Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Governance: Transforming
Uncertainty into
Opportunity
William Michalisin, CIA
EVP & COO, The IIA
21 May 2019
Agenda
Transition to Opportunity
Governance Implications
An Era of Disruption
Change Imperative
Change is the New Normal
The greatest danger in times of turbulence is not the turbulence,
it is to act with yesterday’s logic. - Peter Drucker
… and Pace of Change Continues to Increase
McKinsey estimates the current rate of
change is 10 times that of the Industrial
Revolution, and that change is happening at
300 times the scale – and with roughly 3,000
times the impact.
An Era of Disruption
Poised for the Future?
• Business environment shifting rapidly
• Emerging trends & risks:
– Changing demographics and mobility
– Geopolitical instability
– Cyber attacks
– Stakeholder expectations
– Hazards and accidents
• Population and technology growth
• Changes shifting and impacting political/
economic landscape
• Multi-generational workforces
• Diversity and inclusion adoption inconsistent
• Wealth disparity growing
Changing Demographics Impact Everything
Source: www.theodysseyonline.com
Geopolitical Instability:
Competition, Trust, Suspicion
Source: The Global Pulse of Internal Audit Survey Conducted in collaboration with the 2015 Common Body of Knowledge Study
• Questionable ethics and scandals on the rise;
erodes sense of trust
• Cooperation giving way to unilateralism and
protectionism
• Inter-connected nature of the global system
produces cascading risks
• Technological innovation exacerbates the risk
of conflict
• Pace of risks and technological advancements
at conflict with government’s slow response
A Decade of Global Risk Volatility
2009 2014 2019
1 Asset price collapse Income disparity Extreme weather events
2 Slowing Chinese
economy
Extreme weather events Failure of climate-change
mitigation and adaption
3 Chronic disease Unemployment and
underemployment
Natural disasters
4 Global governance
gaps
Climate change Data fraud or theft
5 Retrenchment from
globalization
Cyberattacks Cyberattacks
World Economic Forum: Top 5 Global Risks in Terms of Likelihood
Source: World Economic Forum, The Global Risks Report 2019, 14th Edition
Where Executives See Risks
Top Risks for 2019
1Existing operations meeting performance expectations,
competing against “born digital” firms
2Succession challenge; ability to attract and retain top
talent
3 Regulatory change and regulatory scrutiny
4 Cyber threats
5 Resistance to change operations
6 Rapid speed of disruptive innovations
Source: 2019 Executive Perspectives on Top Risks: Key Issues Being Discussed in the Boardroom and C-suite.
Research by North Carolina State’s ERM initiative and Protiviti. © Protiviti, Inc, 2018
Globally, CEO
confidence in
economic growth
declined from 80%
in 2016 to 65% in
2018.- KPMG Global CEO Survey
Cyber Security Continues to Be a Concern
Source: e27
87%• of board members
and C-level
executives have said
they lack confidence
in their
organization’s level
of cybersecurity
57%• of enterprises have had
a recent significant
cybersecurity incident,
which shows that there
is still more work to do
to strengthen the
corporate shield
EY Global Information Security Survey
52%• of C-suite executives
think their boards are
not fully
knowledgeable about
the risks the
organization is taking
and the measures that
are in place
Stakeholders Demands and Expectations
Are Growing
Source: IIA CBOK Stakeholder Study
Audit Committee Board
Strategic Business
Risk
Operational
Compliance /
Regulatory
Information Technology
Risk Management
Effectiveness
Strategic Business
Risk
Operational
Compliance /
Regulatory
Information Technology
Cost Reduction
13
Hazards & Accidents
Concern Risk
Natural Disaster
Incidents
Damage to personnel, assets, supply
chain, operations, distribution,
markets
Gradual
Environmental
Depletion
Assets at physical risks, declining
yields, and impacted operations,
commodity price spikes, adjustment
to new regulations
Public Health
Crises
Workforce and operations at risk,
healthcare costs
Man-made
Disasters
Operational compromise, risk to
personnel
Governance Implications
Defining Corporate Governance
“the system by which
companies are directed and
controlled”(Cadbury Committee, 1992)
“the exercise of ethical
and effective leadership
by board towards the
achievement of ethical
culture, good
performance, effective
control and legitimacy” (King IV Report)
A set of relationships between a
company’s management, its board, its
shareholders and other stakeholders…
provides the structure through which
company objectives are set and the
means of attaining those objectives are
monitoring performance are determined. (OECD)
BA Share Price
380
400
420
440
460
480
500
520
540
Jan Feb Mar Apr May Jun Jul Aug
Share
Price
(pence
)Effect on British Airways share price of
anti-competitive behaviour allegations
Consequences of Unethical Business Practice
7 Principles of Effective Board Leadership
• Act in the best interest of the company
• Employ healthy skepticism and courage
• Exhibit high integrity and competency
• Incorporate diverse perspectives
• Define parameters for a desired culture
• Commit time and attention to fulfill obligations
• Focus on long-term performance and value
Redefining Governance in the Face of
Disruption
2018 PwC
CYBER SECURITY
Risk oversight
Technological and digital disruption
Changing legislation and regulation Board composition
BOARD DIVERSITY
Shareholder activism
Corporate reporting
Board skills
Crisis management
Integrated Thinking
Value creation and strategy
Compensation and the pay gap
Social media
Sustainability
Board performance taking centre stage
Director Communications
Competitive and innovative disruption
Board succession
ETHICS
Short Termism
Adaptive Governance in a Changing World
• Build an open, discussion-based culture
• Keep board skills current
• Deepen relationships and
understanding
• Focus on the future and resiliency to
disruption
Set the Right Tone & Build an Open Culture
“how things are done.”
