Corporate governance

needs integrated

management

Now effective governance is becoming increasingly important to organizations, David Smith explains how integrating multiple management system standards could help

The world’s financial turmoil brought about by poor control practices in US banking and a loss of faith in government and politicians may have made us all a little jaundiced about how such events can be prevented. Will any regulatory requirements produced by governments to curb excess profiteering and large bonuses deal with all of the issues of risk?

There is perhaps a case for greater application of management system standards that can be applied for controlling the risks that face organizations and the societies in which they operate. In the last few years we have seen several occasions where poor management, greed or complacency has lead to:

  • food being unsuitable for consumption
  • dangerous toys being marketed to children
  • the exploitation of the environment
  • workers exploited in poor conditions across the globe
  • examples of extraordinarily poor management of data

The problems of poor corporate governance apply equally to the public sector where organizations have failed some of the more vulnerable members of society.

It is doubtful, however, that new laws, if any are passed, will deal with these issues. In contrast a number of bodies have produced auditable standards that would enable such weaknesses to be detected in some areas of risk, a key area of governance.

How could management systems standards help?

Some organizations have already recognized that the requirements found in ISO 9001 can be applied effectively to meet some of the requirements of Sarbanes-Oxley. The next logical step is to consider where other standards might help in providing more diligent management, integrity and transparency and provide a framework for dealing with such issues as:

  • ethics
  • responsibility to society
  • accountability
  • creating a positive culture in managing an organization’s risks
  • accountable risk management systems

There is no single over-arching management system standard that fits this bill as each standard has been developed for a particular discipline such as quality, security or health and safety. Only those standards that require stakeholders to demonstrate assurance have resulted in certifiable standards such as ISO 9001, AA 1000, OHSAS 18001, ISO 22000 and ISO 27001. Further standards have been developed recently on other key areas of concern for good governance including sustainable development (BS 8900), risk management (BS 31100 and ISO 31000) and social responsibility (ISO 26000).

Many organizations have already seen the benefit of using multiple standards and are implementing an integrated approach because it makes good business sense. Integrating management systems allows organizations to avoid unnecessary duplication of systems and superfluous internal auditing.

Many of the standards available have core elements identified by ISO Guide 72, which adopted a plan-do-check-act, risk-based approach some ten years ago. This model had been further expanded in PAS 99 - the first specification dedicated to creating a framework for integrating management standards.

However, not all standards are owned by standards bodies such as BSI, CEN and ISO, for example AA 1000 and OHSAS 18001. This means it is unlikely that a unified system covering the many areas that require good governance will be produced quickly.

Creating good governance

A preliminary starting point for any organization would be to look at what it already has in place that would support a wider approach to good governance and risk management. The principles of risk assessment in occupational health and safety, for example, are very sound. Those organizations with effective and efficient management systems may find their approach can be expanded to take on this wider role.

The basic occupational health and safety requirements throughout the European Union are the same, managing any risks that are created. All those organizations needing to demonstrate good management of their finance, regulatory compliance and general stakeholder expectation could do worse than to base their governance around the core principles of occupational health and safety risk assessment.

In the fullness of time there may well be an internationally recognized integrated management system framework for managing risks or even a corporate governance standard. In its absence there is merit in adopting generic principles and applying them more widely to demonstrate there are systems in place for governance that can be externally verified. The formulae in OHSAS 18001 and PAS 99 are a good starting point.

About the author

David Smith is a director of iMS Risk Solutions and chair of the British Standards Institution committee responsible for health and safety management systems. He is a prolific writer on management systems standards and recently co-authored ‘Good Governance – a risk based management systems approach to internal control’. He can be contacted at david@imsrisksolutions.co.uk

 
Online Forums logo
Have an issue to raise? A question to ask? Give us your opinions now in the Online Forums.