Board responsibility for the Risk Management System
How effective is your Risk Management System?
Ensuring that an effective risk management system is in place within a governance framework is essential.
The pressures and perils that arise as a result of accepting a Non-Executive or Trustee appointment are increasing as the risk environment changes in relation to the pace of technological advance, cyber threats to data security, the potential for terrorist attack and the need for quality staff able to deliver corporate objectives.
One of the key responsibilities of the role, amongst many others, is to promote the success of the organisation and in doing so there is a fundamental need to both establish its mission and corporate objectives as well as understand the inherent risks to which the organisation is then exposed, in order that the risk management system can effectively highlight where potential business critical risk exposures exist.
Effective Enterprise Risk Management
In this way, Boards can establish a framework of risk management, control and assurance that binds their involvement with the operational management of the organisation in a way that drives business risk management through performance management, reporting processes and which therefore drives transparency.
As Board time is precious, a critical component of governance is that the Board is able to identify where it must place its attention. The emphasis of its role is established as being strategic, but it ignores its responsibility to provide appropriate challenge and support to the Executive at its peril through achieving a full understanding of the business risk assessment system.
Delegation and subsequent trust must be balanced by a process of openness, assurance and reliability of management information that promotes confidence and success. This of course may be supported by independent assurance from internal audit within a culture of robust enterprise risk management
Using the risk assessment system as a basis for communication
An essential feature of good governance is therefore the establishment of a Board Assurance Framework provides for use of risk management systems that highlight matters for attention. This enables focus at all levels on the things that really matter and should be discussed at Board level. Recognition in real time that things are getting out of hand and beyond the risk appetite of the Board, is critical if catastrophic organisational failure is to be avoided.
Of note is the management of projects within the organisation, where the failure of project risk management to identify delays, cost overruns or the unavailability of resources when need is business critical. Good risk management systems will therefore not only provide for recognition of risk relating to operations and back office but also those risks which relate to new initiatives that the Board see as crucial to future success.
In this respect, the Executive must feel confident in raising matters of concern, the Board’s re-action will be constructive, supportive and in the best interests of the organisation. The emergence of a two-team structure in which the products of risk management system are not shared represents a dangerous scenario which is not in stakeholder interest.