Recent Columns By Rick Steinberg On §404, ERM, More

The principal author of COSO's internal control and ERM frameworks, Compliance Week Columnist Richard Steinberg is a well-known governance and auditing expert. The founder and former leader of PricewaterhouseCoopers' corporate governance practice, Steinberg has authored numerous seminal governance reports, including Corporate Governance and the Board—What Works Best. Some of his most recent columns for Compliance Week are below:

Does It Pay to Be Ethical?

May 21, 2013

For awhile, the idea that ethics was an integral part of business was grounded in the thinking that it was a defense against reputational risk or that it was simply the right thing to do. More recently, though, another notion has come to the fore: that it actually pays to be ethical. Inside, Columnist Richard Steinberg looks over the evidence—anecdotal and empirical—that good behavior is good for the bottom line.
 

Dangerous Risks Lurking in Plain Sight

April 23, 2013

Companies sometimes miss risks that have never occurred and are hard to imagine, but managing risks from events that have occurred in the past or that have happened to competitors, that should be easy, right? Yet, companies fail to manage them all the time. Inside, Columnist Richard Steinberg looks at what can be learned from the failures of others to manage risks hiding in plain sight.
 

New Models for Board Effectiveness

March 19, 2013

There's no shortage of suggestions these days for reforming how boards of directors work, whether it's providing shareholders with more say, or more radical ideas, such as creating two boards or making directorships full-time positions. Inside, Columnist Richard Steinberg considers the merits of these ideas and others and offers his own suggestions for how to make boards more accountable and productive.
 

Toward More Effective Boards

February 05, 2013

Over the last few years, there's been no shortage of cases where boards fell down on their oversight duties. As a result, governance experts have called for changes in how boards are comprised and operate, with some suggesting radical overhaul while others seek modification at the margins. Inside, Columnist Richard Steinberg considers some of the suggested approaches and whether they would improve how boards function.
 

Rogue Fraud or Systemic Corruption? The Difference Means Everything

January 08, 2013

When fraud is uncovered, it could be the one-time actions of a rogue employee or an indication of systemic problems that result from a polluted corporate culture, particularly if there is a history of wrongdoing and a number of employees are involved. Inside, Columnist Richard Steinberg looks at the indicators of each scenario and why they merit two very different responses.
 

Sex and the CEO

December 18, 2012

When CEOs cheat on their spouses, they often do considerable damage to themselves and their companies. When such affairs are exposed, they can disrupt succession plans, cause reputational harm, and raise questions about the executive's ethics and judgment. Inside, Columnist Richard Steinberg follows what happened when CEOs at companies such as Hewlett-Packard and Best Buy got caught in extra-marital affairs.
 

Focusing on the Melody in the Middle

November 20, 2012

Managers and consultants alike never get tired of emphasizing the "tone at the top." But messages that come from the C-suite can get garbled along the way. Inside, Columnist Richard Steinberg looks at why boards and others are increasingly focusing on the "melody in the middle"—the communication by managers with line-level responsibility that may provide a better understanding of what's happening inside the business.
 

Busting the Latest Risk-Management Myths

October 23, 2012

If you've watched the Discovery Channel's "MythBusters," you know that on occasion the show deals with what might be called risk-management issues. For example, when faced with a shark attack, is it a good idea to punch the animal in the nose? Inside, Columnist Richard Steinberg applies the format to corporate risk management and busts some commonly held myths.
 

The Last Days of the Imperial, Unchecked CEO

September 25, 2012

The imperial, command-and-control style of CEO leadership may be a relic in Corporate America, replaced by team-oriented chief executives with a strong board, but it is not extinct. Inside, Columnist Richard Steinberg looks at the pros and cons of the imperial CEO and finds that most companies are better off without leaders with concentrated power who rule with an iron hand.
 

