Kick off by Lindsay Uittenbogaard, CommScrumming from The Hague
In 2001, COSO, a noted advisory body on corporate governance and risk, developed a framework that managers could use to evaluate and improve enterprise risk management in their organizations.
After several high-profile business scandals and failures (e.g. Enron, Peregrine Systems and WorldCom) the calls for enhanced corporate governance led to the enactment of Sarbanes-Oxley legislation and International COSO standards became very widely used.
One of the eight components of the COSO enterprise risk management framework is communication. The handbook defines this aspect as: relevant information is identified, captured, and communicated in a form and time frame that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.
The reason this is significant in the CommScrum forum is because Enterprise Risk Management is becoming increasingly mainstream as a whole Management strategy. It doesn’t view ‘core business’ as being more important than ‘support functions’. It doesn’t cut communication budgets before sales budgets. It takes more of a whole systems perspective, realizing that the achievement of ongoing business control (to meet changing world requirements) is a multi-faceted, inter-dependent process.
The risk management inclusion of communication is just an example. It would be possible to talk about how communication is a central component of lots of different business modes / strategies / processes too.
If you move further on down that train of thought a little, then it seems the interests of the Communication Department are actually broader than the interests of their Leaders (CEO excepted). Because communicators pursue objectives that are relatively long term: about connecting people to strategy, achieving change, getting the right information to the right place, and building communication competency – then they require leaders to support them by participating and exemplifying good communication practices in order to achieve those wider objectives.
Looking through the COSO lens and then thinking about how communicators need the support of their leaders, arguably more than their leaders need them, takes me to my point: communication is not a support function. It is, in it’s own right, a critical part of an organization. Let’s continue to talk it towards those terms.
Mike Klein – CommScrum Saint Gilles-Sint Gillis
“Communication isn’t a support function” should go without saying, particularly with CommScrum readers. And while the COSO approach is heartening, it actually raises a larger issue–that of how the value of communication is measured.
For too long, the communication mainstream–particularly the publishers and associations–have leapt onto the bandwagon claiming “Communication must demonstrate it’s return on investment (ROI)”, and more insidiously, “Communication shouldn’t be done that doesn’t demonstrate ROI”, and “no communicator who doesn’t take his/her ROI demonstration responsibilities seriously can’t be considered a serious business person.”
What COSO has done, perhaps inadvertently, is move the role of organizational communication into a risk management role, where I think it mainly belongs. While risk management is harder to quantify into a dollar figure than ROI, it reflects the role of effective communication far more effectively. As in “you’re spending a billion dollars on a change program and you wonder whether to spend $200,000 on a fairly lean communication approach. Which is more important–protecting a $1 billion investment or saving $200,000 and having people make the communication up as they go along?” Or, in footballing terms, is a good defender’s real measure the number of goals he scores or the number he keeps from being scored on him?
I never knew why risk-based measurement and demonstration of communication’s value has become so toxic, particularly given that ROI measurements can often be seriously contrived. If COSO’s thinking reopens a real debate between Risk and ROI, it would be huge indeed.
Kevin Keohane – CommScrum London
And we all know Sarbanes-Oxley has not only prevented corporate risk from coming to roost, but made everyone’s lives a lot easier, right?
Joking aside, of course communication shouldn’t be a support function as we’ve argued here many times. At its best, a good business strategy should have its core rooted in the heart of the consumer/client/customer and arguably other stakeholders – all of which richly benefit from audience understanding/centricity.
So is it about ROI or is it about Risk Management? well, clearly, it is about both, but as Mike says perhaps the balance has swung too far. There are always upside and downside considerations in business management, so why not comms management?
So from this perspective, looking at communication from the risk management perspective is sensible: What are the risks (commerical and cultural, personal and professional) of unclear, conflicting, inconsitent, poor communication to, from and amongst stakeholders?
My initial reaction was “you’re having a laugh” – the world of Risk Management does not beckon me very appealingly – so with the caveat that it can’t become a slave to the bureaucratic, doublespeak “CYA” model of risk management (and the COSM definition made me a little sick in my mouth – it’s a bit like saying “Money should come in to the business, and after expenses, interest, tax, depreciation and amortisation any remaining money can be called profit” – but it’s a step in the right direction…. ) then by all means, Risk Mitigate away!
Dan Gray – Commscrum Riyadh
Forgive me if I’m missing the point (I may be going stir crazy in my hotel room here), but if someone were to tell me that my primarily role as a communicator was as a ‘risk manager’ (as Mike appears to be saying above), I’d tell’em to go take a hike.
I don’t think anyone here would argue with Lindsay’s central point that comms is more than a support function, however the use of ERM to illustrate the point, frankly, chills me to the bone.
I must confess, my immediate reaction to reading this was similar to Kevin’s (i.e. yeah, right, and greater emphasis on risk management has done a bang-up job in preventing massive corporate cock-ups!). However, unlike Kevin, I’m finding it hard to move beyond that observation.
Take BP, for example, which apparently spends $100 million a year on Sarbanes-Oxley and presumably takes ERM very seriously. That hasn’t stopped it from perpetrating arguably the biggest piece of corporate comms BS in history with its ‘Beyond Petroleum’ greenwash.
Had it been genuinely committed to CR, it wouldn’t have been drilling to depths beyond those permitted, it wouldn’t have outsourced the drilling in the first place, and it would certainly have borne the extra expense of installing an automatic switch to close off blow-outs. Now, instead of a bill for $50,000 for one of those, it’s had about $30 billion wiped off it’s stock value.
And lest I digress too far with my little ‘sustainability rant’, let’s look at where that’s left the focus of the comms effort now – playing the very unedifying games of disputing high leak rate figures and Olympic-standard buck-passing between BP, Haliburton and Transocean.
That has “comms as support function” written all over it – attempting to clean up the mess that others have left behind.