TMTYB S01E11 (Risk Management) This is Take Me To Your Board from the Tasmanian Council of Social Service. This show is about governance, and it's not just for aspiring or current board members. It's for anyone who wants to hear from some of the country's top leaders about how a good board really should work. Each episode is based on one of the 10 principles of not-for-profit governance as laid out by the Australian Institute of Company Directors. Hosted by Bridget Delaney and Cameron Allen. Bridget Delaney: Today, I'd like to discuss AICD Principle Number Five: Risk Management. This topic is often followed by little groan or a vague stare at the back wall. It's daunting, scary and potentially overwhelming. So, what is risk? The International Organisation for Standardisation defines risk as the effect of uncertainty on objectives. That all sounds suitably abstract. What it means though, as wonderfully spelled out by the AICD, is that we must understand the risks when making decisions to ensure that the purpose of the organisation is being met with a certain degree of certainty. Cameron Allen: So how does a board determine what level of risk is acceptable? Bridget Delaney: The board works together to make decisions based on three assumptions. First, internal factors like staff skills. Second, external factors like funding availability. And finally, wider factors like climate change. By taking in these factors, the board can have informed decision-making and evaluate how much risk they think is acceptable within their organisation. Cameron Allen: So, in short, what you're saying is risk is inherent in every decision we make. Bridget Delaney: Absolutely. It's about understanding how much risk we as board members and as individuals are happy to progress with. With each case study we've spoken about in the podcast, it has become abundantly clear where the organisation failed to abide by the principle. However, it is this principle that truly identifies how we are going to ensure the success — or at the very least the continuation — of any given organisation. So, let's proceed to the example that shows when risk management isn't done well. Let's join up with Volkswagen. That's right, VWs. I'm going suggest just by saying that name some of you may have perked up and know what I'm talking about. VW is a German brand that prides itself on making good cars. With consistent performance, design and overall quality, it is commonly referred to as the people's car. Founded in 1937, the Volkswagen reputation has been consistently high, first in Germany and then throughout the world. Until in 2015, they recorded their first quarterly loss in 15 years of $2.5 billion, with the CEO of the Volkswagen Group swiftly resigning as part of the fallout that was nicknamed the ‘diesel dupe’. Cameron Allen: TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 1 of 13
So, Bridget, what happened exactly? Bridget Delaney: Well to find out, we've got to go back 10 years to when the US Environmental Protection Agency initiated unprecedented tightening of emissions standards in the US. It was left to the company's engineers to design an engine that met those requirements and continued to service a United States market with Volkswagen vehicles. With strict timeframes and limited budgets for company engineers to make these changes, they came up with an interim solution until they were able to find a suitable fix. They created software that could cheat the emissions tests. The emissions output would change if the car was put into a testing environment which would read that it met the new guidelines. But out on the road day-to-day, the emissions were much higher. This software was installed into the engines of 500,000 US vehicles and 11 million vehicles worldwide. Now, if you are anything like me and don't quite understand how emissions work, just know that the engines were emitting pollutants up to four times above what was allowed. VW had a major push to sell cars in the US with a campaign to back at sales touting their low emissions diesel engine. It won't come as a surprise that eventually it came to light and this defeat device software was discovered. Once discovered, there was nothing for VW to do but admit that they were wrong. The EPA has the power to fine a company up to 37,000 per vehicle that breaches any standard. And as VW soon discovered, when you have 11 million cars out there, that becomes an astronomical amount of money. It blows my mind that a company so well-known could be so blatantly deceitful. But where in the decision to take on this lie was the board? Did they know about the software creation? Were they aware of how much it would cost the VW Group if it was found out both financially and reputationally? Throughout the discovery of this deceit, the culture of VW has come under scrutiny. It is understood that results were the focus at any cost. And from previous episodes of Take Me To Your Board, we know that the culture of the board is often emulated within the organisation. So, on that basis, we need to ask what was the culture of the board? And what were they happy to risk? And if they weren't aware of the deceit, what was their focus? Just quickly, let's touch on the makeup of the board. It's a quick point but an important one. The board was primarily made up of those involved with the Volkswagen Group. In fact, during the crisis, they had no chairperson after their previous