Combating Risk-Management Misconceptions

August 21, 2012

There are plenty of otherwise intelligent and confident managers who have misguided or outright false views of how risk management works. One of the most ill-informed views is that risk management should focus on mitigating the risks of the bad things reoccurring, rather than what could occur. Inside, Columnist Richard Steinberg considers cases where managers pushed risk-management falsehoods to the detriment of the organization.
 

A Roadmap for Compliance Crisis Management

July 24, 2012

The Barclays Libor scandal is among the more egregious misdeeds by a large bank at a time when such failures seem almost commonplace. Barclays' response to the crisis, however, has been uncommonly adept. Inside, Columnist Richard Steinberg examines the bank's management of the crisis and finds some lessons on how companies should act after uncovering wrongdoing.
 

JPMorgan's Risk-Management Failure Will Have Lasting Effects

June 26, 2012

JPMorgan Chase and its CEO Jamie Dimon had established a reputation for effective risk management, until it was recently tarnished by massive trading losses from attempts to hedge against credit risk. While the bank will easily survive the hit, the adverse effects are real and long-lasting. Inside, Columnist Richard Steinberg surveys the damage to the bank and the industry at large.
 

Insights on the SEC's View of Effective Compliance Programs

May 22, 2012

The head of the SEC's Office of Compliance Inspections and Examinations, Carlo di Florio, brings a rigorous approach to pursuing the office's objectives of promoting compliance, preventing fraud, monitoring risk, and informing policy. Inside, Columnist Richard Steinberg takes a look at how di Florio has shaped the SEC unit, including di Florio's views on what makes an effective ethics and compliance program.
 

Watch for Traps and Biases in Decision Making

April 17, 2012

While no bullet-proof method exists for making great decisions, more awareness of common decision-making pitfalls can certainly help. To that end, COSO recently published a guide to common traps and biases in decision making. Inside, Columnist Richard Steinberg examines COSO's advice for avoiding the biases that can lead to poor judgments.
 

The Board's Critical Role in Strategy Development

March 20, 2012

For the last few years, the most common word used in the boardroom has been "risk," but some directors are wondering if they are paying enough attention to the word that usually dominates boardroom discussion: "strategy." Inside, Columnist Richard Steinberg emphasizes the key elements of what works for board oversight of strategic development.
 

Fed's New Rules on Bank Risk a Mixed Bag

February 22, 2012

Along with stress tests and new liquidity requirements, the Federal Reserve is considering a host of new rules for banks and financial institutions that would require them to establish risk committees, designate a chief risk officer, and establish a risk framework. Inside, Columnist Richard Steinberg examines the proposed rules and finds some good ideas along with some that raise concerns.
 

Boneheaded Plays in Risk and Compliance

January 24, 2012

If you watch football on ESPN, you've probably seen the segment "C'mon, man!" where analysts shout, "C'mon, man!" after showing clips of players making particularly "boneheaded" plays—plays that are really dumb or sometimes just inept. Well, much the same can be said for corporate governance and risk management. This week, columnist Rick Steinberg offers his best of the worst in 2011.
 

Revised COSO Internal Control Framework Is Here!

December 20, 2011

The Committee of Sponsoring Organizations released a proposal for a major update to its Internal Control—Integrated Framework, which has become the authoritative document on internal control. Inside, Columnist Richard Steinberg, who played a role in working on the original and the update, provides a sneak peak at what is in the revised version, including a discussion of the "principles" and "attributes" of internal control.
 

Daimler Gets This One Right

November 22, 2011

The stumblings of others make for great case studies on how to improve compliance programs. But on occasion a company's actions serve as a model to follow on how to get it right. When Daimler removed its U.S. CEO for what appear to be lapses in integrity, Columnist Richard Steinberg finds just such an example. Details inside.
 

One More for the Rogues Gallery

October 13, 2011

The $2.3 billion in losses racked up by a single trader at Swiss bank UBS is just the latest result of a series of breakdowns in controls at large banks that let rogue traders gamble recklessly with massive sums. UBS's former CEO claims that there's "nothing you can do," but he should know better. Inside, Columnist Richard Steinberg surveys the wreckage and hunts for lessons on how to create effective controls.
 

