eBook - ePub

Risk Governance

Name: Risk Governance
Author: Elizabeth Sheedy

Biases, Blind Spots and Bonuses

Elizabeth Sheedy

Share book

210 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Risk Governance

Biases, Blind Spots and Bonuses

Elizabeth Sheedy

Book details

Book preview

Table of contents

Citations

About This Book

Biases, blind spots and bonuses (or incentives more broadly) have led to numerous risk management disasters. Risk governance is a potential solution to these problems yet is not always as effective as we would like it to be. One reason for that is the current dearth of risk governance expertise.

This book seeks to address this issue, providing:

Understanding of the fundamental forces that cause disasters: the biases, blind spots and bonuses. This understanding is drawn from the disciplines of economics/finance and psychology;
Explanation of the structures of risk governance and common challenges experienced in their use e.g. board risk committee, risk/compliance function, assurance function, risk appetite statement, risk disclosures;
Thorough investigation of risk culture and its importance in risk governance, including the assessment of risk culture;
Understanding of the mechanisms of executive compensation and how they link to risk management – one of the most difficult challenges confronting both risk and remuneration committees;
Explanation of the risk management process (based on international standards ISO31000), including practical guidance on risk communication, analysis and treatment;
Guidance on the management of strategic risk, emphasising the importance of scenario analysis;
Application of these principles to cyber risk, climate risk – two pervasive risks affecting almost every organisation;
Numerous case studies and examples drawn from various industries around the world; and
Discussion of what has been learned about risk governance from the COVID-19 experience.

The book is an essential guide for postgraduate students; participants in professional education programs in governance and risk management; directors; senior executives; risk, compliance and assurance professionals as well as conduct and prudential regulators worldwide.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Risk Governance an online PDF/ePUB?

Yes, you can access Risk Governance by Elizabeth Sheedy in PDF and/or ePUB format, as well as other popular books in Business & Corporate Governance. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Routledge

Year

2021

ISBN

9781000395693

Edition

Topic

Business

Subtopic

Corporate Governance

Index

Business

PART A
Foundations of risk governance

1
EMERGENCE OF RISK GOVERNANCE

The 2010 Deepwater Horizon incident¹ conjures images of environmental catastrophe as well as the tragic loss of 11 lives. An oil rig operating 66 km off the Louisiana coast, the Deepwater Horizon ignited and exploded after a leak of methane gas. This caused the largest ever accidental oil spill, threatening species from whale sharks to sea grass. For BP, the operator of the oil rig, the incident was also disastrous as it faced billions of dollars in fines and reputational damage.

The Dieselgate scandal engulfed Volkswagen and its subsidiaries² when a ‘defeat device’ was discovered in 2015 for deceiving US regulators. It created the false impression that the diesel vehicles complied with strict environmental standards for protecting the health of the population, crucial for those with chronic respiratory conditions. Volkswagen subsequently spent billions on vehicle rectification and fines.

In 2019, Australia’s oldest bank, Westpac, was accused of 23 million breaches of anti-money laundering laws, ignoring transactions likely to be associated with child exploitation.³ If proven, the allegations will also result in significant fines and reputational damage.

Three different scandals, all in the last decade but in different parts of the world and involving different industries. All three failures arguably could have been prevented by better governance. All three resulted in changes in the executive team, the board or both. In the Westpac case, for example, the CEO, the chairman and the chair of the board risk committee all stepped down in the weeks following the news, accepting accountability for serious failures of risk management. Importantly, the push for resignations came from the shareholder community, through institutional shareholders and proxy advisors.

These examples illustrate a worldwide phenomenon: that directors and senior executives are ultimately held responsible for risk management within their organisations. It is no longer possible to hide behind excuses of ignorance or group decision making. Directors are expected to own the organisation’s risk choices, take responsibility for the risk management framework, challenge the executive in relation to risk issues and ensure that a risk culture is established. In other words, risk governance is an expected norm of modern organisations.

Some directors are outraged by what they see as unrealistic expectations or inappropriate intrusion into areas that should be the remit of the executive. But many if not most shareholders see these risk governance tasks as reasonable. From the perspective of the shareholder, often holding shares in anticipation of retirement, directors are well paid and enjoy high status for exercising independent oversight on their behalf. Directors who feel unable or unwilling to take on these responsibilities are free to leave the field; plenty of others are ready to replace them.

So how did risk governance evolve? What are the forces and societal trends that led us to this point? I will argue that risk governance can be explained by three main forces:

An increasingly litigious and regulated society that led to the development of risk management as a discipline and profession, as organisations defended themselves against reputational damage, legal costs and fines;
The understanding that humans are prone to poor risk management through a range of biases and blind spots;
Incentive conflicts that cause managers, acting out of self-interest, to pay insufficient attention to longer-term risk issues that are important to most other stakeholders.

Table 1.1 highlights some of the important risk governance milestones that have both stimulated and signalled change.

