems are effective. This means the primary goal of risk management in government organizations is to support their governance frameworks. In contrast, for commercial organizations, corporate governance and risk management help achieve broader objectives, such as business goals or market success. Government departments, however, have a narrower focus, prioritizing accountability, value for money, and avoiding misconduct. Corporate governance in government organizations creates a system of control that promotes innovation, integrity, accountability, and strong management practices. Within this framework, staff responsibilities are clearly defined, and the process for reporting risk-related issues is established. Connecting risk management with corporate governance allows organizations to prioritize specific risks, such as ensuring value for money, maintaining business continuity, preventing fraud, and securing IT systems. The foundation of these governance efforts in government organizations is often based on the Nolan principles, which emphasize ethical behavior and public accountability.

Nolan principles of public life

  1. Selflessness: Holders of public office should act solely in terms of the public interest and should not seek benefits for themselves, their family or friends.
  2. Integrity: Holders of public office should not place themselves under any financial or other obligation to outside individuals or organizations.
  3. Objectivity: In carrying out public business, the holders of public office should make choices on merit.
  4. Accountability: Holders of public office are accountable for their decisions and actions to the public and must submit themselves to appropriate scrutiny.
  5. Openness: Holders of public office should be as open as possible about all the decisions and actions that they take and give reasons for their decisions.
  6. Honesty: Holders of public office have a duty to declare any private interests relating to their public duties and to take steps to resolve any conflicts.
  7. Leadership: Holders of public office should promote and support these principles by leadership and example.

Risk Management Policy of ABC

Purpose

The purpose of this policy is to establish a structured approach to identifying, assessing, mitigating, and monitoring risks that could impact the agency’s ability to achieve its objectives and deliver public services effectively. This policy supports accountability, transparency, and the efficient use of public resources.

Scope

This policy applies to all employees, contractors, and stakeholders involved in the agency’s operations, programs, and projects. It includes risks related to operations, finances, compliance, reputation, and information security.

Policy Objectives

  1. Protect Public Interest: Ensure the agency operates with integrity and delivers value for money.
  2. Promote Accountability: Clearly define roles and responsibilities for risk management.
  3. Support Decision-Making: Provide a framework for informed and confident decision-making.
  4. Enhance Resilience: Improve the agency’s ability to respond to unforeseen events and challenges.
  5. Ensure Compliance: Meet legal, regulatory, and governance requirements.

Risk Management Framework

The agency adopts a systematic process for managing risks, which includes:

  1. Risk Identification: Regularly identifying risks that could impact the agency’s goals and operations.
  2. Risk Assessment: Evaluating risks based on likelihood and potential impact, using a risk matrix.
  3. Risk Mitigation: Developing and implementing strategies to minimize or manage risks, such as control measures, contingency planning, and resource allocation.
  4. Risk Monitoring and Reporting: Continuously monitoring identified risks and emerging risks, with regular reporting to management and oversight bodies.
  5. Review and Improvement: Periodically reviewing the risk management process to incorporate lessons learned and improve effectiveness.

Roles and Responsibilities

  • Board or Oversight Committee: Provide strategic guidance on risk management and review significant risks.
  • Risk Management Team: Oversee the implementation of the policy and ensure consistent practices across the agency.
  • Managers and Staff: Identify and manage risks within their areas of responsibility and report significant risks to the risk management team.
  • Internal Audit: Independently review the effectiveness of risk management practices and provide recommendations for improvement.

Priority Risk Areas

The agency prioritizes the management of risks in the following areas:

  1. Compliance Risks: Ensuring adherence to laws, regulations, and policies.
  2. Operational Risks: Maintaining business continuity and service delivery.
  3. Financial Risks: Safeguarding against budget overruns, fraud, and inefficiencies.
  4. Reputational Risks: Protecting public trust and confidence in the agency.
  5. Information Security Risks: Securing data and IT systems against breaches and cyberattacks.

Governance and Reporting

The risk management process is integrated into the agency’s overall governance framework. Reports on risk management activities and key risks are presented regularly to the board or oversight committee. Significant risks requiring immediate attention are escalated as needed.

Review and Updates

This policy will be reviewed annually or when significant changes occur to ensure its relevance and alignment with the agency’s objectives.

