Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Recent Columns By Rick Steinberg On §404, ERM, More

The principal author of COSO's internal control and ERM frameworks, Compliance Week Columnist Richard Steinberg is a well-known governance and auditing expert. The founder and former leader of PricewaterhouseCoopers' corporate governance practice, Steinberg has authored numerous seminal governance reports, including Corporate Governance and the Board—What Works Best. Some of his most recent columns for Compliance Week are below:

Is Hiring the Well-Connected Really Akin to Bribery?

March 18, 2014

More companies are facing an ethical dilemma when hiring connected individuals. In fact, federal investigators are looking at the hiring practices of big banks to see if they put relatives of powerful Chinese officials on the payroll in the hopes of securing contracts. Inside, columnist Richard Steinberg considers whether such practices cross the line into bribery or if federal regulators are going too far in their pursuit of corruption.

FCPA Focus Will Test the Compliance Function

February 19, 2014

Thanks to an unending series of Foreign Corrupt Practices Act settlements and costly investigations, companies are working to shore up anti-corruption programs. Senior executives and boards have taken notice too and are heaping more pressure on compliance. Inside, columnist Richard Steinberg looks at the increased level of scrutiny and explains why compliance officers might be in for some sleepless nights.

Do We Really Need More Audit Committee Disclosure?

January 22, 2014

Information about what the board does and how it does it has expanded significantly in recent years. Now there's a call for even more disclosure, this time on the activities of the audit committees. Inside, columnist Richard Steinberg examines audit committees' role in financial reporting and whether more disclosure about how they carry out their responsibilities is really necessary.

Directors' Wish List for 2014

December 17, 2013

As the year draws to an end, it's a good time to take a look forward to another year beginning and what it holds for risk and governance. Inside, columnist Richard Steinberg peers inside the minds of board directors and provides their wish list for governance, risk, and compliance in the coming year and what they might really want to say to regulators, activist investors, proxy advisers, and others.

Risk-Management Lessons From the Depths

November 19, 2013

Companies generally assess risk management by looking at their past experiences and those of peer companies, but they can also learn from how risk is dealt with in other environments. Neil Swidey's account of the mistakes that were made during a project to build a waste treatment plant in Boston Harbor, Trapped Under the Sea, is filled with just such lessons. Inside, columnist Richard Steinberg shows how they can be applied to a corporate setting.

Banking Industry Providing Plenty of 'C'Mon, Man' Moments

October 22, 2013

In the second installment of his "C'mon, man" series, borrowed from ESPN's coverage of the National Football League, columnist Richard Steinberg singles out some of the more boneheaded actions of business executives. This time he takes on the banking industry, which seems especially prone to poor decision making, points out errors that have been made, and provides some tips on creating a healthy control environment.

Do You Really Know Your CEO?

September 24, 2013

The CEO is, of course, the most important person in setting a company's ethics and compliance tone. But how can we really know whether any individual is truly honest and ethical? The short answer is we can't, but there are some traits that correlate with unethical behavior. Inside, columnist Richard Steinberg looks at CEO personality traits and habits that could indicate the potential for problem behavior.

Time for New Blood on the Board?

August 20, 2013

The graying of the boardroom is a well-documented trend, but much less consensus exists on what to do about it. Many companies have adopted age or term limits, but some governance experts say they rob boards of wise, contributing members. (Who wouldn't want Warren Buffet on the board, for example?) Inside, columnist Richard Steinberg considers the aging director issue and offers some solutions of his own.

How Siemens Worked to Fix a Culture of Institutionalized Corruption

July 23, 2013

For decades, paying bribes was part of the business model at German engineering giant Siemens. But in 2008, after paying a $1.6 billion fine to German and U.S. authorities, the company set off on a different path. Inside, Columnist Richard Steinberg looks at how the company cleaned up the mess and relays some valuable wisdom from the top executives responsible for transforming the company after the scandal.

Insights Into COSO's Updated Internal Control Framework

June 18, 2013

The updated COSO internal control framework is finally here. While it retains much of the original's fundamentals, it includes enhancements to ensure that the framework is suited to today's technology-driven, global business environment. Inside, Columnist Richard Steinberg, who played a lead role in drafting the original and served as an adviser to the update project team, provides a roadmap to where the changes lie.

Does It Pay to Be Ethical?

May 21, 2013

For awhile, the idea that ethics was an integral part of business was grounded in the thinking that it was a defense against reputational risk or that it was simply the right thing to do. More recently, though, another notion has come to the fore: that it actually pays to be ethical. Inside, Columnist Richard Steinberg looks over the evidence—anecdotal and empirical—that good behavior is good for the bottom line.

