Talk to us today about how we can help.
ASIC recently released their 56-page report on its review of the boards of AMP, ANZ, CBA, IAG, IOOF, nab and Westpac.
Whilst ASIC found that the boards seem keenly aware of and actively engaged in their oversight of ‘financial risks’ – revenue or cost management – they also found that they are not dealing with non-financial risk (NFR) as well.
ASIC was quite damning. Its comments included:
“Many directors identified challenges with overseeing non‑financial risks in large, complex organisations.”
“Nevertheless, there was no strong, corresponding trend of directors actively seeking out adequate data or reporting that measured or informed them of their overall exposure to non‑financial risks.”
What does good non-financial risk management look like?
Perhaps a twist on “you’ll know it when you see it” might be more applicable here – “you’ll see it when you know it”.
Seeing it starts with understanding the definition of non-financial risks. ASIC takes 93 words + footnotes to define its three component elements: operational risk, compliance risk and conduct risk, which more succinctly might be described as follows:
- operational risk – process failure in either design or execution;
- compliance risk – not meeting the obligations of the law; and
- conduct risk – unethical or illegal activity (which can include failing to meet societal expectations).
Effective non-financial risk management requires distilling what is important across a broad spectrum of matters and business processes, including how decisions are made, how things are done, and their cause and effect. These are much more qualitative and not as direct as adding and subtracting debits and credit.
These elements make NFR different to financial risk but boards are very capable of doing more to manage NFR – as long as the investment is made to structure risk management systems and information flows. Shaped by the board’s risk appetite and with fit-for-purpose risk processes, management can provide, and the board can seek out, meaningful data and insights that enable better oversight of NFR. This richer understanding of the enterprise risk profile, including aspects of culture and conduct, significantly improve the chances of making better business decisions. Management plays the lead role in shaping the NFR systems, frameworks, policies and processes to create the environment for NFR transparency and performance.
For example: here is a list of eight elements that are key to both enabling and ensuring effective risk management.
4 Parts Design
- Accountability – ensuring it is clear whose job it is
- Policy – clear rules they must follow
- Process – an effective means to deliver
- Procedure – clear instructions on how
1 Part Enablement
- Training – awareness and understanding of the above
3 Parts Assurance
- Monitoring – measurement of the process and outcomes
- Reporting – audience specific communication of the efforts and results
- Oversight – Awareness of an appropriate action taken given results
Click here for a bit more of how this structure links to strategy and risk appetite.
Insync is well placed to assist board members and their business use this simple structure to lift performance in the management and overnight of non-financial risks. We have grown up in the detail, know what good practice involves and stand ready to help distil the detail into expectations of performance for boards to set and monitor.
One last reason to seek our help – you’ll sleep better – because poor non-financial management really is something that should be keeping you up at night.