Public Company Boards Begin to Take Ownership of Risk Management
NEW YORK, Sept. 14 /PRNewswire/ -- Corporate boards are beginning to take ownership of risk management, according to a report released today by The Conference Board.
The report, Director Insights on Emerging Risk Oversight Practices, is the most recent installment of The Conference Board Director Notes series. It was produced in collaboration with McKinsey & Company and the Global Association of Risk Professionals, and is based on a series of interviews with corporate directors on emerging board practices in risk oversight.
Interview participants included 20 members of U.S. public company boards, representing a variety of business sectors (including manufacturing, high tech, real estate, food services, retail, telecommunications, air travel, energy, health care, and banking) and ranging in size from $150 million to over $30 billion in revenues.
"The financial crisis underscored the importance of risk management in the pursuit of a business strategy," says Matteo Tonello, director of corporate governance research at The Conference Board and founder of the Director Notes series. "Today, as companies recover from that turmoil, many corporate directors wonder if they and their boards are doing all they should to fulfill their fiduciary duty with respect to risk oversight."
This Director Notes report summarizes the most important insights obtained from the interviews.
In particular, it highlights a set of concrete, emerging best practices for boards in this important area of responsibility, with actual quotes from directors shown in italics:
- Assign the responsibility of risk oversight to the full board and the burden of risk oversight to the right committee(s). ("We are all collectively responsible for risk," said a board member, while another added: "Audit committees tend to have a checklist approach to risk oversight, which is dangerous; not enough prioritization, not enough of a business angle.")
- Consider the full breadth of material risks that can impact the company. ("We benchmark against a range of companies to make sure we think.")
- Push for a deep understanding of the key risks. ("We spend a lot of time reviewing the numbers and understanding risk processes: where the key numbers come from, how they get into the reports.")
- Secure the right expertise on the board. ("Transformation of our risk approach was driven by two board members with risk experience elsewhere.")
- Nurture a healthy tension borne by diversity. ("The biggest change we made in risk management over the last few years is focusing on having the most diverse board possible.")
- Engage the broad management team. ("The board needs to interact with management in an open manner, not just hear what has been rehearsed three times.")
- Embed risk discussions in all board processes. ("Every initiative presented to the board concludes with a simple page with three to four bullets on the key risks.")
- Avoid the "bureaucratic trap"—more substance, less process. ("When you ask an executive to go in depth on a specific risk and you get a blank stare, you know risk management has become too bureaucratic.")
- Make risk management actionable, not just an exercise. ("Follow-up is critical—managers come back to the board and are asked 'tell me what you have done'—it is more than just a plan.")
- Take ownership of improving risk management in the organization. ("To make risk management a success at our company the board had to get involved—we never gave up.")
"While most boards have taken on the challenge of upgrading their risk oversight capabilities, there is significant diversity across companies in their approaches," says Andre Brodeur, a co-author of the report and leader of McKinsey's enterprise risk-management service line for non-financial companies. "This diversity does not appear to be connected to either business sector or company size. While financial institutions and energy companies in general have the longest history of developing the risk oversight capabilities of their directors, a number of corporate boards in other sectors have become equally attentive to risk issues."
This Director Notes report also discusses three additional practices that until now have been detected almost exclusively in the financial sectors, but are expected to become increasingly influential among non-financial companies as well, especially as a result of increasing pressure from regulators: the use of stress testing techniques; the adoption of a "risk appetite statement;" and the analysis of the risk effects of executive compensation.
Source: Director Insights on Emerging Risk Oversight Practices, Director Notes, DN-14, September 2010
About Director Notes
Director Notes is a series of publications through which The Conference Board engages experts from several disciplines of corporate leadership in an open dialogue about topical issues of concern to member companies.
About The Conference Board
The Conference Board is a global, independent business-membership and research association working in the public interest. Our mission is unique: To provide the world's leading organizations with the practical knowledge they need to improve their performance and better serve society. The Conference Board is a non-advocacy, not-for-profit entity holding 501(c) (3) tax-exempt status in the United States.
About McKinsey & Company
McKinsey & Company is a global management consulting firm dedicated to helping the world's leading organizations address their strategic challenges. With consultants deployed in more than 50 countries around the globe, McKinsey advises on strategic, operational, organizational, and technological issues. For more than eight decades, the firm's primary objective has been to serve as an organization's most trusted external advisor on critical issues facing senior management. For more information, please visit www.mckinsey.com.
SOURCE The Conference Board
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article