Board-Level Risk Committees: Not Yet
Lately, I’ve been thinking a lot about risk committees within organizations. However, when I Googled the term, the top two search results got me thinking about risk committees at the board level.
In fact, two of the links that cropped up in my search provided contrasting messages.
A Corporate Board Member article, “Thumbs-Down on a Separate Risk Committee,” indicates that only a small portion of Fortune 1000 company boards operate separate risk committees (instead, the majority of these boards place responsibility for risk oversight with their audit committees).
The other link delivered me directly to the charter of The Bank of New York Mellon Corporation’s board-level risk committee.
Risk committees are more common in the financial services industry, and BNY Mellon’s risk committee charter provides a clear outline of the group’s purpose.
In addition to providing general oversight of the bank’s (and its subsidiaries’) risk management and fiduciary activities, the risk committee is specifically charged with assessing and reviewing risks in the following areas:
• Credit;
• Market;
• Fiduciary;
• Liquidity;
• Reputational;
• Operational;
• Fraud;
• Strategic;
• Technology
• Data-security; and
• Business-continuity.
The charter, a clearly written two-page document, also lists other, more specific responsibilities and duties. ###
September 24th, 2009 at 5:00 pm
Risk and enterprise risk management are increasingly becoming central points of discussion for senior management and board-level executives. Board members need assurance that a framework is in place to manage key uncertainties, and it is management’s responsibility to establish that framework. Our clients regularly ask, “Do we need a risk committee at the board-level?”, “What is the role of the board?”, and “What risk information should I, as a board member, expect from management?”
Risk management best practices provide a helpful framework for responding to those key questions. To be aligned with best practices in ERM, a board does not have to establish a separate risk committee, but should have defined responsibilities, authority and clear reporting embedded into their governance structure and regular discussions.
The board’s roles in ERM include:
o Confirming the risk management objectives and strategy
o Approving the risk appetite and tolerances
o Confirming the risk profile and management’s approach for responding to the most critical enterprise-level risks
o Overseeing the risk governance framework, including ensuring that risk management roles, responsibilities and expectations are defined at the senior management level
It is important for companies to ensure that these roles and responsibilities are embedded into the corporate governance structure and are supported by the organization’s ERM framework. The result of this improved risk governance structure is an organization with a greater understanding of existing and emerging risks, a streamlined process for communicating risk information to support timely risk decisions and consensus regarding the organization’s willingness and ability to take risk.
–Michael Joiner, senior consultant for enterprise risk management at Aon Global Risk Consulting.
Leave a Comment
You must be logged in to post a comment:
Register Here or Log in Here.