Credit: MJgraphics/Shutterstock.comEmpower the Business to Take Better Ownership of Risk
Part of Assurance's role will be giving good advice on the right risks to take to grow, but another part of managing the burden will be equipping the wider business to own and manage risks effectively itself.
March 20, 2020 at 01:00 PM
5 minute read
Assurance functions face a more difficult landscape that ever before, and the recent coronavirus outbreak shows us exactly why there's a need for insight into risk at the front and midline. Part of Assurance's role will be giving good advice on the right risks to take to grow but another part of managing the burden will be equipping the wider business to own and manage risks effectively itself.
Our survey on employee risk ownership shows considerable benefits for those organizations that have successfully empowered the business to take control of risks better. For example, the likelihood of acting on observed risk jumps 32 percentage points, the likelihood of reporting an identified risk jumps 19 percentage points, and the employee confidence in owning risks increases 57 percentage points.
We call this type of risk management an empowered approach, as opposed to a more traditional prescriptive approach where assurance functions simply assign ownership to business units. The benefits are not limited to risk management either. Empowered employees are around three times more likely to overperform in individual, team and corporate financial goals.
So, what do Assurance functions need to do to create an empowered organization?
|1. Clarify risk management roles and responsibilities
Educate employees on the need to act on risk as well as the necessary actions required of them. Often, we see that conflicting messages about risk management roles and unclear direction about what the business should be doing have undermined business ownership of risk.
So before educating the business, Assurance leaders must clarify risk management roles and responsibilities by engaging across functions to identify optimal risk owners; they should coordinate between assurance functions to minimize conflicting risk management expectations among business partners; and lastly they should build a framework that clarifies which tasks require compliance expertise and which do not.
When everyone is on the same page about what the key risks are and who is responsible for monitoring and acting on them, Assurance are in a stronger position to educate and empower their colleagues in the business.
|2. Provide tools and resources to enable business ownership
This step is about empowering those in the business to act on risk. Provide the necessary coaching, guidance, tools and resources to enable more independent risk decision making. Where possible, do not act for or instruct the business but enable it to act for itself.
The biggest roadblocks we see here are limited guidance and inaccessible tools and resources. 57% of employees say they can't obtain the tools they need to manage risk. One in three say they don't receive any guidance in this area.
To solve this challenge Assurance leaders must place compliance's tools, reports and data in the hands of frontline employees and leaders. Think about resources that enable business leaders to discuss, prioritize and action-plan risk such as discussion prompts and sample conversation topics. Provide self-service resource centers that offer comprehensive risk guidance and teach the business how to make the right decisions by increasing the transparency of the risk process and democratizing risk reduction strategies.
|3. Create accountability for risk ownership
This kind of business empowerment relies on employees feeling directly responsible for risk management. Our survey found that only 42% felt that they or their peers are held accountable for managing compliance risks.
Business leaders are often willing to own risk but face competing priorities and often perceive risk to be someone else's problem to manage. Assurance leaders can overcome this by holding business units accountable for process discipline and the mitigation of risks that arise in their workflows.
This is best accomplished by helping the business leadership narrow down on a small set of compliance risks and regularly monitoring their progress in managing them. Also, it's important to discuss business ownership of compliance risks at the same level as business performance—at a board or executive level. This helps to establish true accountability.
After following these three steps, an organization should be well on the way to becoming more empowered when it comes to the wider business owning and managing risks. By empowering their colleagues in the business to own and manage more risk, Assurance leaders will likely see an improvement in overall risk management yet a reduction in how much of it they must manage. This approach also has the added benefit of distinguishing the tasks that need compliance expertise from those that don't while freeing up Assurance function resources to focus on them.
It's also worth reiterating that it's vital to coordinate amongst Assurance to minimize conflicting risk management expectations, and to inventory risk management tools and resources that can be democratized.
Chris Audet is a Senior Director of Research with Gartner's Legal and Compliance practice.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
A Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute read
Three Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readTrending Stories
- 1How I Made Partner: 'Develop a Practice Area You Really Care About ,' Says Jennifer Gniady of Stradley Ronon
- 2Indian Billionaire Gautam Adani Indicted in Brooklyn for Alleged Orchestration of $250 Million Bribery Plot
- 3St. Ivo: Patron Saint of Lawyers
- 4Eagle Pharma Founder Sues Company to Recoup Cost of SEC Investigation
- 5GC Conference Takeaways: Picking AI Vendors 'a Bit of a Crap Shoot,' Beware of Internal Investigation 'Scope Creep'
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
