Why risk management frameworks fail to prevent wrongdoing

Chris Schmidt
DOI: https://doi.org/10.1108/tlo-10-2019-0150
2020-01-08
The Learning Organization
Abstract:Purpose The purpose of this paper is to consolidate research in whistleblowing, wrongdoing prevention and enterprise risk management (ERM) frameworks with the goal of creating a more comprehensive and effective framework for the prevention of wrongdoings. Design/methodology/approach A gap analysis based on organizational learning theory (OLT) is performed between the research fields of whistleblowing, wrongdoing prevention and ERM to identify enhancements that are needed for effective wrongdoing prevention. Findings ERM is an incomplete framework for wrongdoing prevention which omits the components of prevention and learning. A culture of continuous learning is required to minimize the experience component of learning and maximizing sharing. Storytelling can be used to protect individuals and provide transparency. The stakeholder dimension must be expanded beyond the borders of the legal entity to include all stakeholders. Every stakeholder experiences the climate of wrongdoing prevention differently, and the evaluation of these different perspectives is essential in establishing a culture of prevention. Personal psychological safety is a critical element in empowering stakeholders to discuss and address wrongdoings. Standards established through professional associations enable innovations to diffuse more quickly throughout society than legislation. Standards and standard setting processes that are able to adapt to changes in societal expectations proactively help organizations to independently protect stakeholders. Global standards are needed to overcome incongruences between countries and cultures. Research limitations/implications The effectiveness of a prevention framework is difficult to measure. Declining incidence of wrongdoing within an institution is an incomplete picture. Rare and severe types of wrongdoing, and their prevention throughout society should require a more concerted, centralized approach which could be modeled upon the health system’s national centers for disease prevention. By combining the dimensions of the learning organization questionnaire(Marsick and Watkins, 2003) and Whistleblowing and Wrongdoing statistics, organizations should be able to develop complex KPIs and be able monitor their development over time. Researchers should be able to use the same strategy to confirm the assertions made here will improve the safety and security of all stakeholders. Practical implications Organizations which use ERM frameworks may be unable to effectively prevent wrongdoings and protect stakeholders from the consequences of such wrongdoings. The shortcomings identified here provide specific clear points that organizations can address to be more effective in preventing wrongdoings. Any one of these actions and the scope of their impact within the organization and their environment represent substantial challenges for all stakeholders. Like the ascent of a great mountain, the planning of the each step taken and thorough understanding of the challenges faced along the path to each waypoint are essential to reach the summit and the achieve the objective. Social implications This paper advocates for changes that may take decades or generations to fully accept: inter-organizational sharing; stronger use of guidelines instead of legislation; and enhanced transparency on all organizational levels. The resources required to drive change on this scale are considerable with the private sector and public sectors having unique needs and requiring potentially different approaches. Originality/value The novelty lies in the identification of shortcomings in ERM frameworks to effectively prevent wrongdoing, through the integration of OLT, Whistleblowing and Wrongdoing Literature and the COSO Enterprise Risk Management Framework.
What problem does this paper attempt to address?