The boards’ role in installing a risk-intelligent culture


By Tom Barkley –

The bar is being raised for boards across the globe when it comes to the area of risk management.

Regulatory bodies worldwide are gradually publishing requirements for changes to corporate governance codes which are incorporating guidance for standards of effective risk management and reporting. In particular guidance for directors of all types of banks is being tailored to the sector and issued industry wide. The role of boards to install a more stable framework for overseeing and managing risk is the aim of these regulatory recommendations and requirements. Risk management by boards and related committees is being put under pressure to improve and investors and other stakeholders want frequent information and updates in the changes being applied. As the providers of the capital inherently at risk in the enterprises, these involved parties understandably are in strong support of the changes being brought about in the areas of risk management and oversight.

Ultimately, the responsibility for risk management and oversight lies with the board.

The fall out of the 2007 financial crisis brought a sentiment to the forefront of discussion that an inadequate amount of time and expertise has been applied in risk management and the feeling is building that directors need to be focused just as much on protecting value through risk management as they are on creating value through business strategy. The new regulatory proposals being purported across the globe are focused predominantly at the moment on going concern and liquidity risks and draw attention to the lessons that can be learnt from past shortcomings both for entire companies as well those specific to auditor functions. The board must play an increasing and consistent role in the area of risk management and internal control. This may be achieved by implementing a number of changes – one example may be a continual assessment of the chosen method and basis of accounting.

Risk management is now more than ever one of the most vital responsibilities of the board. It is of critical importance that board members understand the principal risks facing an enterprise. Board members must actively devise strategies to mitigate these risks. The board will need to work towards achieving the essential development of strategic objectives whilst managing and overseeing the risks accordingly and simultaneously create an ability to seize new growth opportunities for the business.

For investors and stakeholders, as the providers of the capital at risk, knowing what measures the board is taking in managing and mitigating risks allows a growing sense of trust and confidence to be developed with regards to their investments.  These involved parties understandably do not wish to have volatility in earnings of the company and the subsequent return on their investments and only through effective risk management and oversight can this volatility be effectively dampened. Going forward potential investors will be using an analysis of the risk management abilities of a board and company as an important indicator when selecting investments. Risk management processes will be used to judge if the organisation will be able to provide adequate and consistent returns and deliver value for investors.

Internationally, new guidance is being distributed that has proposed changes to risk issues to company boards – focusing in on what board members and committees may need to consider when assessing and managing risk. In particular, guidance is focusing on critical risks such as those related to the liquidity and solvency of a business. Considerable emphasis is being placed on a need for thorough assessment by boards as well as on the crucial role auditors must play in ensuring satisfactory amounts of communications are made to investors with regards to risk management.

Boards will need to take more responsibility when it comes to properly establishing a company’s risk appetite. Furthermore they will need to set up processes that engender the appropriate risk culture throughout the enterprise, as well as procedures for periodically assessing and managing the principal risks facing the firm. Boards should increase efforts of reviewing the effectiveness of the risk management systems and internal controls currently in place. Furthermore, more action needs to be taken towards explaining and identifying what specific actions or decisions have been responsible for past failings and what action may be taken to remedy them in the future. Weaknesses need to be identified as much as possible from the outset and periodic reviews and assessment will help build a more stable risk management framework overall.