From board-level down and frontlines up: why integrated risk management is key
As a result of the seismic changes from the pandemic, and a growing ESG movement, the need for an integrated and holistic approach to risk management has never been greater.
Diligent, a modern governance company providing SaaS solutions across governance, risk, compliance, audit and ESG, was originally founded in New Zealand as a business focussed entirely on board governance. Dan Zitting, chief product and strategy officer at Diligent explained the company’s software was originally intended to help organise, secure and provide an environment for collaboration in board meetings.
Since it was founded, Diligent has grown its footprint to position itself as a global leader in modern governance software. Over 25,000 customers across 130 countries, including 85% + of FTSE 100, use Diligent’s software to lead with purpose through a modern view of governance, risk, compliance, audit and ESG.
To stay ahead of the market, Diligent has expanded in recent years to build out a portfolio of tools for managing risk, compliance, audit, ESG and other matters of governance. “The vision is to be able to build a well-governed organisation that is equitable, from the board level down and from the frontlines of the organisation up,” Zitting said.
Why is it important to take an integrated approach?
Historically, companies have not successfully fostered an integrated approach to risk management. According to Zitting, organisations tend to manage risks in silos, for example, cybersecurity in one silo and ethical compliance in another.
However, Zitting said there is a strong movement across the globe, where not only are governments and regulations demanding a better view and disclosure of how well a company is managing risk across different areas, but investors are also demanding that. Environmental, Social and Corporate Governance (ESG) is a prime example of this.
“A large proportion of investment is now being directed into funds that only target sustainable businesses with high ESG ratings: investors are demanding it,” Zitting said. Moreover, customers, whether that be consumers or businesses, are increasingly requiring that their suppliers are sustainable and aligned with ethical requirements through their entire supply chain.
The result of these demands, which are coming from investors, customers, governments and further still, employees who want to be part of a certain type of organisation, is that risk management has been thrust into the spotlight.
“Risk management has been listed squarely out of the departmental approach, or even chief risk officer level, to where the CEO and the board are demanding a picture of risk and governance as a whole.” This view allows them to deliver assurance across the organisation and to investors, customers and internal stakeholders, like employees.
What’s more, having access to this holistic picture of risk allows companies to know where to direct investment, if they for example, want to improve their overall ESG position.
The impact on ESG and ‘greenwashing’
An integrated approach to risk management can provide a taxonomy and methodology for evaluating and quantifying risk that is comparable between different areas. “For a financial institution for example, they will have risk around credit and lending, risk around liquidity, and also risk around carbon emissions, money laundering, terrorist financing, and cybersecurity. So, it helps you understand how severe and how fast-moving those risks are, in a comparable way,” Zitting said. In this manner, companies can decide where to invest time and attention to reduce that risk.
When it comes to ESG reporting, Zitting explained that just the simple act of disclosing, say carbon emissions, poses the risk of so-called “greenwashing.”
“This is because you are basically just asking the question: how are we doing? And putting forward a best answer. Whereas, if you take our risk management practices, apply it to the accounting for carbon emissions for example, you can get a quantified picture and understanding of where you actually are with carbon emissions, or any other environmental factor, and how severe the risk of missing targets.”
According to Zitting, this is the “nuts and bolts” that can reduce the potential for greenwashing that can arise from just doing disclosures versus managing the actual risk of environmental damage.
Becoming a board level concern
Risk management has become more of a board level concern in recent years, a trend that was undeniably accelerated as a result of the pandemic.
Zitting said that financial institutions have always been better at risk management, as this is part of their core capability. Banks manage credit for example, and evaluating risk is innate to an insurance company. However, this has not always extended to a number of other areas of risk, and the pandemic brought that issue to the forefront.
“The pandemic was a massive risk event that caused significant change in velocity and change of risk. It affected everything. From people working remotely, which created new cyber risks, to risks of businesses’ cash flow from having to shut down physical locations. It was a pervasive event that highlighted the value of ongoing risk management.”
Furthermore, a number of other events soon followed the pandemic, Zitting continued. This included social justice movements and acceleration in the momentum behind ESG. Across all of these issues, the common thread is risk. This has resulted in boards recognising the importance of risk management and creating risk management committees to that end.
Cultivating a risk culture
Developing a more risk-focused culture is how risk management can be ingrained through an organisation. If there is a risk culture and a methodology in place, Zitting said, the organisation will be better prepared to come up with a response plan to risks that may emerge.
What’s more is that employees are increasingly demanding this from their workplaces. “We all want to work in places that are optimised and stabilised for these [pandemic-like] events. Not only from a job security standpoint, but also the modern employee base overwhelmingly wants to work in organisations that they think have a positive impact on the world. A risk culture is very indicative of that.”
How can organisations achieve this? Zitting said the first step begins at the top, such as having a risk committee, risk being on the boards’ agenda, and risk being something the CEO cares about. “This will inevitably create a tone from the top, of balancing both risk and opportunity.”
From there, having a chief risk officer also sets the tone that risk is important at the executive team level, Zitting continued. “It is important also to empower that chief risk officer to actually have, if not direct reporting lines, at least influence over different areas that may exist across the institution from different areas of financial operations.”
What’s next for Diligent?
Although Diligent is focusing on a number of areas, Zitting said one key area is making better, more immediate data and information available to the manager, senior management team and board.
“We are increasingly powering not only the company’s internal data, but interpretation of that data with machine learning, as well as data from the outside world. Things such as climate modelling for example, which can really help provide not only an internal view of how well we are doing in risk management, but also an external view.”
This may seem obvious and simple, however Zitting stressed that an overwhelming majority of boards operate using PowerPoint slides at quarterly board meetings, which use static information and therefore are not up to date. “This just doesn’t help directors become as literate in these topics as they could be with real time insights. We are excited to be launching some new technology to enable that,” he said.
Copyright © 2023 FinTech Global