Episode: 230 |
Andrea Bonime-Blanc:
Risk Management:


Andrea Bonime-Blanc

Risk Management

Show Notes

Our guest today is Andrea Bonime-Blanc, a leading global expert in the area of risk management, and the author of five books, including the recently published Gloom to Boom: How Leaders Transform Risk Into Resilience and Value.

Gloom to Boom expands the traditional risk-management framework of ESG, which stands for environmental, social, and governance risks, by adding technological risks, so the acronym gets expanded to ESGT.

In our discussion today we talk about her latest book and her work consulting to Board Directors on risk management.

To learn more about her practice, visit https://gecrisk.com/

One weekly email with bonus materials and summaries of each new episode:

Will: Hello, Andrea. Welcome to the show.
Andrea: Thank you, Will. It’s great to be here.
Will: So, Andrea, in your latest book, Gloom to Boom: How Leaders Transform Risk Into Resilience, you talk about six types of companies including a company that you’ve referred to as the Mafia Company. Give us that overview of those six types of companies real quick. I’d love to hear you talk about that array that you came up with.
Andrea: Sure. So, it’s in the last chapter of the book, so it builds on everything that came before. So, I just want to mention that as a data points since the book is 460 pages long, but the apotheosis of the book is this last sort of typology of organizations which is basically modeled around two major concepts. One is leadership and the other is organizational resilience. And the leadership piece, what I’m looking at is how do the leaders of a specific company or business approach the topics within the rubric of ESG, meaning environmental, social, and governance. And I’ve added a T for technology, so I call it ESG and T, and that’s a large portion of the book.
Andrea: So, how does your leadership deal with ESG and T issues? Do they deal really brilliantly with them, or okay with them, or terribly with them? So, that’s one criteria. And the other criteria is how is your organization organized for purposes of resilience building, and sustainability, and creating value for the most stakeholders. So, you put those two together and that’s where I have my six types of companies or organizations, and they range from the lowest end, which I call the Outlaw Organization, to the best and most highly functional and successful, which is the transformation organization. So, I can talk a little more about those details if you like, but I’ll leave it at that so you can get a word in edge-wise.
Will: Okay, sure. Let’s talk about each end of the spectrum. So, the Outlaw Organization, how would you characterize those? And maybe if you’re willing to give us an example or two.
Andrea: Of course. I can give you a couple of examples of each of these. Basically the Outlaw Organization has leadership that doesn’t, to be very blunt, give a damn about ESG and T issues. They’re only concerned with whatever their outcome is in terms of whatever their goal is, so if it’s the most money or the most trade, and the Outlaw Organization by definition is an illegal organization, so that could be a mafia for example. It could be if you remember a few years ago there was a internet-based sort of illegal trading drug and an arms trading company called Silk Road.
Will: Silk Road. Sure.
Andrea: Yeah. And so, it’s an organization like that where the leadership is basically doesn’t care at all about the issues that fall under those four categories and doesn’t really care about organizational resilience except to the extent that they have what they need to accomplish their goals. And that means having streamlined supply chains and things like that but it doesn’t mean having a good culture or good governance or good risk management except for maybe figuring out risks involved with getting caught by the police or the authorities, so that’s the Outlaw Organization in a nutshell.
Will: Let’s talk about the transformative organization.
Andrea: So, the transformative organization is the other end of the spectrum. And there you have highly evolved, what I like to call enlightened leadership. And that enlightened leadership is usually a CEO, a board, a C-suite, a management team that really takes ESG and T issues seriously. They know what their environmental issues are, they’re social issues, governance, technology, and they not only talk the talk, they walk the talk basically in the sense that they provide resources, they provide leadership tone from the top on whatever those issues are that pertain to them.
Andrea: So, if you’re talking about, in one of my examples in my book is Microsoft, if you’re talking about Microsoft, it’s about putting in the resources, the structures, the programs, the people necessary to be able to really have good risk management, have good sustainability, have good AI ethics in their case, for example, and developing the right kind of tone from the top for those kinds of things. And then that also means having all of those elements of organizational resilience that I outlined in one of the chapters of the book, which are eight in good form, sort of a working like a well-oiled machine or like clockwork, basically.
Will: Let’s talk about each of these elements, ESG and T. So, environment. Beyond meeting the minimum standards of the law of the Clean Water Act or the Clean Air Act, what are the kind of business advantages of going above and beyond the minimum that the law requires for a company?
