Governance Insights 2020 (10th edition)

CHAPTER 02 Risky Business: The Board’s Role in Enterprise Risk Management

1. DEFINE THE ISSUER’S RISK APPETITE AND TOLERANCE

3. KEEP TRACK OF RISK RESPONSIBILITIES Regardless of an organization’s size, industry or complexity, every director and member of senior management must understand one another’s roles in the overall risk oversight framework. As risk oversight becomes increasingly complex, a coordinated response is imperative. Without clarity on ownership of specific responsibilities, redundancies and lapses can occur. Boards should be armed with a list of the individuals responsible for each enterprise-wide risk and the extent to which responsibilities may overlap. 4. ACTIVELY MONITOR OPERATIONS Board measures must extend beyond implementing controls and deferring to management to execute. The board’s evaluation and monitoring of those controls are equally critical. Those measures require, among other things, that the board adhere to adopted controls and policies; meet regularly and allocate time on the board (or committee) agenda to risk-related issues; review, consider and challenge (if necessary) risk-reporting; and facilitate timely and regular communication with management. Investors and other corporate stakeholders increasingly expect boards to have more frequent oversight for risk management, and not merely delegate consideration of those matters to annual strategic reviews. Determining and understanding the level of risk that is acceptable or (in some cases) necessary to achieve an issuer’s established business and strategic objectives are critical first steps.

Risk is an inherent part of any business strategy. As a starting point, the board should be involved in defining the organization’s risk appetite and tolerance. Determining and understanding the level of risk that is acceptable (or in some cases necessary) to achieve an issuer’s established business and strategic objectives are critical first steps. This is especially so in times of uncertainty when an understanding of risk appetite can help a board quickly adjust the strategy or change course. The board should ensure that the issuer’s risk appetite and its associated thresholds are clearly articulated and widely understood within the organization (and by its partners), and that they are integrated into every business decision-making process at each level. 2. KNOW THE ISSUER’S TOP RISKS To navigate the organization’s risks (and opportunities), it is critical that every director be familiar with key enterprise-wide risks. Boards should work closely with management to understand the likelihood and impact of the top risks facing the issuer in the short and long terms. On this front, boards should stay current with the issuer’s ever-evolving risk profile. As the COVID-19 pandemic has shown, some risks may fall away while others rise to prominence. Keeping an up-to-date understanding of top risk priorities can increase the board’s ability to adapt in the face of change and uncertainty.

Davies | dwpv.com