By: Ben J. Carnevale, Contributing Editor
Not many of our readers would argue with the position that there is a rising trend of discussion among our company executives on a need for increased levels of risk management capabilities and focus of improvement expected from regulators, credit rating agencies, institutional investors, customers, and the courts in the United States and the global village where more and more companies are now doing their business.
The fact is that in the aftermath of the global financial crisis a growing number of companies and their boards will soon – if not already – be facing new disclosure requirements related to board risk management oversight in the United States, Canada and Europe.
With these thoughts and developments in mind, a recent article written by Tim Leech, managing director of global services at Risk Oversight, Inc. needs to be added to our “corner room viewpoint” reading resource library. Leech’s article appeared in the December 2012 edition of the Conference Board’s “Director Notes” series, and the full publication, including footnotes, is available through a direct link offered by the Conference Board here.
Back in October 2009, the National Association of Corporate Directors (NACD), published a report listing guiding principles for improving board oversight of risk that remain a benchmark reading for distilling the key elements of board risk oversight down to six (6) concise goals in which every board should be certain that:
- The risk appetite implicit in the company’s business model, strategy, and execution is appropriate
- The expected risks are commensurate with the anticipated rewards
- Management has implemented a system to manage, monitor, and mitigate risk, and that that system is appropriate given the company’s business model and strategy
- The risk management system informs the board of the major risks facing the company
- An appropriate culture of risk-awareness exists throughout the organization, and
- There is recognition that management of risk is essential to the successful execution of the company’s strategy and methodologies.
(Click here if you wish to purchase this report directly from the NACD for you own organization’s resource library,)
Click here to view a related report authored by Protiviti and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) addressing “Where Boards of Directors Currently Stand in Executing Their Risk Oversight Responsibilities”.
Unfortunately, real world experience appears to consistently show over and over again that too many companies are either simply ill-equipped or perhaps, more seriously, unable or even reluctant to integrate their assurance approaches and as a result do not provide their boards with the information needed to meet the goals listed in this NACD report.
Board Risk Oversight Expectations on the Increase
As Tim Leech points out in his recent article, other important dynamics and developments are raising expectations for boards to have improved board risk oversight involvement as well as play a larger role in the required due diligence activities to make that happen. Some of those developments are focused in and around the following:
- Security regulators want more disclosure. For example, in Canada already, companies must disclose that their boards are formally responsible for risk oversight, and detail in their Annual Information Form (AIF) how their boards are meeting risk oversight expectations.
- Credit rating agencies are starting to score risk oversight.
- Institutional investors are interested. Some investor organizations are already recommending that its members include an evaluation of corporate governance and board risk oversight in their due diligence process when making investment decisions.
- Internal auditors must report on risk management processes. The Institute of Internal Auditors (IIA) have issued new IIA standards in 2013 requiring that chief audit executives report any areas they believe are outside of the organization’s risk appetite to the board.
- Authoritative risk oversight guidance is impacting director “duty of care” expectations. In the United States, the Committee of Sponsoring Organizations (COSO) has issued a number of surveys and guidance on board risk oversight practices. The increase in authoritative guidance on board risk oversight is influencing judicial views about what constitutes a reasonable director “duty of care.” As the board risk oversight standards rise, it is likely that U.S. courts will slowly adjust their view of what a “prudent” director needs to do to demonstrate they are meeting society’s view of reasonable care.
An additional benefit offered in Leech’s article are organized tips and resources to help achieve some of the board risk oversight expectations listed in the NACD report.
Click here to read Tim Leech’s full article.
If applicable, please pass this information along to those risk management professionals and executive management team members in your organization, along with copies to members of your organization’s Board of Directors.
As always, please share your comments and feel free to add additional information to this potential risk to achieving strategic organizational resilience goals and objectives.