Risk oversight is a high priority for today’s boards of directors. The risk oversight playbook is likely to evolve as boards refine their processes into 2010 and beyond. There are signs that legislators and regulators have risk oversight in their line of sight. For example, in the United States, the SEC proposed new proxy disclosures to spotlight directors’ qualifications and the role of the board in the risk management process. Some U.S. law- makers are sponsoring a bill to mandate a separate risk committee of the board. Whatever happens, it is clear the bar is being raised as boards take a fresh look at the qualifications of their members, how they operate, the extent to which they avail themselves of the appropriate company officers and other expertise to understand the enterprise’s risks, and whether their committee structure and the information to which their committees have access are conducive to effective risk oversight.

Key Considerations

“Risk oversight” describes the board’s role in the risk management process. Effective risk oversight deter- mines that the company has in place a robust process for identifying, prioritizing, sourcing, managing and monitoring its critical risks, and that this process is improved continuously as the business environment changes. By contrast, “risk management” is what management does to execute the risk management process in accordance with established performance goals and risk tolerances. Through the risk oversight process, the board (1) obtains an understanding of the risks inherent in the corporate strategy and the risk appetite of management in executing that strategy, (2) accesses useful information from internal and external sources about the critical assumptions underlying the strategy, (3) is alert for possible organizational dysfunctional behavior that can lead to excessive risk taking, and (4) provides input to executive management regarding critical risk issues on a timely basis.

(more…)