Continued Awareness of Risk Management and Emerging Developments
The Board of Directors (“the Board”) plays an integral role to the risk management function of a corporation starting with setting the “Tone at the Top” or cultural foundation for risk management. Risk has been at the forefront of debated topics over the years, more so in the recent years due to the financial crisis that drew the ire of the public, legislators, and the media over compensation of executives. When considered with the ongoing global economic instability and increasing regulatory requirements, the development of rigorous risk management procedures will continue to change as emerging risks develop.
Functions of the Board in Risk Oversight
From monitoring risks to
establishing compensation policies, there are numerous new responsibilities
placed upon the Board in the risk oversight function of a business, but those
responsibilities originate from three sources:
- Fiduciary duties: Legal liabilities (Caremark cases)
- Federal laws and regulations: Dodd-Frank Act and SEC proxy rules
- Industry-specific guidance and general best practices manuals: Committee of Sponsoring Organizations (COSO) and National Association of Corporate Directors (NACD) – Blue Ribbon Commission on Risk Governance
The article, which is authored by Martin Lipton, Daniel A. Neff, Andrew R. Brownstein, Steven A. Rosenblum, Adam O. Emmerich, Sebastian L. Fain, and David J. Cohen, mentions that while the sources do provide additional responsibilities for the Board; companies should view them as a minimum and not design the risk management policies to solely meet a requirement for the Board function.
Suggested Practices to Improve Risk Oversight
While every company should customize its risk management procedures, the core of any framework or system put in place should accomplish four critical goals:
- Provide timely identification of material risks to the company
- Implement risk management strategies that are responsive to the portfolio of risks, business strategies, and risk thresholds
- Align risk management into the business decision making
- Communicate pertinent risk information to the senior executives, the board, or board committees
Core goals of risk management procedures provide a high-level direction for those responsible for the risk oversight function; however, those core goals alone do not provide guidance on how to accomplish them. The article highlights 13 examples of actions that the risk oversight functions could perform to achieve the core goals with an emphasis on management dialogue and accountability. In addition to these examples, the article provides discusses areas that address specific areas to improve the overall risk management oversight function.
Who should perform risk oversight?
Each company can assign the responsibility of risk oversight to different groups or committees, but depending upon the type of organization, there may be guidance. Whether it is the responsibility of the audit committee for stocks listed on the NYSE or a dedicated risk management committee for financial institutions subject to the Dodd-Frank Act, the overall Board should be satisfied that any of the committees conducting the risk management oversight is adequately conducted.
Communication is key
Decision makers rely on information to make appropriate strategic decisions. The key to the process is to understand the risks that may materially impact any of the decisions, which means that high-quality timely information needs to be communicated between the people who make them – the Board, senior management, and risk managers.
Continuous risk management
Improving risk management needs not only involves the aforementioned improvements in this section, but understanding that risk management is not a project. Risk management should be a cycle that is continuously performed. This allows the companies to not only remain abreast of emerging risks, but to reassess the previously identified risks and how they may have changed.
Risk management oversight is a rapid developing area that garners a lot of attention, particularly for the Board with pressure from regulators, public, media outlets, amongst others to control the risky behavior of senior executives. As the field continues to change, it is imperative that the Board remains abreast of the additional required and recommended responsibilities revolving around the central topic of risk management. Regardless, the Board should recognize that these responsibilities placed on them through fiduciary duties, regulations, or best practices should not be approached as a “satisfy the requirement” task, but to improve the risk management process task. The article presents updates to the changing risk environment and how a company can change along with it by assigning risk oversight functions, communicating risk information, maintaining legal compliance, and assessing risk continuously.