The increased pressure on all companies to strengthen risk management structures, due mainly to the fallout from the recent financial crisis, has caused a shift in the way corporate risk profiles are assessed.  This report, authored by Mark S. Bergman, points out that one theme this shift in risk management has embraced is Enterprise Risk Management (ERM).  ERM was described conceptually in 2004 in COSO’s Enterprise Risk Management – Integrated Framework and is gaining support because of its holistic approach to risk management practices by identifying a full range of risks to the company not only financially, but in all facets. 

While the financial sector has guidance on the duties of directors regarding risk management, every other industry contains limited guidance on the required risk management functions of directors.  Currently, the New York Stock Exchange (NYSE) requires the audit committee to discuss policies regarding risk assessment in an oversight role to ensure the board’s decisions in risk management.  However, the SEC’s disclosure rules have few applicable requirements directly for risk management. 

Since the summer of 2009 there has been strong attention to corporate governance reform.  The proposed Shareholder Bill of Rights Act of 2009 calls for separate risk committees and more authority for shareholders to have a say on corporate pay to mitigate excessive risk-taking incentives.  The SEC has also approved new disclosure rules for 2010 intended to require a more thorough understanding of corporate governance and risk management.  These guidelines or other similar proposed legislation, if passed, will prompt boards to consider several issues related to board risk oversight, including

  • The role of a risk committee in light of the company’s risk profile.
  • The nature of the interface between the risk committee and other board committees.
  • How best to discharge the ultimate responsibility of the full board.

It is important for directors to pay attention to pending legislation and prepare themselves for the increased responsibilities regarding risk management and corporate governance.  This preparation will save time and money, similarly to how preparation before the implementation of the Sarbanes-Oxley Act in 2002 could have been extremely cost beneficial to publicly traded companies.  This Conference Board report provides a checklist with detailed examples for the board of directors in its oversight role of risk management.  This list of responsibilities includes:

  1. Assess the quality of the information received from senior executives.
  2. Understand the company’s business and the risks to the company.
  3. Assess how management evaluates risks.
  4. Assess the quality of risk management procedures.
  1. Consider feedback from employees involved in the implementation of the risk management program.

By following these responsibilities and tailoring a risk management framework to the company, directors can feel confident that they have effectively assessed risks and are prepared for the future changes in risk management litigation requirements.

Click the link below to read the full article.

Link: Director Notes: The Role of the Board in Risk Oversight; Adapting to Regulatory Developments and Emerging Practices”, Mark S. Bergman, The Conference Board, November 2009.

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2009-11-01