Dangerous Risks Lurking in Plain Sight

April 23, 2013

Companies sometimes miss risks that have never occurred and are hard to imagine, but managing risks from events that have occurred in the past or that have happened to competitors, that should be easy, right? Yet, companies fail to manage them all the time. Inside, Columnist Richard Steinberg looks at what can be learned from the failures of others to manage risks hiding in plain sight.

New Models for Board Effectiveness

March 19, 2013

There's no shortage of suggestions these days for reforming how boards of directors work, whether it's providing shareholders with more say, or more radical ideas, such as creating two boards or making directorships full-time positions. Inside, Columnist Richard Steinberg considers the merits of these ideas and others and offers his own suggestions for how to make boards more accountable and productive.

Toward More Effective Boards

February 05, 2013

Over the last few years, there's been no shortage of cases where boards fell down on their oversight duties. As a result, governance experts have called for changes in how boards are comprised and operate, with some suggesting radical overhaul while others seek modification at the margins. Inside, Columnist Richard Steinberg considers some of the suggested approaches and whether they would improve how boards function.

Rogue Fraud or Systemic Corruption? The Difference Means Everything

January 08, 2013

When fraud is uncovered, it could be the one-time actions of a rogue employee or an indication of systemic problems that result from a polluted corporate culture, particularly if there is a history of wrongdoing and a number of employees are involved. Inside, Columnist Richard Steinberg looks at the indicators of each scenario and why they merit two very different responses.

Sex and the CEO

December 18, 2012

When CEOs cheat on their spouses, they often do considerable damage to themselves and their companies. When such affairs are exposed, they can disrupt succession plans, cause reputational harm, and raise questions about the executive's ethics and judgment. Inside, Columnist Richard Steinberg follows what happened when CEOs at companies such as Hewlett-Packard and Best Buy got caught in extra-marital affairs.

Focusing on the Melody in the Middle

November 20, 2012

Managers and consultants alike never get tired of emphasizing the "tone at the top." But messages that come from the C-suite can get garbled along the way. Inside, Columnist Richard Steinberg looks at why boards and others are increasingly focusing on the "melody in the middle"—the communication by managers with line-level responsibility that may provide a better understanding of what's happening inside the business.

Busting the Latest Risk-Management Myths

October 23, 2012

If you've watched the Discovery Channel's "MythBusters," you know that on occasion the show deals with what might be called risk-management issues. For example, when faced with a shark attack, is it a good idea to punch the animal in the nose? Inside, Columnist Richard Steinberg applies the format to corporate risk management and busts some commonly held myths.

The Last Days of the Imperial, Unchecked CEO

September 25, 2012

The imperial, command-and-control style of CEO leadership may be a relic in Corporate America, replaced by team-oriented chief executives with a strong board, but it is not extinct. Inside, Columnist Richard Steinberg looks at the pros and cons of the imperial CEO and finds that most companies are better off without leaders with concentrated power who rule with an iron hand.

Combating Risk-Management Misconceptions

August 21, 2012

There are plenty of otherwise intelligent and confident managers who have misguided or outright false views of how risk management works. One of the most ill-informed views is that risk management should focus on mitigating the risks of the bad things reoccurring, rather than what could occur. Inside, Columnist Richard Steinberg considers cases where managers pushed risk-management falsehoods to the detriment of the organization.

A Roadmap for Compliance Crisis Management

July 24, 2012

The Barclays Libor scandal is among the more egregious misdeeds by a large bank at a time when such failures seem almost commonplace. Barclays' response to the crisis, however, has been uncommonly adept. Inside, Columnist Richard Steinberg examines the bank's management of the crisis and finds some lessons on how companies should act after uncovering wrongdoing.

JPMorgan's Risk-Management Failure Will Have Lasting Effects

June 26, 2012

JPMorgan Chase and its CEO Jamie Dimon had established a reputation for effective risk management, until it was recently tarnished by massive trading losses from attempts to hedge against credit risk. While the bank will easily survive the hit, the adverse effects are real and long-lasting. Inside, Columnist Richard Steinberg surveys the damage to the bank and the industry at large.

Insights on the SEC's View of Effective Compliance Programs

May 22, 2012

The head of the SEC's Office of Compliance Inspections and Examinations, Carlo di Florio, brings a rigorous approach to pursuing the office's objectives of promoting compliance, preventing fraud, monitoring risk, and informing policy. Inside, Columnist Richard Steinberg takes a look at how di Florio has shaped the SEC unit, including di Florio's views on what makes an effective ethics and compliance program.

Watch for Traps and Biases in Decision Making

April 17, 2012

While no bullet-proof method exists for making great decisions, more awareness of common decision-making pitfalls can certainly help. To that end, COSO recently published a guide to common traps and biases in decision making. Inside, Columnist Richard Steinberg examines COSO's advice for avoiding the biases that can lead to poor judgments.