We Won't Get Fooled Again ... and Again, and Again

September 20, 2011

Too often companies fail to correct an underlying problem and continue to get tripped up by the same issues. Much of governance, risk management, and compliance is about dealing with the unknown—what could happen—which includes what did happen in the past. Inside, Columnist Richard Steinberg takes a look at three real-life cases where the same set of difficulties, left unaddressed, comes back to haunt.
 

Lessons From the Fall: Where News Corp. Went Wrong

August 23, 2011

The phone-hacking scandal at News Corp. has led to the closure of a 168-year-old newspaper, the resignation—and in some cases arrests—of high-ranking company officials, and a hit to the reputation of the company and its bold chairman. The company's response could be considered a case study in how not to respond to a crisis. Inside, Columnist Richard Steinberg considers the lessons of News Corp.'s debacle.
 

Why Some Companies Fail and Others Succeed

July 26, 2011

When things go wrong, they can go really wrong, and how senior management and the board react can be the difference between survival or failure. Inside, Columnist Richard Steinberg analyzes the common factors at play when once-great companies sink, while others weather any storm and continue to grow and reap the rewards of success.
 

The Foreclosure Fiasco Rolls On

June 21, 2011

Just when they thought it couldn't get any worse, problems in the foreclosure process are multiplying for major banks. Lawsuits are piling up, federal agencies are launching investigations, and the potential for financial penalties is growing. Inside, Columnist Richard Steinberg follows the latest missteps and draws some risk-management lessons from the crisis.
 

Toyota's Risk-Management Failings Emerge

May 24, 2011

The natural disasters in Japan in March caught plenty of companies off-guard. Toyota was among the hardest hit, with production in North America reduced by as much as 75 percent, even though its 17 plants in Japan were relatively undamaged. So how did it happen? Inside, Compliance Week Columnist Richard Steinberg examines some lessons of the automaker's risk management failure.
 

What's Keeping Directors Up at Night?

April 19, 2011

A recent shareholder lawsuit and SEC enforcement actions against corporate directors have raised eyebrows in boardrooms, especially with directors already concerned about reputational damage and potential financial loss. Inside, Columnist Richard Steinberg looks at the risks and finds some reasons for directors to rest easier.
 

The 'Mundane' World of Internal Control

March 22, 2011

Because of misunderstandings and a lack of board oversight, critical elements of the internal control system are woefully lacking at some companies. Inside, Columnist Richard Steinberg dispels some of the myths of internal controls and explains why it's not enough to simply comply with Section 404 of the Sarbanes-Oxley Act.
 

Using the New COSO Risk-Management Guidance

February 15, 2011

Last month the Committee of Sponsoring Organizations issued two reports designed to help companies improve their enterprise risk management processes. Inside, Columnist Richard Steinberg culls the reports for valuable nuggets for getting ERM started or for improving an existing program.
 

Governance Challenges of Performance Measurement

January 25, 2011

Choosing the right performance measures is never easy, but add increased shareholder scrutiny and new performance-related disclosure requirements and the task becomes much more difficult. Inside, Columnist Richard Steinberg discusses the governance challenges of choosing the right performance measures.
 

What 2011 Holds for Governance, Risk, and Compliance

December 21, 2010

2010 was busy year for compliance officers—and so far at least, 2011 is looking like it could be even busier, with the SEC's whistleblower program and possible proxy access on the way. Inside, Columnist Richard Steinberg makes some predictions about what to expect in the coming year.
 

Where Were the Banks’ Internal Controls?

November 16, 2010

After suffering through one of the worst crises in financial history, the big banks that survived the collapse in 2008 now find themselves dealing with another crisis: the foreclosure fiasco. First, banks lost billions on bad home mortgages and now theyre finding they often dont have proper paperwork showing ownership of the properties on which theyre trying to foreclose.
 

