Tagarchief: Corporate

Fukushima report

Posted on by

The National Diet of Japan | 2012

The evaluation of the Fukushima Daiichi nuclear disaster in 2011, which was caused by an earthquake followed by a tsunami, is a good example of zooming out from a disaster and learning the lessons. It is a true example of self-reflection because it digs deep into the public ecosystem where government, business, and civic society meet. It is a form of network analysis. The disaster had a major impact on the natural environment and ecosystems. The disaster shocked the entire world.

The National Diet of Japan

The conclusions of the Fukushima Nuclear Accident Independent Investigation Commission were thorough and blistering. They shed light on how attitudes, stakes, and rules and their interdependencies, and the lack of cooperation in peacetime (read: before the earthquake and the tsunami) between organisations related to the public domain, had increased the disaster.

The major conclusions [quote]:

  • In order to prevent future disasters, fundamental reforms must take place. These reforms must cover both the structure of the electric power industry and the structure of the related government and regulatory agencies as well as the operation processes. They must cover both normal and emergency situations. 
  • The TEPCO Fukushima Nuclear Power Plant accident was the result of collusion between the government, the regulators and TEPCO, and the lack of governance by said parties. They effectively betrayed the nation’s right to be safe from nuclear accidents. Therefore, we conclude that the accident was clearly “manmade”. We believe that the root causes were the organisational and regulatory systems that supported faulty rationales for decisions and actions, rather than issues relating to the competency of any specific individual. 
  • We conclude that TEPCO was too quick to cite the tsunami as the cause of the nuclear accident and deny that the earthquake caused any damage.
  • The Commission concludes that there were organisational problems within TEPCO. Had there been a higher level of knowledge, training, and equipment inspection related to severe accidents, and had there been specific instructions given to the on-site workers concerning the state of emergency within the necessary time frame, a more effective accident response would have been possible. 
  • The Commission concludes that the situation continued to deteriorate because the crisis management system of the Kantei, the regulators and other responsible agencies did not function correctly. The boundaries defining the roles and responsibilities of the parties involved were problematic, due to their ambiguity. 
  • The Commission concludes that the residents’ confusion over the evacuation stemmed from the regulators’ negligence and failure over the years to implement adequate measures against a nuclear disaster, as well as a lack of action by previous governments and regulators focused on crisis management. The crisis management system that existed for the Kantei and the regulators should protect the health and safety of the public, but it failed in this function. 
  • The Commission recognizes that the residents in the affected area are still struggling from the effects of the accident. They continue to face grave concerns, including the health effects of radiation exposure, displacement, the dissolution of families, disruption of their lives and lifestyles and the contamination of vast areas of the environment. There is no foreseeable end to the decontamination and restoration activities that are essential for rebuilding communities. 
  • The Commission concludes that the government and the regulators are not fully committed to protecting public health and safety; that they have not acted to protect the health of the residents and to restore their welfare. 
  • The Commission has concluded that the safety of nuclear energy in Japan and the public cannot be assured unless the regulators go through an essential transformation process. The entire organisation needs to be transformed, not as a formality but in a substantial way. Japan’s regulators need to shed the insular attitude of ignoring international safety standards and transform themselves into a globally trusted entity. 
  • TEPCO did not fulfil its responsibilities as a private corporation, instead obeying and relying upon the government bureaucracy of METI, the government agency driving nuclear policy. At the same time, through the auspices of the FEPC, it manipulated the cozy relationship with the regulators to take the teeth out of regulations. 
  • The Commission concludes that it is necessary to realign existing laws and regulations concerning nuclear energy. Mechanisms must be established to ensure that the latest technological findings from international sources are reflected in all existing laws and regulations.
  • Replacing people or changing the names of institutions will not solve the problems. Unless these root causes are resolved, preventive measures against future similar accidents will never be complete.” [unquote] 

The chairman of the research commission of the National Diet report Kiyoshi Kurokawa summarised the conclusions [quote]:

