It also happens to carry the same penalties as fraud. Negligence, by virtue of not requiring “proof of intent,” is significantly easier to prove than fraud is.
Thanks to changes – including the SEC’s Proxy Disclosure Enhancement – in the industry throughout the past decade, “not knowing” about something like this is considered risk management negligence. News of the illegitimate accounts, 5,300 fired employees, and $185 million in penalties hit mainstream outlets.ĬEO John Stumpf denied any knowledge of the accounts and illegal sales tactics, essentially attributing the scandal to independently acting bad eggs.Įven if this assertion had stuck, neither Stumpf nor Wells Fargo itself would have found themselves off the hook. Why the Wells Fargo controversy resulted from poor risk management oversightįirst, consider the short-term manner in which events unfolded: Recent events at Wells Fargo are a good example. When either is absent, or if the board doesn’t have sufficient oversight of the organisation’s risk management efforts, consequences can be severe. These characteristics are in the name: enterprise risk management (ERM). >See also: Elevating data risk management to the board level Improved communication eliminates unnecessary repetition when identifying and mitigating risks and monitoring controls, preserving time and resources. Risk events, if they happen, almost always impact multiple departments, so it follows that to prevent such events, information needs to be shared and objectively compared. Measurement scales, risk criteria, and language are standardised throughout the organisationĭepartments need to be able to communicate quickly and effectively. They must reconcile what employees should have access to with what they do have access to.Ģ. Proximity to and familiarity with operational risk is inherently connected to larger strategic decisions, which require broad oversight.įor example, for access management to be successful, it must be broken down to the activity level.Īn IT security policy can be centrally owned, but proper access rights management requires that process owners be held accountable. One departmental level can’t fill every function. Each department involves all hierarchical levels in its risk management efforts and bridges across all departments This enterprise-wide integration has two defining characteristics:ġ. Wherever risk management starts, it is most effective when overseen by senior leadership, specifically, the board.Įxecution and maintenance of risk activities occur across all departments, at all levels of the organisation. Again, this can only be achieved with engagement throughout the entire organisation In order to achieve the benefits of innovation, boards need transparency into material risks at the front-line level of the organisation.
0 kommentar(er)
