Strengthening the Risk Oversight Process

The board of directors should continue to participate in the risk oversight process and consider going above and beyond reviewing risk assessments on an annual basis. A whitepaper released by Protiviti lists elements of the risk oversight process that boards may want to consider when refining the process and aligning it with the organization’s strategy, including:

• Keep risk assessments constant – An effective risk assessment process used to inform management and the board of emerging risks should be used and updated to reflect changes.
• Focus on critical risks – An ongoing process should be used to identify changes and focus on critical risks, or significant risks that can threaten the organization’s strategy or business model.
• Consider the impact of external change – Assess strategic risks and identify opportunities by encouraging big-picture thinking and focusing on critical assumptions underlying the organization’s strategy.
• Encourage risk appetite discussions – periodically engage in dialogue about the organization’s risk appetite, including the desired appetite for risk based on the organization’s strategy.
• Implement regular reporting practices – enhance risk reporting to maintain effective board engagement throughout the risk oversight process.
• Promptly consider escalated risks – improve the oversight process by implementing protocols to assess escalated risks and communicate risk-related matters to the board in a timely manner.
• Assess effectiveness of the process – the board should periodically evaluate and assess the risk oversight process, making changes as necessary. 

Original Article Source: “Staying Engaged in the Risk Oversight Process” , Protiviti, 2011