Old habits sometimes die hard. In my husband's case, he insists on soaking the dishes before putting them into the dishwasher. I prefer to scrub them with a sponge, rinse and put them aside until the current load is finished, the machine is emptied and there is room to add the next set. After twenty-two years of otherwise marital bliss, you would think that we would have the whole kitchen clean-up dance choreographed and down to a science. Yet, here we are on a Sunday night, talking about the best way to clean the dishes...again. The good news is that we have squeaky clean dishes. The less than good news is that it would be better in my view to discuss the issue thoroughly, agree on a process and then allocate work accordingly instead of each of us spending time on a basic task that should be easy enough to master without repeatedly going over the same thing.
Now if talking about cleaning dishes is the extent of disagreement in any relationship (marriage or otherwise), life is good. It does get you thinking however about interpersonal dynamics, leadership and how to accomplish a goal, especially when things are more complicated.
Managing enterprise risk management ("ERM") is a good example of a task that requires care and coordination and is arguably more complex than pulling out a scrub brush. According to a recent McKinsey & Company survey about improving board governance, others concur. In their August 2013 write-up of results, authors Chinta Bhagat, Martin Hirt and Conor Kehoe write that "...most boards need to devote more attention to risk than they currently do. One way to get started is by embedding structured risk discussions into management processes throughout the organization."
In "Risk Management and the Board of Directors" by Martin Lipton et al (Bank and Corporate Governance Law Reporter, February 2011), the role of oversight is distinguished from "day-to-day" risk management. The authors write "Through its oversight role, the board can send a message to the company's management and employees that comprehensive risk management is neither an impediment to the conduct of business nor a mere supplement to a firm's overall compliance program, but is instead an integral component of the firm's corporate strategy, culture and business operations."
According to a 2009 publication entitled "Effective Enterprise Risk Oversight: The Role of the Board of Directors" by the Committee of Sponsoring Organizations of the Treadway Commission ("COSO"), board oversight entails several important actions. These include the following:
- Comprehend an organization's philosophy about risk and "concur with the entity's risk appetite," otherwise defined as its risk tolerance for alternative ways to create shareholder wealth;
- Assess whether management has put effective risk management processes in place in order to identify, measure and manage key sources of uncertainty;
- Regularly carry out a study of an organization's portfolio of risks in the context of stated risk tolerance goals; and
- Evaluate whether management is "responding appropriately" to factors that could seriously erode enterprise value.
Hopefully, readers agree that the topic of risk management oversight should be important to pension plans and other types of institutional investors that invest in companies directly or by purchasing corporate stocks and bonds. Looking askance or ignoring the topic altogether is ill-advised.
In a recent conference call about vendor selection for a relatively large ERISA plan, I was surprised when one of the callers admitted to not having yet vetted the risk management controls in place for a candidate service provider. Worse yet, he thought doing so was a bad idea since "the numbers spoke for themselves."
Certainly insurance underwriters are taking a further look at their exposure. Professors David Pooser and Kathleen McCullough, on behalf of the Professional Liability Underwriting Society ("PLUS") Foundation, explain that more attention is being paid to the oversight role of directors in the aftermath of recent financial crises. In "How is Enterprise Risk Management Affecting the Directors' and Officers' Liability Exposure?" (September 1, 2013), they write that "Better governance control through ERM should make a firm a more appealing risk for D&O insurers to write. ERM becomes especially important if it signals that the corporation is less risky and better controlled than others, and therefore may be a useful tool to D&O insurers, regulators, and other monitors."
Understanding Directors and Officers ("D&O") oversight of a firm's enterprise risk management activities is not exactly the same thing as settling on how best to get the dishes clean. However, both activities are important, require that collaborative discussions take place and actions ensue.