chairperson had resigned. When they did assign a new chair, he made this statement: "We must overcome the current crisis. We must also ensure that Volkswagen continues to grow." And here in lies the problem, Volkswagen in Germany was perceived as too big to fail. While the operations were creating software to overcome the increased regulation on emissions, the boardroom was focussed on increasing their reach, ensuring their stakeholders were happy and growing. They were concerned about getting 11 million EPA certified cars out worldwide. They were concerned with growth. This example, like many others, touches on quite a few of our principles; it touches on Board Culture, Transparency and Accountability, Board Performance and many others. But it also shows how good risk management underpins all of these principles. While I find this example so confounding, I look forward to hearing what good risk management looks like and how we can make well thought out board level decisions for the good of all our organisations. Cameron Allen:
TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 2 of 13
Today's special guest is Alicia Leis, Partner (Audit Assurance and Advisory) at WLF Accounting & Advisory. With more than 20 years of experience in the audit and consulting environments, Alicia specialises in internal audit governance, process reviews and risk management. Alicia works with organisations across the state around strategic and risk planning, and among other roles is the previous State Chapter Council Chairperson and Associate of the Institute of Internal Auditors. Welcome, Alicia, to the podcast. It's great to have you on. Alicia Leis: Fantastic to be here. Cameron Allen: First, I'd love to get your hot take with regard to the actions of the Volkswagen board. Now, there's probably a lot to unpack here, but what could the board have done differently to mitigate the risk and where did it all go wrong? Alicia Leis: Yeah. Look, I think it's board members' worst nightmares when they find themselves in a situation like that that destroys the reputation of the organisation that they're a part of. I think board members, there's a difference between ‘did you know’ or ‘did you not know’? So, did you know goes to culture and values and it goes to the behavior of the board as individuals, and how they structured the organisation in terms of what's important. So, a lot of governance and decision-making at board level comes down to what have we prioritised, what goals have we set ourselves, and how committed are we to achieving those. Is it at the disregard of issues like compliance, our corporate values, et cetera? If you don't know, that's a completely different story. So, boards have got a responsibility to make sure that they have tools in their toolkit to make sure they are aware of things that can happen in the organisation and that they've got ways of hearing about what's happening in their organisations, not just through the same channels. So, for example, the CEO will appear in most organisations that will be listening to this podcast and maybe that's their only channel of information. So, they are slightly at risk of not knowing necessarily everything that's going on. So, I think it's a board member's responsibility to really think about how do we set what is important in this organisation, both from a risk management and strategy perspective? And then how am I going to be informed about those things? Cameron Allen: Fantastic. And in terms of VW, some of those tools you mentioned, is there a couple that you could perhaps pull out they should have had in place early doors, which they didn't? Alicia Leis: Yeah. So, I think if you look at that particular case around the performance of their cars, it was really linked to a compliance requirement. And so, there's two things going on in there. There's the culture of the management team, in terms of cover up of particular information. So, what are the tools in place that you would have around the culture of your management team? Things like internal audit and external advisors coming to the board that have experience with the organisation, external customer TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 3 of 13
complaints and feedback loops from outside of your organisation, good whistle blowing policies where people inside the organisation can inform the board if they feel like they're being smothered. So, I think those types of things are important. And the second thing I would say is from a compliance perspective, board members really need to understand the compliance environment for their organisation. So, in their case, it was emissions and those types of rules around what the cars needed to actually do and inform themselves from management how the company or the organisation has set up their frameworks to ensure they comply. Now, if you drive those questions, you're going to have to get reporting from management around what have they put in place to make sure that those compliance obligations are met? Cameron Allen: And would that framework differ greatly if we're looking at a Volkswagen, a multinational company to, say, a small not-for-profit in Tasmania? Alicia Leis: Yeah, it does. It differs in two ways. One is obviously the size and I guess the extent to which the board members are removed from the operations of the organisation. The bigger you are, the more removed you are. So very hard. You need to be