The typical business enterprise has at least a fundamental understanding of risk. The concept of enterprise risk management, or ERM, has been around for awhile, although it was first “defended” (and here’s your history lesson for the day) in 2003 by the Casualty Actuarial Society as how an organization measures risk in relation to value it brings to its stakeholders.
Enterprise risk is vital to how we delineate ethics in our business dealings. We all are at risk in some form or fashion but have at our disposal an ethical compass by which to gauge the direction of our actions. If we stray too far from that path, the risks get larger. And all too often, risk then takes control of our business (and our lives).
So what does all this talk about ERM (as a concept, not necessarily as a tangible solution) have to do with an ethical culture? Plenty. By sustaining an ethical culture – via executive commitment, codes of conduct, awareness and reporting programs, GRC metrics, etc. – organizations gain an upper hand on risk, and the management of that risk reaps positive results.
I recently read a very succinct description of the need for an ethical culture as a base for successful risk management. I’ve not found it said any better than does risk management consultant Jim DeLoach, in an article for Corporate Compliance Insights. Jim describes the alignment of risk and ethics like this:
“Even the most well intentioned risk management process can be compromised if dysfunctional organizational behavior exists and is allowed to fester. If the CEO is not willing to pay attention to the warning signs posted by the risk management function, if the reward system is not sufficiently balanced with the long-term interests of shareholders, if the board is not asking tough questions about the assumptions and risks underlying the strategy, or if risk management is so mired in the minutiae of compliance that it is not focused sufficiently on strategic issues, risk management will likely not have an impact at the crucial moment when a contrarian voice is needed…. A culture that is conducive to effective risk management often encourages such things as open communication, sharing of knowledge and best practices, continuous process improvement, and a strong commitment to ethical and responsible business behavior.”