Evaluation of board performance

Evaluating board performance is a vital part of maintaining strong corporate governance. It ensures that the board operates efficiently, fulfills its responsibilities, and aligns with the organization’s objectives. By assessing performance, the board can identify its strengths and areas needing improvement, enabling better decision-making, fostering accountability, and building trust with stakeholders. An effective evaluation helps the board refine its processes, adapt to changing circumstances, and align more closely with its strategic goals. The evaluation process examines various aspects of board function, such as strategic oversight, governance practices, risk management, decision-making, and individual contributions. It also looks at whether the board has the right mix of skills, diversity, and independence to perform its role effectively. The board’s relationship with senior management is another critical factor, as clear communication and appropriate delegation are essential for smooth operations. Evaluating these areas provides a comprehensive view of how well the board supports the organization. Different methods can be used to evaluate board performance. Self-assessments allow board members to reflect on their collective and individual contributions, while peer reviews offer valuable feedback from colleagues. External evaluations, conducted by independent experts, bring an unbiased perspective and can provide in-depth insights. Performance metrics, such as predefined key performance indicators (KPIs), can also help measure the board’s success in meeting its objectives. These methods ensure that the evaluation is thorough and balanced. The process typically begins with planning, where objectives and criteria are defined, followed by data collection through surveys, interviews, or reports. Analyzing the collected information helps identify trends, strengths, and gaps. Findings are then presented in a report, which outlines recommendations for improvement. Developing an action plan to address these gaps and monitoring progress ensures that the evaluation leads to meaningful change. Regular follow-up ensures continuous improvement and adaptability. Conducting regular board evaluations brings numerous benefits. It enhances accountability, transparency, and stakeholder confidence while fostering a cohesive and effective board team. It also highlights skill gaps and training needs, ensuring the board remains equipped to meet future challenges. Ultimately, board performance evaluation is an ongoing process that supports robust governance and organizational success.

The board is ultimately responsible for setting the organization’s strategy and ensuring proper governance. The executive management, led by top executives, is responsible for running the organization. In many cases, executive directors are also members of the board, forming a unitary board. Some organizations have a supervisory board made up only of non-executive directors, and the executive directors meet separately as the executive committee. This separation of executive and non-executive directors is called a two-tier board structure, which is more common in certain countries, charities, and public-sector organizations. Regardless of the structure, the board has a range of responsibilities and typically identifies issues it will retain control over, called matters reserved for the board. One important responsibility that is not delegated is setting the organization’s risk appetite. After determining what matters will remain under the board’s authority, the board will decide how to delegate responsibility for other areas. Large organizations often create a delegation of authority statement, which outlines how authority is shared within the governance structure. Within the organization, executive directors, managers, and staff are the first line of defense in ensuring proper governance, including risk management and internal controls. The board should be aware of the risk management functions within the organization and their role as the second line of defense. Non-executive directors, typically members of the audit committee, represent the third line of defense in ensuring strong risk governance.

Evaluating the effectiveness of the board

  1. Membership and structure
    • Does the board have the necessary range of knowledge, skills and experience?
    • Is there appropriate turnover of board membership to ensure new ideas?
    • Are the sub-committees of the board effective, with appropriate delegated authority?
    • Are board decision-making processes satisfactory, with adequate information available?
    • Do communication processes exist between board members outside board meetings?
  2. Purpose and intent
    • Do all board members understand and share the vision and mission?
    • Do members of the board understand the objectives and position statements?
    • Is there sufficient knowledge and understanding of the significant risks?
    • Are board members sufficiently involved with the development of strategy?
    • Have measurable budget and performance targets been put in place?
  3. Involvement and accountability
    • Does the board have shared ethical values, including openness and honesty?
    • Are the established policies unambiguous and consistent with the ethics?
    • Do board members understand their duties, responsibilities and obligations?
    • Is there a feeling of mutual trust and respect at board meetings?
    • Are adequate delegation and authorization procedures in place?
  4. Monitoring and review
    • Is there sufficient monitoring of performance using appropriate measurements?
    • Does the board challenge planning assumptions when and where appropriate?
    • Does the board demonstrate the ability to respond rapidly to changes?
    • Is there a mentality that demands continuous improvement in performance?
    • Does the board assess financial and other controls and seek assurance on compliance?
  5. Performance and impact
    • Is there a satisfactory level of attendance at board, committee and other meetings?
    • Are board decisions and actions fully recorded and actions tracked and confirmed?
    • Are the agreed targets and performance indicators evaluated and assessed?
    • Is the impact of board decisions and actions evaluated in a timely manner?
    • Is there an emphasis on accuracy, honesty and open reporting to external agencies?