Andrea: Sure. So, we can think about examples from the past like BP and Deepwater Horizon, and we can think about current examples like PG&E’s, bankruptcy, and California due to a lot of negligence apparently and other issues that have accumulated in the environmental space. So, in some cases, it’s illegal civil or criminal violations taking place with regard to the environment, so that is the worst end of the spectrum. That’s where the companies are not even living up to some of the legal and regulatory expectations. But on the other end of the spectrum are companies that are taking some of these things seriously and developing sustainable products and services where they integrate green issues, and they integrate improvements to the environment or improvements to various products and services that they create, so Unilever is a really good example of a company that has done that for several years.
Andrea: Not only did they look at creating a more sustainable business strategy, but they embedded it into some of their products and services. And they also did some revolutionary things that I think put them in the high, high end of the spectrum of transformative and responsible companies where they decided to only do their financial reporting once a year so that they could focus on the long-term and not just on quarterly earnings. So, those are just quick examples of the spectrum of risk to opportunity that I like to try to illustrate in the chapters each of those chapters. And I’ll just give you a couple of more examples. In the case of the environmental chapter, I don’t only talk about the low end and the risk on wrong cases, but I also talk about some of the very innovative things that are happening.
Andrea: There’s companies that are plastic eating worms that they’re developing, for example, to eliminate the plastic disasters that we have in this world right now in terms of oceans full of plastic and ecological problems of some great import. So, they’re companies that are trying to create alternatives that are sustainable, that are environmentally friendly. So, one of the things I try to do in each of these chapters is really accentuate not just the downside, but also the upside that allows you to develop new products and services, improved products and services that are more environmentally friendly and so on.
Will: Great. Within the social category, tell us a little bit about what that encompasses.
Andrea: Sure. If you’re talking about when you look at the categories of environmental, social, governance and technology, there’s a lot of issues that are embedded under each of those categories. And under social you can find all the human rights-related issues, child labor, slave labor, forced labor. You can find health and safety issues are very important under that category, and so what I’ve done in that chapter is talk about some of the really grotesque stories that are out there. And I focus very heavily on a topic that not everybody pays attention to but all of us have some responsibility for and that is human trafficking and human slavery, which is something that affects about 40 million-plus people in the world today are basically the equivalent of slaves and there are different categories under that. But the bottom line is we all end up supporting that in indirect and unconscious ways because for example, a couple of the industries that I mentioned, the fishing industry is one of them where there’s a lot of slave labor and it’s a horrific area for human rights abuse.
Andrea: And it’s basically about fishing fleets that are out in the Pacific Ocean, for example, that have slave labor from some of the poor Asian-based countries. And there was an exposé in the New York Times a few years ago about this and it’s a really horrific thing. And so, we end up getting cheaper fish in the canned tuna or fresh fish because these people are out there working in these unknown fleets and often losing their lives or being severely injured. So, human trafficking, human slavery is one of the topics I talk about in that chapter.
Andrea: But I also talk about how there are certain industries that are really improving their record on this and the hotel industry is a really good example. I give several examples of like Marriott for example, and others who have learned the hard way, but they’ve learned, and this is a great thing because in hotels you often have prostitution rings and you have other kinds of potential human trafficking and slave labor. And the hotel industry has actually stepped up to the plate in a very proactive way in the last 10 years or so to make sure that this is not happening in their hotels. And if it is happening that there are ways to speak up, even have people call a number, etc.
Andrea: So, I try to always show the upside and the downside or the downside and the upside and get people to think about how they can make improvements despite the difficulties that we’re facing.
Will: Yeah. So, as you advise boards of directors and the senior leadership of companies on these matters, let’s talk about environment and social. What should a member of a Board of Directors be doing or the Board of Directors Risk Committee be doing on the issue of social? How do you make sure that you’re not supporting human slavery or these terrible work conditions at some part of your company somewhere in the world? How does a company go about investigating that and seeing if they’re somehow involved in it at some division in some country somewhere in the world?
