Board of Directors and Risk Management: Oversight and Collaboration with Management Are Key
The economic crisis of 2008 was a historical event that changed the conversations and inner workings of boardrooms across the country. While it was a terrible time for the nation, boards of directors learned many lessons from that time regarding their roles in risk management.
The complexities of today’s business world combined with governmental oversight are encouraging board members to be more actively engaged in risk management than ever before. Recent economic developments are forcing boards to question how to do a better job of identifying risks and improving oversight to minimize the financial impact of their decisions and protect against threats.
Today’s Business Climate Challenges Organizational Strategy
There’s no doubt that today’s business transactions are increasingly complex. Technological advances, an increased product cycle pace, and globalization have all contributed to the volume of business conducted worldwide. These developments have brought risk to the forefront of everyday business ventures.
The complex nature of businesses today brings interconnected risks that can bring a financial blow to a corporation overnight.
What Do Board Directors Need to Know About Risk Management?
Board members of today need to be aware that best practices for board members regarding risk management are evolving. Board members need to stay on top of new laws and regulations that affect their industry, understand the differences between compliance and risk management, and identify the areas of risk that need extra oversight.
The Sarbanes-Oxley Act (SOX) came into being as a measure for federal oversight of corporate accounting practices. Board members need to understand SOX and other federal and state laws that affect their organization. As the economy evolves, board members need to stay ahead of regulatory trends that continue to evolve.
It’s important for board members to differentiate their role from the role of risk managers. Board members and risk managers both need to be aware of compliance risks. The difference is that board members need to factor compliance and risk oversight into their strategic planning goals. Risk managers have the task of identifying existing risks and trying to forecast where future risks may come from within the board’s strategic plan. The pace of business and dealing with risks that are increasingly interconnected makes the role of the risk manager a difficult task.
It’s crucial for board members to work collaboratively with risk managers to limit existing risks that threaten the financial status of the corporation. More importantly, the board has a responsibility to seek and accept input from risk managers about increased risks related to strategic planning.
Board members need to pay particular attention to risks that have legal, financial, business, or reputational implications. A downfall of many boards is that many of their directors lack experience with reading financial and risk management reports. Board members can’t make wise and informed decisions when they don’t fully comprehend the information that risk managers forward to them. This problem can easily be solved either by providing training to board members on how to evaluate the reports or by communicating to the risk management team that they need to develop risk reports that the board and stakeholders can easily understand.
Four Areas of Risk Management Oversight for Board Directors
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a thought leadership organization with a focus on developing frameworks and guidance on enterprise risk management, internal controls, and deterring corporate fraud.
Board directors that are interested in effectively managing risk can increase their own knowledge of risk management will find a viable resource in reading COSO’s Effective Enterprise Risk Oversight.
The publication points to four areas that contribute to board oversight:
- Understanding the entity’s risk philosophy and concurring with their appetite.
Board members need to have a strong sense of the company’s risk appetite and maintain a personal philosophy that agrees with it. Board members oversee risk appetite by having continuing conversations with management to make sure they have a mutual understanding of the organization’s overall risk appetite.
- Understanding current risk management practices.
Part of the board’s responsibility in understanding risk appetite is to garner information about management’s expertise in risk management. Do board members know what the existing risk management practices are? Do they understand the challenges that risk managers face? Do board members question risk managers about the most significant risk exposures? Does the risk appetite reflect the views and desires of the organization’s key stakeholders?
Meetings with risk managers should leave board members with an assurance that risk managers are actively identifying and managing risks according to their knowledge of the organization’s identified risk appetite.
Board members should view risk management as an ongoing process rather than an annual, rote exercise.
- Performing a review of current risks and comparing them to the entity’s risk appetite.
Board directors individually and collectively should perform regular reviews of the corporation’s risk portfolio and evaluate its relevance to the corporation’s risk appetite. Board members need to have the ability to dissect and understand risk reports to make sure risk strategies are consistent with the entity’s overall risk appetite.
- Staying abreast of the most significant risks and associated risk control measures.
Board members need to maintain a focus on risks and threats that hold the most potential to negatively impact their organization. This may mean that board members need to request updates on evolving risks in between regular board meetings to protect its stakeholders. Board members should evaluate present, evolving, and potential risks in relation to risk management control measures.
Increased Oversight and Effective Risk Management Leads to Profitability
The fall of major corporations after 2008 took the business world by surprise, causing national financial instability like we’ve not seen in a long time. While it proved to be a difficult time for our nation’s businesses and people, the impact of the crisis forced board directors to take a deeper look at their role involving oversight.
In keeping with the vision and mission of the organization, board directors have an increasingly public responsibility to keep their eyes on how to effectively monitor and manage current and future risks. Boards and management teams that take a tandem approach to risk management stand a better chance of identifying and controlling vulnerabilities while enhancing profitability and preserving the interests of its stakeholders.