Each of the four above listed businesses, and others, have been in the news for issues relating to culture and governance, and other related matters. The legal structures of these four businesses differ significantly, from privately held, to privately held but with high value and reputation venture capital, to publicly held. I have blogged about the new COSO enterprise risk management (ERM) framework, and that the first of the five major components pertains to culture and governance, and the fifth of the five major components pertains to communicating and reporting.
Would the news about these businesses have been different if COSO ERM had been implemented and followed? Perhaps, perhaps not. We might also ask about and evaluate the executive officers; board, board committees and director oversight; the responsibilities of in-house counsel; the actions of the chief compliance officer (if any); how internal audit (if any) might have been helpful; whether issues came or should have come to the attention of the external auditor (including, for example, during the audit planning phase, or even during a more limited review engagement); workplace practices and policies; and perhaps the actions or inactions of the regulatory agencies (if any).
Culture and governance carry with them the potential to affect value (both positive and negative, and for both financial and reputation value), liability, and damages, not only for the business, but, of course, also for victims (and erroneously accused as we have also seen those situations), and for the executive officers and other management, the board and the directors, HR, the chief compliance officer, in-house legal counsel, the chief of internal audit, the partner running the external audit, the employees for their jobs and possible investment and pension holdings, creditors who have loaned money to the business, founders, owners and investors, customers, consumers, and other stakeholders. And these issues apply not only to public and private businesses, but also to nonprofits and governmental entities, and to the people who are involved in and with them.
It isn’t surprising that actions and events occur that are different than reasonably and primarily anticipated (that is the nature of risk management), and that negative and detrimental events also occur, sometimes without legal fault or liability. However, it is somehow also more disappointing to hear that possible or actual problems were known or might have been known to exist for a length of time without being addressed and remedied.
That’s all. I don’t have any personal knowledge about these specific situations other than what I read in the news. And I’m not casting fault, culpability or liability – each situation needs to be internally and/or externally investigated and evaluated by qualified people with the requisite experience, knowledge, demeanor and approach (i.e., objectively and prudently, and where necessary and prudent by people who are independent and without conflict or bias). Often times (practically always) the situations and facts are different (sometimes better, and sometimes worse) than first thought. And then there is always the prospect for litigation to establish responsibilities and rights, liability, causation, damages and remedies including recovery of damages.
We do seem to be seeing an uptick in discussions about the culture and governance of businesses (private, public, and nonprofit) and government – we’ll see if it lasts, and if more specific expectations develop including greater design, implementation and oversight of culture and governance controls.
Please note that the comments in my blog posts are my own, and are not by no one else, and do not apply or related to any particular or specific person, business or other entity, or situation.
* * * * *