Andrea: Well, great question. And this is something where I think boards are weak, and it’s one of my missions in life is to get boards of directors to really understand much better than they do the ESG and T issues that affect their particular business. And I agree, the ENS are, especially the S, is a area that’s difficult and challenging but really where it all lies me at the end of the day is, first of all, you have to know your business well, and where your talent, or your people, or your supply chain goes, those kinds of things, so understanding the business is obviously a critical part of that. So, once you understand what the business is, then you can understand what the social issues might be. If you’re a Boeing, your social issues are health and safety.
Andrea: If your Walmart, in terms of the retail clothing industry, for example, you want to know where your supply chain goes. Does it go into places like Bangladesh where we’ve seen some horrific accidents and buildings that weren’t built to code where people died. So, you have to know the contours of your business in the first place to understand what the social issues are. Not to mention the other EG&T issues, but social often gets left to the side until the scandal happens, so that’s number one. Number two, I can’t say this enough, I don’t think there are enough people on boards that have the right background to think about these issues and ask about these issues. We have mostly CEOs and CFOs. We don’t have people who have corporate responsibility, risk management, compliance, regulatory, government affairs. Those kinds of people don’t usually sit on boards, although I really believe that you need to have a couple of people like that on every single board because otherwise, boards are missing out on some of the key issues that are important to their business strategy and to their success for their shareholders and their stakeholders.
Andrea: So, secondly I think is the idea that you need to have a more diverse board with people who know what questions to ask and what to ask for in terms of what management is doing. I think beyond that it’s really up to management to have a good risk management program in place that incorporates ESG and T issues. And that’s another big area of gap I think for a lot of companies, maybe not the very biggest and the most in the spotlight, but a lot of companies don’t have a decent risk management program in place or an enterprise risk management program in place that is useful and customized to their footprint.
Will: Yeah. So, a question on that is on the financial side, boards will engage one of the big CPA auditing firms to do obviously the audit of the financials and ensure there’s proper financial controls. Are there firms that will do the equivalent for like a social audit of the company?
Andrea: Yes, absolutely. And they’re probably more the smaller, more specialized and even the big four have parts of their business, the consulting side of their business that often do this kind of work. And so, the people are there, the consultants and the experts are there. I think what’s not always there is the will to do this. And I’ll give you an example. You know when the Rana Plaza disaster occurred in Bangladesh a few years ago where a thousand people died because the building was not up to code and it was full of violations and all these people who were working in that building who died were working for subcontractors of subcontractors of all the big manufacturing clothes, manufacturing companies both in Europe and the US, and almost everybody got caught lacking in having the proper kind of auditing that is necessary, social auditing that’s necessary.
Andrea: But one company actually was well-equipped to deal with it because they had the team in place and that’s PVH, which is a Phillips Phillips-Van Heusen, a shirt making company here in the US. They actually have been taking this seriously for many years. And they have social auditing teams in house actually, that go out and check out their contractors, subcontractors and so on. So, it can be done and there are experts both potentially internally to a company and externally as consultants.
Will: Okay. Let’s talk about the governance piece a little bit there. What are the main factors to be looking at on the G?
Andrea: Yeah. So, G is a big topic. Governance to me incorporates everything that’s sort of the legal, regulatory, and compliance piece of a company, so all the laws that you need to observe but it goes beyond that. It goes to best practices, code of conduct, ethics, all the things that have to do with how you want to run your business and how you want to have people treating each other both internally at the company in terms of also the external stakeholders. And then, of course, governance refers to corporate governance, which is all the mechanisms at the board level and at the structural level for the company that is about abiding by filings and other best practices at the board level. Diversity is a big topic in this area as well. And so, you have anti-corruption, anti-fraud, anti-money launder to many people, a soft topic but I would argue very vociferously that it’s not a soft topic. It actually gets people into big trouble both financially and reputationally, so that would be sort of a big picture overview of the G piece so to speak.
Will: And T for technology?
