Risk Governance
eBook - ePub

Risk Governance

Biases, Blind Spots and Bonuses

Elizabeth Sheedy

Compartir libro
  1. 210 páginas
  2. English
  3. ePUB (apto para móviles)
  4. Disponible en iOS y Android
eBook - ePub

Risk Governance

Biases, Blind Spots and Bonuses

Elizabeth Sheedy

Detalles del libro
Vista previa del libro

Información del libro

Biases, blind spots and bonuses (or incentives more broadly) have led to numerous risk management disasters. Risk governance is a potential solution to these problems yet is not always as effective as we would like it to be. One reason for that is the current dearth of risk governance expertise.

This book seeks to address this issue, providing:

  • Understanding of the fundamental forces that cause disasters: the biases, blind spots and bonuses. This understanding is drawn from the disciplines of economics/finance and psychology;

  • Explanation of the structures of risk governance and common challenges experienced in their use e.g. board risk committee, risk/compliance function, assurance function, risk appetite statement, risk disclosures;

  • Thorough investigation of risk culture and its importance in risk governance, including the assessment of risk culture;

  • Understanding of the mechanisms of executive compensation and how they link to risk management – one of the most difficult challenges confronting both risk and remuneration committees;

  • Explanation of the risk management process (based on international standards ISO31000), including practical guidance on risk communication, analysis and treatment;

  • Guidance on the management of strategic risk, emphasising the importance of scenario analysis;

  • Application of these principles to cyber risk, climate risk – two pervasive risks affecting almost every organisation;

  • Numerous case studies and examples drawn from various industries around the world; and

  • Discussion of what has been learned about risk governance from the COVID-19 experience.

The book is an essential guide for postgraduate students; participants in professional education programs in governance and risk management; directors; senior executives; risk, compliance and assurance professionals as well as conduct and prudential regulators worldwide.

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Risk Governance un PDF/ePUB en línea?
Sí, puedes acceder a Risk Governance de Elizabeth Sheedy en formato PDF o ePUB, así como a otros libros populares de Negocios y empresa y Gobierno empresarial. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.


