The boardroom is where the buck (for everything) ends, thus the board’s role in risk management is crucial. The board must consider carefully and frequently the major risks that could result in different results than anticipated, whether those results are positive or bad. Every week, there are scandals involving safeguarding, abuse, fraud, and cybersecurity. For each of the organizations involved, their reputation has been severely damaged, and all stakeholders including funders, employees, and clients may be reluctant to work with them in the future.
If we consider "upside risk," there may be a risk that boards become risk-averse and miss out on a great opportunity by declining to try a novel good or service. Risks must be recognized, followed up on, and managed at all levels.
It's true that every employee in a company as well as everyone who enters their property should be considering risks, but the board has a crucial role to play in establishing the risk culture and providing clear direction on matters like risk appetite and escalation procedures. The culture must encourage everyone to be transparent, helpful, and shares a common vision.
Taking a fresh look at key risks
We firmly advise the board to conduct its own "clean sheet thinking" on important risks at least once a year, following the agreement on the strategic priorities. We've recently been asked why that matters. According to neuroscience, reading a complex document, like a risk register, activates the brain's "detail" region. We're sure to find any spelling or grammar issues when we read through line after line of data, but there could be one or two really important hazards that the managers who wrote the document failed to identify. We suggest that the board do the following at least once a year, perhaps on Board Away Day:
Start with a blank flip chart sheet and use questions like these to generate ideas for the major hazards.
What might prevent us from completing each of those objectives?
What might harm our standing?
What might damage our financial situation?
What might cause us to go out of business?
How can we learn from other governance failures?
Following that, anagement should be tasked with creating a Corporate Risk Register and submitting reports to the board utilizing a heat map that plots risks against levels of impact and likelihood. The Board should keep track of developments and should always be aware of whether the management instituted controls are working as intended (for example, by lessening the possibility or impact of the risk). Reports should make it clear what is being done to address each risk and whether it is declining or rising. Changes in important risks should have an impact on the board meeting agenda, with emerging hazards identified and measures decided.
The list of major risks can benefit from input from personnel at all levels, and there should be clarity regarding when and how someone should escalate a risk and bring it to the attention of a more senior individual. Even though the Risk Register may already contain many of the major hazards listed on the flip chart, the exercise will have been worthwhile if it reveals one or two additional significant concerns.
We were all caught off guard by the COVID-19 epidemic in 2020. Of the 1,000 respondents surveyed by the Institute of Potential Management in April 2020, 32% had never thought about the risk of a pandemic. In their Risk Register, one-fifth of people who had pandemic risk had not taken any action. Unsurprisingly, 83% of respondents thought that in the future, the board will be more interested in strategic risks.
The Bottom Line
The role of board of directors is crucial in these matters. There are some good books that explains well about theis challenges.The Orange Book is one of that book. It offers more helpful advice on risk management procedures, such as risk identification, risk treatment, risk monitoring, and risk reporting. The advice is extremely pertinent for all boards, even though it was designed for the public sector.
We must be careful not to completely avoid risk in all of this. A ship is safe in harbor, but that's not what ships are for, said John A. Shedd (goodreads)
Shellye is committed to helping people from diverse backgrounds to achieve their aspirations in careers and life. The content published above was made in collaboration with our members.
Shellye Archambeau is determined to help you with all possible strategies to climb the ladder of success. She values your feedback. Do mention them in the comment section below.