WILSON's View on Risk Management

ERM is powerful when designed as a performance-focused activity. It's not an audit, nor a compliance process. ERM manages the barriers that prevent organizations from achieving their objectives.

Author:
Richard Wilson develops Performance Risk Management capabilities for complex organizations. He has helped the largest companies in North America manage the barriers to their desired performance.

richard.m.wilson@ca.pwc.com | (416) 941-8374

Monday, May 10, 2010

SEC’s new rules = half the risk management story

The US Securities and Exchange Commission (SEC) recently approved “new rules to enhance the information provided to shareholders so they are better able to evaluate the leadership of public companies.” Their focus is on corporate governance, compensation, and risk. While the SEC has made progress creating transparency for governance and compensation, they are still struggling to properly reveal a company’s risk management profile.

The SEC is striving to make corporate leaders act in an ethical, accountable manner. They are effective at legislating corporate transparency, disclosure, and exposing conflicts of interest. However, regulating a company to disclose how it manages risk is trickier. Highly effective risk management identifies and manages risks that can prevent an organization from achieving its key objectives. Therefore disclosing your key risks will also disclose your strategic secrets. Publishing your detailed corporate objectives would be tantamount to competitive suicide, hence the SEC’s challenge.

The SEC’s approach as a result remains limited to revealing the board's role in the risk oversight of the company. It’s an arm’s length view of the company’s risk profile. Understanding the Board’s role in risk oversight is a long way from understanding how much risk a company is adopting or how it is addressing its risks. The SEC is now distinguishing between good ethics, and sound strategic risk management. The former is appropriately disclosable, the latter is not.

The SEC is only one oversight body who is trying to increase risk management in companies. For example, Standard and Poor’s is beginning to apply high level risk management analysis to the companies it covers. But ultimately, risk management is about ensuring corporate performance, and maintaining stakeholder confidence in your company. Don’t rely on third parties to manage public expectations about your company’s risk management program. Use your website and other corporate communications to instill confidence that you are effectively managing risk.

[Rich]
richard.m.wilson@ca.pwc.com




Posted by
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

About The Author

My photo
Richard is a Director in PwC's Risk Advisory practice with clients in both Canada and the United States.

He is an experienced senior executive with 15 years in a CEO or COO role (publically traded and private firms). Richard has been leading risk management implementations for more than a decade incl. 60 C-level risk assessments, and has led online risk assessments for 30,000 people in 25 countries.

He has advised the largest company in the US on risk management, and he has facilitated a risk assessment for the United Nations. Richard has been published in Compliance Week, Canadian Business, and the Globe & Mail and has been a keynote speaker on the topic of risk at many conferences in both Canada and the US since 2004.