A Point of View on Board Oversight of Risk Management - From SpencerStuart

In December, SpencerStuart (an executive search firm that has publishes excellent governance-related studies) released a special issue of Point of View. It focuses on "today's board agenda" and has several articles worth reading. One is on board oversight of risk management (it starts on page 33).

I recommend getting a copy of the document here.

Here are a few quotes:

“The board must set up a precise risk profile and risk tolerance, communicate it loudly and clearly to the business units, make sure that the business units remain within it, and see to it that the monitoring process captures any meaningful deviation from the profile and tolerance accurately and in a timely fashion.”
“Effective risk oversight is about courage — the courage of swimming against the tide when there’s momentum for something, whether it’s a new product or innovation or an M&A opportunity. And part of the courage is to accept that you’ll have false positives and will be engaged in a degree of apology, but you won’t be deterred.”
“The trouble with risk oversight is that you have to up the intellectual stakes on the board to be able to do it. It can’t be accomplished by a board in which the directors sit around and joke about all the confusing numbers that are brought to them.”
“It’s inconceivable to me that a CRO could handle the product and engineering complexity that we have. Responsibilities for those risks need to be embedded in the businesses, and if you’re not going to listen to the employees in the trenches and hold them responsible for the risks they take, you will not have good risk management.”

The checklist for directors on page 36 is simple but gets to the point.

What do you think? Will you share this with your board?




Posted on Jan 19, 2011 by Norman Marks

Share This Article:    

  1. Very sensible.  To answer the question posed at the end - I will.  But sometimes I feel I'm shouting in the wilderness.  In some environments, it seems nothing gets done unless it's driven by regulatory pressures.  Even the coming on board of marque investors is no indicator of adoption of (or even moving towards) risk management best practices, as it seems such investors are loathe to demand (even when they can) the same levels of corporate governance from the investee companies in developing countries which they assume as sine qua non in their home countries, chosing to focus exclusively on the investment yields.

  1. Thanks Mark for sharing this article. I agree that more transparency and regulatory requirements can be frustrating to Directors, but I will improve the dialog with stakeholders.

Leave a Reply