much more formalised about how you understand what the business is doing and what the organisation is doing. But likewise, your obligations are less if you're a small not-for-profit. So, most compliance obligations have an overlay of what is appropriate for an organisation of your size and capability in terms of the sophistication of what you do. So really for all organisations you just, as I said, need to be really careful that you're aware as a director on what your compliance obligations are, and to what extent should we at our size comply with those? Which ones are the most critical? And ensure that they're getting some information. Cameron Allen: In your experience, is this something you want to embed early? When you're getting people around the board table, these tools, these checks and balances, they need to be ingrained as you said in the culture of the organisation, but you want to have them named up, don't you? Alicia Leis: Look, I think board agendas can get very full very quickly. And there's not a lot of time in these meetings to really help board members get focussed on what's really important. So, if I look at a board and how they operate, I'd say there's really four critical things that you need to keep your eye on. One is strategy. How is the organisation going? How is it performing? And how are we making sure that we're all focussed on how we define success? Then you've obviously got your financial. I think three and four would be compliance and risk because compliance, we're just seeing more and more and more compliance coming on organisations and greater and greater consequences for organisations that fail to meet those obligations, both reputationally and with regulators. So, compliance and risk, if you can get time on the agenda to make sure that they are at the top of the list, it's really important as your obligations of a director are not only to create value for your organisation, but also to defend value. Cameron Allen:
TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 4 of 13
And they bleed into one another a bit, don't they, in terms of compliance and risk? They're maybe not a happy marriage, but obviously if you don't get one, right, the other one is risk is not looking in a great space either. Alicia Leis: Yeah, absolutely. Look, it's a sub-set. Most organisations that I work with have a risk register that has a whole range of things and compliance will be one of those risks in nearly 100% of circumstances. So, it's a sub-set, but a really important one. And there's more and more focus on that. I think risk is not just what could go wrong. So, I think the important thing with risk is that organisations just don't look at it from a perspective of let's list all the things, let's catastrophise and list all the things that could go wrong. Risk is I like to say like 3D glasses. So, if the definition of risk is the impact of uncertainty on objectives, we've defined our objectives using our strategic plan. That's how we've defined success. Risk is what uncertainties do we have to manage in order to achieve that success? If you look at it from that perspective, it's like strategy and risk are just two different colours of the same lens. And the whole idea of risk management is to help the organisation achieve its objectives. Now, if it fails to comply with something really significant, it's not going to achieve its objectives. It's going to lose its customers or its clientele. It's going to destroy its reputation. It's going to end up with regulatory penalties. So, I think it fits nicely, you're right. But I think risk is broader than just the what could go wrong? Cameron Allen: It does bring me a little bit into my next question too. You mentioned that let's not just reel off a doomsday scenarios or that risk is terrible and we need to run away from risk at all costs. How does an organisation strike that right balance? Is there a harmony? Or does it become an organisation-byorganisation thing? You've worked with a lot, give us your insights. Alicia Leis: Look, I think really the most ineffective risk frameworks that I've seen are a list of catastrophising scenarios of what could go wrong, and then they don't know what to do with it. So, after we've written down all these things that could go wrong and written down a whole bunch of things that we might do if it happens, we don't know what to do after that. So, I think the practical application of risk is let's understand what the critical uncertainties are, and then let's decide what we're going to do about it. Now, in risk, you need to be able to decide to do nothing. Some risks occur external to the organization and there might not be anything we can do or they might be opportunities that we've decided to take deliberately and we're willing to live with that risk. Now, I see very few boards accept risk well. So if you get a really good risk management framework, not only will you be saying, "it's a risk we don't want to take and we're going to put actions in place to make sure we can limit the downside to us," we're also going to be just as good as saying, "we understand the risks of this decision and we're willing to take them and we'll monitor those risks over time." So, I think striking the right balance is making sure you're keeping the conversation about what does this mean for us in terms of what we do with it, not just catastrophising a situation and then not knowing what to do. Cameron Allen:
TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 5 of 13
And you're saying you can't always prepare for risk and some risk is indeed accepted. Is it the political environment, are there a lot of factors that play here when you're talking about risks that perhaps be on your control? Alicia Leis: Yeah, absolutely. That's a great example. So political risk or stakeholder management type risks are exactly you can't predict that. You can't predict market impacts. You can't predict a whole range of things. However, you may choose to take a course of action which you understand you won't know what the political ramifications or the stakeholder response might be, but you've decided as a board that it's a good decision to make for your organisation and you'll manage and monitor those stakeholder and political risks as they come. Likewise, I think from a strategy risk, you might say, "look, this is a strategy, this is an opportunity what you want to take." And we know that we don't really know what the financial returns of this might be, so a not-for-profit might be saying, "well, we're going to try another element to diversify our revenue streams and we don't know if it's going to come off." Good risk management will say, "let's have a go, but let's have these gates in place to check in and make sure we understand what's actually happening along the way." So, I think there's a few strategies that you can take. I'd also say pandemic. If you look at the traditional way of looking at risk, pandemic was in a lot of risk conversations that I had. But it never ended up on the risk register because people used the traditional elements of likelihood. Oh, low, okay, rates low doesn't end up on the register. Now, the conversation's moved a long way from can we look at a crystal ball and predict all possible future scenarios, and the answer's no. Pandemic's taught us that, whole range of things teach us that. What contemporary risk management is really looking at is does the organisation have capability within the organisation and capacity to respond whatever happens? Does that make sense? So, it means that the board's focus needs to be on instead of trying to predict all of these things that are going to happen, let's look at it and say, "does this organisation have the capacity and capability to respond? Do we have good skill sets? Do we have good frameworks for decisions? Do we have good information sources to help us manage risk in real time?" Cameron Allen: That's where it links, I guess, back to organisational culture. And then obviously, the board composition and all those other factors that come into play there. Alicia Leis: Absolutely. The diversity discussion has a lot to do with that because research tells us that the greater the minds and the diverse nature of the minds that are around the table, the more likely we are to really think about all possible risk impacts of the decisions that we're making and get a really good sense of what that looks like so we can make good decisions. Cameron Allen: Now, we're putting ourself into perhaps the shoes of a board member starting out, or indeed a director. How does a board member ensure they're kept abreast of how risk is managed across the organisation? And how much input should they have in that process? Alicia Leis: TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 6 of 13
Risk is a matter for the board. There's no question about that. If you're a board member and you're uninformed about the risk profile for the organisation, we've got a problem to start with. So, I guess as a young board member starting out or somebody that's joining a board, absolutely in your induction, you need to be fully briefed on how the CEO and the rest of the board members see the risk profile for the organisation. And then ensure you've done some reading to make sure you're really up-to-date with the industry context or the legislative context in which that organisation is operating so that you have a view on some of these critical risks. The other part is to make sure that when you're reading board papers and considering issues, give yourself a little cheat sheet of questions. And one of those questions that you should be asking as you're reading things is what risks does this pose for the organisation? What uncertainties exist in this scenario? And how can I, as a board member, add value to that conversation by either asking a question, adding in my expertise around my experience in other organisations to give this organisation the best ability to make a good decision in that case? Cameron Allen: And is that how you gauge the appetite in some ways? In terms of around risk, you have those voices at the table, you all need to be across it and briefed if you're going to be able to inform decisions. Alicia Leis: Yeah. Risk appetite I think you're touching on there, Cameron, is an interesting one because that's very topical at the moment. Lots of people are doing risk appetite as part of their board risk frameworks. Risk appetite's interesting because we all individually have one. So, whether you call it risk appetite or not, we all have one. Cameron Allen: I have an appetite, but I don't know it's for risk. Alicia Leis: So, round the table, you'll have very conservative people- You will have gung-ho entrepreneurial people that think everything's a great idea. You'll have big picture people. You'll have detailed people. So