**TABLE 1.1** Milestones in Risk Management
1960s	Consumer movement emerges following cases such as the *Ford Pinto*.
1970s	Occupational health and safety regulations proliferate. Black and Scholes publish landmark paper on option theory in 1972⁶, contributing to growing use of derivatives, risk transfer mechanisms, for treating financial risk. *3 Mile Island* incident in 1979 is a catalyst for concern about man-made disasters⁷ and the inevitability of accidents.
1980	Zohar publishes first paper on safety climate,⁸ focusing on management commitment as a prerequisite.
1984	*Bhopal gas tragedy* kills and injures thousands,⁹ raising issues of corporate negligence and employee sabotage. Perrow publishes ‘Normal Accidents’¹⁰, arguing that accidents are unavoidable in complex technological systems.
1986	*Chernobyl nuclear accident* highlights numerous causal factors including flawed reactor design and poor safety culture.¹¹ *Space Shuttle Challenger* disaster underscores problems in NASA’s organisational culture and decision making processes.¹² Institute for Risk Management, one of the first associations for risk professionals, is established in the UK.¹³
1987	*Black Monday October 19, 1987* – share markets in many countries fall by more than 20% in one day. This event emphasised the evolving interconnectedness of financial markets and the need for central bank intervention.¹⁴
1988	Basel Accord I announced – international regulations relating to bank capital, highlight the importance of equity capital as the last line of defence against risk.
1992	Bankers Trust publishes ‘The Risk Management Revolution’, promoting the quantification of risk and the use of these risk measurements for business decisions such as determining capital needs, pricing and allocation of resources.¹⁵
1994	JP Morgan publishes Value-at-Risk (VaR) methodology on the internet, influencing capital management and regulation worldwide. VaR is a measure of potential losses from speculative trading positions, at a specified confidence level. This is another milestone in the quantification of risk.
1995	*Barings collapse* – arguably the most famous rogue-trader case. Nick Leeson’s losses from unauthorised and concealed derivatives trades amounted to US$1.3 billion due to governance failures.¹⁶ Internal controls, such as segregation of duties, were not present. Managers and directors provided inadequate oversight. First risk management standards (AS/NZS4360) published in Australia and New Zealand.
1996	Bernstein publishes ‘Against the Gods’,¹⁷ arguing that the notion of controlling risk is one of the central ideas that distinguishes modern times from the distant past. *Asian banking crisis* starts with a range of contributing factors including rapid expansion, crony capitalism and fixed exchange rates. Many firms had too much debt. When the bubble burst, defaults exploded especially in Thailand, Indonesia and Malaysia, and a number of banks failed. Poor governance (protection for minority shareholders), allowing managerial expropriation, is cited as a contributing factor.¹⁸
1998	Russian bond crisis brings down the hedge fund *Long-Term Capital Management (LTCM).* The case illustrates the consequences of simplistic, flawed risk models to guide business decisions.¹⁹
1999	Turnbull report, revised in 2005, introduces risk assessment and internal controls to corporate governance for UK listed companies.
2001	*9/11 catastrophe* illustrates how terrorists can exploit behavioural biases (dread risks) to their advantage; brings greater focus on geopolitical risks. Dread risks are risks that produce disproportionate fear and induce sub-optimal responses. After 9/11 many people reduced air travel in favour of car travel, causing many additional and needless road deaths. Air travel remains one of the safest modes of transport given the vanishingly small probability of terrorist attack.²⁰ *Enron bankruptcy* underscores many risk governance issues including failure of the board to understand the risks of the business, failure of auditors to uncover managerial fraud, preventing the flow of accurate information to investors.²¹
2002	Sarbanes-Oxley Act responds to governance failures at Enron. The Act aimed to enhance the quality of financial disclosures by addressing audit quality, the quality of internal controls and impose greater responsibilities on directors serving on the audit committee. It also included enhanced whistle-blower protections and the possibility of clawback of bonuses following fraud. *SARS epidemic* focuses attention on risk of infectious disease and relevant risk management practices e.g. scenario planning, business continuity planning.²² Kahneman, a pioneer in the field of behavioural biases, wins Nobel Memorial Prize in Economic Sciences for work completed in the late twentieth century.
2003	*NAB foreign exchange option scandal*. Rogue traders caused losses of $360 million. This case was one of the first to explicitly identify culture as an underlying cause, contributing to the failure of controls in a financial institution.²³
2004	COSO Enterprise Risk Management (ERM) framework launched.²⁴ COSO defined ERM as ‘a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives’. Basel II published with expanded use of internal quantitative risk models for banks in the regulation of capital for risk mitigation purposes. OECD revises corporate governance principles, extending the responsibilities of directors in relation to risk management.²⁵
2007	Taleb publishes ‘The Black Swan’²⁶ describing biases associated with low probability events. During the global financial crisis Taleb becomes one of the most strident critics of quantitative risk models. *Global Financial Crisis* begins as the sub-prime mortgage market deteriorates.²⁷ A US housing boom, driven by securitisation and loose lending to high-risk borrowers, comes to an end when these borrowers start defaulting.
2008	*Lehman Brothers bankruptcy* results from risky assets (financing housing and sub-prime mortgages) and excessive reliance on short-term debt; the legacy of infamous CEO Dick Fuld.²⁸ Many other financial institutions share the same fate or are bailed out or taken over by rivals.
200...