PAGE ‘The Governance Profession’

PAGE ‘The Governance Profession’

PAGE FCS Waweru G. Mathenge

PAGE GOLDEN JUBILEE YEAR NATIONAL CONVENTION OF COMPANY SECRETARIES (46TH EDITION) AND INTERNATIONAL CONFERENCE (6TH EDITION) AUGUST 30 – SEPTEMBER 01, 2018 BHUBANESWAR, ODISHA, INDIA ‘The ‘TheGovernance GovernanceProfession’ Profession’

PAGE Theme: ‘A Journey of 50 Glorious Years – Connecting from Grassroots to Global’ TOPIC: GRC – A STEP AHEAD TO MEET GROWING STAKEHOLDER EXPECTATIONS . ‘The Governance Profession’

PAGE INTRODUCTION Traditionally, Governance, Risk Management and Compliance have been seen as three separate and distinct disciplines, frameworks or processes within organizations. The three disciplines essentially serve to “keep the train on the rails as it travels to its destination”. They ensure that the organization moves towards achieving its objectives in a manner that well structured and guided, mitigates risks and meets obligations to and expectations of stakeholders. ‘The Governance Profession’

PAGE DEFINITIONS GOVERNANCE The system by which companies are directed and controlled. (Cadbury) The relationships among the management, Board of Directors, controlling shareholders, minority shareholders and other stakeholders (IFC) Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means ‘The Governance Profession’ of attaining those objectives and monitoring performance are

PAGE GOVERNANCE Corporate Governance is the exercise of ethical and effective leadership by the governing body towards the achievement of the following governance outcomes: ethical culture, good performance, effective control and legitimacy.(King IV) The framework of rules and practices by which a board of directors ensures accountability, fairness, and transparency in a company's relationship with its all stakeholders (financiers, customers, management, employees, government, and the community). ‘The Governance Profession’

PAGE RISK MANAGEMENT Risk is a probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action. Risk Management is “the identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks. An organization may use risk assumption, risk avoidance, risk retention, risk transfer, or any other strategy (or combination of strategies) in proper management of future events. ‘The Governance Profession’

PAGE RISK MANAGEMENT Risk management is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party. Types of risks faced by organizations include technological risks, commercial/financial risks, information security risks, legal risks and regulatory compliance risks. ‘The Governance Profession’

PAGE COMPLIANCE Compliance means the certification or confirmation that an person or organization, in the performance of its functions, meets the requirements of accepted practices, legislation, prescribed rules and regulations, specified standards, or the terms of a contract. ‘The Governance Profession’

PAGE COMPLIANCE Compliance means conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the risks and potential costs of noncompliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary. ‘The Governance Profession’

PAGE AN INTEGRATED APPROACH TO GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE (GRC) Governance, risk management, and compliance are three related facets that help assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity. (Scott L. Mitchell, 2004). GRC is a discipline that aims to synchronize information and activity across governance, risk management and compliance in order to operate more efficiently, enable effective information sharing, more effectively report activities and avoid wasteful overlaps. ‘The Governance Profession’

PAGE AN INTEGRATED APPROACH TO GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE (GRC) OCEG defines GRC as a "system of people, processes, and technology that enables an organization to: Understand and prioritize stakeholder expectations. Set business objectives that are congruent with values and risks. Achieve objectives while optimizing risk profile and protecting value. Operate within legal, contractual, internal, social, and ethical boundaries. Provide relevant, reliable, and timely information to appropriate stakeholders. ‘The Governance Profession’ Enable the measurement of the performance and effectiveness of the

PAGE AN INTEGRATED APPROACH TO GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE (GRC) If not integrated, if tackled in a traditional "silo" approach, most organizations must sustain unmanageable numbers of GRC-related requirements due to changes in technology, increasing data storage, market globalization and increased regulation. Internal and external stakeholders demand not only high performance, but also transparency into business operations. ‘The Governance Profession’

PAGE AN INTEGRATED APPROACH TO GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE (GRC) Integrating GRC capabilities does not mean creating a mega-department of GRC and doing away with decentralized or programmatic approaches to risk and compliance management. Nor does it necessarily call for the use of only one GRC technology system. Rather, it is about establishing an approach that ensures the right people get the appropriate and correct information at the right times, that the right objectives are established, and that the right actions and controls necessary to address uncertainty and act with integrity are put in place. When business activities are siloed with their own information kept separate, it is highly likely that wrong or counter-productive objectives will be established, sub-optimal strategies will be selected, and ‘The Governance Profession’

PAGE FORCES DRIVING GRC Business complexity, along with increased regulatory and market scrutiny, is driving organizations to adopt a structured approach to governance, risk and compliance (GRC). The goal is to effectively define, manage and monitor the external and internal business environments. ‘The Governance Profession’

PAGE EXTERNAL FORCES DRIVING GRC (Forrester Research) Political environment. Economic environment. The regulatory and legal risk environment. Adoption of principles-based regulation Rapidly increasing litigation, fines and settlements. Increased scrutiny by financial markets. Technological advancements and disruptions – cyber risks, social media Stakeholder expectations: ethical leadership, corporate citizenship, sustainable development, stakeholder inclusivity, integrated thinking ‘The Governance Profession’ and integrated reporting.

PAGE THE INTERNAL ENVIRONMENT (Forrester Research) Dynamic and complex nature of business Distributed nature of business Intricate web of business partner relationships Ineffectiveness of the scattered approach to risk and compliance ‘The Governance Profession’

PAGE TRENDS IN GOVERNANCE, RISK AND COMPLIANCE (Forrester Research) ORGANIZATIONAL TRENDS A single view of risk and compliance oversight A foundation of ethics built upon culture and principles A development of risk and regulatory intelligence processes. A standardization of business processes, policies and controls. Embracing corporate social responsibility (CSR). Business partner management of risk and compliance The leveraging of risk-consulting services. ‘The Governance Profession’

PAGE TRENDS IN GOVERNANCE, RISK AND COMPLIANCE TECHNOLOGY TRENDS The evolution of technology used for GRC Entrance of the software heavyweights Structuring the GRC technology ecosystem Enhancing risk and regulatory intelligence Developing the central corporate policy management portal Using business process management and rules engines for continuous controls Outsourcing of compliance monitoring ‘The Governance Profession’

PAGE BENEFITS OF INTEGRATED GOVERNANCE, RISK AND COMPLIANCE (Forrester Research) Higher quality information—Integrating GRC information allows management to make more intelligent decisions more rapidly. Process optimization—Non-value-added activities are eliminated and value-added activities are streamlined to reduce lag time and undesirable variation. Better capital allocation—Identification of areas of redundancy and inefficiency allows financial and human capital to be allocated more effectively. ‘The Governance Profession’

PAGE BENEFITS OF INTEGRATED GOVERNANCE, RISK AND COMPLIANCE Improved effectiveness—The net effect of all the activities above means GRC activities are directed to the appropriate people and departments. Protected reputation—When risks are managed more effectively, company reputation is enhanced. Reduced costs—Lower costs contribute to the overall ROI gains represented by effective GRC activities. ‘The Governance Profession’

PAGE ADDRESS THANK YOU PHONE WEBSITE