Home > Enterprise Risk, Roles of the Board > The risk oversight function of the Board

The risk oversight function of the Board

The number of yearly bankruptcies (generally low), shows that management-led enterprise risk models are not always effective, if they exist at all. But in many other cases, underperformance and loss of shareholder value are the consequences of that failure.


Traditional Corporate Governance models establish that “the board cannot and should not be involved in actual day-to-day risk management. Directors should instead, through their risk oversight role, satisfy themselves that the risk management policies and procedures designed and implemented by the company’s senior executives and risk managers are consistent with the company’s strategy and risk appetite, that these policies and procedures are functioning as directed, and that necessary steps are taken to foster a culture of risk-aware and risk-adjusted decision-making throughout the organization”.


What is the objective of the Risk oversight role of the Board:


We can identify the following two:


  • Preserving the viability: the bankruptcy case, even if it needs to be considered, is not generally in the path of most companies.
  • Improving shareholder value, is what really should bother directors. This is the main risk oversight role of directors.


Where does the oversight risk role of the board come from?


This board`s task comes basically from regulations on the role of directors:


a)      Directors`fiduciary duties: directors comply with their obligations by assuring the risk management oversight adequate systems are in place. Provided this is in place, the level of risk-aversion adopted by a company, is covered by the business judgement rule, which means directors are not responsible for the effects of risk, but only for a “sustained or systemic failure” to exercise oversight.

b)      Other: Other laws, listing requirements, sector-specific regulations.


What is the role of a board? Is that role the same, whatever the risk?


It is generally agreed that Boards are responsible for:


  • Determining the company`s approach to risk, the risk appetite or tolerance, and its relationship with expected rewards for the company, and for managers.
  • Setting the right culture throughout the organisation,
  • Assuring the material risks the company faces are identified, (dynamically) reviewing the risk categories and their interrelationships.
  • Assuring the company has risk strategies tailored to the company`s risk profile, strategy, and the kind of material risks confronted.
  • Reviewing with managers: the independence of the risk management function, the risk policies in place and their implementation, and all external reports, as necessary for the risk function.
  • Assuring risk is integrated into business decision-making throughout the organisation, and the adequate information flow systems are in place.
  • Transferring relevant information on risks to managers and committees.


Nevertheless, there are certain areas where a deeper role is recommended. In particular, where managers cannot be relied on to do a good job, for different reasons, as in the case of risks associated with leadership and strategy, for instance.


Strategic Risk: it can be defined as that risk that may most severely affect shareholder value, prevent the company from reaching its objectives, and even from surviving. Thus, directors need to challenge managers about the risk to the proposed strategy, particularly coming from external factors. The first step is a continual strategic risk assessment. There are several steps to properly deliver it, (understanding strategy, obtaining data, prepare risk profile, develop strategic risk management action plan, communicate both, and implementing the second), and it should be embedded in the management team. The second step is integrating risk management in strategy setting and measurement processes, (following Kaplan and Norton`s “The Execution Premium” could help).

Leadership: it is understood the board is responsible for assessing the performance and leadership capabilities of managers and particularly the Ceo.


How should the Board execute its oversight function?


Many boards delegate the function to the Audit Committee. Separate Risk Committees are not common out of the financial industry. Sometimes, several committees are responsible for the risk oversight role, (when different relevant risks are present), which requires some kind of coordination. In any case, the board should engage annually in a review of the risk management system, probably with external help.


Flow of information


The board needs to assure there is enough information flow about risk and risk management procedures, and gather this information from managers directly, if necessary.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: