May 23, 2012

Do Risk Committees Improve Strategic Risk Management?

Risk Management Magazine
Risk and Insurance Management Society, Inc. (RIMS)
Sunday, September 26, 2010
Corporate & Business Organizations / Insurance Reinsurance & Surety
All Federal
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

Risk committees continue to garner attention as a vehicle to raise risk issues high enough in the organization that they can be managed in a more strategic manner. But has their increased popularity led to enhanced oversight? Or are they just the flavor of the month?

In recent months, the Securities and Exchange Commission (SEC) has issued proposed rule making that states that corporate "disclosure might address questions such as whether those who oversee risk management report directly to the board as a whole, to a committee, such as the audit committee or to one of the other standing committees of the board, and whether and how the board, or board committee, monitors risk."  

This begs the question of whether this -- and other recent legislative and regulatory trends -- is a mandate to establish risk committees? Even without a clear answer, executive-level leadership throughout the business world is now pondering the formation of risk committees to address real or perceived weaknesses in governance. In essence, boards are now becoming compelled to respond to the changing risk landscape.  

The notion of heightened enforcement has emanated from increasing regulatory scrutiny. Specific examples include Standard & Poor's established risk culture criteria relative to credit rating performance and the SEC's ruling to ensure the protection of investors by maintaining fair, orderly and efficient markets. The reference to enforcement is important because it signifies a shift by regulators to actively impose regulatory authority that in the past has not been enforced. 

There is also evidence that companies have likely made assumptions that their corporate governance is stronger than it may actually be. If board and executive management level oversight is not sufficient to address increasing regulatory demands, what and how can they organize or execute differently to provide the assurance necessary for the shareholders, the markets and their regulators?

Risk management methodologies like enterprise risk management (ERM) have been implemented by many companies as a means of improving risk management processes, but this has not generally addressed the increasing role of boards and committee risk management capabilities. While some consider the formation of risk committees to be an additional layer of risk oversight that adds redundancy, some argue that it may also add confusion regarding who should own management of risk. And in some cases, risk committees have not proven to be effective no matter who ultimately "owns" risk management.

Most agree, for example, that the financial meltdown was the result of an absence of good corporate responsibility and risk oversight. Risk management capabilities were simply insufficient to mitigate the events that unfolded. Interestingly, however, risk committees, which are more common in the financial services arena, do not seem to have helped thwart the financial crisis.  

Many of the larger banking and investment companies had risk committees to address the types of risks that audit committees might otherwise address. The result, according to some, is that this may only be creating overlap -- not additional risk oversight functions that improve risk capabilities. Hence the questions: should the audit committee have expanded responsibility, should the board undertake an expanded role or should a risk committee be formed? If multiple functions have risk oversight responsibility, how is accountability delineated? Is there adequate independence and perspective with respect to risk? 

There are many questions to answer. And depending on the individual company and its current approach to corporate governance and risk oversight, there could be various correct answers.

There are two primary considerations a company should make, however. First, is the board or senior level management comfortable that they can develop and implement GRC, ERM or some form of control to meet their strategic risk management objectives? Second, is there a compelling need to meet increased independence and or rigor where existing functions or processes fail to achieve strategic risk management objectives?

If the answer is a resounding yes to either or both, then formation of a risk committee at the board or executive management level may be the appropriate response.

What is clear is that many companies of all sizes have not formed risk committees and appear to effectively manage enterprise risk with success. This may be related to the board's willingness to take on a larger role in risk management and oversight. Hence, if there is a perceived mandate to form risk committees, it may largely be due to the increased awareness surrounding today's heightened risk concerns.

__________

Written by Craig Snyder: 

Craig Snyder is senior manager of risk at Ernst & Young.

Risk Management Magazine and Risk Management Monitor. Copyright 2012 Risk and Insurance Management Society, Inc. All rights reserved.

About the Author

Risk Management Magazine

Risk Management Magazine  is the premier source of analysis, insight and news for corporate risk managers. RM strives to explore existing and emerging techniques and concepts that address the needs of those who are tasked with protecting the physical, financial, human and intellectual assets of their companies. As the business world and the world at large change with increasing speed, RM keeps its readers informed about new challenges and solutions....

www.rmmagazine.com
212-286-9364
www.rmmagazine.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.