svro's picture

Thursday the 14th of May the Risk Management 2009 Event of The Netherlands took place in Utrecht with more than hundred Risk Managers, CFO's, CEO's and Financial Controllers. The afternoon was an interactive program with workshops and a lot of discussions. I

n the morning there were two presenters: Prof. Dr. Van Leeuwen, CEO of Atos Consulting, and Prof. Dr. Cools, Executive Advisor Boston Consulting Group and Member of Monitoring Committee Corporate Governance Code. Cools has performed a very interesting research about "Fraud companies" and for every company on that list a peer "non-Fraud company" with similar size, industry and active at the same continent. First remark is that the Financial companies, which actually have most regulation and spend most money on being "in control", are performing worse in terms of fraud. So is the Risk Management approach as good as we think? It is not the controlling behavior that helps, but the human behavior that causes the problems. It is the money and career that has driven employees to fraud. By comparison of the "Fraud companies" versus their peers, Cools noticed that the "Fraud companies" awarded their employees 2,5 times higher with cash bonuses and 8 times higher with stocks. The "Fraud companies" had on average several years a yearly growth target of 17% against 7% of the peers. Cools concluded that everyone could see that this will go wrong, the only question is when. The "Rock Star CEO" must remain successful on short term and does everything to keep stocks up.

Before Cools interesting presentation of "Out of control", Van Leeuwen has spoken about "In Control". He explained the COSO II ERM Framework that was introduced in 2004, where Risk Management in fact is seen as Internal Control. He has his doubts about the consequences. "You can have the whole world's signature on executed assessments, but still you're not sure if you're really in control. So what's a signature worth then? It's important to have business (managers) that feel responsible and work continuous on improvements of their business processes." Van Leeuwen has created a top 10 of "Where does it go wrong?" The first three points are all process-based:

  1. Unclear processes
  2. Unclear responsibilities and authorizations
  3. Lack of Segregation of Duties (SoD)

The soft human factors and process management are actually the real success factors. The workshops in the afternoon resulted in very interesting discussions with different angles to approach the Risk topic, a fine representation of daily business!

RIsk management event

 

Tags: GRC