Viewpoint: Governance, Risk And Compliance
EP Editorial Staff | January 13, 2011
(EDITOR’S NOTE: This month’s column is a follow-up to the author’s July 2010 Viewpoint entitled “Who’s Responsible?”)
The United States government has established the Financial Crisis Inquiry Commission to investigate the causes of the economic catastrophe we have been experiencing since September 2008. Similar to the reasoning behind establishing the Pecora Commission of the 1930s (which investigated the cause of the Great Depression), the government’s hope has been that this time, perhaps, we might learn from our mistakes. So far, things don’t look promising.
Something that has been barely mentioned throughout the ongoing recession is GRC: governance (the “rules”), risk (the “what if”) and compliance (the “obeying of the rules”). This legal concept provides the structures, systems, frameworks, principles and ideas on how corporations should conduct their operations and businesses so as to protect the interest of all stakeholders—be they employees, senior management, vendors, shareholders, customers, etc.
If GRC had been enforced in the financial sector—even in its present form—less damage would have resulted. Our economic crisis was man-made. Avoiding it required people with the foresight, imagination, courage and creativity to see it coming, speak out against it and do something. As Paul Volcker, the ex-Federal Reserve chairman, said decades ago, “Someone must be willing to take the punch bowl away during the height of the party.”
In the case of our recent financial meltdown, since so many people failed in their respective duties and obligations, havoc ensued. The gamblers and speculators—in that big casino called Wall Street—privatized their gains and socialized their risks. When Wall Street won, the players kept the loot. When Wall Street lost, we taxpayers had to ante up.
Now the “games” are over, the punch bowl has been drained and strong medicine must be administered. Welcome to GRC. Let’s see how it works.
Governance exists when corporations set down their own rules, systems and guidelines that mandate, for example, what a board of directors is responsible for, what senior management’s role is and what all other stakeholders should expect to do in their jobs. The board sets the tone at the top and everyone under them must follow the rules.
(Governance also means that a business must obey any local, state or federal rules, regulations, statutes, etc. that apply to it. Despite all the past rules, regulations and statutes on the books, too many people within our financial sector have felt free to ignore them. Or, no one bothered much with enforcement.)
Risk means considering probabilities and consequences. Bad stuff happens all the time. Whether you’re looking at things from a safety angle or an economic perspective, know that people can be injured and lives destroyed. Make and execute plans, but also ask this: “What if they don’t work?” Why didn’t the so-called smart people on Wall Street follow these precepts? It can be summed by “IBG – YBG” (“I’ll be gone, you’ll be gone”).
Compliance means having the sense, discipline and control to obey the letter of the law—as well as the spirit of the law. Boards must assure all stakeholders that what is going on inside the corporation has been fairly presented and accurate in the form of financial or other reports pertinent to any stakeholder. (Remember, to some degree, we’re all stakeholders in the financial sector.)
Will we take our medicine and start to behave accordingly? If we don’t, expect a repeat of the past. Next time, though, we may not have the means for another bailout. GRC is one of the remaining vestiges we have available to protect ourselves from another crisis. MT
Steve Shaiman is an attorney, based in the Philadelphia, PA, area.
The opinions expressed in this Viewpoint section are those of the author,and don’t necessarily reflect those of the staff and management of Maintenance Technology magazine.