Evaluation of board performance is a critically important part of the corporate governance arrangements for any organization. The areas for evaluation are as follows:

  • membership and structure;
  • purpose and intent;
  • involvement and accountability;
  • monitoring and review;
  • performance and impact.

The checklist focuses on corporate governance effort and on the level of performance of the board. When deciding issues related to strategy, tactics, operations and compliance, the board will need to ensure that adequate procedures are in place for reaching decisions. These decisions will result in a course of action and the implementation of that course of action needs to be monitored. The course of action will result in some outputs, and these need to be evaluated in terms of the impact that is achieved. When evaluating the effectiveness of the board, the impact of its decisions is the ultimate test. The level of impact can then be evaluated against the vision, mission and objectives of the organization.

A good organizational structure helps manage risk effectively. The structure should be suitable for the organization, but generally, it includes three levels of governance for managing risk:

  1. The first level involves those directly responsible for managing and controlling risk, such as staff, management, and the board within the operational business units.
  2. The second level focuses on coordinating, supporting, and overseeing the effectiveness of the risk management framework, such as through a risk committee or a risk management function.
  3. The third level provides independent assurance and oversight to ensure the risk management framework is effective and reliable, such as through internal and external audits.

Interested parties of stakeholder’s Expectations

In Enterprise Risk Management (ERM), stakeholder or interested parties’ expectations refer to the needs, concerns, and priorities of individuals, groups, or entities that are affected by or can affect the organization’s activities, decisions, and overall performance. Stakeholders can include customers, employees, investors, regulators, suppliers, community members, and any other parties with a vested interest in the organization’s operations and outcomes. Understanding and addressing these expectations is vital for successful ERM, as stakeholders influence the organization’s reputation, decision-making processes, and long-term sustainability. In ERM, stakeholders’ expectations often guide the identification and management of risks that could affect the organization’s ability to deliver value or meet its objectives. Organizations must balance competing priorities, such as ensuring profitability for investors, maintaining compliance for regulators, and upholding ethical standards for the community. Effective ERM frameworks integrate these expectations into risk management processes to ensure the organization not only avoids harm but also capitalizes on opportunities to enhance trust, performance, and value creation.

Organizations have many stakeholders, including some they might not prefer. For example, if a distribution company plans to expand its depot, local residents might object. Even if the company doesn’t want to recognize them, these residents are still stakeholders because they are affected by the company’s activities. According to ISO Guide 83, the term “interested party” is preferred, but “stakeholder” is also acceptable. ISO Guide 73 defines a stakeholder as any person or group concerned with, affected by, or believing they are affected by an organization. A typical organization has various stakeholders, which can be grouped as CSFSRS: customers, staff, financiers, suppliers, regulators, and society. These stakeholders often have conflicting expectations. For instance, employees may want higher wages, while shareholders prefer maximizing profits. It is the management’s role to balance these competing interests and find solutions that work for all parties. Different organizations will have different types of stakeholders. In government agencies, the general public is a key stakeholder, with specific groups depending on the agency’s purpose. For companies with environmental impacts, like energy firms, environmental activists may also be stakeholders, even if they are seen as unwelcome. For example, a coal-based power company might face opposition from local communities concerned about pollution, leading to conflicts between the company’s goals and the community’s expectations.Business process re-engineering (BPR) is a method to make an organization’s processes and operations as effective and efficient as possible. BPR often begins by identifying stakeholders and their expectations. The organization’s core processes, which are the main activities essential to its operations, are then designed to meet these shared expectations. For example, in a power company, generating electricity is a key process. This process matters to various stakeholders, including customers, employees, and investors. By focusing on a few critical processes that cover strategy, operations, and compliance, the organization can evaluate potential risks to these processes and embed risk management into its overall structure. The type of stakeholder involved will determine the questions asked about the organization’s risk awareness, efforts to improve risk management, and governance systems. Stakeholders have the right to know about the organization’s risk profile, plans for risk improvement, and how risk performance is monitored. They also need information on the organization’s risk appetite and how it incorporates risk considerations into its strategies. Understanding the different expectations of various stakeholders, even if they conflict, can help create better alignment and communication within the organization.

