In fact, analysts and observers often point to board decision-making as one of the main areas where critical risks may arise. The board needs to understand the key risks confronting the organisation and make an assessment of the firm’s abilities to manage these risks before setting organisational strategies and objectives. This sort of strategic decision-making is essentially the roadmap for the organisation and the basis of setting its risk strategy. While developing the firm’s risk appetite is the responsibility of management, the board’s support and approval is needed. The risk appetite should be tailored to the requirements of the organisation, and be set only after careful consideration.
Other than agreement and support, the board also needs to provide oversight over the processes and procedures related to adherence to the firm’s risk appetite. These processes and procedures may need fine-tuning; this is where the board, with its expertise and authority, may advise adjustments after scrutiny. It is worth noting that organisations can expect to not get things right the first time, but they will get progressively better as they go along, as understanding of their priorities, core issues and challenges grows. Established standards such as ISO 31000 are good benchmarks to apply, when trying to set in place viable frameworks. As this grows, so too will accountability and transparency.
One of the issues that may emerge is the lack of cooperation or collaboration between the organisation’s individual departments, units or subsidiaries. It is not unusual to find that operating in siloes is the norm, especially in large concerns like multinationals. Because of this isolation, staff may not be able to align performance with the company vision and objectives, and run the risk of not being as engaged with their jobs as expected.
Corporate boards and risk management have to be viewed through the same lens because how a firm’s risk is managed dictates how much value will be added to or subtracted from it in the long term. Moreover, applying ERM frameworks which are structured and clearly laid out, makes it easier for boards to perform their tasks in an open, transparent and accountable way.
7 The IERP® Monthly Newsletter December 2021