Risk Management Roles and Plans for the Board of Directors

Nicholas J Price
The board's main role in risk management is strategic planning and oversight. For better or worse, the financial crisis has caused a switch in the approach to risk management for most boards of directors. Shareholders and stakeholders now have greater expectations for boards to take a more active role in managing risks.

As if the increased scrutiny isn't pressure enough for boards, the popularity of social media has caused negative vast media attention for companies that fail to catch matters associated with poor risk management. The marketplace environment of today demands that boards take a more proactive, tactical approach to managing risk than what they've needed to do historically. The volatility of risk also requires boards to re-evaluate their risk management structures and how they approach their risk efforts.

For starters, boards can help themselves by utilizing board governance management software to streamline and safeguard their efforts. It's the best way for newly formed risk committees to get to work.

Why Boards Should Proactively Assess Risks

There's no getting around dealing with risks, and the reality is that risks can present a viable opportunity to gain an edge over the competition. Operational, strategic, political and reputational risks each present unique kinds of opportunities ' as long as the board is aware of them and it takes a responsible approach to addressing them.

Establishing a Board-Level Risk Committee

Accountability is an important component to managing risk. Boards can assign responsibility to a risk management committee, so they have assurance of accountability. The committee takes responsibility for board-level risk management and oversight of management-level risk programs. One of their first responsibilities is establishing the company's risk profile and defining the company's overall approach to risk management.

A risk management committee would also explore the best ways to put controls in place to make sure all parties fulfill their obligations of controlling risks. Committee members could be instrumental in raising awareness of best practices and procedures of risk governance and providing education to the board.

It's of vital importance that risk management committees communicate the risk management profile to the board and the management team and encourage them to use it as a standard in making decisions. Boards can minimize or avoid major risks by practicing good oversight over the agreed-upon risk management profile.

Other board committees should equally be aware of the company's risk profile. The audit, compliance and strategic planning committees also need to share the common risk management profile.

Implementing Board Governance Management Software to Enhance Risk Management

Risk management can be made much easier by implementing board governance management software. The developers at Diligent had governance, risk and compliance at the forefront of their designs when they created Governance Cloud, a fully integrated suite of governance tools.

Diligent Boards is a secure board portal in which boards and committees can collaborate, share documents and participate in planning. The portal has granular controls so that only those with permission can access various parts of the portal. The portal has a high level of built-in security for the utmost in confidential board communications.

Governance Cloud tools adapt more readily and automatically when boards need to respond to rapidly evolving market and governance changes, such as cyber threats, economic fluctuations, operational factors, environmental factors and geopolitical factors.

Siloed processes are quickly becoming outdated. Boards need integrated products, such as those that Governance Cloud provides for organizing and storing board materials, securing communications, performing evaluations, following through on compliance measures, recording board and committee agendas and minutes, strategic planning and data analysis.

Approaching Risk Management Planning

A newly formed risk management committee will have many tasks ahead of them in the beginning. Their first task is to clarify the company's risk tolerance and risk profiles. The primary question they need to answer is, 'What will help the company grow the most?'

Risks that the board identified in the past can help boards identify new risks and opportunities. Failures from competitors and other corporations, and how they managed risks, serve as a learning experience for all boards.

From there, the committee must evaluate the risks and rewards, as well as any potential trade-offs. The committee will also need to evaluate any environmental circumstances that they need to monitor or manage. In addition, they'll need to scan the internal and external environment for new threats and any new opportunities they might present.

Upfront planning lessens the possibility that the board will need to be reactive toward viable threats. Clear risk management reduces the negative impact on employees, processes, technology and the general environment.

Timing can be critically important for risk management committees. Cues and triggers will assist them in knowing if or when they need to act. Overall, risk management committees need to communicate with information that is clear, concise and has the end goal in mind.

The Time for Risk Management Planning Is Now

Threats can spring up at any time. Boards can't afford to wait to take action.

Planning efforts should balance the cost of actions against potential problems. Boards that have communication committees should coordinate their communications efforts with those of the risk management committee. It's best to take an open and honest approach in communicating the risk management profile and plan to internal and external stakeholders.

It's important for boards not to give way to micromanaging the senior executives. The board isn't responsible for eliminating risks. They're only responsible for making sure that risks are appropriate. In summary, active risk management is visionary and forward-thinking. Risk management in today's climate requires taking knowledge of the past risks and past performance to predict future scenarios and solutions in order to ensure the long-term prosperity of the company.

Risk management is at least as important as strategic planning and shouldn't be minimized or marginalized. Remaining competitive may largely depend on how well companies address their risk profiles and communicate their profile company-wide. Boards and risk management committees perform the bulk of the risk management work, but it takes boards and managers working together, along with the support of an excellent board governance management system like Governance Cloud, to get the job done well.
Related Insights
Nicholas J. Price
Nicholas J. Price is a former Manager at Diligent. He has worked extensively in the governance space, particularly on the key governance technologies that can support leadership with the visibility, data and operating capabilities for more effective decision-making.