Corporate Finance, DeFi, Blockchain, Web3 News
Corporate Finance, DeFi, Blockchain News

Questions to ask about GRC – #9: Voice of Risk

9. Is the voice of risk heard?

Norman Marks
Norman Marks
Some of the failures of governance and risk management have occurred when those responsible for understanding risk (whether in a risk office or in management) have not been heard. More senior management has either overridden or suppressed their views; in some cases, risk officers who have spoken up have been terminated.

The essence of this point is to ensure that those responsible for governing and managing the organization receive reliable risk information. If management filters risk information inappropriately, the impact on the quality of decisions can be significant.

The voice of risk needs to be heard both by top management and by the board. Each organization will need to determine how best to achieve this. For example, should the Chief Risk Officer report at a level within the organization that effectively guarantees he will be heard? What ability does the risk officer have to discuss risk with the board – and how appropriate is that? Care has to be taken to ensure that management retains responsibility for managing risk, and that can be damaged if a Chief Risk Officer is seen as being accountable for risk management.

Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.

Mardi 2 Octobre 2012