Shareholders, Be Careful What You Wish For

October 19, 2010

There’s no doubt shareholders have made great strides in gaining more information and power. They’ve won more disclosure on a series of points, including the experience and skills of director candidates, what the board does to oversee risk management, the role of compensation consultants, and the structure of board leadership, just to name a few. Yes, shareholders have worked long and hard to obtain relevant information, and to wield greater influence on what happens in the boardroom.
 

Did Mark Hurd Deserve to Be Fired From HP? Yes

September 21, 2010

As Compliance Week readers know, Mark Hurd, the hard-charging chief of Hewlett-Packard—who through acquisitions, layoffs, and cost cutting raised the company’s fortunes—was recently fired. The surrounding circumstances are the stuff of tabloids, including allegations of sexual harassment by a female consultant. We may never know exactly what transpired, and we probably don’t need to. But there are some lessons here worth examining.
 

Common Questions About GRC, and Some Answers

August 24, 2010

Earlier this summer I participated on a panel at the Institute of Internal Auditors international conference, held this year in Atlanta. The subject of the panel was governance, risk, and compliance, covering a range of matters raised by the moderator and enthusiastic participants. Compliance Week readers often have similar issues on their minds, so I’d like to share my responses to some of the questions raised. Since I don’t have notes, I’ll do my best in reconstructing my remarks.
 

How Did BP’s Risk Management Lead to Failure?

July 20, 2010

We all know the damage caused so far by the explosion of BP’s Deepwater Horizon offshore oil rig in April: 11 workers killed, economic ruin across the Gulf Coast states, environmental ruin along the Gulf Coast itself. And efforts to stop the continuing undersea oil spill keep falling far short of the solution that’s desperately needed.
 

When to Consider Splitting CEO, Chairman Roles

June 22, 2010

The question of whether to combine the roles of board chairman and CEO or to separate them generates robust debate, with visceral feelings and often-strained relationships. Many institutional investors and leading governance experts, and indeed many sitting directors, argue in favor of splitting the jobs; many CEOs holding the chairman title insist their authority and the company itself would be badly damaged should they be forced to wear only one hat.
 

Wall Street Can Learn From WaMu’s Meltdown

May 18, 2010

At hearings of the Senate Permanent Sub-committee on Investigations looking into causes of the financial crisis, Kerry Killinger, CEO of the now-defunct bank Washington Mutual, contended that his company hadn’t been treated fairly. Documents were released that disclosed how he compared liquidity to oxygen—which, he complained, was provided to other banks in distress, but not to WaMu.
 

Composing a Competent Board of Directors

April 20, 2010

Does your company have the right directors comprising the board? As a member of the senior management team, it’s certainly of concern to you—and of course the company’s shareholders—to determine whether the men and women providing corporate oversight do the job well. And board members themselves, as they look around the boardroom table, must be comfortable that fellow directors are people you can “go to war” with, your reputation (and possibly personal assets) in their hands.
 

Learning From Culture Mistakes at Toyota, J&J

March 23, 2010

Oh, how the mighty have fallen—or at least seen their reputations for quality products and “doing the right thing” for customers badly damaged. Let’s take a look at two recent high-profile cases.
 

Providing Directors the Risk Information They Need

February 17, 2010

My column last month outlined the kind of information boards of directors need to execute their responsibilities, viewed from the director’s perspective. This month I want to continue that discussion, but looking at the opposite side of the coin: what information chief executives, chief compliance officers, chief risk officers, and other top executives should be providing to help directors in their oversight activities.
 

How to Manage Communication About Risks

January 20, 2010

Every corporate director knows he or she needs relevant information to carry out oversight responsibilities effectively. But it’s not easy to know exactly what that information should be, the form it should take, or where it should come from. Unfortunately, experience shows that too often boards of directors don’t sufficiently focus on these issues, get caught by surprise, and pay a high price.
 

