Governance Insights 2020 (10th edition)

CHAPTER 02 Risky Business: The Board’s Role in Enterprise Risk Management

However, good governance is never a “one-size-fits-all” solution and some companies may benefit from having a dedicated risk committee. Companies faced with complex and specialized risks – such as financial institutions and utility companies – can benefit from the focused attention of a risk committee. Boards have wide discretion to define the mandate of the risk committee. Thoughtful consideration should be given to the types of risks that fall within the scope of a risk committee charter. As a general principle, assigned risks should be focused and clearly defined, but not so focused as to constrain the committee’s role, especially as the issuer continues to evolve. Similarly, the board should determine the appropriate frequency of periodic reporting on risk management outcomes, clearly communicate expectations related to the risk committee’s activities and ensure the dissemination of material risk information to the larger board (i.e., the risk committee should not operate as a stand-alone, isolated committee).

FIGURE 2-2: P ercentage of Composite Index Issuers with Dedicated Risk Committees (2016–2020 H1)

245

242

250

237

228

Issuers without a dedicated risk committee Issuers with a dedicated risk committee

14%

211

15%

14%

200

16%

150

86%

85%

86%

100

84%

2016

2017

2018

2019

2020 H1

6% management’s and employees’ attitudes toward risk and enables organizations to quickly perceive risk and adapt to change in a crisis. For example, recent enforcement action taken by the United Kingdom’s Serious Fraud Office (SFO) and the Department of Justice against Airbus highlights that a culture of compliance and risk awareness matters. In 2019, the SFO entered into its seventh deferred prosecution agreement (DPA) with Airbus for a record-setting penalty of €3.6 billion. 15 The DPA involved several counts of failure to prevent bribery under the United Kingdom’s anti-corruption legislation. Despite Airbus’s strong compliance policy on 8% 2.6% 1.7% 2.0% 1.1% 1.8% 0.6% 1.6% 0.6% 0.6% Six or more COMMITTING TO A CULTURE OF TRANSPARENCY AND ACCOUNTABILITY Experience has shown that fostering an enterprise-wide culture that promotes appropriate risk awareness and behaviours should be a top priority for boards. As Figure 2-1 above shows, corporate culture provides the scaffolding for a company’s ERM program. A strong corporate culture at the top helps shape 10%

1.3%

5.2% 4.9% 4.9%

3.9%

Davies | dwpv.com