  • The disaster cannot be regarded as a natural disaster. It was a profoundly manmade disaster – that could and should have been foreseen and prevented. And its effects could have been mitigated by a more effective human response.
  • Our report catalogues a multitude of errors and wilful negligence that left the Fukushima plant unprepared for the events of March 11. And it examines serious deficiencies in the response to the accident by TEPCO, regulators and the government. 
  • What must be admitted – very painfully – is that this was a disaster “Made in Japan.” Its fundamental causes are to be found in the ingrained conventions of Japanese culture: our reflexive obedience; our reluctance to question authority; our devotion to ‘sticking with the program’; our groupism; and our insularity.  Had other Japanese been in the shoes of those who bear responsibility for this accident, the result may well have been the same. 
  • Following the 1970s “oil shocks,” Japan accelerated the development of nuclear power in an effort to achieve national energy security. As such, it was embraced as a policy goal by government and business alike, and pursued with the same single-minded determination that drove Japan’s postwar economic miracle. 
  • With such a powerful mandate, nuclear power became an unstoppable force, immune to scrutiny by civil society. Its regulation was entrusted to the same government bureaucracy responsible for its promotion. At a time when Japan’s self-confidence was soaring, a tightly knit elite with enormous financial resources had diminishing regard for anything ‘not invented here.’ 
  • This conceit was reinforced by the collective mindset of Japanese bureaucracy, by which the first duty of any individual bureaucrat is to defend the interests of his organisation. Carried to an extreme, this led bureaucrats to put organisational interests ahead of their paramount duty to protect public safety. 
  • Only by grasping this mindset can one understand how Japan’s nuclear industry managed to avoid absorbing the critical lessons learned from Three Mile Island and Chernobyl; and how it became accepted practice to resist regulatory pressure and cover up small-scale accidents. It was this mindset that led to the disaster at the Fukushima Daiichi Nuclear Plant. 
  • This report singles out numerous individuals and organisations for harsh criticism, but the goal is not—and should not be—to lay blame. The goal must be to learn from this disaster, and reflect deeply on its fundamental causes, in order to ensure that it is never repeated. 
  • Many of the lessons relate to policies and procedures, but the most important is one upon which each and every Japanese citizen should reflect very deeply. 
  • The consequences of negligence at Fukushima stand out as catastrophic, but the mindset that supported it can be found across Japan. In recognizing that fact, each of us should reflect on our responsibility as individuals in a democratic society. 
  • As the first investigative commission to be empowered by the legislature and independent of the bureaucracy, we hope this initiative can contribute to the development of Japan’s civil society. Above all, we have endeavoured to produce a report that meets the highest standard of transparency. The people of Fukushima, the people of Japan and the global community deserve nothing less. [unquote]

Bibliography

The National Diet of Japan (2012). The Fukushima Nuclear Accident Independent Investigation Commission. The National Diet of Japan https://warp.da.ndl.go.jp/info:ndljp/pid/3856371/naiic.go.jp/en/report/

 

ISO 31000

Posted on by
1

The International Organization for Standardization | November 2009

The International Organization for Standardization (ISO) in Genève started in 2005 the development of a guidance standard on risk management. An ISO working group was established to develop a Committee Draft called ISO CD31000. The standard “gives generic guidelines for the principles and the adequate implementation of risk management. It is not intended to be used for the purposes of certification.”

ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes, replacing the myriad of existing standards, methodologies, and paradigms that differ between industries, subject matters, and regions. For this purpose, the recommendations provided in ISO 31000 can be customized to any organisation and its context.

In some respects, ISO 31000 is similar to ISO 9000 and other broad-based international standards. Though it is not certifiable, it is a concise and comprehensive statement which can, in a practical sense, contribute to the awareness and implementation of risk management.

COSO Enterprise Risk Management

Posted on by

Integrating with Strategy and Performance, June 2017

This project was commissioned by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which is dedicated to providing thought leadership through the development of comprehensive frameworks and guidance on internal control, enterprise risk management, and fraud deterrence designed to improve organi- zational performance and oversight and to reduce the extent of fraud in organizations.

Foreword

“In keeping with its overall mission, the COSO Board commissioned and published in 2004 Enterprise Risk Management—Integrated Framework. Over the past decade, that publication has gained broad acceptance by organizations in their efforts to manage risk. However, also through that period, the complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting. This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment.

The updated document, now titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance. The first part of the updated publication offers a perspective on current and evolving concepts and applications of enterprise risk management. The second part, the Framework, is organized into five easy-to-understand components that accommodate different viewpoints and operating structures, and enhance strategies and decision-making. In short, this update:

  • Provides greater insight into the value of enterprise risk management when setting and carrying out strategy.
  • Enhances alignment between performance and enterprise risk management to improve the setting of performance targets and understanding the impact of risk on performance.
  • Accommodates expectations for governance and oversight.
  • Recognizes the globalization of markets and operations and the need to apply a common, albeit tailored, approach across geographies.
  • Presents new ways to view risk to setting and achieving objectives in the context of greater business complexity.
  • Expands reporting to address expectations for greater stakeholder transparency.
  • Accommodates evolving technologies and the proliferation of data and analytics in sup- porting decision-making.

