Morgan Crucible: Aligning governance, risk and compliance

Risk has been foremost in everyone's mind since the global economy took a turn for the worse in 2008, and many companies have taken a long, hard look at how they identify, quantify and manage risk. In the boardroom, questions will often be raised about how risk affects corporate strategy, how it drives a business forward and what dangers it poses to profitability and long-term success.

The UK is leading the way in enterprise risk management and corporate governance, with many organisations looking at a broad spectrum of risk and controls, often implementing a risk framework that permeates the organisation from top to bottom. One such company is Morgan Crucible, which has a senior executive focused on risk - not only to develop a clearer picture of the company's risk exposure and manage it more effectively - but also to ensure that its attitude to risk is not too conservative. After all, risk goes hand in hand with opportunity.

"Why do this? Well, there are specific benefits, like improved decision-making throughout the organisation, and there are fewer unwanted surprises, which has happened recently in UBS and BP," says Paul Taylor, director of risk assurance at the Morgan Crucible Company and current chairman of Airmic, the UK risk managers' association. "It also improves compliance, which is important for a quoted company. The changes we have made to hearts, minds and culture are already bearing fruit."

A FTSE 250 company, Morgan Crucible is one of the UK's largest manufacturers of carbon and ceramic products for industrial use. Taylor has been at the company for three years, and along with the treasury team and the head of insurance procurement, Terry Miles, he reports to the company's CFO Kevin Dangerfield, who also chairs its risk committee.

Evolving

"I came in to evolve what was in place, moving towards a new direction, a new strategy," says Taylor. "There were discussions about what had been done well and what could be improved and we put together a three-year strategy on governance, risk and compliance, including internal audits and control of policies. Now, we are in the third year of the roll-out."

"In the past, the company had not looked at risk in a comprehensive and disciplined manner, and the same is true of many corporations," says Dangerfield. "Paul has come in to give us a level of risk analysis that goes from the operational side right up to the boardroom. It gives us clarity of risk for the group, enabling management to think more clearly about risk in a disciplined way as part of a comprehensive governance, risk and compliance plan."

So far, the new approach to risk management has proven effective, not only in identifying risk within the organisation, but also external issues. "We can't control all of the external risks, like the trends in the global economy or disasters such as the earthquakes in Japan," continues Dangerfield.

"But we have weathered the economic storm well through 2009 and this year with resilient earnings and cashflow. That shows the change that has been made in the company, how management looked at risk and the value of its sensitivity analysis. We saw some issues from the crisis in Japan, but we also saw the opportunities to supply to our customers when our competitors could not. So, our approach to risk means we are better at responding to outside events."

A holistic approach

Within this framework, corporate governance is an important strand. A recent report prepared by CASS Business School on behalf of Airmic showed that the main reasons companies fail to respond well to crises are tied to both risk management and corporate governance policies.

The 'Roads to Ruin' report suggested that risks arise from inadequate boardroom skills and the inability of non-executive directors to exercise control; blindness to inherent risks that might threaten a company's business model or reputation; inadequate leadership on corporate culture; defective internal communication; organisational complexity; inappropriate incentives; and the 'glass ceiling' that prevents risk managers from addressing issues in a company's top echelons.

"Corporate governance and risk are dealt with as one thing across the group," says Dangerfield. "It is important to set the tone from the top. For instance, robust controls are important in light of the UK Bribery Act, so we have run global training sessions as part of a rolling programme of corporate governance measures on a worldwide basis."

A similarly broad approach is taken to insurance as a powerful tool in managing risk. "It is mandatory for all countries in our group to be part of a global insurance programme, though auto and employee liability insurance are handled locally," says Miles, head of insurance procurement. "We have a strong team ethos here, so there is no resistance to having a global programme." Inevitably, there are challenges to implementing an insurance strategy across more than 50 countries, as Morgan Crucible does, not least of which is the complexity of the regulations in different jurisdictions.

A global umbrella

"We run local programmes under a global umbrella and no one has the answer to compliance on a global basis," continues Miles. "A lot depends on interpretation of the law, but you have to take a sensible approach. We no longer have a captive insurance company, which many companies would think was a natural thing to have, because there has been a shift in the insurance market and deductibles are low, so there are not sufficient business drivers for a captive."

The structure for procuring insurance, establishing risk controls and instilling corporate governance priorities should focus on giving everyone in an organisation a better understanding of how risk affects a business. "It's all about clarity of thought and the ability to see what the top risks are in the organisation in a qualitative and quantitative way," says Dangerfield.

"What gets quantified gets managed, and we want to quantify risk as a number," adds Taylor. "That focuses the attention when deciding whether a risk is acceptable. Our holistic approach gives us better, quicker decisions across risk, corporate governance and insurance."