But some say already other pressures, such as the push to measure and report on the sustainability of a firm, are forcing management to take a more ethical, broader and longer-term view of their company.

Bob McDonald, past chairman of the Institute of Internal Auditors of Australia, suggested last month measuring executive risk management performance and linking it to their pay packets would be one good way to ensure integrated risk management - his preferred term for enterprise risk management - gets that crucial support from the executive team.

“The tone at the top, that’s where the failures occur through a lack of ethical behaviour,” he told the IIA Audit and Risk Management conference.

The controls that have been put in place to date would still struggle to inhibit the one common thread in all of the corporate collapses of recent years — “human greed”, he added.

“We haven’t seen anybody get up in these corporate collapses and say I did it because we are greedy,” he said, but this fundamental trait was supported by a system where those in charge are encouraged to keep their focus on the short-term bottom line, helping to perpetuate the pressure to circumvent or ignore any controls put in place.

“If you think of [the Sarbanes Oxley Act] and retrofit it to Enron, it would not have corrected anyone. There was deliberate management override of controls,” he said.

“The real issue comes back to the attitude of the senior management. Is he or she actually living the code of conduct - that’s hard to police.”

This might change, he suggested, if there was a direct impact on the pay of executives if they didn’t ensure measures were in place to minimise the risk of corporate failure.

“If governments take a different view of remuneration - [for instance] nobody can be paid a bonus until they have achieved a five-year benchmark for achieving their obligations”.

This, he suggested, should include the “missing” part of the performance measures that determined executive pay - effective risk management. “Maybe governments should take a broad look at remuneration.”

Chee Hian Lim, associate director of risk advisory services at KPMG backed McDonald, saying this linking pay to risk management would contribute the development of a risk-based culture.

Risk culture is very difficult to introduce, audit or measure “because you cannot see it”, he said, but a clear set of risk management objectives, a plan for who drives the risk management objectives and frequent checks on how “risk aware” the business is, would be among the first steps.

Once again, he said integrating the management of risks, however, can prove difficult given the short-term financial targets most CEOs of public companies are required to meet.

“If a key action is to deal with business risks, [do] the risk management objectives affect rewards and remuneration - does it have the teeth to bite,” he asked. If rewards are linked with performance, including the management of risk, then there is a “business case for change,” he added.

The move by many firms to take into account the long-term sustainability of a firm was beginning to push firms to introduce a five-year plan anyway, said Ramsay Moodie, director of corporate affairs at Fuji Xerox.

“I think we are on the cusp of awakening shareholder concerns, and you can see it already in the big institutions that are suddenly starting to line up with smaller shareholders on directing boards,” he said.

“We saw it with Telstra [last month] and the remuneration arrangements with Telstra - that was a milestone.”

He said for Fuji Xerox, they have traditionally tended towards short-term planning, particularly in Australia as the company is a distribution point for offshore manufactures, but now they realise they have to change their thinking.

“A five-year [view] is where we are pushing out to now. We are consciously pushing that out because we think that to be fully sustainable you have got to be thinking on a longer timeframe.”

However, Moodie said with predictions worsening for the impact of climate change, mandatory targets would be required to ensure changes were made quickly enough.

See Risk Management in January for our report on corporate sustainability and how it is impacting on firm strategic risk management strategies