No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

The Board’s Role with Risk: 5 Considerations to Define a Healthy Balance Within ERM

by Ron Kral
April 29, 2015
in Featured, Risk
five erm

Where does the board’s role begin and end regarding risk? A company’s core objective is to create and increase wealth for its shareholders. Collectively, directors provide leadership toward this objective through two primary functions: 1) decision-making and 2) executive management oversight. Decision-making includes approving corporate policy, strategic goals, annual budgets, major expenditures, and the acquisition or disposal of material assets. It also includes evaluating and selecting the Chief Executive Officer (CEO) and approving the company’s risk appetite. Risk appetite is the amount of risk the organization is willing to accept in pursuit of objectives. While it is typically the CEO who recommends a risk appetite to the board, it is the board that should render the ultimate decision on how much risk is appropriate.

The second primary board function involves a fine line regarding the degree of management oversight. Too much, and the board could be micro-managing the company thus infringing on the CEO’s turf. Too little, and the board could lose its pulse on the status of the company’s risk management efforts. Here are five considerations to define a healthy balance between board oversight and management responsibilities pertaining to Enterprise Risk Management (ERM):

  1. Defining Objectives: ERM stems from the company’s mission and objectives, as spelled out through strategic planning efforts. Risk and opportunity events flow from these objectives. The board needs to be comfortable with the alignment of the chosen objectives for ERM focus with approved strategic planning decisions. Since objectives drive the ERM process it is important to ensure that all relevant key objectives are covered.
  2. Identifying Events: Identification of risks and opportunities is a core management responsibility in conducting ERM efforts. Risk is the possibility of an adverse event, while opportunity is the possibility of a favorable event. These two potential outcomes are inseparable as every decision to create or protect shareholder value (i.e., opportunities) involves risk. These events are typically very numerous, yet management only has a finite amount of resources to identify and respond to them. It is important for the board to be comfortable with this effort. In addition, this is a great opportunity for directors to contribute their thoughts on potential events based on their knowledge and expertise.
  3. Conducting the Assessment: Risks and opportunities need to be analyzed in terms of their likelihood of occurrence and impact in reaching objectives. While this is the charge of executive management, the board should confirm that timely risk assessment activity is performed. A key consideration is the data and information used for the assessment. Decision-making improves when directors engage in open and frank discussions with management on presented information, and even more important – information that is not presented. It is important for the board to gain comfort in the data and information supplied by management. An information audit to verify the timeliness, accuracy, and completeness of key information, including the supporting data elements and assumptions, is typically a wise investment.
  4. Deciding on Risk Responses: Once the ERM analysis per the three previous steps is completed, management needs to ascertain risk responses. Should the company accept, avoid, reduce or share the risks? The response needs to be consistent with the company’s risk appetite as recommended by management and approved by the board.
  5. Designing and Executing Controls: Control activities are necessary to ensure that the ERM process is properly designed to effectively manage risks and opportunities. This is primarily done through carefully crafted policies and procedures. Perhaps even more important is confirming that management is following the established ERM policies and procedures through appropriate actions. This includes monitoring, tracking relevant information, and effective communication. The board should not assume that this is occurring, but rather conduct their own oversight activities to be comfortable that adequate controls are in place and operating effectively.

In summary, the management team is responsible for the heavy lifting pertaining to these five steps. So while it is the CEO who owns ERM, the board must be satisfied with management’s performance consistent with the board’s approval of objectives and risk appetite. How the board conducts their oversight duties is largely up to them, but for many organizations utilizing an independent internal audit function is a common choice. Otherwise, the board can bring in outside resources to conduct an ERM evaluation.

Despite having the utmost confidence in the integrity and ethics of the executive management team, an organization’s ERM process should include a healthy dose of independent verification as directed by the board. It is not just a matter of trust, but also a matter of obtaining independent expertise to add value to the ERM process by providing different perspectives. Finally, the topic of risk oversight is important enough to merit a standing agenda item at every board and applicable committee meeting to help maintain an independent eye on the ERM process.

Defining the board’s role on risk is vital through the corporate governance guidelines and committee charters. If the roles regarding ERM are not clearly spelled out and understood, then it is time to revisit the corporate governance guidelines and committee charters to add clarity. Once the roles are crafted and directors are educated on how to fulfill their duties, they must then have the collective discipline to follow-through on these duties. This is where the chairman of the board must insist on board accountability, as it is not simply management performance they should be concerned about, but also their own performance.

One effective way to assess board accountability is through periodic board and committee performance evaluations (refer to The Essentials of Boardroom Evaluations for a previous article on this topic). The scope of the board and committee evaluations should not simply entail ERM approval and oversight activities, but rather all board duties per corporate governance guidelines and committee charters. Without a robust assessment on their own activities, boards can be blinded to improvement opportunities. Effective boards must have the proper mindset rooted in a clear understanding of their duties to be productive and responsive to their duties.


Tags: Enterprise Risk Management (ERM)
Previous Post

Building a House of Bricks: How to Build the Strongest Cyber Security Program

Next Post

Running with Scissors, or Legacy Data

Ron Kral

Ron Kral

Ron Kral is a partner of Kral Ussery LLC, a public accounting firm delivering advisory services, litigation support and internal audits. Ron is a highly rated speaker, trainer and advisor. He is a member of 4 of the 5 COSO sponsoring organizations; the AICPA, FEI, IIA, and IMA. Contact Ron at Rkral@KralUssery.com or www.linkedin.com/in/ronkral.    

Related Posts

protecht series a

Protecht Group Lands $30M in Series A Funding From Arrowroot Capital

by Corporate Compliance Insights
February 22, 2022

Risk management software and services provider Protecht has secured a $30 million Series A funding round from Arrowroot Capital. Founded...

A rhino (symbol of risk) sits in profile in black and white.

Leverage the Power of Adhocracy to Identify Emerging Risks

by Jim DeLoach
January 11, 2022

Emerging risks are those that cannot yet be fully assessed but could, in the future, affect the viability of an...

man on tablet with cloud

COSO Releases New Guidance: Enterprise Risk Management for Cloud Computing

by Corporate Compliance Insights
July 28, 2021

Lake Mary, FL (July 28, 2021) – With increased need for more remote and flexible work environments as a result...

sparkles grey background with a winners cup

Eventus Systems Wins Trade Surveillance Product of the Year in 2021 Risk Technology Awards

by Corporate Compliance Insights
July 27, 2021

AUSTIN, Texas and LONDON (July 27, 2021) – Eventus Systems, Inc., a leading global provider of multi-asset class trade surveillance and...

Next Post
Running with Scissors, or Legacy Data

Running with Scissors, or Legacy Data

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT