breaking

Tuesday, July 21, 2009

APRIA 2009 Follow up

I promised to post the slides from my presentation to APRIA. I gave the audience a preview of the Basic Standard for Enterprise Internal Control, specifically focusing on how it will impact insurance companies in China.

Had a great questions from the audience - in fact, it's a question that I get almost anytime I talk about China SOX (or Sarbanes Oxley or any similar risk management regulation). The question goes something like this: "If we have all these great risk management systems and regulation in place, why didn't they prevent or foresee the financial crisis?"

I think that's a really great question. When I answer, I usually point out that the problem is not so much with the laws/regulations themselves as what people do with them. The main point is that it's not what these regulations say that's important, it's how they are implemented. You can have the best regulation in the world written by really smart people, but unless they are put in place as intended and adhered to constantly, you are going to have problems.

That's why it's important to think of risk management as a culture change for the company. Risk management awareness has to be instilled throughout the entire company. It's not enough to pay lip service to risk management and not implement it properly.

Obviously, there were also lapses in government oversight (around the world) that caused these problems too. But my main focus is on how companies can get real business benefit from implementing China SOX.