actually, at the table, when you're working with a board, each of us bring an individual risk appetite, and that will come out in the decision-making and the conversations and is quite often the root cause of disagreements at a board level, because we don't have a shared understanding of what risk we want this organisation to take on. So usually when I'm working with boards around risk appetite, I say that to them, "look, we've all got an individual one." The point of having a risk appetite statement is not a rule, it's a tool. So, what I mean by that is we don't set a risk appetite and say, "well, we can't make a decision outside of that." You absolutely can. But at least the tool is there to say, previously when we've had these discussions, we've said we want to take these risks and we don't want to take these risks. So, in making this decision, managements being guided by those principles. And if we want to make a decision which is outside of that, we do it deliberately instead of doing it in an implied and unthought through way. So sometimes, I'll see boards and they'll say, "risk appetite is undefined." And all of a sudden, they'll take enormous risks and they didn't really talk about it. And they didn't deliberately decide to do it, or they didn't deliberately decide TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 7 of 13
not to do anything, it just happened. So, risk appetite is a better formal process of using it as a bit of a tool to guide decision making. Cameron Allen: And that needs to be reviewed quite regularly, doesn't it? I mean as things like the pandemic come along as you've touched on before, obviously things change, the environment changes. And you've got to be nimble in that sense as a board, don't you, to evaluate what does the current environment look like and should we perhaps be chomping off a little bit more here? Alicia Leis: Absolutely, and more so than ever before. So, I think if you have a risk management framework, which was documented and you did a risk register and it's been the same for a number of years, risk is not really working in your organisation. The documents are there, but it's not working in practice. So, in practice, you would absolutely expect to see risk appetite move depending on the circumstances that the organisation finds itself in, and you would expect the risks to move and you would expect your decision-making to move over time. So, when I'm working with organisations now, I'm trying to get them to move more quickly around understanding the risk and responding instead of filling out paperwork. So, I'll quite often say to people we can spend so much time filling out risk management documentation that we don't actually manage the risks. And so that's really important. And likewise, you might have a risk appetite for your organisation, but you might have a different risk appetite for a particular project that might be experimental, it might be innovative. And it's quite appropriate for a board to say, "actually, for this project, we have a different risk appetite," and adapt that over time. Cameron Allen: Because you've spoken about toolkits or cheat sheets. But when you're looking at the risk appetite through the lens of the board, you're reviewing it regularly. Is that informal? Is that formal? Or does it just vary, as you said, depending on the project, depending on the parameters? Alicia Leis: Yeah. Look, I think it should appear in conversations. So, people should be able to challenge those frameworks in real time if they need to. So, if they're making a decision on a project, they can bring it up and say, "is the risk appetite appropriate in this circumstance?" And I also think you need a formal review process to make sure it doesn't slip off the list. Cameron Allen: And how frequently should that happen do you think? Alicia Leis: Look, I think your risk framework should say what the triggers are for that. So, I think most boards wouldn't do a shift in their risk appetite more than annually, but they should do it on a major change in the organisation. So, if something significant happens, you should absolutely revisit it. But usually at the TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 8 of 13
whole of framework level, which includes your risk appetite statements, I would say annually is reasonable. Cameron Allen: Fantastic. Getting a little bit into a different side of risk perhaps, which is when something presents itself, manifests itself, how does the board respond? You've gone through some of the checklists, some of the processes in which they do it, but obviously, you can't throw the baby out with the bath water. Is there a way in which a board can respond and diligently look through the different things and go, "hey, you know what? I've ticked this off, I've ticked that off. Let's sit around the board table and nut this out?" Is there a way in which that's documented that you think is done well? Alicia Leis: Just in terms of having risk discussions in a real time do you mean? Cameron Allen: In response to something that's happened. Alicia Leis: Look, I think just as you've described is what we just need to recognise. I'd say to most organisations that 80% of effective risk management is talking about it. So, forget the documentation, that's 20% of it. And if you've got time and you've got some framework, and that's great, get it done, but the real benefit of risk if you have the capability