Risk management has become an important topic on the agenda for board directors, but a majority still aren’t doing enough to mitigate risk. UK law, as well as the Code of Corporate Governance, place the burden of risk management firmly on the shoulders of the board of directors – and directors may be held individually liable if they are not diligent in managing risks.
UK survey shows boards don’t do enough to mitigate risk
While risk management has become an important topic on the agenda of most UK boards, a majority still aren’t doing enough to mitigate risk, according to a 2018 survey by consultancy Protiviti.
“In assessing the overall results of the Board Risk Oversight Survey, we found there are mixed signals about the effectiveness of board risk oversight across organisations. While many boards of directors believe they are performing their risk oversight responsibilities diligently and achieving a high level of effectiveness, a strong majority indicate that their boards are not formally executing mature and robust risk oversight processes. Just over half of the respondents rate the risk oversight process in their organisations as effective or highly effective,” the survey shows.
Find out ‘The Importance of Using Secure Communications Technology in the Boardroom’ with this white paper.
However, responses to several questions about key elements of risk oversight suggest the board’s risk oversight is not always supported by robust underlying processes and there is overall dissatisfaction among a significant number of directors in several areas, including how risks are considered in the context of the organisation’s strategy, the study concludes.
Pressure on boards to improve risk mitigation processes is increasing as Ernst & Young points out in a recent study. The most recent revision of the UK Corporate Governance Code in 2018 puts additional emphasis on risk management and controls, and introduces, in addition, a new requirement in Provision 28 for the board to:
- Carry out a robust assessment of emerging risks as well as principal risks;
- Explain in the annual report what procedures are in place to identify emerging risks
- Explain how these risks are being managed or mitigated
The role of the board in risk management
UK law, as well as the Code of Corporate Governance, place the burden of risk management firmly on the shoulders of the board of directors – and directors may be held individually liable if they are not diligent in managing risks.
The board should first agree on the organisation’s overall strategic purpose, define what success is to the organisation and clarify the underlying assumptions necessary for success, the study continues.
Organisations also need to define what needs to occur (or should continue to occur) to realise the organisation’s plan and to achieve success. The underlying assumptions also bring into focus the key emerging risk scenarios that, if realised, could derail the company’s plans.
While some emerging risks may be known but not well understood, there are likely to be emerging risks which are not on the ‘radar’ for boards (unknown risks).
Thus, there are different approaches that can be used to proactively identify emerging risks, including:
1) deploying effective monitoring mechanisms
2) horizon scanning
3) external insights
4) the role of culture, as the study shows.
Find out how to ‘Improve Board Performance With Digitised Voting’ with this white paper.
While the UK lags in the use of technology for risk management, boards are increasingly adopting KRIs and other automated techniques such as analytics to identify emerging trends and increasing risk exposures. In doing so, they are able to move more quickly to manage downside risk, but also importantly to exploit upside risk and take advantage of opportunities before their competitors.
Horizon scanning means considering the origin of emerging risks, the external forces and sources of impact that can disrupt its purpose and threaten its success. To do this, the organisation can benefit from formal brainstorming around each of the sources to consider the disruption scenarios that could impact the viability of their business strategy. Once identified, the scenarios should be assessed and the timeframe to realisation agreed upon and monitored. In order to ensure this is done as objectively as possible, it is vital to include a diverse range of stakeholders who can each bring different insights to the understanding of the risk.
Then, there are today more risks, and they have become more complex than in previous years. Even a diversified board may not have a broad enough perspective on the risks relating to current conditions to manage risks effectively without help. More and more UK boards are seeking external consultants who specialise in risk management to ensure that they have a complete understanding of their responsibilities.
Finally, everyone at the organisation must become part of a culture that recognises risk and supports taking action to control it. “Where there is no encouragement to escalate risks quickly and transparently, any escalation protocols and procedures in place are likely to be ineffective in identifying and dealing with risks,” writes Ernst & Young. Where an effective risk management culture is in place, meaning that management and the board support the right actions, and have plans to implement them, the danger of uncontrolled risks becomes much less consequential.
The revised version of the UK Corporate Governance Code clearly states that the organisation should be supported by a culture that is aligned with its strategy. These requirements should be embedded into business as usual and become a part of the accepted behaviours, values and culture of the organisation.
Diligent Governance Cloud is the most highly evolved board portal available
The Governance Cloud, the only integrated enterprise governance management solution that enables organisations to achieve best-in-class governance, is an ecosystem of software tools that digitises the various activities and tasks for the board of directors. As organisations grow more complex and regulations more stringent, the scope of governance responsibilities evolves. The Governance Cloud allows boards of directors to meet the demands in the boardroom and beyond with the ability to select the products they need that help them perform their best and work within their allotted budgets.
Governance leaders, executives and board directors rely on the industry-leading Diligent platform for the most secure and intuitive solution to board material management and collaboration. Diligent Boards™ electronically stores a board’s agendas, documents, annotations and discussions within a secure board portal.
Company secretaries and board chairs can use the board portal to put together board documents in minutes. The portal also has designated virtual rooms for committee work. Administrators of the portal can designate permissions for users to access various areas of the portal to avoid unnecessary problems with confidentiality. The “Manage Meetings” feature consolidates board directors’ contacts, calendars and the logistics of meetings. The program is a secure and intuitive solution for managing board materials and collaboration.
WANT TO LEARN MORE?
Learn how your board can improve their governance and rely on Diligent’s dedication to customer performance. Request a demo today
October 16, 2019
Succession Planning and Future-Proofing Your Board
Succession planning cannot be treated as only about the future, because it has a huge impact on the careers of the current leaders who are responsible for its success. Succession planning links today and tomorrow, and this is what drives the emotions involved for…
October 14, 2019
Board Diversity and Board Performance
Are UK Boards Becoming More Diverse? Corporate governance experts strongly recommend greater board diversity on corporate boards, so it is good to see that UK companies are improving in this respect. There is ample evidence that boardroom diversity drives…
October 8, 2019
Business Email Compromise – The Latest UK Cyber Threat
The UK Cyber Security Challenge and Business Email Compromise Businesses in the UK are today suffering a wave of cyberattacks in the form of “Business Email Compromise” (BEC) and it is essential to know how to gear up your board for cyber attacks.