Background on the Proxy Requirements for the Board’s Role in Risk Management

It is no secret that after the recent market crises, regulators and investors alike wanted greater transparency into the risk oversight practices of companies. From the Dodd-Frank Act to SEC rules, the requirements for this transparency came into fruition. As such, the SEC requires public companies to disclose in their proxy statements the Board’s role in risk oversight. There are no hardline rules that companies must disclose – they merely need to disclose what constitutes the Board’s role. The differing aspects of information reported in the proxy statements shed insights about emerging trends in how risk management is being conducted by the various Boards across different industries.

Purpose of the Deloitte Survey

Since the requirements for reporting the Board’s involvement in risk oversight, Deloitte has been analyzing what the companies of the S&P 200 report in their proxy statements. Compiling the results from the surveys from 2010, 2011, and 2013 shows trends by industry regarding how the Board is handling the role of risk oversight.

In the survey, there are 12 considerations or categories used by Deloitte to summarize their analysis of the proxy disclosures made by companies constituting the S&P 200. The areas are derived from what are termed “key areas” of interest by the Board and senior management. They include, but are not limited to:

  • Who is responsible for risk?
  • Are there management level risk management committees?
  • Does the Board play a role in corporate culture?
  • Are other Board committees involved in risk oversight?

While broad, the analysis in the white paper may be instrumental in forming the risk oversight practices for any organization.

Trending Practices in Risk Management

Collectively, Deloitte finds that companies in the S&P 200 (132 of 170 are recurring companies across the three different years of Deloitte’s analysis) increased the level of board engagement related to nine of the 12 areas considered in the proxy statements while also identifying two areas where there was little change and one are that actually declined. These results show a general positive increase in the Board’s role in the risk oversight of the companies analyzed. Two particular categories stand out with particularly larger increases from 2011 to 2013 in the reporting of these areas in the proxy statements – compensation risk and reputational risk.

From 2011 to 2013, the companies that specifically identified the compensation committee as responsible for compensation risk and addressed reputational risk separately from other risk increased by 7 percent and 5 percent, respectively; however, the same categories increased 14 percent and 9 percent from 2010-2013, indicating the largest changes in emphasis in the proxy statements revolve around those two areas.

Within the white paper, the resulting details of all 12 areas of concentration shed some light onto the emerging areas that focus around three aspects:

  • Board risk-related responsibilities
  • Management’s risk-related responsibilities
  • Leading practices

Different Industries, Different Practices

The data within the white paper does more than show the overall trends of the S&P 200 proxy statements disclosures in regards to the Board involvement in risk oversight. There is no one “right” answer to the appropriate roles for the Board. The authors provide cross-sections of the data to show which of the 12 areas of concentration are prevalent by year and by industry for both 2013 and trending from 2010 – 2013 (excluding 2012).

Summary

Risk oversight is a topic that is constantly evolving as the nature of the area is being understood. The Board’s responsibilities are growing and Boards are responding with changes in how they approach risk oversight.  Deloitte’s analysis finds that Boards are delegating responsibilities to various committees. One thing is certain best practices may emerge as the transparency between companies is required by the proxy statements.