CHAPTER 02 Risky Business: The Board’s Role in Enterprise Risk Management
A Board’s Responsibility in Overseeing Risk Management The board’s responsibility for risk management derives largely from directors’ fiduciary duty, duty of care and duty to manage under corporate and securities laws, stock exchange requirements and governance best practices. To be clear, day-to-day business operations and risk management are management’s responsibility. Directors are responsible for obtaining reasonable assurance that senior management has identified the company’s principal risks and put in place appropriate risk management policies and procedures that are consistent with the organization’s risk appetite. As discussed in our bulletin “ Canadian Directors Should Heed Recent U.S. Caremark Litigation, ” 9 Canadian directors should be aware of the recent uptick in U.S. claims permitted by Delaware courts alleging a failure by directors to make a good faith effort to monitor corporate operations, including overseeing key risks – otherwise known as a Caremark claim. Although Canadian courts have yet to explicitly recognize a Caremark duty owed by Canadian directors, the principle has been considered in the context of a Canadian securities regulator’s public interest jurisdiction. 10 It is easy to contextualize such a duty within the duties owed by directors under Canadian law particularly in circumstances in which directors knew or ought to have known of potential problems or concerns.
FIGURE 2-1: Model ERM Framework
Board Risk Oversight
Risk Appetite & Tolerance
Corporate Culture
Strategy Development and Business Objectives
Monitoring and Performance
Risk Identification
Risk Mitigation and Controls
Risk Assessment
23
Davies | dwpv.com
Powered by FlippingBook