The Board's Role with Risk
Where does the board’s role begin and end regarding risk?
|Thursday, April 30, 2015|
By Ron Kral, Managing Partner, Candela Solutions LLC
Where does the board’s role begin and end regarding risk? A company’s core objective is to create and increase wealth for its shareholders. Collectively, directors provide leadership toward this objective through two primary functions: 1) decision-making and 2) executive management oversight. Decision-making includes approving corporate policy, strategic goals, annual budgets, major expenditures, and the acquisition or disposal of material assets. It also includes evaluating and selecting the Chief Executive Officer (CEO) and approving the company’s risk appetite. Risk appetite is the amount of risk the organization is willing to accept in pursuit of objectives. While it is typically the CEO who recommends a risk appetite to the board, it is the board that should render the ultimate decision on how much risk is appropriate.
The second primary board function involves a fine line regarding the degree of management oversight. Too much, and the board could be micro-managing the company thus infringing on the CEO’s turf. Too little, and the board could lose its pulse on the status of the company’s risk management efforts. Here are five considerations to define a healthy balance between board oversight and management responsibilities pertaining to Enterprise Risk Management (ERM):
In summary, the management team is responsible for the heavy lifting pertaining to these five steps. So while it is the CEO who owns ERM, the board must be satisfied with management’s performance consistent with the board’s approval of objectives and risk appetite. How the board conducts their oversight duties is largely up to them, but for many organizations utilizing an independent internal audit function is a common choice. Otherwise, the board can bring in outside resources to conduct an ERM evaluation.
Despite having the utmost confidence in the integrity and ethics of the executive management team, an organization’s ERM process should include a healthy dose of independent verification as directed by the board. It is not just a matter of trust, but also a matter of obtaining independent expertise to add value to the ERM process by providing different perspectives. Finally, the topic of risk oversight is important enough to merit a standing agenda item at every board and applicable committee meeting to help maintain an independent eye on the ERM process.
Defining the board’s role on risk is vital through the corporate governance guidelines and committee charters. If the roles regarding ERM are not clearly spelled out and understood, then it is time to revisit the corporate governance guidelines and committee charters to add clarity. Once the roles are crafted and directors are educated on how to fulfill their duties, they must then have the collective discipline to follow-through on these duties. This is where the chairman of the board must insist on board accountability, as it is not simply management performance they should be concerned about, but also their own performance.
One effective way to assess board accountability is through periodic board and committee performance evaluations (refer to The Essentials of Boardroom Evaluations for a previous article on this topic). The scope of the board and committee evaluations should not simply entail ERM approval and oversight activities, but rather all board duties per corporate governance guidelines and committee charters. Without a robust assessment on their own activities, boards can be blinded to improvement opportunities. Effective boards must have the proper mindset rooted in a clear understanding of their duties to be productive and responsive to their duties.