There’s a developing trend for general counsel to be involved in enterprise risk management (ERM) research and reporting,’ says Matt Shurte, general counsel of Columbus, Ohio-based food manufacturer Lancaster Colony.
At Lancaster, an ERM committee comprising the company’s CFO, director of international audits and Shurte works to ‘develop policies, procedures and practices for managing our material risk and report these results to the audit committee,’ he explains.
According to Shurte, this arrangement mirrors those at many publicly traded companies, although there are corporations that employ an officer whose primary responsibility is ERM. In the three years Shurte has headed Lancaster Colony’s legal department, his involvement in the ERM process has increased.
‘When I came here, the general counsel was not part of the process,’ he says. He is not the only person to notice the trend. Laurie Champion, managing director and practice leader at Aon Risk Solutions, says when she first began working with ERM clients 16 years ago, general counsel participation in the ERM process was practically unheard of.
In the last decade, however, general counsel have begun to take part, and today ‘we see an increasing number of general counsel heavily involved in leading or co-leading ERM initiatives,’ Champion says. Boston attorney Stephen Honig, a partner with Duane Morris who has 45 years of experience practicing corporate and securities law, is emphatic about the general counsel’s role in the ERM process. ‘A general counsel has to be involved,’ he says. ‘The job of management is to gather information to give to the board. The board has to be sure people are assigned within the company to gather that information.’ It can then evaluate the information with an eye on the firm’s business strategies, he adds.
Why this growing movement toward involving general counsel in the corporate ERM process? ‘A lawyer doing ERM looks at risk from strategic, operational, reporting and compliance perspectives,’ says Mark Gottlieb, a forensic accountant, business evaluation expert and owner of business consultants MSG in New York. Shurte defines ERM as a ‘detailed study of significant risks a business takes to carry on its activities, and things it does to mitigate those risks. Mitigation of risk is very important.’
A thoroughly researched ERM report weighs various risks a company might consider against the potential outcomes of undertaking such chances. When general counsel participate in ERM, corporations benefit in several ways, adds Shurte. For example, a general counsel intimately familiar with prevailing federal, state and local laws can help ensure compliance with those statutes. And while this varies from company to company, ‘a general counsel is in the position to understand a certain type of risk a firm takes. He or she often can add substantive analysis that aids in the overall understanding of acceptable risk,’ says Shurte.
Champion agrees. By the very nature of their profession, general counsel are concerned with corporate governance, so their involvement in the ERM process is a natural, she says. Tapping into both the general counsel’s legal expertise and that of other leadership team members when researching and creating risk management analysis is also important to ensure a good cross-functional understanding of risk and ERM options.
This in turn supports a ‘more efficient way to balance and allocate risk management resources,’ including staff, operations and funding, adds Champion. ‘General counsel bring a very important perspective to the table and, whether or not they are leading the ERM effort, they should be involved,’ she says. ‘This cross-functional approach is the best and most effective way to ensure value from a company’s ERM efforts.’
Perhaps that’s why her definition of ERM both mimics and fine-tunes Shurte’s. ‘ERM is a management discipline that helps organisations identify, understand, manage and report risks they either want or need to take in a proactive or strategic manner,’ Champion explains.
In Honig’s view, general counsel should be involved in the ERM process because an evolved definition of risk actually demands it. ‘Risk was originally conceptualized as financial control risk, the thought that assets were secure, no embezzlement was occurring
and the corporation was in regulatory compliance,’ he points out. Over time, however, boards have learned that it’s not enough for a company to be sure its financials are in order to achieve success. It must also behave in ways that avoid or at least minimize risk.
[Article by Tami Kamin-Meyer, Corporate Secretary]
Business Insider Emails & Alerts
Site highlights each day to your inbox.