Board Priorities 2024: Internal Controls
11 January 2024
All companies, led by their boards, must have some form of enterprise risk framework, ideally accompanied by a clear risk-appetite statement and well-understood assurance processes. Boards should ensure these internal controls provide a clear line of sight to the ground level relative to the principal risks each organisation faces.
These controls cannot exist in a compliance silo. To be effective, they rely on a healthy culture, where a common purpose and values and aligned behaviours are considered central to business objectives and continually reinforced by tone from the top. Where paying 'lip service', whether it be on matters of ESG, compliance or internal controls, is challenged. Creating such a culture is by no means easy.
Getting this right will: (1) mitigate directors' personal risk profile, recognising that directors are responsible for the powers they delegate and are always ultimately accountable for their discharge; (2) validate risk appetite and tolerance; (3) mitigate the risk of the reputational fallout from an event which cuts across an organisation's stated purpose and values; and (4) if done properly, allow risk management and related controls to become value enhancing and not just value preserving.