Chartered FCSI, President of the Chartered Institute for Securities & Investment (CISI) in Cyprus, and GRCE Specialist Petros Florides shares his thoughts on this important facet of business operations
If somebody were to ask you the following question, what would your answer be: Does governance monitor and manage risk – or is governance another category of risk that, itself, needs to be monitored and managed?
Of course, this is a trick question similar to asking: which came first, the chicken or the egg? It is fruitless trying to identify a sequential order but, instead, simply recognise – and exploit – the symbiotic relationship that exist between the two; in this case the complementary disciplines of governance and risk.
I like to describe governance and risk as being two sides of the same coin i.e. you cannot have one side without the other. And, together, they form a coin. But this would be incomplete since our current image is currently missing a third dimensional edge.
So, what could provide such an edge in our imagined construction? I would suggest a combination of compliance and ethics. In everyday shorthand, we could consider compliance as doing things right according to the rules, regulations and policies that apply. But there may be some contexts that ‘compliance with the rules’ may require the individual to do something s/he would not do if s/he had a choice. Excessive rules and regulations notwithstanding, it is a person’s ethics (that are, in turn, based on his/her values) that would be an important influence regarding whether a person complies in substance or simply in form.
Moreover, rules and regulations cannot deal with every situation a person may be confronted with. So whilst compliance is doing things right, ethics can be considered as doing the right things (including going above and beyond what is required by the rules and regulations). As a result, any person must consider both compliance and ethics when engaged with governance and risk.
To switch analogies, the combination of governance, risk, compliance and ethics can be seen as similar to driving a car. The steering wheel could be seen as the governance function that determines the direction of travel similar to an organisations strategy. The accelerator and brake pedals could be seen as the risk management function, that ensure the car travels towards its desired destination in good time but at a safe speed and under control. But getting to the right destination in good time is only half the story. What is equally important is the way in which the car was driven – considering both whether there was compliance with ‘highway code’ or ‘rules of the road’ (e.g. stopping at red lights!); and, if the car was driven in a manner that was considerate of other drivers (e.g. giving right of way when polite to do so).
To achieve the desired outcomes, any individual must assume his/her responsibilities in a holistic manner that integrates governance, risk, compliance and ethics. By doing so, organisations and people are empowered to achieve stakeholder expectations in a way that supports transparency, accountability, probity and sustainability – elements we can consider in a future article.
Petros Florides leads the EIMF Directors Development Certificate along with Mr David Cotton, taking place on 21, 22, and 28 November. Click on the link for details and Registrations