Example of stakeholder expectations related to ERM for an oil and gas company

In an oil and gas company, stakeholder expectations related to Enterprise Risk Management (ERM) vary widely and often intersect with critical areas of business strategy, operations, and sustainability. Here’s an example:

  1. Customers: Customers expect a reliable supply of oil and gas products at competitive prices. They also increasingly demand environmentally friendly practices, including a commitment to reducing greenhouse gas emissions and adopting cleaner energy solutions.
  2. Employees: Staff expect a safe working environment, especially given the hazardous nature of oil and gas operations. They also look for fair compensation, career development opportunities, and transparent communication about risks that may affect job security or workplace safety.
  3. Investors and Financiers: Shareholders and lenders expect strong financial performance and stable returns on investment. They also prioritize the company’s ability to manage risks such as fluctuating oil prices, regulatory changes, and the transition to renewable energy. Demonstrating effective risk management practices is critical to maintaining investor confidence.
  4. Regulators: Government authorities and regulatory bodies expect compliance with local and international laws, including health and safety regulations, environmental standards, and anti-corruption measures. Failure to meet these requirements can result in fines, legal actions, or reputational damage.
  5. Suppliers: Vendors and contractors expect timely payments and long-term relationships. They also look for clear terms regarding safety protocols and quality standards to minimize risks in the supply chain.
  6. Society and Communities: Local communities, especially those near extraction sites, expect responsible operations that minimize environmental damage, provide economic benefits such as jobs, and respect cultural and social norms. Public pressure for sustainable and ethical business practices is also growing.
  7. Environmental Groups: Advocacy organizations expect the company to reduce its carbon footprint, adopt renewable energy solutions, and manage risks related to pollution, biodiversity, and climate change.

The ERM framework for an oil and gas company must address these diverse expectations. It involves identifying, assessing, and managing risks that could affect the company’s ability to meet stakeholder needs. Examples include developing emergency response plans for oil spills, implementing safety measures in drilling operations, and diversifying investments into renewable energy to address long-term market shifts and environmental concerns.

Communication with Stakeholder

Communication with stakeholders is about sharing information and maintaining a good relationship based on mutual understanding of the organization’s goals. The board has the ultimate responsibility for ensuring that these communications are effective, although specific staff members may handle day-to-day interactions with certain groups. The type and amount of information shared depend on the stakeholder’s interests. For example, shareholders typically want updates on financial performance, while lenders may focus on the organization’s financial stability and repayment plans.

Effective communication helps the organization understand stakeholder expectations and address any conflicting interests. This dialogue also supports transparency and trust, which are critical for maintaining strong stakeholder relationships. In addition to regular communication, organizations should encourage open channels like whistleblowing, as it can provide valuable insights and help identify potential risks or issues early on. Talking to stakeholders should involve a shared understanding of the organization’s goals. The board is responsible for making sure this communication is effective. While certain employees may handle regular interactions with specific stakeholder groups, the board has overall responsibility for these relationships. Most of the communication will center around providing clear and accurate financial information. The type of information shared will vary depending on what each stakeholder group needs. For example, shareholders want different details compared to banks that fund the organization. To fully understand the risks an organization faces, it’s important to analyze stakeholders and what they expect. Identifying stakeholder expectations is a key part of assessing the external factors affecting the organization. Sometimes, stakeholders may have conflicting or opposing demands. Clear communication with stakeholders is essential, including mechanisms like whistleblowing. Whistleblowing can provide valuable insights to the organization and should be encouraged.

  • General
    • A clear statement of strategy and vision
    • Corporate profile and principal markets
  • Financial data
    • Annual report and financial statements
    • Archived financial information for the past three years
  • Corporate governance and CSR
    • Information related to compliance with Combined Code
    • Information on the company CSR policies
  • Shareholder information
    • Shareholder analysis by size and constituent
    • Information on directors’ share dealings
  • Relevant news
    • Access to all news releases and presentations
    • Developments that might affect the share value

