Skip Ribbon Commands
Skip to main content

Lower the Risk, Increase the Reward


With regulatory bodies firmly shining a spotlight on corporate risk governance, businesses and not-for-profits alike are being pushed to establish risk management standards that don’t place sole authority and accountability on senior executives and managers.

As I discussed in my last post on enterprise risk management (ERM), new regulations have called for board members to step up and take a bigger role in mitigating risk. While ultimately management will be responsible for the day-to-day management of risk, it’s the board that needs to establish controls to ensure ERM processes are adequate and effective.

If you don’t already have an ERM policy in place, you’re not alone. The American Institute of Certified Public Accountants (AICPA) surveyed a pool of executives in 2012 and found most of the respondents didn’t recognize the competitive advantages of a risk management strategy. Aside from complying with regulations and keeping pace with industry trends, there are many reasons why planning for risk now can benefit your business in the long term.

An effective ERM plan can help you both anticipate and mitigate risks. It’s also critical for minimizing the impact of disruptions when they do come up. ERM can help protect your business, maintain client relationships and outline the appropriate actions for everyone involved so you can get back on track as quickly as possible.

On a positive note, boards are starting to pay attention to the professional bodies urging them to take an active role in encouraging more stringent risk management practices. According to a 2012 / 2013 National Association of Corporate Directors (NACD) poll of nearly 1,000 public company directors, risk oversight has become one of the top board priorities. From 2008 to 2012, the number of organizations with a risk committee jumped up by nearly 200% - however that number still has a way to go. Despite the increase, only 13.4% of companies have a risk committee at all.

Even if you establish a separate risk committee, your board as a whole must take an active role in managing risk. Each board member needs to understand acceptable limits of risk for your business, be prepared to provide guidance to management and anticipate events so your organization can proactively minimize its risk exposure.

So how do you get started? For boards that wish to establish to strengthen your risk oversight policies, we’ll look at three key areas – governance, policy and assurance. Stay tuned for my next post to learn how these three pillars will help your organization build a strong risk management foundation.