“Risk oversight” describes the role of the board of directors in the risk management process. The risk oversight process is the means by which the board determines that the company has in place a robust process for identifying, prioritizing, sourcing, managing and monitoring its critical risks and that that process is improved continuously as the business environment changes. By contrast, “risk management” is what management does, which includes appropriate oversight and monitoring to ensure policies are carried out and processes are executed in accordance with management’s selected performance goals and risk tolerances. Through the risk oversight process, the board:
- obtains an understanding of the risks inherent in the corporate strategy and the risk appetite of management in executing that strategy,
- accesses useful information from internal and external sources about the critical assumptions underlying the strategy,
- is alert for organizational dysfunctional behavior that can lead to excessive risk taking, and
- provides input to executive management regarding critical risk issues on a timely basis.
Risk oversight is a high priority for today’s boards of directors. Because the risk oversight playbook is likely to evolve over several years, emphasis on refining the risk oversight process can be expected to continue into 2010 and beyond. Our Board Perspectives: Risk Oversight series is intended to provide short discussions of topics germane to the risk oversight dialogue.
Current Topic
Issue 31 - Assessing Risk: An Operational Perspective: Discusses the appropriate risk assessment approach to take for operational risk, which should be directed at understanding the risk of loss of any of the key links in the value chain.
Previous Topics
Issue 27 – Oversight of Information Technology Risk: Offers suggestions for boards to consider to help them enhance their IT risk oversight.
Issue 26 – Ten Questions the Board Should Ask: Discusses 10 key questions for boards to consider as they plan their 2012 risk oversight agendas.
Issue 25 – Reducing the Risk of Rogue Trading: Focuses on “tone at the top” and effective internal controls, as well as some important questions for boards and senior executives to consider.
Issue 24 – Should the Board Have a Separate Risk Committee?: Weighs the pros and cons for establishing a separate board risk committee and discusses appropriate roles for the potential risk committee.
Issue 23 – Identifying Emerging Risks: Discusses how to identify emerging risks, which may affect the long-term viability of an organization’s strategy.
Issue 22 – Is Your Organization an Early Mover?: Offers insights on why organizations should be early movers when it comes to identifying and acting on opportunities and risks.
Issue 21 - Managing Corruption Risk: Shares how a robust anti-corruption program can save companies from the expensive consequences of corruption violations.
Issue 20 - Formulating an Initial Risk Appetite Statement: Suggests what to include when formulating assertions for a risk appetite statement.
Issue 19 - Managing Supply Chain Disruption Risk: Provides key considerations regarding supply chain disruption risk and how to manage it.
Listen to our podcast discussing the results of the COSO/Protiviti survey on board risk oversight.
Issue 18 - Staying Engaged in the Risk Oversight Process: Considers how boards can make risk oversight an ongoing and integral part of their responsibilities.
Issue 17 - Finding the Right Chief Risk Officer: Considers what qualifications a company should look for when evaluating CRO candidates.
Issue 16 - Five Risk Categories for Focusing Risk Oversight: Discusses governance risks, critical enterprise risks, board-approval risks, business management risks and emerging risks.
Issue 15 - Recommendations from Protiviti's Board Risk Oversight Survey: Provides recommendations based on the results of a survey that COSO and Protiviti conducted regarding the current state of board risk oversight.
Issue 14 - Survey Results Provide Baseline for Board Risk Oversight: Summarizes the results of a survey that COSO and Protiviti conducted regarding the current state of board risk oversight.
Issue 13 - When Insolvency Issues Arise: Focuses on personal liability risks and responsibilities for independent directors in times of financial distress.
Issue 12 - Preparing for a Black Swan: Understanding, preparing for and managing risks related to unexpected, high-impact events.
Issue 11 - Ten Ways Risk Oversight Can Fail: Reviewing 10 reasons that can contribute to failure of the board’s risk oversight process.
Issue 10 - Aligning Strategy Setting and Performance Management with Risk: Discussing the importance of integrating risk management with strategy setting and performance management, and the board's role in this process.
Issue 9 - The Importance of Tone at the Top to Risk Management: A review of 10 key indicators that collectively provide red flags that potential issues may exist within the organization.
Issue 8 - Four Foundational Elements of Risk Management: A look at four elements that define what executives should assess when evaluating the role and effectiveness of risk management.
Issue 7 - Ten Risk Oversight Principles: A review of 10 key principles that will assist boards in strengthening their risk oversight.
Issue 6 - Positioning the CRO for Success: This issue details the factors that enable the CRO to be successful.
Issue 5 - Organizing for Risk Oversight: This issue reviews some of the factors directors should consider as they organize their board for risk oversight.
Issue 4 - The Risk Appetite Dialogue: This issue defines risk appetite and reviews ways in which the board and management should discuss it on an ongoing basis.
Issue 3 - Knowing What You Don't Know: This issue addresses the reality that, in today’s environment, management and the board can never be certain they know everything they need to know. Nonetheless, there are eight steps they can take to manage uncertainty.
Issue 2 - The Enterprise Risk Assessment Process: The first question the risk oversight process seeks to answer is, “What are our most critical risks?” An effective risk assessment process lays the foundation for management to respond to this question with confidence and instills confidence in the board that management has a substantive basis for answering the question.
Issue 1 – Risk Oversight: A Board Imperative: This issue provides suggested questions that boards of directors may consider, as appropriate to the entity's operations, as they seek to clarify their risk oversight responsibilities.
Future Topics
Future issues will be influenced by market developments and feedback from board members. Topics currently under consideration include Thinking Strategically in Managing Risk, Drawing the Line Between the Board’s Role and Management’s Role, and Driving Transparency Through Sourcing Risk Information. If you have a topic that you would like to add to the conversation or feedback on the topics under consideration, please share it with us.