is the talking. So, if something occurs in your organisation and you need to address it, get around a table and start talking about it straight away. Forget filling out sheets and doing all the bits, get around and talk about it and then just document it quickly. A lot of people then say, "oh, we need a risk register." In those circumstances, I don't worry about a risk register. Just write down the risks you're concerned about and go straight to action planning. So, what are we actually doing about this risk? Are we comfortable with that and is there anything further we need to do? Cameron Allen: And that's where it helps when you have a strong board I imagine, because a good board makes decisions quickly. Alicia Leis: That's right. And most of that's intuitive. So, if you do have a highly functioning board, they'll listen to what's occurred, they'll identify the critical things that need to be addressed in that situation. And then they'll say, "what are we currently doing? And what else do we need to do?" So, I think it is naturally intuitive in good board members, but also a good structure for a conversation if you've got younger ones that are learning as they go along. Cameron Allen:
TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 9 of 13
I think this one's what they call in politics a Dorothy Dixer, but I'm going to say it anyway. Does the board have access to external professional advice on risk management? I think you could impart your advice on that. Alicia Leis: Look, you're asking a professional services partner. So, look, I think it is. I'm on a couple of boards myself and I really value external advice. And not just external advice in relation to risk management, external advice in relation to a range of issues where my capability might be limited or my knowledge or expertise is limited. And again, it comes back to those tools in your toolkit as a director in terms of how you make decisions and informing yourself in the best way. So, if it's IT cyber security, if it's a financial advice piece on a particular project, if it's legal advice around our obligations in certain areas, I think all those advisory pieces need to be seen as risk management advisory. The more input you can get from external parties, the better your decision-making is. So, I think from that perspective, they should be seen like that. In terms of developing your risk management framework, not everyone has time to sit down and study risk management, and I'm sure many of the listeners may find that a boring thing to do. So, there are professionals out there that do this for a living. And if you can access their expertise, there's a lot of frameworks and expertise around how to do it that saves an organisation a lot of time. Cameron Allen: Fantastic. And look, I guess you touched on this a little bit when you said ‘when the time is right’, essentially. But is there a hard and fast rule of in terms of when an organisation should seek out that external advice or a point in time is when we maybe should be getting a third-party opinion? Alicia Leis: Yeah, that's a really interesting question because it is partly judgment as to when you feel like you need that external advice. One of the things that I think is really important in your risk management framework is how do you use the triggers in the risk management framework to guide what might need to happen at that point? So, we develop escalation protocols and response protocols depending on the level of consequence to the organisation. So, for example, if something has very high major catastrophic consequences for an organisation, the board must be told within 24 hours, those types of frameworks in your policies to indicate how these things need to happen. Likewise, you can say, "look, if staff are aware of an issue that has any of these following consequences, not only do the board need to know, but the board may need to trigger some committee arrangement which may indicate yes, we'd also need some external advice." Now, cybersecurity is a perfect example. Business continuity arrangements are another example, crisis and emergency management is another example of where you may be advised that an issue has occurred with conduct or a complaint, and you feel straight away you might need legal advice. So again, linking some of those consequences in your risk management framework to potential actions is helpful. Cameron Allen:
TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 10 of 13
That's great. And let's say risk management, we're generally speaking here, is done well, what does that enable an organisation to do? And how can it make them more effective at a board level, but also across the organisation? Alicia Leis: Yes. So, I would say why do we do risk management? I mean it's a pretty fundamental question. We can spend a lot of time in our organisations filling out risk registers and creating a stream of work. Cameron Allen: You have it in for risk registers. Alicia Leis: Well, I mean they serve a purpose and I still have them, but I just see people obsessed with them. So, I would say let's think about what it's there for. It's there to help you make better decisions. That's what risk management is there for. It is there to help you think about the potential uncertainties and consequences to your organisation and inform yourself in a broad way of what would be the best way to respond? So, if we're doing it well, the framework