Governance, Risk Management, and Compliance

An expert's insider secrets to how successful CEOs and directors shape, lead, and oversee their organizations to achieve corporate goals

Governance, Risk Management, and Compliance shows senior executives and board members how to ensure that their companies incorporate the necessary processes, organization, and technology to accomplish strategic goals. Examining how and why some major companies failed while others continue to grow and prosper, author and internationally recognized expert Richard Steinberg reveals how to cultivate a culture, leadership process and infrastructure toward achieving business objectives and related growth, profit, and return goals.

• Explains critical factors that make compliance and ethics programs and risk management processes really work
• Explores the board's role in overseeing corporate strategy, risk management, CEO compensation, succession planning, crisis planning, performance measures, board composition, and shareholder communications
• Highlights for CEOs, senior management teams, and board members the pitfalls to avoid and what must go right for success
• Outlines the future of corporate governance and what's needed for continued effectiveness
• Written by well-known corporate governance and risk management expert Richard Steinberg

Governance, Risk Management, and Compliance lays a sound foundation and provides critical insights for understanding the role of governance, risk management, and compliance and its successful implementation in today's business environment.

Foreword xiii

Preface xix

Acknowledgments xxiii

Chapter 1: What is GRC, and Why Does It Matter? 1

What is GRC? 2

Why GRC Matters 3

Chapter 2: Culture, the Critical Driver 5

What is Culture? 5

More Cultural Failures 6

Companies That Got It Right 8

Being Legal, Honest, Candid, and . . . 10

Integrity versus Spin 13

Speaking the Same Language 16

Chapter 3: Cost-Effective Compliance Programs 21

The Back-Breaking Costs 22

Beyond the Direct Costs 24

Major Mistakes at Platinum-Branded Companies 24

How Companies Got Where They Are 30

Keys to Getting It Right 31

The Compliance Office 36

Making It Happen 38

The Rewards 39

Chapter 4: Ethics Programs: Another Foundational Block 41

Tone at the Top 42

Problems at Daimler 42

Elements of an Ethics Program 43

Setting the Tone at the Top: Hewlett-Packard 51

Chapter 5: Risk Management and the Financial System's Near Meltdown 59

What Went So Terribly Wrong 59

The Regulatory System 63

Merrill Lynch 65

Where Were the Boards? 68

Did CEOs See It Coming? 70

Chapter 6: What Is Risk Management About? 75

Risk 76

Risk Management 79

Enterprise Risk Management 80

Is It Really Worth the Effort? 85

ERM Application Techniques 88

Key Risk Indicators 91

BP 92

Chapter 7: Implementing ERM 99

Drivers for ERM 99

Pitfalls 102

Effective Implementation 106

Roles and Responsibilities 114

Chapter 8: Does Internal Control Really Matter? 119

Impact of SOX 404 on Financial Reporting 122

Responsibility for SOX 404 124

Other Relevant SOX Provisions 126

Do Effective Financial Reporting Controls Really Prevent Fraudulent Financial Reporting? 127

Real Life in the C-Suite 130

Chapter 9: Control over Operational Performance 133

IT Controls 134

Société Générale 135

Washington Mutual 139

Countrywide Financial Corporation 143

The Foreclosure Fiasco 144

Chapter 10: Boards of Directors’ Focus 153

A Focus on the Rules 155

Truly Effective Boards 156

A Public Watchdog? 158

Societal Responsibility 160

Potential Pitfalls 163

Chapter 11: Overseeing Strategy and Risk Management 169

Strategy 169

Risk Management 173

Chapter 12: CEO Compensation, Succession Planning, and Crisis

Management 185

CEO Compensation 185

Succession Planning 192

Crisis Management 196

Chapter 13: Performance Measurement and Reporting 201

Performance Measures 201

Financial Reporting 205

Chapter 14: Building an Effective Board 219

Looking Objectively 220

A Shift in Direction 221

Building a Better Board 223

Board Assessments 226

Bottom Line 230

Chapter 15: Avoiding Board Pitfalls 231

Following the Herd 231

Obtaining Critical Information 238

A Leaky HP Board 245

Another Leak—What Was He Thinking? 249

Chapter 16: Where the Power Lies 251

A Tug of War 252

Shareholder Activism 252

Recent Achievements 253

Dodd-Frank’s Proxy Access 256

Where to Draw the Line 261

Finding the Right Balance 262

Where We Need to Evolve 264

Chapter 17: Structural Issues at the Board 265

Combined versus Separate Chairman and CEO 265

Empowering CEOs in a Shifting Landscape 271

Director Compensation 274

Chapter 18: Looking to the Future 281

New Models for Board Governance 281

A Healthy Governance Environment 285

Boards’ Perspectives on Risk 289

Grasping the Holy Grail of Governance 290

What the Future Holds 293

About the Author 299

Index 301

RICHARD M. STEINBERG is founder and CEO of Steinberg Governance Advisors, Inc. He is a nationally recognized expert on governance, risk, and control, and advises boards of directors of major multinational, large, and middle-market companies. He is a former senior partner of PricewaterhouseCoopers (PwC) and the leader of its corporate governance advisory practice. As an expert in internal control and risk management, Steinberg served as the lead project partner in developing the Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Internal Control—Integrated Framework, and led development of COSO's Enterprise Risk Management—Integrated Framework, the landmark reports recognized as standards for effective internal control and risk management. He has been featured on CNBC's Morning Call and Bloomberg TV's Bloomberg on the Markets and The Bloomberg Report; has guest-lectured at leading business schools including Columbia, MIT, and NYU; has been quoted in publications such as BusinessWeek, Fortune, the Wall Street Journal, Dow Jones MarketWatch, CNN Money, and the Financial Times; and is a monthly columnist for Compliance Week.

While facing various circumstances in different industries, many once-great organizations have watched their fortunes sink, while others ride the wave of economic turbulence to grow and reap the rewards of success. Governance, Risk Management, and Compliance examines this trend, with a realistic look at what separates the organizations that effectively achieve their goals—regardless of the circumstances—from the ones that wonder, "How did this happen to us?"

Renowned corporate governance and risk management expert Richard Steinberg—advisor to major multinationals' boards and CEOs and author of Corporate Governance and the Board—What Works Best, as well as principal author of COSO's internal control and ERM frameworks—helps you better understand the factors that make up the critical infrastructure that drives every organization. Here, you'll discover what must go right to prevent catastrophes and seize opportunities for continued success.

Steinberg provides authoritative insight into the essential collaboration necessary between senior managers and members of the board of directors, with timely discussion of:

• Critical factors for making compliance, ethics, and risk management processes truly effective
• How CEOs and senior management teams cultivate a culture and leadership process to support and drive performance
• How boards of high-achieving companies oversee corporate strategy, risk management, CEO compensation, succession planning, crisis planning, performance measures, board composition, and shareholder communications
• The pitfalls that managers and boards need to avoid
• The future of corporate governance and what's needed for continued effectiveness

With clear guidance on aligning processes, organization, and technology so your company achieves its strategic goals, Governance, Risk Management, and Compliance explains how to protect your company from financial and reputational risk, litigation, and government intervention and avoid the kinds of disasters that can befall any organization.