What is behind governance failure and how can it be addressed?
2018 was a year that seemed to have more than its share of relatively high-profile corporate governance failures. One of the biggest was Carillion, the UK multinational facilities management and construction firm.
At its height, Carillion was listed on the FTSE 250 and had annual revenues of around £5bn worth of revenues and employed around 43,000 workers across the globe. But over nine months in 2017, the company issued three profit warnings, disclosed £845m worth of write-downs, had 39% wiped from its shares and lost its CEO.
By the time it went into compulsory liquidation in January 2018, Carillion had racked up debts of £1.5bn with less than £30m left in the bank. What causes such wholesale corporate governance failure and how can organisations address it before it escalates out of control?
Governance is a board-level issue
Without wanting to comment on Carillion specifically, there are obviously many elements that can contribute to failure of governance. One of the most important is a lack of board-level focus on achieving good governance.
Despite the many public failures of corporate governance over the years, and the high price paid for such failure, there is still a tendency for governance to be seen almost as a necessary evil. Companies do what they can to demonstrate they are well governed, mostly because of a regulatory landscape that says they must do. Governance is not viewed as business critical and many teams are still attempting good governance with inefficient tools and minimal resources.
Failure to manage risk
This board-level lack of focus on governance then translates into other issues, such as a failure to manage risk effectively. Risk management is essential in 21 st century business, with more risks threatening organisations than ever before, but it’s something that many businesses aren’t doing as well at as they could be, and it’s also something that can contribute to governance failure.
If an organisation’s debt levels are rising for example, that can constitute a major risk. A company that is mitigating risk effectively would be aware of that and know how sustainable the situation was. Risk modelling – in this example relating to capital and liquidity risk – can also raise concerns much quicker, and smart risk modelling could and should be used across every business.
A lack of resource / the right tools
Achieving and demonstrating good governance is a time consuming and complex task. It is never-ending with no fixed start or end point and so is a business discipline that requires proper resourcing and the right tools and technology to enable a team to do the job effectively.
If a governance team – either a stand-alone department or part of an integrated GRC effort – is lacking resource than it is inevitable that things will at some stage be missed. Similarly, despite digitisation being common in many other business functions, it is not uncommon for GRC teams to still be working with analogue tools, such as Microsoft Excel. For a modern business seeking to achieve good governance this is not sufficient, and the right tools are essential.
Internal controls before it is too late
Broadly speaking, governance failure can be attributed to a lack of internal controls. Issues can escalate and are only addressed when momentum has built and it’s much harder to get that control back.
Regulators can to an extent perform the required checks and balances, but this should really only be the last line of defence. No sensible organisation should rely on regulators to catch governance failure – it needs to be found much earlier on.
Continuous and digital GRC
The answer to achieving that lies in a different model of governance, a continuous and digital approach to governance and risk. The very nature of governance is on-going – it’s not like an organisation achieves good governance and that is the end of it – and it is clear that an on-going solution would address that much more effectively than another model.
A digital GRCplatform – supported where appropriate by external experts that know everything about governance requirements– provides the on-going control missing from other solutions. It is highly effective and gives greater peace of mind that governance will be achieved, deadlines are met and that nothing is missed.
Furthermore, it also includes tools that predict and anticipate risk and detect emerging threats. This means senior management become aware much earlier in the process and can take action to ensure an issue doesn’t get out of hand.
Corporate governance failure can be down to many things and it is hard to address them all at once. But using a digital and continuous model, such as that provided by Oxial can play an essential role. It provides the necessary checks and balances and will catch potential risk of governance failure before it is a major problem.