Enterprise risk is increasingly an area that stakeholders expect boards to actively monitor as part of their ultimate oversight responsibilities. A recent global survey carried out by the Institute of Risk Management (U.K.) found that 94% of companies believe COVID-19 strengthens the case for prioritizing ERM within an organization. 11 Vanguard Group – one of the world’s largest investment management companies with over US$6.2 trillion in global assets under management – recently signalled an expectation that portfolio companies dedicate an increasing amount of time to identifying and governing material risks, particularly as the risks facing organizations become more diverse and complex. 12 Similarly, Institutional Shareholder Services Inc. (ISS) and Glass, Lewis & Co. (Glass Lewis) recommend that shareholders withhold votes for individual directors or committee members with records of poor or inadequate risk oversight. 13 ALLOCATING RISK OVERSIGHT RESPONSIBILITY TO THE BOARD AND ITS COMMITTEES Risk oversight responsibilities are typically divided between the board as a whole and board committees, particularly when committees with the requisite expertise have been established. For instance, it is common for the audit committee to oversee and report to the board on risks relating to an issuer’s accounting and auditing practices. Similarly, it is typical for a nominating committee to oversee CEO succession planning and the related risks. There is often debate regarding where risk oversight generally should reside at the board level. Some advocate for a dedicated risk committee to discharge directors’ risk oversight function. One concern with delegating risk oversight to a subset of directors is that it instills in the committee members an in-depth understanding of the company’s principal risks, while potentially leaving other directors without the requisite
knowledge in areas where risk plays a critical role, including in evaluating and approving the company’s strategic plan. On the other hand, using a dedicated risk committee may better enable a smaller group of directors to conduct a “deep dive” into the relevant issues. Alternatively, many Canadian issuers have opted for a hybrid approach, assigning specific core risk management issues to standing committees having expertise in the relevant areas (e.g., human capital risks assigned to the human resources committee, compensation risks to the compensation committee and environmental and compliance risks to an environmental committee). Each committee then reports to the full board on its risk management activities and the full board, in turn, assumes ultimate responsibility for ERM with the benefit of the more focused information and recommendations received from each committee. As Figure 2-2 demonstrates, the overwhelming majority of companies on the TSX Composite Index have elected not to establish a dedicated risk committee. 14 Most Composite Index companies assign responsibility for certain specialized risks to committees with a particular expertise, while keeping risk oversight the ultimate responsibility of the full board. In our view, this approach is often the most prudent one. Risk oversight responsibilities are typically divided between the board as a whole and board committees, particularly when committees with the requisite expertise have been established.
24
Governance Insights 2020
Powered by FlippingBook