People Risk: the Board Governance series
The role of the board has not been subjected to as much discussion and scrutiny over the past 10 years as it has in 2018. Between the corporate and prudential regulators, ASX, proxy advisors, investor representative bodies and the media there have never been more eyes critically examining the operation of boards.
There have been no shortage of boards presiding over corporate scandals over the past couple of years – underpayment of employees, inappropriate salesforce behaviour, a blatant disregard for the law and inappropriate treatment of customers. In addition, behaviours identified in the Hayne Royal Commission and in the APRA Prudential Inquiry into the Commonwealth Bank of Australia prompts the question, ‘how do boards with this level of external oversight and capability get blindsided by corporate scandals’?
Many people focus on poor corporate culture as the cause, and in large part, this may well be true. The most commonly identified solution to these problems is a culture change program. However, while it can be a major lever for management, a culture change program does not provide a board with meaningful insight into the potential risks facing the organisation at any given point during the cultural change program.
Why is this so? Corporate culture is ethereal, difficult to measure and even more difficult to change. It is not suggested that a corporate culture change program is not a viable solution, but it is a medium to long term project and comes with own set of risks and challenges. Despite the protests of the change consultants, real cultural change is a three to five-year program (at a minimum) which requires absolute and unwavering consistency and focus over the total journey – and many of them still fail.
So, what can a board do to get insight into the current culture in order to mitigate risk for the organisation while it is waiting for the cultural change to occur? The answer lies in understanding that the organisation’s culture drives the behaviour of people and that this behaviour creates People Risk.
People Risk is the uncertainty and potential for loss or failure which is caused by human behaviour or the decisions of employees – and it is a risk which appears to slip through existing risk management systems. As a results, boards don’t focus on it.
Although boards commonly provide oversight over a number of different types of risk (e.g. financial, strategic and operational), and for which governance frameworks are well-established, boards need to recognise that they must also provide oversight of People Risk. Until they do, they can’t start to proactively manage and mitigate potential corporate scandals.
Without clear guidance from the board on its People Risk tolerance, meaningful and multi-factor data and reporting, genuinely transparent discussion with the executive team and an independent evaluation process, how does a board know what People Risks the organisation is facing?
As with any risk, without meaningful governance and risk mitigation, it is only luck that dictates if, and when, the Board is blindsided.