It is generally accepted that the full board has overall responsibility for risk oversight, mirroring the board’s responsibility for overseeing strategy. In deciding how to organize itself to oversee risk and risk management, the question arises as to whether the board should establish a separate risk committee. This article explores that question and provides examples to clarify the role and responsibility of a separate risk committee in situations where the board decides to establish one.

Through the risk oversight process, the board of directors obtains an understanding of the critical risks inherent in the corporate strategy, accesses useful information from internal and external sources about the critical assumptions underlying that strategy, remains alert to organizational dysfunctional behavior that can lead to excessive risk taking, and provides input to executive management regarding critical risk issues on a timely basis. How the board views risk oversight as a process should dictate how it chooses to organize itself for purposes of executing that process. The risk oversight process enables the board and management to develop a mutual understanding regarding the risks the company faces over time as it executes its business model for creating enterprise value. In organizing itself for risk oversight, what are some of the factors for boards to consider and when should boards establish a separate risk committee?

(more…)