Senior Management Ignore Corporate Assurance Policies

Senior Management Ignore Corporate Assurance Policies

Corporate assurance policies and procedures are so cumbersome that 80% of senior managers who responded to the latest Erudine/National Computing Centre Survey find it necessary to work round or ignore them.

This survey report, based on responses from almost 100 senior managers across industry sectors, is a wake-up call for all boardrooms. It finds that senior people in organisations making ad hoc workarounds to official company policies, to often do not appreciate the wider, potentially adverse implications of their actions.

Therefore policies designed to mitigate risk are actually increasing the risk of reputation damage and loss of customer, press and financial confidence. The survey shows that the risks from within are major, and all the worse for being unwittingly underestimated, misunderstood, or misaligned by senior managers.

Paradoxically large organisations invoke their cumbersome due diligence and procurement procedures strictly when looking externally assessing small innovators, regardless of the benefits they can potentially bring.

Large organisations could make themselves more fluid, responsive and secure by a combination of tightening up internally and relaxing  externally to accommodate innovation from small companies.

Our survey finds that it is not enough to have information assurance policies and processes  - they need to be the right policies and processes – easy to assimilate and with clear rationale to obviate the perceived need for workarounds.

For the report see http://www.ncc.co.uk/research/reports_papers/ProtectingCorporateReputation/