Andrea: T for technology is something that I’ve added to this ESG rubric which has been around for quite a while now. And ESG, as you may know, is something that investors, the investor community has been sort of developing over the last couple of decades, especially in Europe, and now more and more it’s becoming an important thing here in the US. But the T piece is not in there partly because I think ESG was born before the technology issues were really as overwhelming and pervasive as they are today. And so, my idea of including a fourth letter in this ESG and T rubric that I’m suggesting is that we have to include all of these technology issues that are coming at us wildly every single day as we walk down the street, as we read the papers, there’s always something new, disruptive, transformative that is changing the world as we knew it.
Andrea: And so, we have tons of issues cropping up under technology that companies, and businesses, and other kinds of organizations really need to take into account. Cyber happens to be one of them. Privacy issues generally, data, everything having to do with biological DNA, biotechnology, nanotechnology, there’s just one thing after another. And in the book, I have a fairly comprehensive list of some of these things, but there’s more and everything is changing every day. We have cloud issues, we have, you name it. The people out there who are technologists are inventing new things much faster than we can keep up with them. And last but not least, there are ethics issues involved with every single one of these things, so technology to me is the sort of brave new, somewhat scary, highly opportunistic world that requires all hands on deck and people looking at these issues from an ethics and culture standpoint as well as everything else.
Will: Could we turn to some of the work that you do in your consulting practice? Could you give us an overview?
Andrea: Sure. My work is mainly with either individual executives such as chief risk officers, general counsels, chief ethics and compliance officers, sometimes CEOs, and then sometimes with executive teams or boards. So, I will end up doing a lot of education and training for these kinds of groups. I will do board level workshops, executive-level workshops. Some of the things that I do on that level have to do with reputation risk, which is another area that I’ve developed a lot of expertise in. I wrote a book about reputation risk about five years ago, which has been used by many for training purposes, and I also use that framework that I’ve created there to do customized workshops for clients.
Andrea: And then I also have some ongoing clients. One of my biggest clients is a very unusual unique client. It’s called the Federal Oversight and Management Board for Puerto Rico, which is a federally created body created by the Congress in 2016 to oversee the fiscal discipline and economic restructuring of Puerto Rico. And that board has a staff and an executive director that works closely with the Government of Puerto Rico and with the federal government. And of course, anybody who follows Puerto Rico knows that it’s gone through a lot of difficulties first with the economic situation, which with enormous amounts of debt, then a bankruptcy, then a hurricane or two. And so, throughout this, what I do for that board and for the management group is I’m their independent ethics advisors, so I provide both structured ethical advice that has to do with financial disclosure by the top people in this structure, the board, and the management executives. And also conflicts of interest, crisis management when issues come up, and then a lot of proactive training of the staff to spot issues to solve issues. So, it’s almost like being an outside ethics and compliance officer for this body but I’m independent. And that’s important as well because it allows there to be independence and objectivity, so that’s a big client.
Andrea: And then I have a couple of other clients that are UN agencies where I provide strategic advice on integrating for example, an ethics program into the overall business strategy of one of the big UN agencies. And sometimes I partner with, as I mentioned, the chief risk officer or the general counsel of a company or actually of a nonprofit as well to be their strategic partner in thinking through some of their big issues. For example, one of the top 10 nonprofit organizations in the US, their general counsel became their chief risk officer and I assist him in figuring out the enterprise risk management program, how to interface with the board and so on and so forth. So, it’s very diverse and really, I feel extremely lucky to have a such an interesting and diverse practice.
Will: That’s fantastic. Can you share for example, with the work that you do for the Financial Oversight and Management Board for Puerto Rico? What would an example be? It could be hypothetical or real of a conflict or interest or other question where you need an ethics advisor because my thought is there’s probably three classes of issues. There’s one big class that, sort of a non-expert like me would say the answer kind of obvious, right?
Andrea: Right.
Will: So, you don’t need an ethics advisor for a big class of problems.
Andrea: Right. The black and white kind of an issue.
Will: Yeah. I mean there’s like a lot of stuff that’s black and white, like don’t cheat, don’t bribe the person, whatever.
Andrea: Sure.
Will: So, give us an example of something where because there’s just a lot of gray area that you would need someone with an ethics advisor like yourself who’s really studied this and thought about it a lot.
