The board of directors should continue to participate in the risk oversight process and consider going above and beyond reviewing risk assessments on an annual basis. A whitepaper released by Protiviti lists elements of the risk oversight process that boards may want to consider when refining the process and aligning it with the organization’s strategy, including:

  • Keep risk assessments constant – An effective risk assessment process used to inform management and the board of emerging risks should be used and updated to reflect changes.
  • Focus on critical risks – An ongoing process should be used to identify changes and focus on critical risks, or significant risks that can threaten the organization’s strategy or business model.
  • Consider the impact of external change – Assess strategic risks and identify opportunities by encouraging big-picture thinking and focusing on critical assumptions underlying the organization’s strategy.
  • Encourage risk appetite discussions – periodically engage in dialogue about the organization’s risk appetite, including the desired appetite for risk based on the organization’s strategy.
  • Implement regular reporting practices – enhance risk reporting to maintain effective board engagement throughout the risk oversight process.
  • Promptly consider escalated risks – improve the oversight process by implementing protocols to assess escalated risks and communicate risk-related matters to the board in a timely manner.
  • Assess effectiveness of the process – the board should periodically evaluate and assess the risk oversight process, making changes as necessary. 

Click below to download the publication