Security Leadership and Management / Security Talk Column

How to Keep Up With Governance Risk

Establishing and maintaining a culture across the enterprise that is based on unwavering ethical practices from the boardroom to the lowest level employee is also a key element of effective governance programs.

SEC col body


One of the most important topics currently on boardroom agendas focuses on governance. Ensuring that the enterprise understands and complies with laws, regulations, policies and procedures is no longer simply enough. Establishing and maintaining a culture across the enterprise that is based on unwavering ethical practices from the boardroom to the lowest level employee is also a key element of effective governance programs. 

As we have witnessed time and time again, the challenges of maintaining profitability, growing the business, defending market share and creating shareholder value has frequently relegated sound governance practices to the back burner. The age-old human traits surrounding ego, greed and the desire to gain power and stature many times result in throwing all caution to the wind.

After the debacles of Enron and WorldCom frauds, Congress passed stricter laws governing how corporations managed risk and increased transparency in disclosures to shareholders. The resulting gamesmanship in corporate filings with the Securities and Exchange Commission (SEC) since Sarbanes-Oxley (SOX) was established has evolved into wordsmithing that is beyond compare. If you ever suffer from insomnia, keep some of these reports by your bedside.

Despite these new legions of controls, we continue to bear witness to one scandal after another. The worst of which, we are still digging ourselves out of, resulted in the massive global economic meltdown caused by financial industries that had leveraged risk well beyond the breaking point. Generally, the resulting government hoopla ends in significant fines being levied against the companies and, in only rare occasions, have the executives responsible for the decisions that resulted in the fine been personally held accountable or criminally charged. The only ones that lose in the end are the shareholders.

All the ethics training and CEO pronouncement about conducting business ethically and complying with company polices as well as laws and regulations in countries where the enterprise operates do not result in effective governance. The leadership team at all levels of the enterprise must “walk the talk.” Too frequently, exceptions to policy are made for senior leaders. Establishing that it is OK for some individuals to violate policy makes the entire policy structure ineffective and virtually unenforceable. Something as simple as the CEO and all management believing they are too important to have to wear ID badges, even though the company policy requires it, establishes a mindset with employees that complying with company policies is optional.

Under the U.S. Foreign Corrupt Practices Act (FCPA), most companies conduct extensive FCPA training and require employees around the globe to sign a document certifying that they have received FCPA training from the company, understand their obligations, and will comply fully with the requirements. However, when you peel back the onion and have frank discussions with workers in countries that are at the top of the list of the most corrupt countries in which to conduct business (which is complied annually by Transparency International), the story you hear is quite different. Local nationals from countries at the top of TI’s list will generally tell you that they believe that all the training and documentation is simply done to provide liability exposure protection for the U.S.-based parent company. The local nationals will also tell you that to achieve the extraordinary results that are expected by the parent company requires them to resort to extraordinary measures in the local marketplace. Senior executives must not be allowed to adopt the ostrich theory of management and must view conditions around the world with a prism focused on the harsh realities of each country.

Books and records are favorite areas wrought with opportunity for policy exceptions. If you talk with any truly honest head of sales you will find that sales are many times booked or delayed according to either the weakness of the current quarter or projections of potential shortfalls in the upcoming quarter. Likewise, CFOs frequently book reserves and then often partially or fully reverse them at a later time, affecting profits in both the quarter they were booked and the quarter they were reversed. How do such actions stack up against the governance policies of your company?

At the end of the day, governance really comes down to two key philosophies: “Doing the right thing when no one is looking!" and “There is no right way to do a wrong thing!”  


About the Authors:

 Jerry J. Brennan is the founder and Chief Operating Officer of Security Management Resources (SMR Group), the world’s leading executive search firm exclusively focused in corporate security. Lynn Mattice is Managing Director of Mattice and Associates, a management consultancy focused at the development and alignment of Enterprise Risk Management and Business Intelligence Programs, as well as Intellectual Property Protection and Cybersecurity.  

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Jerry Brennan

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.