Andrea: Sure. I can talk about something that’s public. So, I get a lot of smaller things where somebody alleges that somebody has a conflict and as you just said, when you’re not an expert in conflicts and sometimes when people have an ax to grind they’ll say, “Oh, that’s a conflict of interest.” But you have to look at the details and the facts. And so, sometimes there will be an allegation that just somebody alleges against someone else and it may or may not be true, and then you have to dig into the facts. And so, you do a mini-investigation, basically asking people questions, looking at documents, and then putting it all together and saying, “Yes. There was a conflict of interest here or an appearance of a conflict, and this is what we’re going to do to solve it.” Or, “This is not a conflict of interest. There were no facts to support this and this is why.” That happens fairly regularly.
Andrea: You just have to walk through the fact. Then there are the sort of bigger situations, and I’ll mention one which is public, where a couple of major newspapers last year basically wrote reports about McKinsey, who is one of the third-party service providers to the Oversight Board, alleging that they had conflicts of interest in the work that they were doing for the board because they also supposedly held Puerto Rican bonds, which is something that you wouldn’t want to have at the same time as your providing financial advice, structuring the economy for Puerto Rico. And so, those allegations came out in the newspapers, and we conducted an in-depth investigation, the Oversight Board together with myself, worked closely with an outside law firm who actually really dug into the details, did a very expansive investigation of the structure of where these bonds were and when they were held.
Andrea: And a big report was produced at the end of that whole process. And that report was publicly filed with the bankruptcy court, and it’s available for everybody to see, and there were some conclusions that were reached in that report that basically said that even though there was an appearance of a conflict, that it was so far removed from the group that was actually doing the work for the Oversight Board, that it really did not affect the people who were working on the particular board projects., And it was something that was remote and had happened a couple of years back. And so, they were, the law firm, and we as the Oversight Board were able to conclude that even though there was no conflict of interest, we actually had eight recommendations that came out of that. And those eight recommendations were basically to beef up what the questions are when you bring in a third party provider into a service contract with the Oversight Board. How you vet the potential conflicts, so creating much more extensive lists of potential conflicted parties. It gets very granular and very detailed.
Andrea: Also, a bunch of different changes in the contract that the sender contract between the Oversight Board and third party providers. And so, we tightened up a lot of the practices even though they were quite good in the first place, but you can’t always catch everything. So, we learned lessons from that investigation, which even though it didn’t find the conflict, it also made recommendations for improvements, and that’s something that I ended up then helping to implement at the Oversight Board level.
Will: Thanks. That’s awesome. So, I’d like to mention that you were one of Ethisphere’s 100 Most Influential People in Business Ethics in 2014 and 2015. Tell us a little bit about some of the… So, that was one example of an ethical conflict. What about some work that you do for corporate boards? What are some of the ethical questions that have come up where you’ve helped provide advice?
Andrea: Gosh, that’s a good question. I usually end up doing more educational and workshop kind of work for them rather than solve conflicts of interest at that level. But I do know a bit about that as well and it’s basically some boards of directors have really good programs in place where they require their board directors at inception when they’re first selected, and they come in, to declare all of their potential conflicts of interest and to disclose them at all times. And then, of course, some boards are lax about that, so things will happen and a conflict will occur and then there’s a problem. But other boards are much better about it because they actually require their directors to not only disclose upfront but also disclose annually and even the best practice is to disclose it when it happens. And that’s something that we actually do at the oversight board as well, is we have a very proactive practice of if you think there’s a conflict, tell me now, don’t wait until someone comes up with it later and says, “Oh, you have a conflict.” So, those are the kinds of conflicts, issues that could come up on a board level.
Andrea: Now, of course, there have been a lot of issues and scandals potentially in the marketplace where board members may have done something improper or illegal. I have not had those kinds of assignments. My assignment with boards has basically been more going in and giving them education updates, workshops on some of the strategic risks and opportunities that exist in the environmental, social, governance and technology space. I do some cyber risk oversight as well. That’s an area where I’ve developed some expertise over the last eight or nine years now where I help boards figure out what their role is from a cyber governance, cyber risk oversight standpoint.
