Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Security Leadership and Management / Security Talk Column

How to Keep Up With Governance Risk

Establishing and maintaining a culture across the enterprise that is based on unwavering ethical practices from the boardroom to the lowest level employee is also a key element of effective governance programs.

SEC col body
 

 

One of the most important topics currently on boardroom agendas focuses on governance. Ensuring that the enterprise understands and complies with laws, regulations, policies and procedures is no longer simply enough. Establishing and maintaining a culture across the enterprise that is based on unwavering ethical practices from the boardroom to the lowest level employee is also a key element of effective governance programs. 

As we have witnessed time and time again, the challenges of maintaining profitability, growing the business, defending market share and creating shareholder value has frequently relegated sound governance practices to the back burner. The age-old human traits surrounding ego, greed and the desire to gain power and stature many times result in throwing all caution to the wind.

After the debacles of Enron and WorldCom frauds, Congress passed stricter laws governing how corporations managed risk and increased transparency in disclosures to shareholders. The resulting gamesmanship in corporate filings with the Securities and Exchange Commission (SEC) since Sarbanes-Oxley (SOX) was established has evolved into wordsmithing that is beyond compare. If you ever suffer from insomnia, keep some of these reports by your bedside.

Despite these new legions of controls, we continue to bear witness to one scandal after another. The worst of which, we are still digging ourselves out of, resulted in the massive global economic meltdown caused by financial industries that had leveraged risk well beyond the breaking point. Generally, the resulting government hoopla ends in significant fines being levied against the companies and, in only rare occasions, have the executives responsible for the decisions that resulted in the fine been personally held accountable or criminally charged. The only ones that lose in the end are the shareholders.

All the ethics training and CEO pronouncement about conducting business ethically and complying with company polices as well as laws and regulations in countries where the enterprise operates do not result in effective governance. The leadership team at all levels of the enterprise must “walk the talk.” Too frequently, exceptions to policy are made for senior leaders. Establishing that it is OK for some individuals to violate policy makes the entire policy structure ineffective and virtually unenforceable. Something as simple as the CEO and all management believing they are too important to have to wear ID badges, even though the company policy requires it, establishes a mindset with employees that complying with company policies is optional.

Under the U.S. Foreign Corrupt Practices Act (FCPA), most companies conduct extensive FCPA training and require employees around the globe to sign a document certifying that they have received FCPA training from the company, understand their obligations, and will comply fully with the requirements. However, when you peel back the onion and have frank discussions with workers in countries that are at the top of the list of the most corrupt countries in which to conduct business (which is complied annually by Transparency International), the story you hear is quite different. Local nationals from countries at the top of TI’s list will generally tell you that they believe that all the training and documentation is simply done to provide liability exposure protection for the U.S.-based parent company. The local nationals will also tell you that to achieve the extraordinary results that are expected by the parent company requires them to resort to extraordinary measures in the local marketplace. Senior executives must not be allowed to adopt the ostrich theory of management and must view conditions around the world with a prism focused on the harsh realities of each country.

Books and records are favorite areas wrought with opportunity for policy exceptions. If you talk with any truly honest head of sales you will find that sales are many times booked or delayed according to either the weakness of the current quarter or projections of potential shortfalls in the upcoming quarter. Likewise, CFOs frequently book reserves and then often partially or fully reverse them at a later time, affecting profits in both the quarter they were booked and the quarter they were reversed. How do such actions stack up against the governance policies of your company?

At the end of the day, governance really comes down to two key philosophies: “Doing the right thing when no one is looking!" and “There is no right way to do a wrong thing!”  

 

About the Authors:

 Jerry J. Brennan is the founder and Chief Operating Officer of Security Management Resources (SMR Group), the world’s leading executive search firm exclusively focused in corporate security. Lynn Mattice is Managing Director of Mattice and Associates, a management consultancy focused at the development and alignment of Enterprise Risk Management and Business Intelligence Programs, as well as Intellectual Property Protection and Cybersecurity.  

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Jerry Brennan

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+