The International Corporate Governance Network (ICGN) recently issued Guidelines for corporate risk oversight to help investors assess how well a company’s board is effectively overseeing risk management. The Guidelines are intended to be used by institutional investors who own stakes in corporations of all jurisdictions. London-based ICGN’s mission is to raise standards of corporate governance worldwide.
The ICGN Guidelines are divided into three different sections. The first section provides guidance for the internal board and company process on corporate risk oversight. The second section is geared toward investor responsibility in the context of corporate risk oversight. Board and company disclosures of the risk oversight process are the focus of the third section.
All of the guidelines rest on the following key assumptions:
- The risk oversight process begins with the board.
- Management is responsible for developing and executing the organization’s risk program in line with the board’s strategy.
- Shareholders are responsible for monitoring the effectiveness of the board in overseeing risk.
The board has a responsibility to take the necessary steps to assure that it has a proactive and dynamic approach that results in the effective oversight of risk management. The board should oversee the way that the risk management process recognizes, prioritizes and effectively mitigates and responds to risk. The board should not only be attentive to negative events, but also to events that may bring opportunities to the organization.
Investors should take effective steps to assess a board’s oversight of risk with respect to the company’s strategy. Investors must rely on company disclosures, in-house research, or external sources to gather information on the effectiveness of the board’s risk oversight. Investors must be able to answer questions such as:
- Does the board possess the competencies, structures, and processes to maintain risk oversight?
- Does the organization have a crisis response plan in place?
- What measures does the board take to instill from the top a culture of risk monitoring and accountability throughout the organization?
The board should disclose sufficient information for investors to make judgments on the quality of the board’s oversight of the risk management process. The guidance recommends a variety of different aspects to disclose. Some of these recommendations include disclosing the organization’s policy on risk management within the context of the strategy, the board’s process for risk oversight, and information on the board’s integrity and qualifications.
You can access the Guidelines by visiting the web link provided. Under the Corporate Risk Oversight Guidelines section are instructions on how to gain access to the document.
Click below to register and download Guidelines
Subscribe to ERM Insights
The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.