Empower the Business to Take Better Ownership of Risk
Part of Assurance's role will be giving good advice on the right risks to take to grow, but another part of managing the burden will be equipping the wider business to own and manage risks effectively itself.
March 20, 2020 at 01:00 PM
5 minute read
Credit: MJgraphics/Shutterstock.com
Assurance functions face a more difficult landscape that ever before, and the recent coronavirus outbreak shows us exactly why there's a need for insight into risk at the front and midline. Part of Assurance's role will be giving good advice on the right risks to take to grow but another part of managing the burden will be equipping the wider business to own and manage risks effectively itself.
Our survey on employee risk ownership shows considerable benefits for those organizations that have successfully empowered the business to take control of risks better. For example, the likelihood of acting on observed risk jumps 32 percentage points, the likelihood of reporting an identified risk jumps 19 percentage points, and the employee confidence in owning risks increases 57 percentage points.
We call this type of risk management an empowered approach, as opposed to a more traditional prescriptive approach where assurance functions simply assign ownership to business units. The benefits are not limited to risk management either. Empowered employees are around three times more likely to overperform in individual, team and corporate financial goals.
So, what do Assurance functions need to do to create an empowered organization?
1. Clarify risk management roles and responsibilities
Educate employees on the need to act on risk as well as the necessary actions required of them. Often, we see that conflicting messages about risk management roles and unclear direction about what the business should be doing have undermined business ownership of risk.
So before educating the business, Assurance leaders must clarify risk management roles and responsibilities by engaging across functions to identify optimal risk owners; they should coordinate between assurance functions to minimize conflicting risk management expectations among business partners; and lastly they should build a framework that clarifies which tasks require compliance expertise and which do not.
When everyone is on the same page about what the key risks are and who is responsible for monitoring and acting on them, Assurance are in a stronger position to educate and empower their colleagues in the business.
2. Provide tools and resources to enable business ownership
This step is about empowering those in the business to act on risk. Provide the necessary coaching, guidance, tools and resources to enable more independent risk decision making. Where possible, do not act for or instruct the business but enable it to act for itself.
The biggest roadblocks we see here are limited guidance and inaccessible tools and resources. 57% of employees say they can't obtain the tools they need to manage risk. One in three say they don't receive any guidance in this area.
To solve this challenge Assurance leaders must place compliance's tools, reports and data in the hands of frontline employees and leaders. Think about resources that enable business leaders to discuss, prioritize and action-plan risk such as discussion prompts and sample conversation topics. Provide self-service resource centers that offer comprehensive risk guidance and teach the business how to make the right decisions by increasing the transparency of the risk process and democratizing risk reduction strategies.
3. Create accountability for risk ownership
This kind of business empowerment relies on employees feeling directly responsible for risk management. Our survey found that only 42% felt that they or their peers are held accountable for managing compliance risks.
Business leaders are often willing to own risk but face competing priorities and often perceive risk to be someone else's problem to manage. Assurance leaders can overcome this by holding business units accountable for process discipline and the mitigation of risks that arise in their workflows.
This is best accomplished by helping the business leadership narrow down on a small set of compliance risks and regularly monitoring their progress in managing them. Also, it's important to discuss business ownership of compliance risks at the same level as business performance—at a board or executive level. This helps to establish true accountability.
After following these three steps, an organization should be well on the way to becoming more empowered when it comes to the wider business owning and managing risks. By empowering their colleagues in the business to own and manage more risk, Assurance leaders will likely see an improvement in overall risk management yet a reduction in how much of it they must manage. This approach also has the added benefit of distinguishing the tasks that need compliance expertise from those that don't while freeing up Assurance function resources to focus on them.
It's also worth reiterating that it's vital to coordinate amongst Assurance to minimize conflicting risk management expectations, and to inventory risk management tools and resources that can be democratized.
Chris Audet is a Senior Director of Research with Gartner's Legal and Compliance practice.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
AI Disclosures Under the Spotlight: SEC Expectations for Year-End Filings
5 minute read
A Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute read
Three Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Trending Stories
- 1How ‘Bilateral Tapping’ Can Help with Stress and Anxiety
- 2How Law Firms Can Make Business Services a Performance Champion
- 3'Digital Mindset': Hogan Lovells' New Global Managing Partner for Digitalization
- 4Silk Road Founder Ross Ulbricht Has New York Sentence Pardoned by Trump
- 5Settlement Allows Spouses of U.S. Citizens to Reopen Removal Proceedings
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
