Because of cyber risk’s high impact and unpredictability, board directors must have at least a passing familiarity with it and other emerging risks. It’s a challenge; technology is always changing, and even tech-savvy leaders can find it difficult to keep up with the latest developments. Modern board directors need information about a complex set of technology risks, including big data, cloud computing, cyber risk, social media and other technology-related risks.
Cyber risks are serious enough that even the weakest of them can compromise sensitive information and disrupt business operations. Failing to address risks puts financial, customer, intellectual property and other information in danger; you need strong internal controls to prevent the damage that can so easily result.
Risk oversight is a critical area of board responsibility, and it requires careful attention to processes and metrics. Effective oversight requires close collaboration between the board and management, which means establishing clear guidelines to determine which bodies make which decisions, when matters should go to committee, how to respond to new risks and so on.
Getting oversight right
Establishing an effective risk oversight framework is not a trivial task, but neither is it an overly arduous one. Boards can start by creating (and maintaining) an enterprise-wide risk register, and mapping the risks identified to the relevant board committees for oversight.
The audit committee plays a crucial role in overseeing financial risks, so it needs a clear understanding of the risks and responsibilities involved and the capacity to monitor policies and procedures. It may also oversee cyber risk initiatives, management’s overall approach to cyber threats, and the adequacy of funding and other resources.
Board and management alike should regularly engage with the CIO, CISO and other technology leaders to help them understand where to focus their attention. The audit committee chair must work with other groups to communicate expectations regarding cyber and financial risk mitigation – and help enforce them.
Audit committees are busier, more scrutinised and under more pressure than ever. Workloads must be carefully balanced, and sufficient resources supplied, to avoid overwork and its associated risks.
Governance is the key
Effective risk oversight requires a clear risk governance structure. Your board must be sure it has identified all committees with responsibility for risk governance or oversight.
One of the primary issues to review is whether the board has considered the relationship between strategy and risk, and whether those risks are internal or external. Are you confident that your board, audit committee and other committees are getting the information they need to oversee the risk management process effectively?
Technology can – and should – play a critical role in your risk management program, especially for information-gathering and analysis. Be sure you have a robust system in place that you carefully monitor and update.
Finally, the board should hold regular reviews to ensure that risk oversight is measured and managed. Including risk accountabilities when reviewing compensation programs can also help keep a strong focus on these responsibilities.
Culture is key
Audit committees often play a key role in risk oversight, but the ultimate responsibility lies with the board, which must set expectations and create a risk-aware culture throughout the business. Regulators and shareholders alike expect boards to lead on risk and demonstrate the company’s commitment to good governance and effective risk oversight.
Whether your board is up to speed, gaining momentum or at the beginning of its risk oversight journey, it’s up to you to help it play its critical role in protecting your organisation from financial, cyber and other hazards. And if you (or the board) would like a hand, we’d be delighted to assist.
Most Downloaded Whitepapers
June 24, 2020
COVID-19: A Steep Learning Curve in Risk Management for Many Boards and CEOs
As a result of the rapid, unimaginable spread of COVID-19, the business world has had to stare into the most yawing risk abyss in generations. Unparalleled economic, societal, and financial impacts are shaking every aspect of our lives to their very core. Across the business sector, the effects of COVID-19…
February 20, 2020
Risk Oversight and the Board of Directors
Because of cyber risk’s high impact and unpredictability, board directors must have at least a passing familiarity with it and other emerging risks. It’s a challenge; technology is always changing, and even tech-savvy leaders can find it difficult to keep up with the latest developments. Modern board directors need information…
January 30, 2020
Voice Assistants in the Boardroom: The Pro’s and Con’s
Australians are going crazy for voice assistants – they are selling faster there than in the US, according to Voicebot.ai, and 5.7 million Aussies already have them. They are becoming popular in New Zealand too, reportedly, although there has been some scarcity…