The most extensive delineation of board responsibilities has been enumerated in the Canadian guidelines, which has identified beside other components the following two specific components:
1. Adoption of a strategy planning process.
2. Management of Risk.
The role of the board of directors in ERM oversight includes:
1. Determining a risk-adjusted corporate strategy and adequate metrics to track executive performance in the pursuit of such a strategy,
2. Approving a risk inventory and fundamental ERM parameters (such as risk measurements, risk appetite and tolerance levels) as part of the annual business plan.
3. Being about the effectiveness of designed procedures.
In determining its risk oversight structure, the board should conduct a preliminary analysis of corporate governance practices. Specifically, it should consider the following issues:
1. The independence, professional expertise, and time availability of board members; 2. The assignment of board oversight functions to specialized board committees;
3. The quality of the information flow between board members and management.
Delegating Responsibilities within the Organization: A growing number of companies have been assigning such leadership responsibilities to a dedicated chief risk officer (CRO). But companies should assess the time availability of existing executive positions, evaluate skills and expertise needed, determine the need to promote visibility and authority, and weigh a number of other issues before deciding whether such a position will prove a valuable contribution to the ERM efforts.
From the foregoing it is essential that, the board cannot and should not be involved in actual day-to-day risk management. Directors should instead, through their risk oversight role, satisfy themselves that the risk management processes designed and implemented by executives and risk managers are adapted to the board’s corporate strategy and are functioning as directed, and that necessary steps are taken to foster a culture of risk-adjusted decision-making throughout the organization. Through its oversight role, the board can send a message to the company’s management and employees that corporate risk management is not an impediment to the conduct of business nor a mere supplement to a firm’s overall compliance program but is instead an integral component of the firm’s corporate strategy, culture and value generation process.
Given the increased significance of the risk oversight role in the current risk environment, a company’s risk management system should function to bring to the board’s attention the company’s most material risks and permit the board to understand and evaluate how these risks interrelate, how they affect the company, and how management addresses these risks. It is important for directors to have the experience, training and knowledge of the business necessary for making a meaningful assessment of the risks that the company faces, however complicated they may be.
The board should also consider the best organizational structure to give risk oversight sufficient attention at the board level. In some of the companies, this may include creating a separate risk management committee or subcommittee. In others, it may be sufficient to have the review of risk management as a dedicated, periodic agenda item for an existing committee such as the audit committee, in addition to periodic review at the full board level. While no “one size fits all” it is important that risk management be a priority and that a system for risk oversight appropriate to the company be put in place.
-
Posts
No comments:
Post a Comment