Directors recognize that risk oversight is a critical responsibility of the board. This involves ensuring that management has a process in place for identifying key risks and an approach to mitigate these risks to an acceptable level. If these risks are not properly identified and managed, there can be significant ramifications, affecting the company’s brand, bottom line, and ultimately, shareholder value. Crisis management oversight, a component of overall risk management oversight, has become an increasingly important issue for boards as well. This is particularly true today—in light of instantaneous communications and the power of social media.
Because of increasingly integrated and sophisticated supply chains and distribution channels, third-party risks outside the company’s control are of increasing concern. Third-party risks can relate to bribery and corruption, trademark and patent infringement, health, safety, environmental, insider trading, and others. Third-party compliance and procedures are more important than ever.
Proxy disclosures indicate a majority of companies view risk oversight as a full-board function and that few companies outside of the financial services industry have dedicated risk committees. For efficiency, boards often allocate oversight of specific risks to their board committees. However, PwC’s 2012 Annual Corporate Directors Survey shows a significant number of directors (37%) believe there is no clear allocation of specific responsibilities for overseeing major risks among the board and its committees.
Many directors may understand the risks the company faces, but they are not sure who on the board is supposed to oversee them. This structural disconnect could prove troublesome for companies in the long run. If directors are unsure whose responsibility it is to oversee risk, the board could have a risk oversight gap. And the company’s risk mitigation protocols have to embed third-party risks into the overall framework.
"As part of the board's responsibility for overseeing risk, it should consider how risk integrates with the company's overall strategy. It should also ensure the company approaches risk management systematically across divisions and functions. Starting with management and continuing with oversight from the board, it is important to focus on the company's most critical risks."
— Mary Ann Cloyd, Leader, Center for Board Governance
|Other key issues|
Learn what PwC has to say about risk management:
Additional information about risk management: