HOW BOARDS CAN BENEFIT FROM AN INTEGRATED ASSURANCE MODEL AND FUNCTION IN CORPORATIONS

To effectively oversee enterprise risk and integrity management in corporations, boards need to rely on and foster sound information architecture and solid structures and processes in the company.

However, after decades of investment in risk and compliance management systems, corporations are still struggling with the complexity of the global risk landscape, ever-increasing regulatory activities, and a lack of trust by society in their ability to manage ethical dilemmas and crisis situations.

Recent laws on supply chain due diligence, human rights and environmental, social and governance (ESG) standards, along with responsible artificial intelligence (AI) advancement, pose challenges for boards. Despite receiving detailed risk and compliance reports from management, it is increasingly difficult for boards to understand the overall risk and integrity situation of the company they are overseeing. This issue arises from the traditional, siloed approach in companies of how to manage and structure crisis, risk and compliance topics.

Risk management is often detached from the strategy of the company and reduced to number-driven financial risks. Compliance is in many companies divided into different functions, such as anti-bribery, data privacy, quality, human rights, health and safety, trade sanctions and cyber security. But a siloed governance approach lacks the capability to offer comprehensive horizontal alignment for assessing risks and integrity challenges.

And crisis management is too often seen as a technical tool of the security department instead of putting it into the wider context of risk management, business continuity and constant monitoring. Given this situation, how can the board effectively assess the risks and integrity challenges of a company?

Apr-Jun 2025 Issue

Novartis

Join our free mailing list to read the full article