What’s Coming in Governance in 2010

December 15, 2009

Adhering to a year-end tradition, once again I offer a wish list of governance enhancements I’d like to see in the coming year. So, with fireplace aglow and coffee-mug close by, here’s what we can hope for in 2010.
 

Board of Directors’ Hot Buttons

November 17, 2009

With memories of the financial crisis still fresh in our minds and questions of “Where were the boards?” still abounding, today’s directors face extraordinary challenges.
 

New Models for Broken Board Governance System

October 20, 2009

To say that these are challenging times to be a corporate director is an understatement. Shareholders are clamoring for greater ability to determine what happens in the boardroom and who sits in the seats; the SEC is proposing a host of new rules requiring a broad range of expanded disclosures; the pace of new lawsuits continues unabated. All this occurs with memories still fresh of the financial system’s near collapse, against a backdrop of an economy still struggling emerge from the “Great Recession.”
 

All Our Governance Mistakes, in One News Cycle

September 22, 2009

Like most people, I read the daily news … and, unfortunately, little shocks me anymore. Recently, however, I was especially distressed to read—in just one day—how many major companies were found to have gone terribly wrong! The reports shed light on what goes on behind closed doors, and how these organizations’ tone at the top had become so tainted.
 

The Shareholder Rights Express Rolls On

August 18, 2009

Well, the shareholder rights express continues to roll down the track.
 

Management’s Role in Merrill Lynch Downfall

July 21, 2009

Many people have analyzed the meltdown of platinum-branded financial institutions, amazed at how quickly they went from supposedly sound and powerful to being taken over or filing for bankruptcy. The lessons to be learned, and hopefully not forgotten, are far-reaching at several levels.
 

Will Shareholder Proposals Benefit or Destroy?

June 23, 2009

The resentment and anger over recent corporate performance, especially in the financial services sector, has gone from bubbling up to boiling over.
 

What Boards Should Know About Groupthink

May 19, 2009

Last month’s column described the dangers of “keeping up with the Joneses” and how businesses seeking to do so have suffered disastrous consequences. I mentioned two corollaries: the risk of blindly following supposed best practices, and of buying into “groupthink.” We explored the former risk in detail last month; this month I want to turn to the latter.
 

A “Best Practice” Lesson: Don’t Follow the Herd

April 21, 2009

When you work with senior executives and boards of directors as long as I have, troubling behaviors that directly affect corporate performance become all too clear. And a number of major corporate failures we’ve all seen in the news can be traced back to these behavioral characteristics. I’ve coined names for these bad habits. Worst is “keeping up with the Joneses” syndrome, followed by its two corollaries: “best practices” and “groupthink.”
 
 Subscribe to the RSS for this page  [view all our RSS feeds here]

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Events of the Week

Addressing the Challenges of Solvency II Pillars 2 and 3
Sponsored by IBM

Information Governance: Managing the Lifecycle of Data
Sponsored by HP Autonomy

Who's Minding the Files? Managing the File Transfer Explosion
Sponsored by IBM

e-Books

Getting It In Writing: The Art of Policy Management
Sponsored by NAVEX Global

Information Governance: Managing the Lifecycle of Data
Sponsored by HP Autonomy

Anti-Money Laundering Illustrated: Visualizing an Effective Capability
Sponsored by OCEG

Thought Leadership

What Does an Effective Customer Risk Assessment Program Look Like?
Sponsored by OCEG

Getting Ready for the Physician Payment 'Sunshine' Rule
Sponsored by Bloomberg BNA

New Compliance Week and Kroll Benchmarking Report on Anti-Bribery & Corruption
Sponsored by Kroll

Strategies for Aligning GRC with Business Priorities
Sponsored by EMC

Upcoming Webcasts

Strengthening Controls in 2013, Part 3: Purchase-to-Pay Cycle
Sponsored by ACL

Evolution of Compliance: 2013 State of Compliance Survey Results
Sponsored by PwC

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.