Andrea: And that was an interesting story because I developed that expertise in my last corporate position where I was with a technology company where they asked me to be the head of information security even though I’m not a technologist and I had to learn the hard way what does it mean to have good cyber risk governance, good cyber risk management. And so, I extrapolated that to work with boards and I did a couple of major research projects with the conference board about five, six years ago where we did in-depth research on best practices and cyber risk governance and that sort of evolved into a number of other things and now I’m sort of doing a lot of cyber risk governance, leadership kinds of issue management at the board level, executive level, and also teaching at NYU starting next spring.
Will: All right. Congratulations.
Andrea: Thank you.
Will: You also do some work for the National Association of Corporate Directors as governance faculty.
Andrea: Mm-hmm (affirmative).
Will: For folks that aren’t familiar with that, tell us a little bit about what does the NACD or National Association for Corporate Directors, what do they do?
Andrea: So, they’re the largest association. They’re a nonprofit and the largest association of corporate directors in North America. They also have some foreign members and it’s basically if you’re a member of a board, it could be a nonprofit, it could be for profit. If you’re a member of a board, you can become a member of the NACD, and then you can go through a variety of educational programs that certify you as a certain level of expertise as a board member all the way up to what they call the Governance Leadership Fellow. And then they also have corporate boards, boards, entire boards who are members, and they do a ton of educational work across the year in furtherance of their certifications.
Andrea: They have a big global summit every year, about 2000 people attend. And so, I’ve been very fortunate in the last seven years that I’ve had my own business. I’ve also been a member and faculty for them. I’ve done several programs every year, mostly in the spaces obviously that I’m most expert in, which has to do with ethics, compliance, ESG, cyber, and then they also do assignments to private clients. So, I’m part of a faculty of about 40 people who are all corporate directors and executives who’ve been on boards and go in and do one-day, two-day program for the Board of Directors of company XYZ. So, it’s a very diverse, very interesting, great organization. And I very recently became a board member of one of their local chapters, which is the New Jersey chapter of the NACD. And we do a lot of work, a lot of educational things as well. Plus a annual awards program in New Jersey for the corporate community there., so it’s a very interesting, and diverse, and stimulating group of people and activities.
Will: So, if I think about being a member of the Board of Directors of a Fortune 500 company, you think of this somewhat austere, remote, super impressive person. When you’re serving as faculty and working with those people, what are some of the concerns they have, the biggest risks and so forth that they’re worried about? In terms of either environmental, or financial, or the technology getting hacked, cyber. What are their kind of real personal concerns for the companies that they’re around risk?
Andrea: Well, it’s interesting, I’ve seen it evolve even in the seven years that I’ve been involved with it from a much more standard set of issues that you might categorize in the financial, economic, business planning categories of making sure the business continues to thrive and or make money to now really thinking much more about some of these external issues that I occupy myself with, which are under the categories of ESG and T. And the T piece, of course, the cyber issue is something that’s top of mind for boards. They’re extremely concerned about it. They’re also fairly unprepared to deal with it. And it goes back to a point I made earlier today about diversity on the board. And when I say diversity, I mean all kinds of diversity including gender, race, geographical origin, and as well as expertise.
Andrea: And I think one of the biggest gaps in boards today is that they don’t have enough people with these other lenses. People like myself who have the nonfinancial set of issues, risks, and opportunities that affect business. And so, I think they’re waking up to a couple of really big ones. One is the cyber one which is coming out of left field and really hitting hard, and so there’s a lot of activity going on to get boards up to speed on cyber. And one of the things I have for example is a cyber certificate from Carnegie Mellon in NACD that they collaborated on, which is something that they also provide to NACD and others to get them up to speed with cyber basics.
Andrea: But the other big issue, if you just scan the headlines is the whole issue of culture. And with the beginning with me too, and the Weinstein situation, like three years ago now, actually it’s two years, me too, Weinstein, Wynn Resorts, Uber, there are all of these companies, CBS with Les Moonves, all these companies that have CEOs or other high-level executives that have had either harassment, discrimination, bad behaviors, bullying, whatever you want to call it, taking place. And that’s become a major, major reputational issue, potentially financial issue for them, and so they’re very concerned about that. And it’s not an easy issue to get your arms around, and with my ethics, and compliance, and corporate responsibility background, it’s an area that I have a lot more, I guess, facility for and knowledge about, which if you’re a CFO or CEO, you don’t necessarily spend a lot of time with those issues. So, I think that’s become very important.
