Effective risk management is a key component of any organisation which is truly doing well. The board is responsible for oversight of effective risk management and its responsibility is two-fold. First, it must oversee, (i) the mission critical steps involved in the management of risks (i.e., identifying the risk, assessing risks, mitigating risks, and monitoring risks, and (ii) it must also oversee the leadership of senior managers with regard to the management of risks. So, to be truly effective, the integrity with which management and directors themselves lead risk management is just as important as the steps taken to actively manage those risks. The board’s duty is not effectively discharged until oversight is given to both of these elements.
The role of the Board in risk oversight is best executed where certain factors are present:
An Effective Board Composition – Who’s sitting at the decision-making table? How are they thinking?
The major 2008 financial crisis, (one of the worst economic depressions in world history), has certainly taught us that ‘risk blindness’ is a recipe for corporate failure. The Financial Crisis Inquiry Report stated that, ‘The captains of finance and other public stewards of our financial system ignored warnings, and failed to question, understand, and manage evolving risks.’ Therefore, a board must not only ask questions – they must ask the right questions, to shed light on what’s happening in the company.
The ‘right questions’ shed light on how risks are being managed. The ‘right questions’ also unearth the attitude of management to risk by challenging the underlying assumptions on the severity and impact of those risks. The ability to ask the ‘right questions’ stems from the skills, knowledge, and experience of directors who can understand – what the risks are, how those risks unfold, and how they can be effectively managed. Assembling directors with the right skills, knowledge, and experience is therefore important.
Risk blindness can also arise where directors are too willing to accede to a dominant director or directors. Questioning the underlying assumptions of directors is equally important; and, where directors feel strongly that the direction being taken is not right, they are obliged to dissent, rather than accede to appease the dominance in the room. The ‘right questions’ therefore tend to come from directors who are prepared to challenge not only senior management but also their fellow directors.
Ongoing Board Training – Is the Board up-to-date?
Risks are certainly never static. As new risks arise the challenge for the board is to keep up to date. However, up to date, they must keep! In this regard, board training is critical to move boards onto new frontiers – for example, the forever expanding world of digital technology which is driving businesses in the modern business world.
Guiding the attitude and behaviour of directors by engaging in routine training on leadership and ethos is also necessary to ensure that the ultimate objective of overseeing an effective risk management program is never forgotten in the process of decision making.
Continuous Board Assessment – How are we doing? – Let’s have a look!
Annual Director Assessments are recommended as a means of helping the board see where they’re at and where they need to go. It’s a way for directors to manage risks inherent in their own decision making capabilities as part of the overall role and exercise of overseeing an effective risk management program. It is an exercise which should be taken honestly and very seriously by board members because it allows them to take a moment to self-reflect and examine their underlying beliefs, values, biases, and assumptions, which ultimately determine how decisions are made and the ensuing quality of those decisions. After all, directors together with senior management represent ‘the directing mind and will’ of the company and so, their decisions are highly impactful. As such, it’s important for the board as it exercises its duty of oversight, to be ever cognisant of its own shortcomings as well as its own strengths.
Continuous Effective Reporting – Do we have the right information, at the right time, and in the right format?
The reports received by the board form part of the critical decision making arsenal which the board utilises. It is important then, for the board to ensure that they are getting reports which provide them with the right information, at the right time, and in the right format. Guidance can be provided by the board as to the format they wish to have information presented. In this way, the reporting function is better equipped to focus the attention of the board to the important matters they wish to present. The board should provide feedback on reports so that the reporting function knows what the board has understood and where there may still be gaps. Reports should be presented in person so that communication develops between the board and its reporting function. The board should be particularly mindful of legal and regulatory updates, and regulatory feedback. They ought to seek assurance that an effective regulatory change management and management information reporting systems are in place. Further, they should pay close attention to the findings of external auditors, compliance reviews, and regulatory inspections and ensure that the deficiencies identified in those reports are addressed in a timely manner.
