Enterprise Risk Management (Preview)

28 Part 1 – Concepts and Methods Pressures on Boards of Directors Stakeholders place a great amount of pressure on boards of directors or their equivalent to exercise effective governance on all matters of risk management. These pressures have prompted the National Association of Corporate Directors (NACD) to issue guidance on the risk governance roles and responsibilities of board members (Box 1.3). In the case of companies, boards represent the interests of shareholders. Boards are also established by not-for-profit organizations even though such organizations typically operate without specific ownership. The boards of not-for-profit organizations mainly represent the interests of donors and contributors. For example, the American Cancer Society has a board of directors, but it is not specifically owned by anyone. It is mostly funded by donations from individuals and companies. For their part, government entities are owned by the general public and are funded mostly through taxes and transfers between levels of government. Citizens elect public officials to represent their interests, form a governing body such as a congress or parliament, and legislate and direct the activities of government. Some government entities have a board of directors or equi- valent, while others are directly accountable to an elected or appointed official with responsibilities that are similar to a board of directors. In essence, all organizations have a board of directors or equivalent council or person to whom they are accountable. Board members or equivalent ensure that an appropriate strategic direction is set for the organization. They also ensure that the organization is taking or tolerating levels of risk that are consistent with the interests of the shareholders or key stakeholders that they represent. To accomplish their responsibilities, board members need reliable and useful Box 1.3 – Expert Advice: Board of Directors Risk Oversight In 2009, the Blue Ribbon Commission of the National Association of Corporate Directors (NACD) issued a report on risk governance, namely the roles and responsibilities of board members in regards to organizational risks and risk management activities. The report explains the risk oversight responsibilities of boards, noting that these responsibilities incorporate both the decision-making and the monitoring functions performed by boards. The report proposes ten fundamental principles that boards of directors or their equivalent should implement for effective governance. These principles can be summarized as follows: Source: Adapted from the Report of the NACD Blue Ribbon Commission, Risk Governance: Balancing Risk and Reward , (National Association of Corporate Directors, 2009. Partial report accessible at: www.oliverwyman.com/content/dam/oliver- wyman/global/en/files/archive/2009/riskbrc-execsummary(2).pdf. Full report accessible through: www.nacdonline.org) • Encourage a dynamic and constructive dialogue on risks with management. • Closely monitor the risks associated with organizational culture and performance. • Monitor the alignments of strategy, risks, controls, compliance, incentives and people. • Consider emerging risks and interrelated risks on an organization-wide basis. • Periodically assess the effectiveness of the risk oversight process of the board. • Understand the key drivers of success of the organization and its industry. • Define the role of the full board and its committees regarding risk oversight. • Agree with management on the information required for risk oversight by the board. • Assess the risks that are associated with organizational objectives and strategies. • Determine if the organization has an effective approach to risk management.