When the financial crisis of 2008 hit, businesses, regulators, stakeholders and industry in general were forced to sit up and take notice because everybody felt the pain. Glaring deficiencies in the way things were done became obvious. What also became obvious was that the way things were was not ideal, and an overhaul was necessary. The financial crisis also turned the spotlight on risk management practices. Organisations became aware that while internal controls needed to be tightened, boards needed to be up to the mark in providing much-needed oversight as part of the control system. Ensuring that risk controls, systems, processes and responses were functioning as intended, became part of board oversight.
Governance is generally seen as the way the organisation is directed and managed; the direction is set by the board and management implements strategies accordingly. But part of the board’s role is also to create, sustain or increase the value of the organisation. In carrying out its duties, the board’s oversight of the organisation’s controls puts it in a position to also determine many aspects related to the firm’s risks, such as the limits of its risk appetite and tolerance. Corporate boards and risk management are intertwined to a greater degree than they may realise because the decisions boards make could be based on information derived through ERM-based processes and procedures.
6 The IERP® Monthly Newsletter December 2021