People’s perceptions are shaped by their knowledge and experience.  This statement is also true when one considers differing views about risks among individuals serving on a board of directors. A person’s view point of risk is determined by what is important to them and their understanding of risk.  Two people can look at the same thing and see two completely different things.  Therefore, people’s perceptions of the world around them will affect how they make business decisions. 

All business issues should be viewed in the sense of how they pose a risk to the company.  For this reason, risk has become more personal because areas people once considered to be not risky are now being posed as a threat to the entire business.  This has also increased the risk oversight responsibility of the board, greatly increasing their work load. 

Some boards are finding challenges in how they are currently managing risks.  In many instances, boards are failing to have explicit discussions about risks affecting the entity, often based on the assumption that risks are implicitly considered as they evaluate a company’s overall performance and strategy.  As a result, individual board members are left to consider risks at an intuitive level, which is an ad hoc approach that allows issues to slip through the cracks. 

While risk oversight is one of the most important roles of the board along with overseeing the development of corporate strategy, companies are now faced with the challenge of determining where on the board risk oversight belongs.  Generally, there are three ways boards take responsibility for risk oversight by assigning that responsibility to: (1) the whole board or (2) the audit committee, or the board (3) creates a risk management committee.  Each one of these options has their own set of advantages and disadvantages.  It is up to each respective company to determine which level is best for its company. The main objective is that risk oversight is occurring at some level at the board, with critical issues being discussed by the full board.

Since the board is responsible for overseeing risk and setting the tone for the rest of the company, directors can get other members of the board and employees interested in maintaining risk oversight by simply talking it up.  The board can also bridge departments together by bringing executives in from various business departments to explain how risk in one department can affect the risk of many other departments. 

Since risk is very important to companies there are six steps they can take to improve their risk intelligence:

1. Broaden the board’s view of risk
2. Take a hard look at the board risk governance process
3. Don’t underestimate the challenge of risk oversight at the board
4. Think about how the board can structure its risk oversight along key principles
5. Sync board views about risks with management’s view of risks
6. Assess performance of risk oversight processes

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2008-11-01