Integrity Is Good Business

The business world experiences from time to time an evolution so profound that it forever alters the way organizations operate and deliver shareholder value. While these defining moments often come with significant challenges, they also represent tremendous opportunities for organizations with the

The corporate failures of the past twentyfour months have given rise to a new era in business-one marked by increased stakeholder demands, new regulations, heightened public scrutiny, and enhanced performance expectations. The passage last year of the SarbanesOxley Act was, in large part, in response to the growing need for greater accountability, responsibility, and ethics by those associated with the dissemination of financial information. In this new environment, an organization's survival can depend upon its ability to demonstrate integrity and meet the highest standards for governance, transparency, and accountability.

Today's transformation is challenging for business leaders to ensure that their organizations meet a proliferation of new standards and stakeholder expectations. However, they need to respond in a way that supports performance objectives, sustains value, and protects the organization's brand. That's a tall order.

As a result, achieving excellence in Governance, Risk Management, and Compliance (GRC) has become imperative to an organization's success. Many companies are understandably focused on their ability to excel in these important areas. Some have performed well so far, but are concerned about their ability to sustain their efforts over time. Others, having revamped processes and operations, now find themselves with numerous, fragmented programs, spread across the enterprise, that are difficult to manage and exceedingly costly to maintain. Many are also troubled that their business partners' ethics and commercial practices may not be consistent with their own. Senior management and board members are often cognizant that they may not have the necessary information to make sound business decisions and meet exacting reporting requirements.

The good news is that the pursuit of excellence in GRC, if done properly, may provide unique, measurable opportunities to improve performance, add value, manage risk and build competitive advantage. In other words, ensuring and demonstrating integrity is more than an obligation - it represents good business and a golden opportunity.

Through our research and work with organizations in Orange County, nationally, and across the globe, we have identified certain features common to organizations that are able to manage GRC effectively and, in doing so, substantially translate integrity into performance.

Integration

Most organizations have historically approached governance, risk management, and compliance as discrete activities to be managed separately. This led to accountability issues, communication gaps, redundancies and confusion - disadvantages especially threatening to business value in light of stakeholders' increased demand for integrity.

It has become apparent that successful organizations today are integrating GRC into their organization's to form an ethical and operational basis from which to manage the business. They recognize that organizational success requires the achievement of excellence in all three areas - governance, risk management, and compliance - so that the board, senior management, and the organization as a whole all play a critical role in each component.

An integrated approach to GRC utilizes culture, processes, and technology to address current and emerging requirements and performance expectations.

Properly calibrating risk is critical for an organization committed to integrity-driven performance. Senior management needs to understand risk, and take a thoughtful, measured, and disciplined approach to risk management. The organization needs to monitor and measure the performance of its GRC activities, recognizing that informed risk-taking-when aligned with the organization's values, policies and standards-is integral to its success and entrepreneurial spirit.

Broader View of Compliance

A new vision of compliance is bridging the gap-one that puts stakeholders first; embraces internal governance, ethics and risk management guidelines as well as external regulations; prevents damage to the franchise rather than rebuilding it after the damage is done; and embeds a culture of compliance and integritydriven performance into the marrow of the organization. This new vision approaches compliance with financial and operational policies and procedures, as well as commitments to stakeholders, as seriously as it approaches legal and regulatory mandates.

Some organizations have learned that while technical regulatory compliance is important, meeting the expectations of stakeholders, including environmental and social groups, also can have a significant impact. For example, the stakeholders of major global energy organizations have demonstrated the ability to mobilize public opinion, shape consumer perceptions, boycott goods and services, and impact whether or not the organization is perceived as a responsible corporate citizen.

In the new compliance model, organizations are compelled to focus on preventing, rather than repairing, damage to the franchise. They must foster a culture of compliance and weave integrity-driven performance into the very fabric of the organization.

Once-an organization has adopted a point of view that recognizes the importance of integration and an expanded vision of compliance, it must put those concepts into practice in a structured way in order to achieve its governance, risk management and compliance objectives. This requires a comprehensive, enterprise-wide operating model that employs best practices for envisioning, improving, operating and sustaining a GRC capability aligned with the organization's strategy and risk management objectives.

The Value-Performance Link

Organizations committed to integrity-driven performance are not only doing the right thing for their business, they are realizing measurable benefits. Benchmarking and research by the General Counsel Round-table found that each additional dollar of compliance spending saves organizations on average over five dollars in heightened avoidance of legal liabilities, harm to the organization's reputation, and lost productivity.

Signaling a new focus on the relationship between GRC and proper management, a growing number of credit rating agencies and investor services such as Moody's, Standard & Poor's, Governance Metrics International and Institutional Shareholder Services, are ranking organizations on their GRC performance. In today's environment, investors appear to be willing to pay more for the shares of well-governed organizations, so that GRC performance impacts an organization's ability to attract capital, reduce losses, and allocate capital to its highest and best use.

Tone at the Top

Integrity-driven performance requires strong, demonstrated commitment from senior management and the board. The establishment of the proper tone at the top of the organization is critical in instilling a culture of integrity and ethical values. The top of the organization must ensure that GRC is integrated into core businesses processes, performance is measured, and technology is leveraged to support it.

Final Comments

We believe that business leaders who rise to the challenges of today's new era and create effective GRC programs will be better positioned to realize important benefits, including enhanced reputation and brand, reduced operational surprises, improved strategic decisionmaking, and increased organizational efficiency. Simply stated, the effective integration and high performance in governance, risk management, and compliance across the enterprise are no longer alternatives for a successful business. They represent commercial imperatives.