Effective Risk Management requires Board and Senior Management Alignment

Posted by Craig Thornton

How to establish clear lines of responsibility 

Dysfunction between boards and senior management is apparent in every industry.

Its impact can be felt in many areas of the business but few are more important than risk management.   

Of course, no one wants to ignore a potentially catastrophic risk, but each side assumes – and hopes – that the other has everything in hand.  Boards don’t want to be accused of micro-managing, and senior managers don’t want to overstep the (often undefined and prone to shift) mark. 

Besides, risk isn’t the highest priority, is it?  It’s all about the money, money, money.

The net result is huge, yawning gaps where no one takes responsibility. Disastrous events are avoided through sheer luck - but only until Lady Luck leaves the building. 

 Concept of social accusation of guilty businesswoman many fingers pointing at isolated on grey office wall background. Portrait scared anxious embarrassed woman biting fingernails

When it comes to compliance – and risk management in particular - better clarification of roles is clearly needed.

 

Different perspectives; different responsibilities

Let’s use a sporting analogy to get a better handle on the board-management dynamic.

Picture if you will an old-school rugby ground - the kind with one stand and three open sides. The board sits in the stands and watches the game, whereas the management team is out on the field, playing the game.

From its vantage point in the stands, the board can see the whole game at once.  They can see the players moving into different positions for set pieces. They can also see the approaching weather and sense the overall atmosphere of the crowd.  Board members have lots of time to look around and take in the whole scene (assuming of course that they actually bother to take an interest).  Ultimately the board’s view is macro one.

Senior management can also see plenty but what they see is very different.  At any point in time, most players can’t see all of the other players on the field.  They have a great view of the players nearest to them and maybe of some of the spectators closest to the side-line. They can clearly see the turf under their feet, but their eyes are mainly focussed on the ball.  They have to quickly deal with what is in front of them at any given moment.  Decisions have to be made swiftly.  In other words, their view is primarily a micro one.

Both groups can see a lot, but the point is that neither group has the total picture:  the board can’t hear what the players or the referee are saying and the management team doesn’t have the vantage point to notice that there’s a nasty storm approaching. 

Boards have to realise that they have a much broader view of the company and the environment it operates in than the individuals that make up the management team. 

On the other hand, senior managers have to understand that they have front-line information that the board couldn’t possibly know about. 

Clearly defining lines of responsibility between board and management is essential. And not making risk management a high priority can have the most dreadful of consequences - financial ruin, environmental degradation, serious injury, even death.

A lot has been written about New Zealand’s Pike River Coal Mine tragedy and whilst I’m generally reluctant to rake over old ground, sometimes needs must.  One of the reasons we need to write and talk about such tragedies is to ensure that lessons are learned.

In this particular tragedy there can be no doubt that the board, in particular, failed to manage risk. 

Some of the findings of the Royal Commission included:

  • The monthly Health and Safety report, although helpful, did not cover the hazards relevant to a catastrophic event such as an explosion.
  • An important insurance risk survey that identified serious concerns about the critical hazards, was not seen by the board.
  • The board did not assess critical design and health and safety issues.
  • The mine manager told the directors that gas management was “more a nuisance and daily operational consideration than a significant problem or barrier to operations”.  The board was not well placed to know whether or not this was correct.
  • The board didn’t hold management to account, but instead assumed that managers would draw the board’s attention to any major operational problems.
  • The board did not verify that effective systems were in place and that risk management was effective.
  • The board did not provide effective health and safety leadership and protect the workforce from harm.
  • The board was distracted by the financial and production pressures that confronted the company.

 

Achieving better alignment

Of course not all of us work in so-called high-risk industries like mining but that doesn’t mean that we can continue to allow misalignment and dysfunction between board and management.  After all, all organisations have risks that must be managed.

Here are some practical steps to achieve better alignment:    

  • Board members must understand that their role includes both legal and moral obligations.  A board’s actions and inactions can affect individuals, families, shareholders and the wider community in which they operate.  Your business does not operate inside a bubble.
  • Senior management must inform the board of all significant hazards.
  • The board must ask their senior management tough questions around safety and risk.  There needs to be manager specifically responsible for QHSE reporting directly to the board each month.  You need to get this information straight from the source, and not let it get lost in the shuffle of information presented by the rest of your management team.
  • Board members need to learn about and understand the operations being carried out by the business - and of the risks associated with those operations. Only with this level of knowledge can you ask the right questions of your management team. Ignorance is not bliss.
  • The board must give risk management the focus and attention it deserves.  Make managing risks a priority and give your team the resources and processes it needs.

 

The takeaway

Although the roles of board and management are quite different, both groups want the same thing - a good, clean game.  A game where there are lots of great moves and everyone goes home at the end, safe and sound.  A game that brings together the macro and the micro.  When this happens, everyone will be ready and able to enjoy the game again the following week.

We’re on the same side so let’s start acting like it.  

Tags: Compliance, Compliance Management, Risk Management