The Role of the Board in Risk Oversight: Adapting to Regulatory Developments and Emerging Practices
, concludes that directors are generally aware of their fiduciary duties and know that an organization needs a comprehensive and holistic approach to risk, but there is still limited guidance available on the nature and extent of their oversight function. (To download the report directly, click here
"Outside of the financial sector, risk management as a coherent enterprise-wide initiative is a relatively recent topic of discussion among business leaders," says Mark S. Bergman, co-head of the capital markets and securities group at Paul, Weiss, Rifkind, Wharton & Garrison LLP, and author of the report.
Here’s a look at some other recent research on risk management that I have been reading:
- Effective Enterprise Risk Oversight – The Role of the Board of Directors, Committee of Sponsoring Organizations of the Treadway Commission (COSO), Aug. 24, 2009. http://www.coso.org/documents/COSOBoardsERM4pager-FINALRELEASEVERSION82409.pdf. Key findings: This publication followed COSO’s Enterprise Risk Management Integrated Framework in 2004. It is a short addendum on the fundamentals of the board role within the framework. It takes into account the how the financial crisis has led to an increased focus on the effectiveness of board risk oversight practices.
- Is Risk Management Part of Performance Management? Gary Cokins, product marketing manager of SAS, BigFatFinance Blog, Nov. 16, 2009. bigfatfinanceblog.com/2009/11/16/is-risk-management-part-of-performance-management/#more-690. Key findings: Risk management is not about minimizing an organization’s risk exposure. Quite to the contrary, it is all about exploiting risk for maximum competitive advantage.
- Putting Risk in the Comfort Zone: Nine Principles for Building the Risk Intelligent Enterprise, Deloitte, 2008. www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/us_risk%20consulting_Putting%20risk%20in%20the%20comfort%20zone103108.pdf. Key findings: Part of a series of publications on the fundamental principles of risk intelligence, such as the definition of risk, a common risk framework, the delegation of key roles and responsibilities and that the board has appropriate visibility into the company’s risk management practices.
- The Board’s Role In Risk Management – Lessons Learned From The Financial Crisis, Bill Baxley, Anne Cox and Bettina Tobben, King & Spalding LLP, Metropolitan Corporate Counsel, September 2009. community.rims.org/RIMS/RIMS/Community/Resources/ViewDocument/Default.aspx?DocumentKey=558f535e-ee0f-4e90-b122-e5b2f2c19e25. Key findings: This article examines the changing role of the board in light of the recent financial crisis and draws, among other things, upon the insights from the Lead Director Network. It looks at how boards have responded to assist their companies and management and how the financial crisis likely will change the thinking of directors going forward.
- Risk Management at Crunch Time: Are Chief Risk Officers Compliance Champions or Business Partners? Anette Mikes, Harvard Business School, May 30, 2008. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1138615. Key findings: Risk management departments in financial institutions have been undergoing major transformations. New regulatory requirements have raised the bar on compliance and expanded the remit of risk management significantly. The compliance imperative requires banks to implement a firm-wide risk management framework complete with analytical models for the measurement and control of quantifiable risks. In addition, recent corporate governance guidelines advocate the 'business partner' role of risk management.
- Reputation Risk: A Corporate Governance Perspective, Matteo Tonello, The Conference Board Governance Center, December 2007. www.conference-board.org/publications/describe.cfm?id=1390. (free for members, fee required for non-members) Key findings: Some key recommendations contained in this report are that boards of directors should: reach a common understanding of the concept of corporate reputation and tie its discussion to a comprehensive analysis of the firm's stakeholder base, become familiar with management's rationale for prioritizing stakeholder relations and be persuaded that the selected relations are instrumental to achieving the firm's long-term objectives.
- Emerging Governance Practices in Enterprise Risk Management, Matteo Tonello, The Conference Board Governance Center, February 2007. www.conference-board.org/publications/describe.cfm?id=1271. (free for members, fee required for non-members) Key findings: This study presents the results of inquiries conducted by The Conference Board Research Working Group on Enterprise Risk Management. It examines how ERM departs from the fragmented and compartmentalized risk management solutions already in place at many organizations.
Companies, big and small, are seeking out risk management guidance in the aftermath of the financial crisis as many worry about how to handle such a problem in the future.
It was in this context that The Conference Board Governance Center last week released the first in a series of online publications on risk management called Director Notes, which is available exclusively to Governance Center members. The first article,