Organizational government and risk management audit

Actions are dictated by values. Identifying organisational values - both proclaimed and actual - will assist an organisation to ensure that most, if not all, its actions are commensurate with these values, and enable it to put in place a robust structure to support the ‘operationalisation’ of its values. Many governance and risk management problems for multinationals and companies trading far from their home base, for example, arise because of differing value systems. A governance and risk management audit helps an organisation to establish clear guidelines about the limits of acceptable behaviour which are consistent world-wide, while recognising where appropriate local social differences. In other words, a governance and risk management audit articulates the core values of an organisation, and assesses the consistency of their internal and external application: internal with respect to what the company or organisation says about itself in its various documents, such as statements about mission and conduct; external with respect to how they act in their host societies and internationally. A governance and risk management audit always begins internally, with a review of ‘paper’, ‘processes’ and ‘people.’ The findings of the audit are then tested out with stakeholder groups, to ensure that the values base is one which is shared by, or at the least acceptable to, key stakeholders. The results provide important management information, and can (and ideally should) be used to report on the organisation’s social and/or governance performance, either as part of the Annual Report or as a supplementary report. In this assessment, you are asked to conduct a governance and risk management audit of an organisation with which you have had some association. It could be a large company, a family business, a school, a hospital, a not-for-profit organisation. It could be any organisation that provides a service or conducts any form of social activity that involves: In this assessment, you are asked to conduct a values and risk audit of an organisation with which you have had some association. It could be a large company, a family business, a school, a hospital, a not-for-profit organisation. It could be any organisation that provides a service or conducts any form of social activity that involves: 1. Some form of statement about what it does and its commitments. This could be a company or organisational mission statement; or marketing material; or any document in which the organisation defines its commitment to abiding by the law, or certain moral codes, or specific cultural or communal commitments. In other words, anything that articulates what the company/organisation stands for with respect to governance and social responsibility. It might be as generic as saying, as Google does, “do no evil”, or as specific as BHP Billiton’s commitment to observing best practice in land remediation of spent mines; 2. Some level of financial management and accountability. This can be at a very high level for a large company, or very modest in a small family business. Either way, there has to be some level of financial or resource accountability, and some level of responsibility for what the organisation does in the conduct of its activities; Page 2 of 7 3. A recognised set of risks to the organisation’s well-being, or to the interest of its stakeholders, that are articulated in some way, whether in the form of an organisational risk management strategy, or some other less formal method of assessing and addressing organisational and/or stakeholder risks. 4. A defined set of services or products. That is, the organisation’s outputs – what it offers its client or customers; 5. A customer or client base. There must be some customer or client base for the audit to make sense, and this needs to be identified, namely, who the organisations serves or supplies. 6. Some level of management structure or identifiable managerial accountabilities responsible for organisational governance and risk assessment and management. For our purposes, an anarchic group of people just doing things for the sake of it to help others, or themselves, but with no formal structure, is not a suitable subject for this exercise. There must be some specific roles and accountabilities, even if poorly defined.