Negocios y empresa

Foundations of risk governance


The 2010 Deepwater Horizon incident1 conjures images of environmental catastrophe as well as the tragic loss of 11 lives. An oil rig operating 66 km off the Louisiana coast, the Deepwater Horizon ignited and exploded after a leak of methane gas. This caused the largest ever accidental oil spill, threatening species from whale sharks to sea grass. For BP, the operator of the oil rig, the incident was also disastrous as it faced billions of dollars in fines and reputational damage.
The Dieselgate scandal engulfed Volkswagen and its subsidiaries2 when a ‘defeat device’ was discovered in 2015 for deceiving US regulators. It created the false impression that the diesel vehicles complied with strict environmental standards for protecting the health of the population, crucial for those with chronic respiratory conditions. Volkswagen subsequently spent billions on vehicle rectification and fines.
In 2019, Australia’s oldest bank, Westpac, was accused of 23 million breaches of anti-money laundering laws, ignoring transactions likely to be associated with child exploitation.3 If proven, the allegations will also result in significant fines and reputational damage.
Three different scandals, all in the last decade but in different parts of the world and involving different industries. All three failures arguably could have been prevented by better governance. All three resulted in changes in the executive team, the board or both. In the Westpac case, for example, the CEO, the chairman and the chair of the board risk committee all stepped down in the weeks following the news, accepting accountability for serious failures of risk management. Importantly, the push for resignations came from the shareholder community, through institutional shareholders and proxy advisors.
These examples illustrate a worldwide phenomenon: that directors and senior executives are ultimately held responsible for risk management within their organisations. It is no longer possible to hide behind excuses of ignorance or group decision making. Directors are expected to own the organisation’s risk choices, take responsibility for the risk management framework, challenge the executive in relation to risk issues and ensure that a risk culture is established. In other words, risk governance is an expected norm of modern organisations.
Some directors are outraged by what they see as unrealistic expectations or inappropriate intrusion into areas that should be the remit of the executive. But many if not most shareholders see these risk governance tasks as reasonable. From the perspective of the shareholder, often holding shares in anticipation of retirement, directors are well paid and enjoy high status for exercising independent oversight on their behalf. Directors who feel unable or unwilling to take on these responsibilities are free to leave the field; plenty of others are ready to replace them.
So how did risk governance evolve? What are the forces and societal trends that led us to this point? I will argue that risk governance can be explained by three main forces:
  • An increasingly litigious and regulated society that led to the development of risk management as a discipline and profession, as organisations defended themselves against reputational damage, legal costs and fines;
  • The understanding that humans are prone to poor risk management through a range of biases and blind spots;
  • Incentive conflicts that cause managers, acting out of self-interest, to pay insufficient attention to longer-term risk issues that are important to most other stakeholders.
Table 1.1 highlights some of the important risk governance milestones that have both stimulated and signalled change.
TABLE 1.1 Milestones in Risk Management
  • Consumer movement emerges following cases such as the Ford Pinto.
  • Occupational health and safety regulations proliferate.
  • Black and Scholes publish landmark paper on option theory in 19726, contributing to growing use of derivatives, risk transfer mechanisms, for treating financial risk.
  • 3 Mile Island incident in 1979 is a catalyst for concern about man-made disasters7 and the inevitability of accidents.
  • Zohar publishes first paper on safety climate,8 focusing on management commitment as a prerequisite.
  • Bhopal gas tragedy kills and injures thousands,9 raising issues of corporate negligence and employee sabotage.
  • Perrow publishes ‘Normal Accidents’10, arguing that accidents are unavoidable in complex technological systems.
  • Chernobyl nuclear accident highlights numerous causal factors including flawed reactor design and poor safety culture.11
  • Space Shuttle Challenger disaster underscores problems in NASA’s organisational culture and decision making processes.12
  • Institute for Risk Management, one of the first associations for risk professionals, is established in the UK.13
  • Black Monday October 19, 1987 – share markets in many countries fall by more than 20% in one day. This event emphasised the evolving interconnectedness of financial markets and the need for central bank intervention.14
  • Basel Accord I announced – international regulations relating to bank capital, highlight the importance of equity capital as the last line of defence against risk.
  • Bankers Trust publishes ‘The Risk Management Revolution’, promoting the quantification of risk and the use of these risk measurements for business decisions such as determining capital needs, pricing and allocation of resources.15
  • JP Morgan publishes Value-at-Risk (VaR) methodology on the internet, influencing capital management and regulation worldwide. VaR is a measure of potential losses from speculative trading positions, at a specified confidence level. This is another milestone in the quantification of risk.
  • Barings collapse – arguably the most famous rogue-trader case. Nick Leeson’s losses from unauthorised and concealed derivatives trades amounted to US$1.3 billion due to governance failures.16 Internal controls, such as segregation of duties, were not present. Managers and directors provided inadequate oversight.
  • First risk management standards (AS/NZS4360) published in Australia and New Zealand.
  • Bernstein publishes ‘Against the Gods’,17 arguing that the notion of controlling risk is one of the central ideas that distinguishes modern times from the distant past.
  • Asian banking crisis starts with a range of contributing factors including rapid expansion, crony capitalism and fixed exchange rates. Many firms had too much debt. When the bubble burst, defaults exploded especially in Thailand, Indonesia and Malaysia, and a number of banks failed. Poor governance (protection for minority shareholders), allowing managerial expropriation, is cited as a contributing factor.18
  • Russian bond crisis brings down the hedge fund Long-Term Capital Management (LTCM). The case illustrates the consequences of simplistic, flawed risk models to guide business decisions.19
  • Turnbull report, revised in 2005, introduces risk assessment and internal controls to corporate governance for UK listed companies.
  • 9/11 catastrophe illustrates how terrorists can exploit behavioural biases (dread risks) to their advantage; brings greater focus on geopolitical risks. Dread risks are risks that produce disproportionate fear and induce sub-optimal responses. After 9/11 many people reduced air travel in favour of car travel, causing many additional and needless road deaths. Air travel remains one of the safest modes of transport given the vanishingly small probability of terrorist attack.20
  • Enron bankruptcy underscores many risk governance issues including failure of the board to understand the risks of the business, failure of auditors to uncover managerial fraud, preventing the flow of accurate information to investors.21
  • Sarbanes-Oxley Act responds to governance failures at Enron. The Act aimed to enhance the quality of financial disclosures by addressing audit quality, the quality of internal controls and impose greater responsibilities on directors serving on the audit committee. It also included enhanced whistle-blower protections and the possibility of clawback of bonuses following fraud.
  • SARS epidemic focuses attention on risk of infectious disease and relevant risk management practices e.g. scenario planning, business continuity planning.22
  • Kahneman, a pioneer in the field of behavioural biases, wins Nobel Memorial Prize in Economic Sciences for work completed in the late twentieth century.
  • NAB foreign exchange option scandal. Rogue traders caused losses of $360 million. This case was one of the first to explicitly identify culture as an underlying cause, contributing to the failure of controls in a financial institution.23
  • COSO Enterprise Risk Management (ERM) framework launched.24 COSO defined ERM as ‘a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives’.
  • Basel II published with expanded use of internal quantitative risk models for banks in the regulation of capital for risk mitigation purposes.
  • OECD revises corporate governance principles, extending the responsibilities of directors in relation to risk management.25
  • Taleb publishes ‘The Black Swan’26 describing biases associated with low probability events. During the global financial crisis Taleb becomes one of the most strident critics of quantitative risk models.
  • Global Financial Crisis begins as the sub-prime mortgage market deteriorates.27 A US housing boom, driven by securitisation and loose lending to high-risk borrowers, comes to an end when these borrowers start defaulting.
  • Lehman Brothers bankruptcy results from risky assets (financing housing and sub-prime mortgages) and excessive reliance on short-term debt; the legacy of infamous CEO Dick Fuld.28 Many other financial institutions share the same fate or are bailed out or taken over by rivals.