- Sign up for our FREE Newsletter
Have A Question?
We'll get right back to you.
| Follow Us: |  |
 |
Risk Management: Board Oversight
12/9/2010
One result of the financial crisis is an increased focus on the effectiveness of risk oversight practices by the board of directors. With the increased scrutiny and added regulatory requirements it is easy to consider risk management to be a non-value added, compliance function. However taking this viewpoint can put an entity at a disadvantage. Enterprise risk management by definition is meant to be strategic and value-adding. The goal of an effective risk management system should not be to eliminate risk, but to assist management and the board in making better, more risk-informed, strategic decisions.
An organization’s board of directors is a key player in risk oversight. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) identified four areas that management and the board can develop to enhance board oversight with regard to enterprise risk management:
- Discuss risk management philosophy and risk appetite
- Understand risk management practices
- Review portfolio risks in relation to risk appetite
- Be apprised of the most significant risks and related responses
Defining an entity’s risk appetite is often the most challenging of the above areas. Risk appetite is defined as “the amount of risk that an organization is willing to accept in pursuit of stakeholder value.” While there is no wrong way to start the discussion, the easiest may be looking at past events and considering the reactions of key stakeholders, regulators and other key individuals. This will identify which risks are acceptable and those that are not.
Another consideration when developing an organization’s risk appetite involves an evaluation of the entity’s risk capacity. Risk capacity refers to the maximum potential impact of a risk event that the entity could withstand and still remain a going concern. For those in the financial services, this is usually stated in terms of capital. Articulation of an entity’s risk appetite sets boundaries for the entity, linking the strategies set by the board and management to the risk management process.
Once an entity’s risk appetite has been defined it is important that the board remain apprised of key risk indicators that are linked to organizational goals. Awareness of key risks during strategy setting will aid management and the board in making strategic decisions. One mechanism for the Board to remain apprised of the key risks is the development of a risk assessment. The risk evaluation and response process will be discussed in the next article. Stay tuned.
Note: To read part one of this series, click here.