Column: Risk Management
Handling the Truth
When I think of Jack Nicholson, the actor, I immediately think of one particular movie: the 1992 classic, A Few Good Men. If you have seen it, you know the scene that I am talking about — the dramatic courtroom confrontation between Col. Nathan Jessep (Jack Nicholson) and Lt. Daniel Kaffee (Tom Cruise).
Jessep: You want answers?
Kaffee: I want the truth.
Jessep: You can’t handle the truth!
What a line. It’s not surprising that it was voted the 29th greatest American film quote of all time.
What does the average person know about telling the truth? Since childhood, we have been told that honesty is the best policy. Later in life, we learn that ultimately the truth sets you free. But does that only apply to the warm and fuzzy “truths”?
Let’s not forget. Truths can be harsh, ugly and inconvenient things that can expose our ignorance and make us writhe with discomfort. Honesty can make us feel vulnerable. And what happens when someone feels threatened and vulnerable? They tend to bite.
Enter the corporate risk officer. We have been told that the CRO should have the ability to freely engage with the board and other senior management on key risk issues and to access information the CRO deems necessary to form his or her judgment. The organization should not compromise the CRO’s independence. The CRO should feel comfortable honestly discussing risks and emerging issues in the organization.
That is the theory but is it truly attainable in reality? Do we make it easy for our CROs to be honest? Do we create an environment and incentives that motivate CROs to be truly candid about organizational risks and issues?
The bottom line is that telling corporate truths can be very risky for CROs. Being a straight-laced and good intentioned person may not be enough when it comes to delivering uncomfortable messages. I immediately think of the expression: In a forest of trees, it is the straightest trees that get cut first. Could that be the fate of CROs who bare discomforting messages in some environments?
CROs need to be positioned for success. This should not be left to chance. Most importantly, we should consider where the person resides within the organization. Does your CRO have a high enough stature within the organization and clear lines of communication to the CEO and board committees? Does your CRO engage in business and strategy setting with a clear line of sight to information and strategic actions? In order for the CRO to attain a forward-looking risk perspective, they must sit at the executive table and be seen as a peer who is encouraged to be the devil’s advocate and offer different perspectives to enrich discussions without fear of reprisal.
That said, there is much power when one plays the role of the devil. It is equally as important to clearly define the CRO’s duty. A clear expectation and a governance standard should be pre-established with respect to the CRO’s responsibility for ensuring effective risk management and disclosure. Without this, the CRO may dilute focus and stray toward less important issues, lowering the overall effectiveness of the risk management program.
Handling the truth is not just about our ability to receive unpleasant messages and risks. It’s also about handling the messenger and ensuring his or her ability to speak the truth.