Business First May-June 2017 Business First May 2017 | Page 21

Managing risk – the board’s role
By IoD Chartered Director, Joy Allen
ver the years, the governance failures
we’ve seen on the news may have
seemed remote. Surely it couldn’t
happen to us? Yet every week, we see more
and more boards who seem to have been
sleeping on the job. So can we learn from
their errors?
One key aspect of corporate governance
that we need to reflect on is Risk
Management.
Some of the boards I meet are just now
beginning to develop a risk register. Their
board meetings have talked about risks, and
operational risks are considered on a daily
basis – Health and Safety risks, Data
Protection risks, Cyber Security risks, and
others.
There is recognition that a bit more
formality may be useful, so higher level risks
are being added to documents, and scoring
mechanisms are seeking to estimate what the
impact and likelihood of the risks may be.
O
Roads to ruin
A fascinating report by Cass Business
School (on behalf of Airmic), entitled ‘Roads
to Ruin – the Analysis’ may contain some very
valuable learning for our boards, specifically
in relation to the thinking they need to do
about potential risks.
The report seeks to identify the origins and
impact of over twenty major corporate crises
in firms including Coca­Cola, Firestone, Shell,
BP, Cadbury Schweppes, Northern Rock,
Enron, Arthur Andersen, as well as some
smaller firms.
It provides detailed case studies analysing
the impact of critical events on those
enterprises, and on others around them, and
offers learning about how we need to identify
and manage risk.
7 Areas of Risk
The weaknesses they found arose from
seven key areas of risk that may be inherent
in all firms and could pose serious threats if
not dealt with. The key areas they identified
were:
1. Board skill and NED control risks: less
than optimal board competence and limited
ability of Non­Executive Directors to monitor
performance and, if necessary, to control the
behaviours of Executive Directors. The
Institute of Directors has recently published a
Director Competency Framework that can
support development in this area.
2. Board risk blindness: where boards
engage more fully in matters of reward and
opportunity than important risks, including
reputational risk. In our experience, the
annual Board Away Day should invest board
thinking time to spot potential major risks.
3. Poor leadership on ethos and culture:
there is a key role for boards in defining the
desired culture for the organisation,
articulating the values and behaviours that
can drive that culture, identifying the gap
between the optimal and the current culture,
and investing in people development to close
the gap effectively.
4.Defective communication: the flow of
information, accurately presented, from the
‘coal face’ to the boardroom is key. A ‘no
blame’ culture should enable performance
reports to come ‘warts and all’ to the
directors if effective decision making is to
happen.
5. Risks arising from excessive
complexity: directors need to be confident
enough, and engaged enough, to challenge
reports that bring lots of data but insufficient
clarity about what’s going well and what’s
not.
6. Risks arising from inappropriate
incentives, whether explicit or implicit:
the UK government’s recent consultation on
corporate governance reform sought views
on executive pay as one of its key areas.
7. Risk ‘Glass Ceilings’: the report
highlights the danger of board level risks not
being identified or articulated by risk
managers, who are often at a lower level of
management. Boards have a key role in doing
the highest level of thinking about risk, and
should invest in an independent review of
governance to ensure that risks in the
boardroom (including lack of director
competence) are brought to light and
addressed.
Leading from the top
There is a key role for the chairman of the
board to lead board thinking in this area.
They should ensure that people at all levels of
the organisation, beginning with the board,
are expected and supported to spot risks.
As its better to learn from the mistakes of
others before we make our own, perhaps we
should be asking our company secr etary to
provide regular briefings to our board about
failures in other boardrooms and the lessons
we can draw from them.
The annual Board Away Day is vital to
QUOTABLEQUOTE
The chairman should ensure
that there is real focus of the
board’s thinking on areas of
key risk. We mustn’t leave such
vital work to middle managers
in our companies. The boards
that did are the ones we’ve
been reading about in the
headlines on governance
failures.
enable ‘clean sheet thinking’ about potential
high level risks. Changes in our high level risk
register should influence the planning of the
agenda for board meetings.
The chairman should ensure that there is
real focus of the board’s thinking on areas of
key risk. We mustn’t leave such vital work to
middle managers in our companies. The
boards that did are the ones we’ve been
reading about in the headlines on governance
failures.
Joy Allen CDir is Managing Director of
Leading Governance Ltd, and Lead Tutor for
the Institute of Directors, delivering two
modules of the Chartered Director Programme
– ‘The Role of the Company Director and the
Board’ and ‘The Director’s Role in Leading the
Organisation’. She currently chairs the board
of Morrow Communications Ltd and is a
trustee for Alzheimer’s Society. The views
expressed in this article are her personal views
www.businessfirstonline.co.uk
19