The topic of risk management has become increasingly popular in corporate governance as a result of the financial meltdown and credit crisis.  There is no way to eliminate risk within an organization, nor is it beneficial to do so, since taking certain risks and opportunities may yield profitable returns.  Instead, directors and management should focus on understanding the company’s risk profile and appetite as well as forecast possible risk scenarios and ensuring material risks are being addressed.

The board of directors maintains the sole responsibility of risk oversight within an organization.  As risks have become more complex and intertwined, this responsibility has increased immensely.   There are several elements of risk oversight that the board can address to have efficient oversight.  This New York Law Journal article, authored by David A. Katz and Laura A. McIntosh, provides details on how boards can ensure these activities are handled effectively.  These elements include:

  • Communications between the board of directors and members of senior management.
  • Communications among the board of directors, board committees and board advisors.
  • Efficient coordination of risk mitigation practices.
  • Expecting the unexpected by performing risk scenario planning.

Regulatory pressures have also increased the awareness of risk management practices within the marketplace.  The New York Stock Exchange imposes risk oversight obligations on the audit committee of any NYSE-listed company, while the SEC has approved new proxy statement disclosures about board risk management activities for the 2010 proxy season.  Additionally, Standard & Poor’s is now analyzing corporate enterprise risk management practices as part of S&P’s corporate debt rating processes.

While the board has an important role in risk oversight, management has the primary responsibility for risk management activities and the board should not be involved in the day-to-day activities of risk management.  The board should satisfy its role by ensuring that the risk management process is designed effectively and is in line with the company’s overall business and risk objectives.  Proper communication concerning enterprise-wide risk can ensure that risk management is complimentary to the company’s overall strategy, culture and value generation process.

Click the link below to read the full article.