helps us make decisions. So, if it sits there as a separate agenda item and board members are getting a risk register and they don't know what to do with it, that's a pretty good indication that it's not helping you make decisions. Cameron Allen: What do they call it? The old standing item on the agenda. Alicia Leis: The standing item, the big complicated colorful table and all the board members say, "thank you very much. That was very informative," and everyone moves on. So, risk has to be embedded into everything that we do. It's a way of thinking. It's a way of challenging what we're thinking about. It's a way of helping guide better decision-making. So, I think I said at the start, if you do risk well, not only will you create value for your organisation through better decision-making. You'll defend value, i.e., you'll be less likely to leave yourself open to a scenario that could destroy all the wonderful things you've built. And so that's really important and you can't stop everything happening to your organisation. Something may occur where it's just not possible for board members to be over everything, but you've given your organisation the best chance of defending its value and its core purpose and its activities if we have a framework that's helping us make sure that we've got some really good controls, mitigations and strategies in place. Cameron Allen: It's a great way to round out risk management as a whole. You've tailed it in nicely there. But before I let you go, as we ask everyone who comes on this podcast, and you're well placed to speak about this, is there any tips or tricks you'd like to share with perhaps an aspiring board member out there looking to jump onto a board? Alicia Leis: TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 11 of 13
Yeah, that's a really good question. I think the challenge in getting onto a board is making sure that you're very clear about your value proposition for that particular board. So, a lot of people are enthusiastic. Enthusiasm is great and really necessary, but it's not the skill set that we need necessarily contemporary directors to have in isolation. Cameron Allen: So cynicism's better, is that what you're saying? Alicia Leis: No, I've got to be careful there. So you need to be really, really clear that if you're going to put your hand up for a board, you're going to need that breadth of understanding about the role of the director and making sure you can understand the difference between being a manager in the organisation and getting involved at the detailed level versus bringing that governance and oversight, frameworks, strategic thinking to a board in terms of its direction and the frameworks that keep it safe. So, I think if you're an inspiring director, make sure not only do you have some career that's giving you a basis for being a director in your area of specialty, but go and get some information, listen to podcasts like this, go and get yourself governance training, the Australian Institute of Company Directors. Whatever you need to do to broaden your capabilities around financial risk compliance and governance more broadly, it's really helpful. Cameron Allen: Great words to hear. I tell you what, I've loved you coming on the podcast, Alicia, and I've loved your insights. I very much appreciate it, and look, I'm sure our listers will too. Thank you. Alicia Leis: Thanks very much. Bridget Delaney: Alicia is just such a wealth of knowledge and I think I'm going to have to listen back to this episode to fully get everything I can out of it. One of the standout themes I guess for me that came out of this interview was just how important communication is amongst the board and conversation. I think at one point, Alicia said 80% of risk management is talking. And that sounds so easy and probably doesn't happen quite as much as we would like to for whatever reason that may be, whether we're uncomfortable to say anything that may go against what your other board members are saying, or to highlight something that feels like we all understand that it's there, but no one has said it aloud. I think that is definitely something that I will personally be taking away to make sure that all those unsaid things may be said, as well as diversity around the room, to ensure that the conversations are coming with different skills and different experiences so that those decisions can be truly grounded in fully understanding every aspect. I think the standout quote for me was, "create and defend the values of the organisation," and I will certainly be taking that away to think about how I can do that as a board member. I think that's probably all from me. Like I said, I'll probably listen to that one again and take quite a few more notes. Thank you, Cameron, for your time.
TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 12 of 13
Cameron Allen: Thank you, Bridget. Bridget Delaney: And I look forward to talking with you next time you take us to your board. Take Me To Your Board is produced by Ikin Media for the Tasmanian Council of Social Service. It's presented by Bridget Delaney and Cameron Allen, music from Tide Electric, and a special thank you to special guest Alicia Leis. Thanks for listening to Take Me To Your Board. Please remember to subscribe wherever you get podcasts. And if you could tell a friend, we would really appreciate it.
TMTYB S01E11 (Risk Management) Transcript by Rev.com
Page 13 of 13