Proformative had the fortunate opportunity to interview renowned Governance, Riks and Compliance (GRC) expert Norman Marks whose successfull
Proformative Question: What are the top ten events/trends in the arena of governance,
Norman Mark's Response:
It’s tough to identify 10 “game changers”, because some things are changing slowly. Here are my top events/trends:
1. Mobile
2. Governance of risk
3. Governance codes around the world are improving, although they vary in their demands (for example, they don’t all mandate an internal audit function). But, they reflect a growing trend for the regulators to mandate some of the best governance practices, such as separating the role of board chairman from that of CEO.
4. The speed of information: both SAP and its major competitors are working to improve the speed at which analytics are performed. When useful information can be delivered, wherever you are, in seconds rather than hours, better quality decisions can be made. Responses to potential adverse events can be accelerated, and potential opportunities are seized.
5. The ISO 31000:2009 global risk management standard is gaining traction. This relatively simple guide to effective risk management is not only being mandated by some regulators (e.g., in some Canadian public sector organizations) but is being adopted by a growing number of organizations around the world.
6. Reputation risk is increasingly recognized as a significant factor. Some might point to the potential for damage to an organization’s reputation for the growing interest in corporate social responsibility reporting and actions. The current furore over practices at some of Apple’s suppliers (especially in China) demonstrate the level of concern. Companies are embracing social media analytics that monitor comments about them, so they can act before their reputation is damaged.
7. The COSO Internal Control Framework is being updated. My hope is that COSO will take advantage of the opportunity to upgrade the framework’s treatment of risk management and start a process of convergence with the ISO 31000:2009 risk management framework.
8. Audits of risk management are being advocated by leaders of the internal audit profession. The Institute of Internal Auditors is committed to providing
9. SEC whistleblower provisions: it is unclear whether this will be positive (more inappropriate acts being identified) or negative (fewer being reported through internal channels, so they are not investigated.
10. Concerns over excessive executive compensation and risks: perhaps the greatest risk to an organization is that its leaders may put their personal interests (bonuses for short-term performance) ahead of the longer-term health of the enterprise. It is unclear whether progress is being made.
Proformative Question: Top 3 things that CFOs, Chief Risk Officers, Chief Audit Executives need to focus on and why in 2012.
Norman Mark's Response:
1. Is the quality of the risk management program sufficient to ensure that risk are identified and responded to promptly. Performing periodic risk assessments is not risk management; it is not the same as making risk part of how every manager makes decisions. Risks emerge and change constantly.
2. Is the company taking advantage of mobile and the ability to deliver information at the speed of business? Will a competitor embrace technology to improve its products/services and the effectiveness of business processes before you?
3. Is internal auditing focused on providing assurance that the more significant risks to the organization as a whole are within acceptable limits?