• 43% of global directors said their
boards exhibit “resistance to change
and status quo thinking.”
• 33% reported board cultures that
discouraged questions and open
discussions.
• 92% believe improving culture =
greater long-term value.
Source: KPMG – “Building a Great Board: Global Boardroom Insights,” 2016
Source: “Corporate Culture: Evidence from the Field,” Graham, Harvey, Popadak, and Rajgopal; Duke University
Invest in the Right Skills & Mindset…
74% of global
directors reported that
lack of board knowledge
hinders disruptive-risk
oversight.
• Assess future skill sets and leadership
styles needed
• Recruit for diversity and inclusive
mindsets
• Require participation in continuing
education
Establish the Triangle of Success
Board / Audit
CommitteeManagement
Internal Audit
Open culture where healthy, respectful relationships exist with each side
retaining equal power and each understanding roles and responsibilities.
23
Are you discussing disruptive risks?
Everything is fine
The finance application project is right on schedule
• To identify emerging or atypical risks, boards
turn to:
– Executive management 78% of the time
– Internal audit 49% of the time
• 82% confident in management’s preparedness
to address known risks; ONLY 19% expressing
the same for atypical risks.
• Yet, 47% of CAEs report it is fairly common for
management to be caught off guard by these
risks.
Our culture is strong
Transition to Opportunity
No Matter What, a Risk is Still a Risk
• ISO: “the effect of uncertainty.”
• COSO: “the possibility that events will occur
and affect the achievement of strategy and
business objectives.”
• ICGN: Level of uncertainty that can create
economic opportunity: risks are choices
companies make and individuals take.
Leverage Internal Audit Effectively to:
• Provide objective assurance and insight on the effectiveness and
efficiency of risk management, internal control, and governance
processes.
• Share insights that help provoke positive change and innovation
within the organization.
• Help inspire organizational confidence and enables competent and
informed decision making.
• Provide foresight to the organization by identifying trends and
bringing attention to emerging challenges before they become crises.
Audit committee questions for internal audit:
• Is the audit plan risk-based and flexible?
• Does it adjust to changing business and risk
conditions?
• What has changed in the operating environment?
• Is the organization sensitive to early warning signs
regarding safety, product quality, and compliance?
• What role should internal audit play in
auditing the culture of the organization?
Source: Audit Committee Institute. On the 2018 Audit Committee Agenda. © 2017 KPMG, LLP.
“The audit committee should work with the chief audit executive to help identify the risks that pose the greatest threat to the company’s reputation, strategy, and operations and to help ensure that internal audit is focused on these key risks and related controls.”
– KPMG Audit Committee Institute
1. How deeply is internal audit involved in the organization’s discussion on risk?
2. Is internal audit properly positioned and resourced to provide high-quality,
professional assurance and advisory services?
3. Is the head of internal audit free to develop strong relationships with the board
and/or audit committee chair?
4. Does the board/audit committee recognize and support the best conditions
under which internal audit can thrive?
5. How can management and the board support efforts to make the internal
audit activity agile and innovative?
5 Questions Boards Should Be
Asking Internal Audit
Source: 2018 IIA Position Paper: Internal Auditing’s Role in Corporate Governance
Parting Thoughts
Drive Change from Within
• Understand roles and responsibilities
• Lead with the right tone at the top
• Be willing to ask the tough questions
• Encourage an inclusive mindset
• Monitor organizational culture
• Understand emerging technology and atypical risks
• Leverage available resources
Thank You
The Institute of Internal Auditors
William Michalisin
EVP & Chief Operating Officer
Twitter: @wmichalisin
www.theiia.org | www.globaliia.org
© 2019 The Institute of Internal Auditors. All Rights Reserved.