Whistleblower policy

A whistleblower policy in Enterprise Risk Management (ERM) is designed to encourage employees and other stakeholders to report unethical behavior, misconduct, or violations of policies and regulations without fear of retaliation. It plays a critical role in identifying risks related to fraud, corruption, or non-compliance that may not be detected through routine controls or audits. The policy is an integral part of good governance and risk management, as it fosters transparency and accountability. The policy typically outlines the procedures for reporting concerns, ensuring confidentiality, and protecting whistleblowers from retaliation. It should specify the channels available for reporting, such as a hotline, dedicated email, or an independent third-party service. Additionally, the policy includes provisions for investigating reported concerns, taking corrective actions, and ensuring that whistleblowers are not penalized for raising genuine concerns. For example, in an oil and gas company, a whistleblower policy might help address risks related to environmental compliance. Suppose an employee notices illegal dumping of hazardous waste by a contractor. The whistleblower can report this activity through the established channels. The company investigates the matter, takes corrective action by terminating the contractor’s services, and reports the violation to the relevant authorities. Simultaneously, the whistleblower is protected from any retaliation, reinforcing a culture of openness and ethical behavior. Such a policy not only helps mitigate risks but also builds trust among employees, stakeholders, and regulators, contributing to the overall integrity of the organization’s risk management framework.

Managing Interested parties’ or Stakeholder’s expectations by Core processes, strategy, tactics and operations.

Managing stakeholder expectations involves aligning the organization’s core processes, strategies, tactics, and operations with the interests and needs of its stakeholders. Core processes represent the essential activities that deliver value to stakeholders, while strategies, tactics, and operations define how these processes are executed to meet organizational goals and stakeholder expectations. Core processes focus on delivering the organization’s primary value. For example, in a manufacturing company, the core processes could include product design, production, and distribution. Each of these processes directly impacts stakeholders such as customers, employees, suppliers, and regulators. By optimizing these core processes, the organization can ensure that stakeholder expectations, such as high-quality products, timely delivery, and compliance with standards, are consistently met. Strategy sets the long-term direction for meeting stakeholder expectations. It defines overarching goals and the approach to achieve them. For instance, an organization may adopt a sustainability strategy to address societal and environmental concerns, thereby aligning with societal stakeholders’ expectations while maintaining profitability for shareholders. This strategic alignment ensures that stakeholder needs are considered at the highest decision-making level. Tactics translate strategies into actionable plans, detailing specific initiatives and programs to address stakeholder concerns. For example, if a company’s strategy involves enhancing customer satisfaction, a tactical approach might involve launching a customer feedback program to improve products and services. These tactical measures help in balancing diverse stakeholder interests, such as those of customers and shareholders. Operations focus on the day-to-day activities that implement tactical plans and core processes. Efficient operational management ensures that the organization consistently meets stakeholder expectations. For instance, maintaining high operational standards in a service company can ensure customer satisfaction and loyalty, fulfilling the expectations of both customers and employees. By integrating stakeholder expectations into core processes, strategy, tactics, and operations, organizations can create a cohesive approach to managing these relationships. This not only builds trust and alignment with stakeholders but also strengthens the organization’s ability to achieve its objectives while minimizing risks.

1.Core Process :

Core processes are essential to meeting stakeholder expectations and are influenced by the organization’s internal and external context. A risk can be seen as an event that could impact the ability to meet these expectations. This perspective helps identify both internal and external stakeholders, as well as their expectations in the short, medium, and long term. Core processes can be categorized into strategic, tactical, operational, and compliance processes (STOC). While compliance processes are separate, they also support and reinforce the other types of processes. Strategic processes focus on setting the organization’s future direction, tactical processes turn strategy into actionable changes, and operational processes deal with day-to-day activities like managing people, information security, health and safety, and business continuity. Compliance processes ensure adherence to regulations and ethical standards, forming the foundation for all other processes. A stakeholder-focused approach has several benefits. It enables a thorough review of core processes in relation to what stakeholders expect, helping balance these sometimes conflicting expectations. Risks associated with meeting stakeholder expectations can be identified, analyzed, and managed effectively. This method is also a cornerstone of business process re-engineering (BPR), which aims to refine core processes to align with shared stakeholder expectations. By analyzing expectations, organizations can identify shared goals and adjust their processes to meet them. However, this approach requires significant time and effort. BPR, in particular, can be a demanding process if done thoroughly. Despite this, the benefits include identifying core processes most vulnerable to risks and determining which stakeholders are most likely to feel dissatisfied if their expectations are not met. This allows organizations to prioritize risk management efforts and improve overall performance in meeting stakeholder needs.

2. Strategy:

Research has shown that poor risk management decisions about strategy can harm an organization more than mistakes in managing operations or projects. Stakeholder expectations are met through the organization’s core processes, which can be categorized as strategic, tactical, operational, or compliance (STOC). Strategic core processes are the most critical and must be highly robust to satisfy major stakeholders like financiers and shareholders, who prioritize the organization’s long-term success. For example, workers might expect better cafeteria facilities. To meet this expectation, the organization may need a strategic core process to oversee the construction of a new cafeteria. This would require significant investment and backing from financiers. To gain their support, the organization must understand their expectations and ensure the plans for the cafeteria and its financial arrangements meet their requirements. The construction itself would be a major project, involving a different set of stakeholders whose expectations also need to be managed effectively.

