Key issues: Risk management

Directors recognize that risk oversight is a critical responsibility of the board. This involves ensuring that management has a process in place for identifying key risks and an approach to mitigate these risks to an acceptable level. If these risks are not properly identified and managed, there can be significant ramifications, affecting the company’s brand, bottom line, and ultimately, shareholder value. Crisis management oversight, a component of overall risk management oversight, has become an increasingly important issue for boards as well. This is particularly true today—in light of instantaneous communications and the power of social media.

Because of increasingly integrated and sophisticated supply chains and distribution channels, third-party risks outside the company’s control are of increasing concern. Third-party risks can relate to bribery and corruption, trademark and patent infringement, health, safety, environmental, insider trading, and others. Third-party compliance and procedures are more important than ever.

Proxy disclosures indicate a majority of companies view risk oversight as a full-board function. Few companies outside of the financial services industry have dedicated risk committees at the board level. For efficiency, boards often allocate oversight of specific risks to their board committees. In the past year, boards have made significant strides in allocating risk oversight: According to the 934 directors responding to PwC’s 2013 Annual Corporate Directors Survey, 80% of directors now think there is a clear allocation of risk oversight responsibilities between the board and its committees, up from 63% a year ago. Additionally, nearly three-quarters of directors took action to reduce fraud risks during the last year. But despite this, 50% say that it could still be improved. And 60% say they want to spend more time on risk management in the coming year.

PwC perspective

"As part of the board's responsibility for overseeing risk, it should consider how risk integrates with the company's overall strategy. It should also ensure the company approaches risk management systematically across divisions and functions. Starting with management and continuing with oversight from the board, it is important to focus on the company's most critical risks."
— Mary Ann Cloyd, Leader, Center for Board Governance

Other key issues

Learn what PwC has to say about risk management:

Additional information about risk management: