Risk oversight has taken on increased importance not only for audit committees, but for full boards. Many boards are reconsidering the risk governance structure and which committees have the expertise to oversee particular risks.
The SEC requires disclosure regarding the board’s role in risk oversight. Examples include whether the entire board is involved or whether risk oversight is executed by a particular committee, and whether the employees responsible for risk management report directly to the board. The SEC considers risk oversight a key responsibility of the board, and this disclosure will improve investors’ and shareholders’ understanding of this role.
“Many board members are concerned about how best to play their risk oversight roles given the SEC’s proxy disclosure requirements which took effect in 2010 and the more recent passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act.
I believe that board members have a real opportunity to help their companies bring risk management to a more effective level. To begin, boards can establish clear risk-related roles. With or without a risk committee, the board should clearly define its role in risk oversight. Secondly, it’s important to take a Risk Intelligent approach – one that identifies the critical risks a company faces, looks across silos, and holds business units accountable for risk management. Lastly, risk governance depends on the people, processes, and technology to support risk management. The right controls and information can help ensure that the board and management fulfill their risk-related responsibilities.”
Henry Ristuccia, partner, Deloitte & Touche LLP
Global Leader, Governance, Regulatory and Risk services and Co-Leader, U.S. Governance and Risk Management services
The financial crisis has shot risk management to the top of board agendas. Today’s boards are struggling with how to define and fulfill their governance roles in light of changing regulations. View a replay of Deloitte Insights, with Henry Ristuccia (global leader, Governance, Regulatory and Risk Services and co-leader, U.S. Governance and Risk Management Services) and Maureen Errity (director, U.S. Center for Corporate Governance), to catch up on the latest trends in risk oversight.
Deloitte Risk Angles Series
Risk is easy enough to understand at a high level, but once you zoom into the street level, it can be hard to know where to go or what to do. In Risk Angles, we attack risk at the issue level: Five questions to help raise your Risk Intelligence on a single pressing business issue.
Prism Simplifies Risk Intelligence
Deloitte Risk Intelligence White Papers Series
The Risk Intelligence White Papers series includes papers that focus on roles (chief audit executive, board of directors, etc.); industries (energy, life sciences, etc.); and issues (corporate social responsibility, global uncertainty, etc.) that pertain to how risk is managed and addressed within a company.
Of specific note are the following installments within the Risk Intelligence White Papers series:
- Risk Intelligent General Counsel: Discard the compass and get a GPS
- Risk intelligent Governance in the Age of Cyber Threats
- The People Side of Risk Intelligence
- The Risk Committee Resource Guide for Boards
- Risk Intelligent Proxy Disclosures
Complimentary electronic versions of all the whitepapers in the series can be accessed at www.deloitte.com/RiskIntelligence.
Surviving and Thriving in Uncertainty: Creating the Risk Intelligent Enterprise
In this book, Deloitte authors Rick Funston and Steve Wagner, suggest that effective risk taking is needed in order to innovate, stay competitive, and drive value creation. They discuss the adoption of 10 essential and practical skills, which will improve agility, resilience, and realize benefits.
Click here for more information about the book, an 8-page excerpt, and details on where it can be purchased.
COSO Announces Project to Update Enterprise Risk Management-Integrated Framework
On Oct. 21, 2014, the Board of The Committee of Sponsoring Organizations of the Treadway Commission (COSO) announced a project to update the 2004 Enterprise Risk Management–Integrated Framework. The update may take 24-30 months and COSO will be seeking input and feedback from interested parties. Read more here.