When one thinks of ‘risk’ it is often associated with danger, liability, and exposure; the connotations tend to be negative. Risk is the threat of damage or loss caused by external or internal vulnerabilities, but every company has its own risk appetite, and a level of risk it is willing to take in the pursuit of its objectives.
Proactive management can reduce risk exposure but in most cases it cannot be eliminated. In fact, some risk is expected and it is necessary for the growth and success of a company. The board has a responsibility to govern the company in the interests of the shareholders and other stakeholders, including for example its regulators. In doing so, it is expected that the board take risk into consideration when it makes decisions. It should consider choosing policies and strategies which are expected to be profitable, but at the same time limit risks to a level it considers acceptable.
In today’s dynamic and fast-moving workplace, the board plays an important role in risk management and establishing an effective risk culture. The board has overall responsibility for risk management and regulators expect there to evidence of good “tone from the top”. While the responsibility for the management of risk is usually delegated to the senior management team, the board:
- Decides the risk appetite for the company;
- Requires management to manage risks within the board guidelines for risk appetite; and
- Monitors the performance of management, to ensure that the company is being managed within the risk guidelines set by the board.
It is usually within the expectation of the stakeholders that boards consider the company risk culture and ensure it is appropriate to achieve its objectives, usually through driving and fostering collaboration and an understanding of roles and responsibilities throughout the company. While there are ways to ensure alignment of the organization’s strategies and individual business units, the process can be complex. To be effective, attention and focus is required, with continuous management and refinement of the organizations risk policies in balance with core business practices, together with seem-less reporting by management to the board.
Here are some commonly asked questions that are important when establishing an effective risk culture:
- How do organizations develop a cohesive, consistent risk culture?
- What is the board’s role in managing risk and embedding a risk culture?
- How can the board gain ongoing visibility into the full range of risks the organization must manage, without treading on management’s turf?
- How is risk management embedded in an organization’s culture?
- Aside from the board, where else does responsibility lie in the organization?
Download our new whitepaper, Is Your Board Fostering An Effective Risk Culture? to learn how to manage your company’s risk.
Directors Desk is offered by local Nasdaq Corporate Solutions entities, depending on the geographical location of the customer, each such entity being a subsidiary of The Nasdaq OMX Group, Inc. The details provided in this document are provided for informational purposes only. For details of the entity providing the services, and the terms and conditions applicable to the services, prospective customers please refer to Nasdaq Corporate Solutions’ master services agreement, and current customers please refer to your contract with Nasdaq Corporate Solutions for such services.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.