Exercising Risk Oversight: Five Questions for Boards to Consider

12/12/2014

Boards of directors are working hard to define and fulfill their risk governance and risk oversight roles and responsibilities. The changing economic, business, competitive and regulatory landscapes ensure that this work will continually evolve, so staying abreast (or ahead) of developments is the order of the day. Within that context, and given competing responsibilities, boards need to direct their risk oversight efforts toward the most productive areas and assist management in ways that most benefit shareholders and other stakeholders.

Stephen Alogna, director, Deloitte & Touche LLP, discusses ways in which boards of directors can sharpen their focus on risk. Further below, Dan Konigsburg, managing director of the Deloitte Global Center for Corporate Governance, Deloitte Touche Tohmatsu Limited (DTTL), takes a closer look at global practices regarding board-level risk committees.

Q: What key risk areas should boards be focused on right now?

Boards of directors are working hard to define and fulfill their risk governance and risk oversight roles and responsibilities. The changing economic, business, competitive and regulatory landscapes ensure that this work will continually evolve, so staying abreast (or ahead) of developments is the order of the day. Within that context, and given competing responsibilities, boards need to direct their risk oversight efforts toward the most productive areas and assist management in ways that most benefit shareholders and other stakeholders.

Stephen Alogna, director, Deloitte & Touche LLP, discusses ways in which boards of directors can sharpen their focus on risk. Further below, Dan Konigsburg, managing director of the Deloitte Global Center for Corporate Governance, Deloitte Touche Tohmatsu Limited (DTTL), takes a closer look at global practices regarding board-level risk committees.

Q: What key risk areas should boards be focused on right now?

 

A Closer Look: Board Risk Committees Around the World
Commentary by Dan Konigsburg

To address increasing risk-related responsibilities and, often, to respond to regulatory changes, a good number of boards have established board-level risk committees. These include dedicated, stand-alone risk committees, as well as combined, hybrid committees (such as an audit and risk committee or asset management and risk committee). Of course, the full board remains responsible for risk and risk oversight; however, a risk committee of either type can further formalize the means and mechanisms by which the board carries out its risk-related responsibilities.

According to a recent global DTTL study, board-level risk committees are well-established and widespread, with 38% of the 400 companies examined having either a stand-alone or hybrid risk committee. As might be expected, board-level risk committees were most often found in financial services industry (FSI) companies, but were also present in other industries—often to a significant extent, depending on the country. (For example, in Australia 75% of non-FSI companies had either a stand-alone (13%) or hybrid (62%) risk committee.) Among FSI companies globally, 67% had stand-alone risk committees and 21% had hybrid risk committees, for a total of 88%. In contrast, 26% of non-FSI companies had risk committees of some type.

Country-specific regulations play a big role in risk oversight structures and practices. Australia, Brazil and the United Kingdom have regulations that require risk committees at the board level for FSI companies. China, the Netherlands, Singapore and the United States currently have only suggested guidelines. In the overall sample, 62% of all companies analyzed do not have a board-level risk committee. This largely reflects the lack of regulatory requirements for board-level risk committees in non-FSI companies in most countries.

Whichever means they choose, boards must fulfill their risk-related roles and responsibilities as effectively as possible. Depending on the organization, its industry, its risks and its regulatory and risk governance needs, a board-level risk committee may enable the board to:

  • Assert and articulate its risk-related roles and responsibilities more clearly and forcefully
  • Establish its oversight of strategic risks, as well as the scope of its oversight of operational, financial, compliance and other risks
  • Task specific board members, external directors and other individuals with overseeing risk and interacting with management and the chief risk officer
  • Recruit board members with greater risk-related experience and expertise
  • Keep the board more fully informed regarding risks, risk exposures and the risk management infrastructure
  • Improve advice provided to management regarding risk, response plans and major decisions, such as mergers, acquisitions and entry into new markets or new lines of business.

Of course, a board-level risk committee requires resources, including funding, expertise and time. Moreover, the foregoing items are risk oversight responsibilities that any board must fulfill. So we emphasize that a board need not establish a committee to fulfill those responsibilities, but that a board needs to consider—and periodically reconsider—the means by which it fulfills them.