Risk and ethics are familiar concepts within corporate environments and are typically incorporated, to some extent, within governance frameworks. However, they are often approached from fundamentally different perspectives. This should not be an “either/or” choice, but rather a set of complementary processes that work together to reinforce long-term business sustainability.
Structures set the tone
Risk processes are well established. Risk committees form part of governance structures and defined processes generally exist to identify, profile and mitigate risks. With the introduction of the IFRS sustainability standards, companies are now required to consider sustainability-related risks and opportunities (SROs). This explicit sustainability focus may be less familiar to traditional risk committees, and may require adapting existing risk processes, as well as involving cross-functional teams. Nevertheless, SROs can still be addressed through established structures and processes.
How do structures relate to the field of ethics? Ethical practice is loosely defined as ‘doing the right thing’, guided by principles and values such as honesty, respect and fairness. Ethics span both personal and business domains, ideally with consistency of ethical standards applied by individuals and within the organisations in which they operate. While Social and Ethics Committees exist as formal governance structures, and their mandates typically include ethics along with a raft of sustainability-related topics, there is often no clearly defined or entrenched process for embedding ethical behaviour into everyday business practice. As a result, the priority given to promoting an ethical culture varies widely across organisations, from ‘lip-service’ references to corporate values, to more formalised approaches that contextualise and embed ethical decision-making throughout the business.
How they add value
Risk management is inherently forward-looking. It seeks to identify issues that may impact the business and to define appropriate responses. The risk function usually carries a clear leadership mandate, which enables it to mobilise business units and operating entities when mitigation actions are required. Ongoing review mechanisms track both the evolution of risks and the organisation’s progress in addressing them. There is little doubt that a well-managed risk framework enhances organisational resilience and supports more sustainable outcomes.
Ethics, on the other hand, is values driven. There are no predefined issues to manage. Instead, leaders and managers are expected to exercise judgement, weighing what is right or wrong when faced with business decisions. Numerous examples illustrate the consequences of ethical failure: a car manufacturer understating exhaust emission levels, leading to hefty fines and considerable reputation damage; collusion between construction companies or bread producers; or the high-profile cases of corporate complicity in state capture. Conversely, strong ethical practice can generate significant value in the form of brand trust, social and relationship capital. In both cases, the value, whether positive or negative, is difficult to quantify. How does one put a Rand value to a good stakeholder relationship or the avoidance of damaging unethical conduct? Yet once the ethical breaches surface, the downside becomes painfully clear.
When they fall short
No corporate process is foolproof. Risk management focuses on issues considered more material to the business, but if the lens is too narrow or new, unexpected issues arise suddenly, the business can be caught unprepared. The Covid-19 pandemic was not reflected on any corporate risk matrix months before it happened. Similarly, when processes become overly mechanistic and form presides over substance, the risk registers look comprehensive, but mitigation measures may still fall short.
Ethical practice relies on the conduct of individuals. Large organisations contain numerous executives and managers with decision-making authority, many of whom bring personal ethical standards that may not fully align with those of the organisation. Individual behaviour is also driven by short-term incentives that often prioritise productivity and profit over ethical behaviour. Yet significant ethical failures can result from the actions of just one or a few individuals. Barings Bank is a well-known example in which rogue trading by Nick Leeson led to the collapse of a 233-year-old institution and its sale for just one pound. Any effort to embed an ethical culture must therefore be deep, sustained and ongoing. While such efforts may generate substantial, albeit intangible value, it remains easy to be tripped up by just a few.
What is the way forward?
Ethics and risk are two sides of the same coin. Risk management focuses on preventing adverse outcomes, while ethical practice seeks to ensure that decisions and actions are fundamentally right. Both are essential to building resilient, sustainable organisations.
Risk processes are well entrenched and standardised, which may make adoption easier, whereas embedding ethical practice is less clearly defined and more difficult to structure. Yet if value is to be fully realised, businesses need to go beyond compliance by creating structures and investing in these processes. Leadership teams that genuinely care about the long-term success of the business and its impact on society must give equal priority and weight to both.
Contact: Nick Rockey