Andrea: And in fact, if you just look at the headlines from the last few days, there’s a BlackRock executive who was just dismissed for having an affair with someone on his team, and he was potentially the heir apparent to Larry Fink, so that’s a really big deal. And there has been a couple of others that have been a series of CEOs this year who’ve been dismissed for inappropriate relationships which create cultures, more toxic cultures because they get a pass when others don’t and so on and so forth.
Will: For listeners who are consultants and maybe serving a smaller company, perhaps a company that doesn’t have a full enterprise risk compliance team that 10 million revenue or even 100 million dollar revenue company, what are some of the things that we should be thinking about as we advise the CEO, or the president, or the senior leaders in thinking about these E S G and T risks?
Andrea: Yeah. That’s a great question. And I like to tell people that when I was in the corporate world as an executive, I actually spend the spectrum of sizes of companies too. I was in a couple of startups, and then I was in a couple of really big companies, and one of the things I learned from that is that every company really needs to do its own customized thing when it comes to risk and compliance. And whatever else they need to do, depending on what their business is about, right? So, if you’re a consulting business where you have a bunch of, I don’t know, PhDs, or JDs, or experts that basically go out and do consulting work, it’s one thing, you don’t have too many environmental issues there, but you may have some serious governance risk compliance issues that have to do with making sure that fraud isn’t committed and corruption doesn’t happen and things like that.
Andrea: So, what I would say to answer your question more specifically is you have to deal with your situation based on the resources you have. It always goes back to who the CEO and the leadership is at the end of the day, and so in one of the companies that I was a startup, we were 100 people, and I was the general counsel, but I also wore several other hats. I wore the hat of corporate secretary, of chief compliance officer, and of chief risk officer, and while that might be a bit of a conflict if you’re in a much bigger company and you don’t want to have the same person sitting in all those different roles, the bottom line is take the best people you have who are qualified to do certain things and have them wear a couple of hats and bring together cross-functional teams of willing people who have the eagerness, or the interest, or the expertise to deal with risk management.
Andrea: I mentioned to you earlier how one of my clients is a general counsel who’s also become the chief risk officer of a major nonprofit in the US and there again, they decided, the Board of Directors of that big nonprofit decided to anoint him as chief risk officer and ask him to create an enterprise risk management system for his organization, which has a lot of risks because of the nature of their business, which is in the health area. And so, they didn’t hire a new chief risk officer because it would be too expensive, but they expanded the role of the person that they knew who was capable and interested in doing this. And then that person also gathered sort of a cross-functional team of willing recruits so to speak, to be part of the enterprise risk management team and get the job done and then take it to the board.
Andrea: So, I think every company has to figure out its sweet spot and the people that are willing and able and then work with it. Now, if you don’t have the right leaders asking to get that done, then, of course, you’re not going to get it done. And I found myself in a couple of places where I volunteered myself because I realized nobody was doing something that was really important. But if you don’t have people who are thinking outside the box and wanting to do that, then companies end up with the kinds of high risk, potentially high crisis potential that a lot of companies have.
Will: Fantastic. Andrea, where can people find you online and learn more about your work?
Andrea: Well, thank you for asking. I have a very full website full of resources and information under my company name, which is G-E-C risk, all one word, .com. GEC, by the way, stands for governance, ethics, and cyber. And on that website, you can find book pages for my books that I’ve written. You can find resources under six different categories of things that I do, including governance, and ethics, and cyber, etc. Then some of the articles and interviews that I’ve had over the years, the team page, people that I work with, and some videos as well. And you can also find my contact information on my website, which gives you my email address and phone number.
Andrea: And I also tweet quite regularly as @globalethicist, something I found in my head about eight or nine years ago when I first started tweeting. And I’m also on LinkedIn. I do a lot of posting on LinkedIn. I tried to comment on current affairs as I see them popping up issues. We have issues everyday, so I tried to provide a couple of added value, sort of commentary on some of the things that I see in everyday corporate and even geopolitical life. So, thank you for asking. Those are the answers.
Will: Fantastic. Well, Andrea, thank you so much for being on the show.
Andrea: Well, thank you so much for having me, Will. I really appreciate it.

Related Episodes


AI Project Case Study

Karen Friedenberg


Why and How to Become an Adjunct Professor

Panel Discussion


Building a World-class Professional Services Firm

Russell S. Reynolds, Jr.


AI Project Case Study

Paul Gaspar