The Board's Critical Role in Strategy Development

March 20, 2012

For the last few years, the most common word used in the boardroom has been "risk," but some directors are wondering if they are paying enough attention to the word that usually dominates boardroom discussion: "strategy." Inside, Columnist Richard Steinberg emphasizes the key elements of what works for board oversight of strategic development.

Fed's New Rules on Bank Risk a Mixed Bag

February 22, 2012

Along with stress tests and new liquidity requirements, the Federal Reserve is considering a host of new rules for banks and financial institutions that would require them to establish risk committees, designate a chief risk officer, and establish a risk framework. Inside, Columnist Richard Steinberg examines the proposed rules and finds some good ideas along with some that raise concerns.

Boneheaded Plays in Risk and Compliance

January 24, 2012

If you watch football on ESPN, you've probably seen the segment "C'mon, man!" where analysts shout, "C'mon, man!" after showing clips of players making particularly "boneheaded" plays—plays that are really dumb or sometimes just inept. Well, much the same can be said for corporate governance and risk management. This week, columnist Rick Steinberg offers his best of the worst in 2011.

Revised COSO Internal Control Framework Is Here!

December 20, 2011

The Committee of Sponsoring Organizations released a proposal for a major update to its Internal Control—Integrated Framework, which has become the authoritative document on internal control. Inside, Columnist Richard Steinberg, who played a role in working on the original and the update, provides a sneak peak at what is in the revised version, including a discussion of the "principles" and "attributes" of internal control.

Daimler Gets This One Right

November 22, 2011

The stumblings of others make for great case studies on how to improve compliance programs. But on occasion a company's actions serve as a model to follow on how to get it right. When Daimler removed its U.S. CEO for what appear to be lapses in integrity, Columnist Richard Steinberg finds just such an example. Details inside.

One More for the Rogues Gallery

October 13, 2011

The $2.3 billion in losses racked up by a single trader at Swiss bank UBS is just the latest result of a series of breakdowns in controls at large banks that let rogue traders gamble recklessly with massive sums. UBS's former CEO claims that there's "nothing you can do," but he should know better. Inside, Columnist Richard Steinberg surveys the wreckage and hunts for lessons on how to create effective controls.

We Won't Get Fooled Again ... and Again, and Again

September 20, 2011

Too often companies fail to correct an underlying problem and continue to get tripped up by the same issues. Much of governance, risk management, and compliance is about dealing with the unknown—what could happen—which includes what did happen in the past. Inside, Columnist Richard Steinberg takes a look at three real-life cases where the same set of difficulties, left unaddressed, comes back to haunt.

Lessons From the Fall: Where News Corp. Went Wrong

August 23, 2011

The phone-hacking scandal at News Corp. has led to the closure of a 168-year-old newspaper, the resignation—and in some cases arrests—of high-ranking company officials, and a hit to the reputation of the company and its bold chairman. The company's response could be considered a case study in how not to respond to a crisis. Inside, Columnist Richard Steinberg considers the lessons of News Corp.'s debacle.

Why Some Companies Fail and Others Succeed

July 26, 2011

When things go wrong, they can go really wrong, and how senior management and the board react can be the difference between survival or failure. Inside, Columnist Richard Steinberg analyzes the common factors at play when once-great companies sink, while others weather any storm and continue to grow and reap the rewards of success.

The Foreclosure Fiasco Rolls On

June 21, 2011

Just when they thought it couldn't get any worse, problems in the foreclosure process are multiplying for major banks. Lawsuits are piling up, federal agencies are launching investigations, and the potential for financial penalties is growing. Inside, Columnist Richard Steinberg follows the latest missteps and draws some risk-management lessons from the crisis.

Toyota's Risk-Management Failings Emerge

May 24, 2011

The natural disasters in Japan in March caught plenty of companies off-guard. Toyota was among the hardest hit, with production in North America reduced by as much as 75 percent, even though its 17 plants in Japan were relatively undamaged. So how did it happen? Inside, Compliance Week Columnist Richard Steinberg examines some lessons of the automaker's risk management failure.

What's Keeping Directors Up at Night?

April 19, 2011

A recent shareholder lawsuit and SEC enforcement actions against corporate directors have raised eyebrows in boardrooms, especially with directors already concerned about reputational damage and potential financial loss. Inside, Columnist Richard Steinberg looks at the risks and finds some reasons for directors to rest easier.

The 'Mundane' World of Internal Control

March 22, 2011

Because of misunderstandings and a lack of board oversight, critical elements of the internal control system are woefully lacking at some companies. Inside, Columnist Richard Steinberg dispels some of the myths of internal controls and explains why it's not enough to simply comply with Section 404 of the Sarbanes-Oxley Act.

Using the New COSO Risk-Management Guidance

February 15, 2011

Last month the Committee of Sponsoring Organizations issued two reports designed to help companies improve their enterprise risk management processes. Inside, Columnist Richard Steinberg culls the reports for valuable nuggets for getting ERM started or for improving an existing program.

