Risk management is an ongoing process of identifying risks (the possibility of suffering harm or loss; unwanted negative consequences of an undesirable event by nature or people) and the implementation of a plan to address them (mitigate) by a company.
Risk mitigation includes counter measures or action to reduce natural or human threats to a company’s assets.
Assets are people and things of value to the company. People assets are persons in the company with unique knowledge, skills, abilities, and experience which are difficult to replace.
Threats refers to a natural occurrence which could cause an undesirable outcome (fire, weather, terrorist attack) or human in which a person commits an undesirable act deliberately or accidentally. The outcome of the threat can be disclosure, modification, loss/destruction, or interruption to a company’s operations and assets.
Since risk management is an ongoing process, the increasing number of sexual harassment and misconduct claims against business executives, managers, leaders, and employees are clear indications that corporate, church, and government ethics and standards of conduct must be reformed and made part of the governance process.
According to Ethics & Compliance Initiative at ethics.org, major business ethics and compliance issues go back to the 1960s. It was then, the 1960s, companies began to establish codes of conduct. However, creation of a code of ethics for government service was not established until 1980 and some companies established ethics officers and ombudsman.
Here we are in 2019 with major misconduct issues in business, church, and government. According to Laurie Hays, managing director for special situations at Edelman, in a memo from January 2019, more than 400 business executives and employees (including prominent CEOs) have been accused on misconduct, including sexual harassment in the last 18 months. Some were made known by the media, but some companies have discovered misconduct and taken appropriate action without media notification.
For instance, INTEL’s CEO, Brian Krzanich resigned after an investigation into his relationship with and employee determined he violated INTE’s code of conduct (non-fraternization policy which applies to managers). Steve Wynn, CEO of Wynn Resorts, resigned in February 2018 over allegations of sexual misconduct.
The Chief Executive Officer, Commissioner, Director or whatever title is given to the head of a company is the person who owns and directs the culture. Clearly it is time for the Board of Directors or other governing body to become more proactive in oversight of a company’s culture and code of ethics.
Just as there are policies, best practices, guidance, and standards for information security and physical security, a clear set should be incorporated in Human Resource handbook. Include ethics and conduct when providing training and audit of finances, cybersecurity, and operations.
Additionally, make the companies code of ethics and conduct mission critical and link it to executive’s compensation and performance. Now the risk and threat have greater weight.
Damaging news, tweets, and social media posts relating to sexual misconduct, unethical behavior, and disregard for diversity impacts a company’s reputation, profits, and can tie the board of directors and other management in lengthy court cases.
Now is the time for corporations, organizations, government, and the church to re-evaluate risk management processes, reform their code of ethics and conduct, and implement a more proactive governing board. Social movements of the day are not going away BUT increasing. Including ethics and conduct in risk management and the governance process makes good business sense.
Ethics and Compliance Initiative (ECI) – www.ethics.org
Harvard Law School Forum-Corporate Governance and Financial Regulation The Board, CEO Misconduct and Corporate Culture by Laurie Hays - https://corpgov.law.harvard.edu/2019/01/12/the-board-ceo-misconduct-and-corporate-culture/
CNBC – Krzanich and Wynn – www.cnbc.com
Managing Information Security Risks, The Octave Approach by Alberts and Dorofee (2003)