Testimonials FAQ Photo Gallery Contact Us Mail to Friend
Home Director Training Seminars & events News Join IOD IOD Members Awards Publications IOD Shop About IOD
Risk Oversight and the Role of the Board

Risk Oversight and the Role of the Board

Businesses nowadays are exposed to various forms of uncertainties and this year, in particular, is a fine lesson for everyone in the business world. Certain incidents occurred this year can be dubbed as “Black Swan”, a term for unexpected severe event. Although it may be impossible for any business to anticipate all risks in advance, proper risk oversight by the Board could help the business cope with potential impacts in steps and allow it to capture business opportunity arising along with such risk.

Risk management has become an essential matter these days and the aspects of relevant risks have spanned beyond precedent and imagination. It requires curiosity and observant skills of the Board, a group of people with wider perspectives than the Management, to identify risks that could affect long-term corporate strategy and help the Management mitigate such risks and able to focus on business operations.

Therefore, risk oversight by the Board is crucial. In order to ensure effective risk oversight by the Board, the following factors must be considered:

1. Board composition

Risk oversight is one role of the Board. A Board that comprises of experts in various fields and director with risk management expertise could fairly enhance the effectiveness of the Board.
According to a 2019 survey of global directors on desirable director qualification, PWC found that risk management expertise is among the top three important qualifications of a director, following financial expertise and operational expertise.

 

Figure 1: Top three important skills and expertise for director

Base: 719-727
Source: PWC, 2019 Annual Corporate Directors Survey, October 2019.


Besides risk management skill, the Board diversity is also crucial in risk oversight as director with in-depth industry knowledge can help the Board anticipate probable incidents. Meanwhile, having directors with skills or experiences in other business fields on board could also add fresh views on unexpected risks. Based on the PWC survey, 80% of participated directors viewed Board diversity as an element that would enhance risk oversight effectiveness.

Following the evaluation of Board composition, the Board should then try to understand the Enterprise Risk Management system.

2. Understading ERM

Enterprise Risk Management, or ERM, is the risk management process or guideline practiced by the Board, Management, and all staffs to identify potential events that could affect the organization and mitigate relevant risks to acceptable levels. The implementation of ERM may vary in organizations. Some use it to just indentify, prioritize, and report to the Board to inform them about present risks. In certain organizations, ERM is a key source of information for decision makings by the Board and Management while it could also enhance financial and strategic operational efficiencies. Therefore, the Board should assign Management to conduct regular ERM system evaluation, especially in the following key issues:

• If the identified risks are significant risks that could affect the current corporate strategies.

• If the ERM system has covered potential new risks.

• If the person in charge of ERM (usually Chief Risk Officer or CFO) has in-depth understanding of the organization and fit with the role.

• If the identified risks have been properly tackled by Management responsible in conducting plans to control the risks.

Although the ERM cannot predict precisely when risk events or uncertainties (Black Swan risks, strategic risks from new competitors, risks on technology, social, environment, political, and regulatory aspects) would occur, risk assessment under ERM framework and annual review could help the organization spot and learn about new risks. It could also help the company manage the risks and mitigate adverse effects in corporate strategies implementation.

3. Board Oversight structure and guideline

As mentioned above, risk oversight and understanding ERM are direct roles of all directors. However, increasing types and sizes of risks mean greater tendencies for the establishment of committees to accommodate this particular role of the Board.

In Thailand, the number of risk management committee is in line with the aforementioned trend. According to Corporate Governance Report of Thai Listed Companies, 70% of surveyed companies have established risk management committees either in the director and/or management levels. The number has been on an incremental trend.

Figure 2: Number of risk management committee in percentage of Thai listed companies in 2019



Source: Corporate Governance Report of Thai Listed Companies (CGR) 2019 and total 677 listed companies


Companies that have not set up risk management committee usually assigned the audit committee to assess and screen issues concerning risk management and propose to the Board for further consideration.

In certain cases, the Board may assign other committees to monitor specific risks. For instance, remuneration committee may be assigned by the Board to monitor risks concerning remuneration structure. Meanwhile, companies with technology committee may assign it to oversee the installation of IT system in the whole organization and monitor risks concerning IT system. However, the Board must also ensure that it has effective monitoring system i.e. requiring Chairman of the assigned committees to present and exchange information concerning relevant risks with the Board etc.

4. Information disclosure

Listed companies are obliged to report key risk factors that could affect its targets or strategies so that investors can rest assured that the company has appropriate procedures to tackle and monitor risks that could affect sustainability. The Board has a role to ensure the disclosure of such information.

A key trend for global listed companies is the disclosure of information concerning sustainability or ESG (Environment, Social and Governance) risks. This is a result of actions by shareholders and stakeholders who demanded to be informed about the risk oversight role performed by the Board. Since impacts from these risks could affect the company’s sustainable value creation, it is essential that the company emphasize more on ESG aspects and information disclosure, including relevant policies and guidelines, to keep stakeholders informed.

One way to help directors understand the disclosure adequacy of risk information is to ask the Management to compare information disclosed by industry peers to see if and how the company should improve its disclosure practice.

From the factors listed above, the Board clearly plays a crucial role in risk management and it has to collaborate with the Management to ensure that the organization has a risk management system that met with acceptable standard, useful in making strategic decisions, and can be a tool to create confidence of stakeholders. In case you do not have a clue where to start performing risk management role, you may consider these four factors for initial assessments for a better view and performance of risk oversight role.

Reference:
• PWC, 2019. Risk Oversight and the Board of Directors: Navigating a Complex, Evolving Area
• Thai IOD, 2019. Corporate Governance Report of Thai Listed Companies

Ruangfon Jaismut
Senier CG Analyst - Training and Facilitators
Thai Institute of Directors Association

 

 
Articles Previous Next
 
Terms of Use | Privacy Statement | Site Map | Share to
Copyright © 2010 Thai Institute Of Directors. Site by Redlab
Our
Sponsors
SCBx BBL IVL Kbank BCP CPF GSB GPSC IRPC PTT PTTEP PTTGC PTTOR SCG Singha Tisco TOP
Our
Partners
CAC SET SEC OECD CNBC CG THailand