Governance Challenges of Performance Measurement

January 25, 2011

Choosing the right performance measures is never easy, but add increased shareholder scrutiny and new performance-related disclosure requirements and the task becomes much more difficult. Inside, Columnist Richard Steinberg discusses the governance challenges of choosing the right performance measures.

What 2011 Holds for Governance, Risk, and Compliance

December 21, 2010

2010 was busy year for compliance officers—and so far at least, 2011 is looking like it could be even busier, with the SEC's whistleblower program and possible proxy access on the way. Inside, Columnist Richard Steinberg makes some predictions about what to expect in the coming year.

Where Were the Banks’ Internal Controls?

November 16, 2010

After suffering through one of the worst crises in financial history, the big banks that survived the collapse in 2008 now find themselves dealing with another crisis: the foreclosure fiasco. First, banks lost billions on bad home mortgages and now theyre finding they often dont have proper paperwork showing ownership of the properties on which theyre trying to foreclose.

Shareholders, Be Careful What You Wish For

October 19, 2010

There’s no doubt shareholders have made great strides in gaining more information and power. They’ve won more disclosure on a series of points, including the experience and skills of director candidates, what the board does to oversee risk management, the role of compensation consultants, and the structure of board leadership, just to name a few. Yes, shareholders have worked long and hard to obtain relevant information, and to wield greater influence on what happens in the boardroom.

Did Mark Hurd Deserve to Be Fired From HP? Yes

September 21, 2010

As Compliance Week readers know, Mark Hurd, the hard-charging chief of Hewlett-Packard—who through acquisitions, layoffs, and cost cutting raised the company’s fortunes—was recently fired. The surrounding circumstances are the stuff of tabloids, including allegations of sexual harassment by a female consultant. We may never know exactly what transpired, and we probably don’t need to. But there are some lessons here worth examining.

Common Questions About GRC, and Some Answers

August 24, 2010

Earlier this summer I participated on a panel at the Institute of Internal Auditors international conference, held this year in Atlanta. The subject of the panel was governance, risk, and compliance, covering a range of matters raised by the moderator and enthusiastic participants. Compliance Week readers often have similar issues on their minds, so I’d like to share my responses to some of the questions raised. Since I don’t have notes, I’ll do my best in reconstructing my remarks.

How Did BP’s Risk Management Lead to Failure?

July 20, 2010

We all know the damage caused so far by the explosion of BP’s Deepwater Horizon offshore oil rig in April: 11 workers killed, economic ruin across the Gulf Coast states, environmental ruin along the Gulf Coast itself. And efforts to stop the continuing undersea oil spill keep falling far short of the solution that’s desperately needed.

When to Consider Splitting CEO, Chairman Roles

June 22, 2010

The question of whether to combine the roles of board chairman and CEO or to separate them generates robust debate, with visceral feelings and often-strained relationships. Many institutional investors and leading governance experts, and indeed many sitting directors, argue in favor of splitting the jobs; many CEOs holding the chairman title insist their authority and the company itself would be badly damaged should they be forced to wear only one hat.

Wall Street Can Learn From WaMu’s Meltdown

May 18, 2010

At hearings of the Senate Permanent Sub-committee on Investigations looking into causes of the financial crisis, Kerry Killinger, CEO of the now-defunct bank Washington Mutual, contended that his company hadn’t been treated fairly. Documents were released that disclosed how he compared liquidity to oxygen—which, he complained, was provided to other banks in distress, but not to WaMu.

Composing a Competent Board of Directors

April 20, 2010

Does your company have the right directors comprising the board? As a member of the senior management team, it’s certainly of concern to you—and of course the company’s shareholders—to determine whether the men and women providing corporate oversight do the job well. And board members themselves, as they look around the boardroom table, must be comfortable that fellow directors are people you can “go to war” with, your reputation (and possibly personal assets) in their hands.

Learning From Culture Mistakes at Toyota, J&J

March 23, 2010

Oh, how the mighty have fallen—or at least seen their reputations for quality products and “doing the right thing” for customers badly damaged. Let’s take a look at two recent high-profile cases.

Providing Directors the Risk Information They Need

February 17, 2010

My column last month outlined the kind of information boards of directors need to execute their responsibilities, viewed from the director’s perspective. This month I want to continue that discussion, but looking at the opposite side of the coin: what information chief executives, chief compliance officers, chief risk officers, and other top executives should be providing to help directors in their oversight activities.
 Subscribe to the RSS for this page  [view all our RSS feeds here]

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Top Global GRC Risks
Sponsored by NAVEX Global

Thought Leadership

Data: The Tail That Wags the Stress Test
Sponsored by Trillium Software

Conflict Minerals Webcast Series
Sponsored by 3e Co., iPoint, Schulte Roth & Zabel and Source Intelligence

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.