Tactics

Tactical stakeholders often differ from those focused on an organization’s operations. For example, when tactics involve product improvements, new production methods, or responding to technological changes—typically requiring a project—financing is crucial. This makes financial institutions key stakeholders in such initiatives. Other stakeholders may include contractors and professional specialists like architects. Employees also play a vital role in implementing tactical changes. They have a strong interest in operational matters and are key stakeholders in the organization’s day-to-day activities. Successfully adopting new work practices or product changes depends heavily on staff support, which makes effective communication with them essential. It’s important to carefully consider how projects, developments, or changes will impact all stakeholders. By thoroughly evaluating these impacts, surprises can often be avoided. Both internal and external stakeholders affected by the project should be taken into account, including considerations like environmental effects during and after construction, and changes to staff working conditions. Involving individuals outside the organization in project planning can help identify potential issues and better understand the broader effects of the work. Ultimately, the success of stakeholder engagement often depends on the level of detail considered. Even for successful projects, addressing key stakeholder concerns early can help minimize negative impacts and ensure smoother outcomes.

4 Operations:

Many groups of stakeholders are connected to an organization’s operational activities. For example, visitors are key stakeholders concerned with safety and communication. They are also interested in practical aspects such as transport, access, and the facilities provided by the organization. Pharmaceutical companies, being large organizations, deal with a wide range of stakeholders. For instance, a company producing essential medication has a responsibility to ensure its continuous availability to patients. Patients should be considered important stakeholders with clear expectations about the medication’s availability and effectiveness. Operational stakeholders often include customers, suppliers, and others impacted by disruptions to the organization’s smooth functioning. For instance, customers may face inconvenience if a hazard risk occurs. Similarly, suppliers rely on the organization’s regular operations, as disruptions could mean their products or services are no longer needed, causing them to suffer as well.

5. Employee representation on the board

Board-level employee representation means having employee representatives on the company’s supervisory board, board of directors, or similar governing bodies. These representatives are usually elected by the employees, appointed, or chosen to represent the workforce’s interests. They might be company employees, union officials, or others acting on behalf of employees. Unlike workplace groups like works councils, board-level representation focuses on providing employee input into the company’s overall strategic decisions rather than just dealing with day-to-day operational matters. In most Western European countries, employee representatives are usually in the minority on the board. Their role typically involves gaining information, understanding the company’s strategy, and sharing opinions and arguments about its direction. However, in some cases, where employee representatives have equal numbers to shareholder representatives, they may have significant influence over company strategy, including the ability to veto decisions. This is sometimes referred to as “co-determination.” Employee representation on the board is valuable in Enterprise Risk Management (ERM) because it ensures that employee perspectives and insights are integrated into the organization’s strategic decision-making and risk management processes. This inclusion benefits ERM in several ways:

  1. Improved Risk Awareness: Employees often have firsthand knowledge of operational risks, safety concerns, and process inefficiencies. Their representation ensures these insights are communicated directly to the board, leading to more informed risk management strategies.
  2. Enhanced Communication: Employee representation fosters open communication between the workforce and the board. This helps in understanding risks from different levels of the organization and ensures that risk mitigation strategies are practical and well-received by employees.
  3. Alignment of Interests: Including employees in board discussions ensures that decisions align with the workforce’s needs and expectations. This reduces the risk of decisions that could negatively impact morale, productivity, or workplace culture.
  4. Support for Implementation: Employees are key stakeholders in implementing risk management initiatives. Their representation can ensure that planned actions are realistic and feasible, increasing the likelihood of successful execution.
  5. Ethical and Sustainable Decisions: Employee representation can help the board consider broader social and ethical implications of strategic decisions, ensuring a balance between profitability, employee welfare, and long-term sustainability.
  6. Early Warning of Risks: Employees can often detect emerging risks or operational issues before they escalate. Their input at the board level provides an early warning system, allowing for proactive risk management.

By integrating employee representation into ERM, organizations create a more inclusive, balanced, and comprehensive approach to identifying and addressing risks, fostering a culture of trust and collaboration.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply