In every family, rules are not enough by themselves. It’s all matter of setting the right example.
Governance is always referred to as the set of people, actions, responsibilities, policies and rules through which the organisation is overseen, directed and controlled, most importantly keeping a watchful eye on the relationship between strategy and performances.
Integrity is fundamental for directors, managers and executives whilst fulfilling their duties.
Sometimes though it happens that this concept is interpreted as if integrity were just a BoD mandate.
And it actually is, but it is worth nothing if not accompanied by a similar attitude of the middle management, which in turn sets the good example for all of the people working at the company.
It is the day-by-day behaviour of the top and middle management that drives the behaviour of all of the members of the organisation.
And there is no one who may deny that an integrity-oriented behaviour is the sign of an ethics-oriented attitude: without having such an attitude spread over the entire organisation, any effort from the top management or any good example set by the middle management may just make the employees say some kind of “they are handsomely paid for it” o, even worse, be felt by them as a heavy “burden“ to effectively fulfilling their job.
This may reverberate on the risk management effectiveness, as nothing ensures the risk prevention and mitigation objectives to be completely and deep-heartedly shared across the whole organisation.
Some of the consequences can be listed as follows:
Lack or inadequacy in thoroughly cooperating to sharing risk-related information across each and all of the segments of the organisation.
Lack of correspondence between the rules and recommendation set by the risk manager and the actions performed by the operating teams; this may result in having discipline and code of conduct inadequately observed throughout the organisation or even in lack of adherence to the operating procedures set out by the management.
Inadequacy of the Board in risk oversight, so that the directors fail to assess the risk through systematically adapting the risk assessment questions and the risk mitigation actions to the actual behaviour of the members of the organisation.
Risk is not always considered explicitly by management with regards to what can prevent the strategy to be fully accomplished, but even less frequently with regards to risks inherent to the strategy itself as defined by the Board of Directors or the shareholders.
Companies often just focus on operational risks and operational impacts, in other words on contingency (short term corrective actions, short term sanctions and fines to prevent, law-driven organization models, etc.) overlooking the impact that risks will have on the long term, which means on the company’s strategy. Risk is a contingency-based problem indeed, but looking at risk without a forward-looking eye can have consequences almost never limited within a short-term horizon!
Contrasts and divergent opinions between the top and the middle management and between these and the independent functions of the Risk Manager and the Compliance Officer do compromise the common consciousness of how all the segments of an organisation must cooperate towards the common objectives of stability and growth.
Implausible assumptions, unattainable strategic choices, unbearable performance pressures, unrealistic expansion plans, and even ego-driven decisions do compromise any yet strong and reliable risk management system.