What's Driving Board Room Discussions Regarding Risk Management

Introduction

Board risk oversight is a fundamental responsibility of board directors, for firms of all types and sizes. Most often, in the absence of a Risk Committee, the Audit Committee of the board is the group that takes accountability for ensuring that effective risk oversight is in place and working. That said, every board member has fiduciary responsibilities, all of which have risk elements that are attached thereto. A critical look at risk oversight, including the board's processes and procedures for identifying and overseeing the company's "mission-critical risks" is a top priority for most boards. In the current environment, risk transcends all aspects of business oversight. This oversight role tends to focus on just a few key things including:

• Validating the risk appetite and risk culture of the organization
• Knowing the most significant risks, both on the downside and the upside, that the firm faces
• Knowing which of these risks are not effectively managed and the plan in place to get them so
• Ensuring that capably skilled risk professionals are in place in the organization
• Ensuring that the risk strategy aligns with the strategic plan for the organization
• Having a view into the emerging risks to the organization
• Knowing the state of process remediation plans for known process deficits

With these risk-related priorities understood and addressed, boards can highlight and focus on risks that both raise the biggest threats as well as the biggest opportunities to organizations. There are risks in each bucket that are at the forefront of most boards in this current season. Here is a list of each for your further investigation.

First, on the threat side, most board directors recognize the need to ensure that the threats are adequately addressed as the first priority, especially the strategic risks that have been shown in the research to be the most destructive of value and typically not subject to mitigation through insurance. In fact, one study showed that 68% of the time, when 50% or more of the firm’s value was destroyed in a twelve-month period, it came from one or more strategic risks. Of current interest among board in this threat bucket are the following risks:

• Cyber exposures – all things disruptive to the technology infrastructure and externalities
• Pandemic response exposures – readiness for what will undoubtedly be more biological threats
• Economic collapse exposure – the now near-complete global interconnectedness of finance and economics
• Workforce strategy deficits – the growing challenges of finding, hiring, and keeping the talent needed to support the long-term strategy
• Industry disruptors – exposure to typically competitive threats emanating from better products, processes, and services
• Reputation/brand exposure – the growing challenge of protecting your brand from deterioration
• Regulatory expansion – the deleterious effect of growing government impetus to control and force adherence to ideologically driven priorities

While many leaders still don’t think of opportunities as risks, in effect the risk coin is two-sided and the upside deserves as much, if not more attention than it often gets from risk professionals. This may be because the challenges attendant to the threats tends to distract and sometimes overwhelm, often leaving insufficient time to attend to these opportunity-based risks. When that occurs, the lost opportunity cost can be great. In today’s super-heated business environment, this axiom is of particularly noteworthy focus: “to grow, you must innovate and to innovate you must take risk; to grow and innovate successfully, you must manage risk well.” This mandate applies as much or more to the upside, as to the downside.

The opportunity risks getting the most attention at the board level today include:

• Transitioning from traditional to technology-based products and services – often driven by the need to compete with those who were created as technology-driven companies
• Leveraging artificial intelligence and other cutting-edge technologies to maximize returns – for more mature firms, this often remains a tactic that is poorly understood
• Creating and reinforcing competitive advantage across key organizational functions – risk management itself is at the forefront of this opportunity among competitors
• Recognizing and accommodating the shifting expectations of an increasingly mobile workforce that increasingly expect the flexibility of remote work whether you like it or not
• Having and executing well, a product and service innovation strategy to stay ahead of the competition
• Staying ahead of obsolescence as a disruptor, as it applies to your particular industry
• Navigating the rapidly changing landscape of social change and its effect on the expectations of both the workforce and the customer – partially driven by diversity, equity, and inclusion drivers
• Devising an ESG strategy that drives stakeholder engagement and value
• Strengthening preparedness and resilience to crises and systemic shocks

Recognizing the two sides of risk, has increased the challenge of effective board risk oversight. One key element that eases this strain, is to leverage and even exploit the growing sophistication of risk technology solutions that enable the effective collection, use, and interpretation of risk data, especially for better decision making, the lynchpin of long-term success and desired performance outcomes. Finding the best technology solutions to address this challenge, should be a priority of all risk leaders as it will position their firms for the long-term to be better able to respond to the operational and strategic uncertainties that will undoubtedly continue to challenge risk professionals.