What is the role of the board in risk management? - Risk Portal Q & A

What is the role of the board in risk management?

2010-01-18T18:40:47Z

What is the role of the board in risk management?

Answer by Oli for What is the role of the board in risk management?

2010-02-09T14:31:21Z

Everyone in an entity has some responsibility for enterprise risk management. The chief executive officer is ultimately responsible and should assume ownership. Other managers support the entity’s risk management philosophy, promote compliance with its risk appetite, and manage risks within their spheres of responsibility consistent with risk tolerances.

A risk officer, financial officer, internal auditor, and others usually have key support responsibilities. Other entity personnel are responsible for executing enterprise risk management in accordance with established directives and protocols.

The board of directors provides important oversight to enterprise risk management, and is aware of and concurs with the entity’s risk appetite. A number of external parties, such as customers, vendors, business partners, external auditors, regulators, and financial analysts often provide information useful in effecting enterprise risk management, but they are not responsible for the effectiveness of, nor are they a part of, the entity’s enterprise risk management.

Answer by Stephen J for What is the role of the board in risk management?

2010-02-11T17:07:22Z

The role of the board with respect to risk management is broadly well understood and reflects an ‘ultimate responsibility’ for the risk management framework.

Stakeholders, including supervisors, interpret this ultimate responsibility to mean:

Approving the overall risk management strategy and/or policy
Overseeing the process of ensuring ‘responsible persons’ are fit and proper
Setting the risk appetite
Monitoring key risks by ensuring the implementation of a suitable risk management and internal controls framework.

It is established practice for boards to form a dedicated committee to focus on matters relating to risk management. This committee may include risk, audit, financial reporting and compliance disciplines, or some combination of these.

Answer by John for What is the role of the board in risk management?

2010-02-25T10:44:23Z

In December the Financial Reporting Council published its 2009 Review of the Combined Code. One of the strongest themes to emerge from the review was the need for boards to take responsibility for assessing the major risks facing the company, agreeing the company’s risk profile and tolerance of risk, and overseeing the risk management systems. There was a view that not all boards had carried out this role adequately and many chairmen agreed that the financial crisis had led their boards to devote more time to consideration of the major risks facing the company.

One of the actions was that the principle on internal control should be amended to state the board’s responsibility for defining the company’s risk appetite and tolerance and maintaining a sound risk management system, with a new provision stating that the board should satisfy itself that appropriate systems are in place to enable it to identify, assess and manage key risks.

Many will read this and hear the sound of the stable door being belatedly bolted, but the key question is how risk professionals react to the attention - they should view it as an opportunity to push for best risk practice, something that will require significant effort and investment on their part, but will they?