The board of directors should continue to participate in the risk oversight process and consider going above and beyond reviewing risk assessments on an annual basis. A whitepaper released by Protiviti lists elements of the risk oversight process that boards may want to consider when refining the process and aligning it with the organization’s strategy, including:
- Keep risk assessments constant – An effective risk assessment process used to inform management and the board of emerging risks should be used and updated to reflect changes.
- Focus on critical risks – An ongoing process should be used to identify changes and focus on critical risks, or significant risks that can threaten the organization’s strategy or business model.
- Consider the impact of external change – Assess strategic risks and identify opportunities by encouraging big-picture thinking and focusing on critical assumptions underlying the organization’s strategy.
- Encourage risk appetite discussions – periodically engage in dialogue about the organization’s risk appetite, including the desired appetite for risk based on the organization’s strategy.
- Implement regular reporting practices – enhance risk reporting to maintain effective board engagement throughout the risk oversight process.
- Promptly consider escalated risks – improve the oversight process by implementing protocols to assess escalated risks and communicate risk-related matters to the board in a timely manner.
- Assess effectiveness of the process – the board should periodically evaluate and assess the risk oversight process, making changes as necessary.
Click below to download the publication