The current worldwide pandemic due to COVID-19 confronts all industries with considerable economic challenges. This text analyses the subject of organizational risks from the perspective of the board of directors. It argues that compliance is a necessary condition, however not sufficient, for an effective risk governance. It suggests that prudence is something that should be nurtured and promoted at the level of organizational governance. Organizations being complex systems, a holistic framework should be used in approaching risk governance. Risk approaches have been particularly influenced by regulation focusing on financial risks, while there are many additional types of risks, potentially more damaging for organisations. The role of the board of directors has undergone a long evolution from merely “ceremonial” to its current “progressive” form. This chapter argues on a more prudential action by those responsible for corporate governance beyond a normativism approach.
Top1. Introduction
In 2014, CalPERS (California Public Employee’s Retirement System) objected to the re-election of four board members of Duke Energy, a US based energy company, surprising the business world because institutional shareholders were unwilling to tolerate levity when it comes to risk governance. They opposed the re-election of four directors with responsibility for risk management, when their profiles did not show evidence of the minimum competence requirements on the subject (Ormazabal, 2016). Although this case took place in the United States of America, it was a warning to the fact that risk governance is no longer an exclusive issue of executive management, but one in which shareholders are determined to hold the board accountable.
Not only is there increasing pressure on boards directors for a more careful supervision of organisational risks, but organisations need to coordinate for a more proactive involvement of boards in what risks concerns; among other matters generally left to the discretion of executive management. This highlights the need for a more critical and pragmatic analysis of risk governance beyond mere compliance.
The etymological origin of the term ‘risk’ suggests a semantics associated with ‘being in danger’. For its part, the word 'governance', of older origin, was originally related to the art of directing or establishing the course of a ship. From the Latin gubernare, to set course or guide, or from the Greek kybernan, to direct or command a ship. Within the scope of this text, risk governance can be understood as the art and science, of driving a company towards the desired direction, keeping it away from potential dangers, however diverse they might be.
Although governance codes address the responsibility of board directors, it is a normative positioning. Other positions, as for instance the well-known north American business judgment rule, although legitimate at first sight, it may not contribute significantly to the effective governance of a company’s risks, because it has the potential to act as a shield in protecting misbehaviour.
This means going beyond compliance, because the election and realisation of the company’s future is a matter of initiative, not optimisation. In this way, the governing bodies must make the best use of their skills and knowledge in achieving their objectives, while being constrained by the need to carry out adequate governance of the multiple risks, some more strategic, with the potential to severely damage the company. To refer two well-known examples of strategic risks that are not financial in nature, but were quite harming, one can refer the Boeing case. The aerospace manufacturer which seems not to have managed adequately the product and engineering risks regarding some of its plane models, which after the collapse of some of their planes, ended up severely affecting the company´s reputation for safety, together with business performance costs.
Another example, related to the impact of the culture on risk, would be the case of the international oil company BP, which ended up having a cost of more than 62 billion U.S. dollars, related to the accident of the well Makondo on their Deepwater Horizon programme. This seems to derive from a pattern where the need to cut costs to ensure the expected “shareholder’s return” has potentially led to a culture of lack of attention to maintenance and engineering risks, which in the oil industry may have enormous consequences for the environment and human life of those involved in oil fields operations (Lustgarten, 2012).
From these two examples it is clear that there are risks, perhaps greater than the strictly financial ones, which need attention, from the part of those ultimately responsible for corporate governance. It is equally visible that in the last decades events due to force majeure and acts of God are occurring more frequently and with an increasing devastating impact. However, when compared to the financial costs of disasters caused by human behaviour, they often fall short.