The figure illustrates the framework considerations in the context of mission, vision, core values, and as a driver of an entity’s overall direction and performance.

Sets out core definitions, components, and principles for all levels of management involved in designing, implementing, and conducting enterprise risk management practices.

Readers may also wish to consult a complementary publication, COSO’s Internal Control— Integrated Framework. The two publications are distinct and have different focuses; neither supersedes the other. However, they do connect. Internal Control—Integrated Framework encompasses internal control, which is referenced in part in this updated publication, and therefore the earlier document remains viable and suitable for designing, implementing, conducting, and assessing internal control, and for consequent reporting.

The COSO Board would like to thank PwC for its significant contributions in developing Enterprise Risk Management—Integrating with Strategy and Performance. Their full consideration of input provided by many stakeholders and their insight were instrumental in ensuring that the strengths of the original publication have been preserved, and that text has been clarified or expanded where it was deemed helpful to do so. The COSO Board and PwC together would also like to thank the Advisory Council and Observers for their contributions in reviewing and providing feedback.”

By Robert B. Hirth Jr. (COSO Chair) and Dennis L. Chesley (PwC Project Lead Partner and Global and APA Risk and Regulatory Leader)

2017 COSO ERM: Integrating with Strategy and Performance (Executive-Summary)

Ransomware: An insurance market perspective

Posted on by

Source: Geneva Association

  • New Geneva Association report highlights the important role of private re/insurers, alongside governments, in boosting society’s resilience to ransomware and ensuring the full benefits of digitalisation can be realised.
  • The report explores the significant value add of cyber insurance beyond risk transfer, amid ongoing debate on whether to ban ransom payments or associated insurance coverage.
  • Governments should do more to counter ransomware attacks: disrupt cybercriminal business models, fight illicit use of cryptocurrencies and promote cyber hygiene throughout business and society.

ZURICH, 20 July 2022 – The frequency of ransomware attacks, a form of cyber extortion, is increasing, along with the size and nature of ransom demands. Cybercriminals are deploying more sophisticated approaches to target governments, businesses and individuals, with serious and costly effects. The growth of the ransomware-as-a-service (RaaS) business model has also enabled threat actors with limited technical skills to launch highly disruptive attacks.

Cyber insurance provides vital financial protection and operational support in the event of an attack, but ransomware has contributed to the recent deterioration in cyber insurers’ underwriting performance. Ransomware accounted for 75% of all cyber insurance claims in 2020 (AM Best) and is also likely to have been the costliest loss event category in 2021 (WTW).

Lees verder

Common Assessment Framework (CAF)

Posted on by

European Union | 2000

The Common Assessment Framework (CAF) is a total quality management tool inspired by the Excellence Model of the European Foundation for Quality Management (EFQM) and the model of the German University of Administrative Sciences in Speyer.

It is based on the premise that excellent results in organisational performance, citizens/customers, people, and society are achieved through leadership driving strategy and planning, people, partnerships, resources, and processes. It simultaneously looks at the organisation from different angles, taking a holistic approach to organisational performance analysis.

Lees verder

Cadbury Report

Posted on by

Cadbury committee | 1992, London Stock Exchange, en nl

This report is a milestone in corporate governance. It is 1992. The Cadbury Report about “Financial Aspects of Corporate Governance” has been published. This groundbreaking report – chaired by Sir Adrian Cadbury – led to improvements in governance standards. It was a reaction to the Bank of Credit and Commerce International scandal in 1991.

Dit rapport is een mijlpaal in het corporate besturing. Het is 1992. Het Cadbury Report over “Financial Aspects of Corporate Governance” wordt gepubliceerd. Baanbrekend – voorgezeten door Sir Adrian Cadbury – en het leidde tot verbeteringen in de normen voor deugdelijk bestuur. Het was een reactie op het schandaal in 1991 bij de Bank of Credit and Commerce International.

The report made specific recommendations on good corporate governance, which it described as ”best practice” or ”code of conduct.” It was highly influential in developing organisational codes regarding external shareholders’ accountability. It is the start of a new line of thinking about good governance, also in the public context. Het rapport deed specifieke aanbevelingen voor goed ondernemingsbestuur, die het omschreef als “best practice” of “gedragscode”. Het rapport was zeer invloedrijk bij het ontwikkelen van organisatiecodes met betrekking tot de verantwoordingsplicht van externe aandeelhouders. Het is het begin van een nieuwe manier van denken over goed bestuur, ook in de publieke context.

This interview with Sir Adrian Cadbury gives the precise focus and the intention to look further into the essence of corporate governance. Dit interview met Sir Adrian Cadbury geeft de precieze focus en de intentie om verder te kijken naar de essentie van corporate governance.

The report stipulated “the continuing concern about standards of financial reporting and accountability, … which has kept corporate governance in the public eye.” Some findings and recommendations (a personal selection) tell the story of the search for codes, checks and balances [quote]:

    • By adhering to the Code, listed companies will strengthen their control over their businesses and public accountability. In so doing, they will be striking the right balance between meeting the standards of corporate governance now expected of them and retaining the essential spirit of enterprise. 
    • Every public company should be headed by an effective board that can lead and control the business. 
    • However, the framework in which auditors operate is not well designed in certain respects to provide the objectivity that shareholders and the public expect of auditors in carrying out their function. 
    • The new system has only recently been established, and its full impact has yet to be felt. In the following paragraphs, we endorse the steps being taken and recommend additional action to strengthen public confidence in the audit approach. 
    • We believe that there should be an extension of the audit, which will add to users of accounts and bring it closer into line with public expectations. 
    • So far as reporting fraud is concerned, the present legal position is that confidentiality is an implied term of an auditor’s contract, and there is a public interest in maintaining confidential client relationships. Normally, therefore, it is the auditor’s duty to report fraud to senior management. However, there is also a public interest in fraud being dealt with expeditiously and this may entail disclosing matters to a proper authority. [unquote]

Het rapport vermeldde “de voortdurende bezorgdheid over normen voor financiële verslaggeving en verantwoording, … die corporate governance in de publieke belangstelling heeft gehouden.” Enkele bevindingen en aanbevelingen (een persoonlijke selectie) vertellen het verhaal van de zoektocht naar codes, checks and balances [citaat]:

    • Door de Code na te leven zullen beursgenoteerde ondernemingen hun controle over hun bedrijf en hun publieke verantwoording versterken. Op die manier vinden ze het juiste evenwicht tussen het voldoen aan de normen van corporate governance die nu van hen worden verwacht en het behouden van de essentiële ondernemingsgeest.
    • Elke beursgenoteerde onderneming moet worden geleid door een effectieve raad van bestuur die de onderneming kan leiden en controleren.
    • Het kader waarbinnen auditors werken is in bepaalde opzichten echter niet goed ontworpen om de objectiviteit te bieden die aandeelhouders en het publiek verwachten van auditors bij het uitvoeren van hun functie.
    • Het nieuwe systeem is pas onlangs ingevoerd en de volledige impact ervan moet nog merkbaar worden. In de volgende paragrafen onderschrijven we de stappen die worden genomen en bevelen we aanvullende maatregelen aan om het vertrouwen van het publiek in de controleaanpak te versterken.
    • Wij zijn van mening dat de controle moet worden uitgebreid, wat de gebruikers van de rekeningen ten goede zal komen en de controle meer in overeenstemming zal brengen met de verwachtingen van het publiek.
    • Wat het melden van fraude betreft, is de huidige rechtspositie dat vertrouwelijkheid een impliciete voorwaarde is van het contract van een auditor en dat er een algemeen belang is bij het onderhouden van vertrouwelijke relaties met cliënten. Normaal gesproken is het daarom de plicht van de auditor om fraude te melden aan het senior management. Het is echter ook in het algemeen belang dat fraude snel wordt aangepakt en dit kan betekenen dat zaken moeten worden gemeld aan een bevoegde autoriteit. [unquote]

Download the Cadbury Report.

Gemeentelijk risicomanagement: een empirisch onderzoek

Posted on by

Peter B. Boorsma, Geert A.M. Haisma en Yvonne Moolenaar1 | 2003

Op grond van het Besluit Begroting en Verantwoording provincies en gemeenten van 17 januari 2003 (BBV – dit besluit vervangt vanaf begrotingsjaar 2004 het Besluit comptabiliteitsvoorschriften 1995 (CV95)) zijn gemeenten verplicht om een risicoparagraaf op te stellen en op basis daarvan hun weerstandsvermogen te berekenen. Tevens dienen gemeenten2 aan te geven welk beleid zij voeren ten aanzien van risico’s en het managen ervan. Dat klinkt fraai, maar uit de praktijk blijkt dat veel gemeenten worstelen met de uitvoering van deze verplichtingen. En ook de provinciale toezichthouder heeft haar controlerende taak vaak niet duidelijk omschreven. Lees verder