By Derick Hughes – Derick.Hughes@EthicalBoardroom.com
Risk oversight is the term that is used to describe the role of the board of directors of an enterprise in the risk management process. This process refers to means and methods by which the board can determine if the company has in working operation an adequate and robust system for identifying, prioritising, sourcing, managing and monitoring the significant risks to that enterprise. This process should be improved and evolved continuously through oversight and should also respond to changes in the business environment as needed. Risk oversight has recently become increasingly important for audit committees as well as for the full board. This is so much so that now numerous boards are reconsidering risk governance policies and structure and also re-evaluating the positions of certain committees in applying expertise to oversee specific risk areas.
The SEC currently requires disclosure regarding the board’s role in the risk oversight process. For example, the SEC requires reporting to include whether the entire board is involved in risk oversight or not or if particular committees or employees are responsible for risk management and if they regularly and periodically report to the board on risk management issues. The SEC currently considers risk oversight a vital responsibility of the board, and these disclosures are designed to help improve investors’ and shareholders’ understanding of this function.
Over the last five years, as the world has recovered from the 2007 financial crisis, risk management has been moved up to the top of the list of priorities when it comes to board meeting discussions and corporate decision making. Boards of today’s corporate climate are getting to grips with this new agenda and are trying to figure out how to specifically define and actively fulfil their governance roles under the new regime of corporate recommendation and enforced regulation. Corporate board members need to be aware of the latest trends in risk oversight given that there is a heightened sense of sensitivity around risk. This sensitivity has resulted from sentiment in the marketplace that risk management has been mismanaged and inadequately handled in the past. Boards need to improve their methods of oversight of risk management procedures, staff and departments to affect change. Investors want the risks that can lead to a depreciation of returns and value diminished, or entirely mitigated where possible, effectively.
Legislators and regulators are suggesting increased disclosure to ensure that risks and related critical issues that need to be addressed are being given proper attention and expertise. Boards are looking more closely at risks related to strategy – risks involved in the strategy itself and risks to the strategy in operation. Furthermore, there is an increasing call for more disclosure information to be included within proxy statements. For example, information about who is responsible for risk management and who owns the risk oversight responsibility should be included.
Changes have been taking place to incorporate more committee involvement to mitigate risks and improve accountability. Furthermore, CEO involvement in risk management is being increasingly adopted as well as the direct incorporation of risk management processes within strategy development from the initial stages right through to completion. CEOs will be working more with boards not only to create and generate value for investors but also to protect value by implementing effective risk management procedures and setting up risk committees and processes as required. Investors in particular are looking for risk management with regards to managing volatility of earnings of companies. Risk committees are being set up to provide practical and stable frameworks to limit this volatility as much as possible in combination with other factors.
Risk needs to be considered on a continuous basis. Infrastructure from the management level down through every level of the organisation will help build a more effective risk management and risk oversight function leading to more efficient workings, improved accountability and improved disclosure. If these factors and ideas can be effectively incorporated the changes will lead to an improved corporate environment going forward.
Attribution Photo – Denis Krebs