Ninety-seven percent of shareholders believe risk management should be the very or most important area of focus.1 Consequently, directors also recognize that risk oversight is a critical responsibility of the board. This involves ensuring that management has a process in place for identifying key risks and an approach to mitigate these risks to an acceptable level. If these risks are not properly identified and managed, there can be significant ramifications, affecting the company’s brand, bottom line, and ultimately, shareholder value. Crisis management oversight, a component of overall risk management oversight, has become an increasingly important issue for boards as well. This is particularly true today—in light of instantaneous communications and the power of social media.
Because of increasingly integrated and sophisticated supply chains and distribution channels, third-party risks outside the company’s control are of increasing concern. Third-party risks can relate to bribery and corruption, trademark and patent infringement, health, safety, environmental, insider trading, and others. Third-party compliance and procedures are more important than ever.
Proxy disclosures indicate a majority of companies view risk oversight as a full-board responsibility. Few companies outside of the financial services industry have dedicated risk committees at the board level. For efficiency, boards often allocate oversight of specific risks to their board committees. In the past year, boards have made significant strides in allocating risk oversight. Over the last three years, directors have become more comfortable with the allocation of specific responsibility for overseeing major risks between the board and its committees. In 2014, 84% said there was a clear allocation of responsibility, up from 80% in 2013 and 63% in 2012. However, of those directors who say there is a clear allocation of responsibility this year, 55% still think it can be improved.2
Many shareholders are showing dissatisfaction with board disclosure of risk oversight, and generally want more disclosure on many areas, such as risk appetite, cyber risk, risk management performance indicators, and emerging company risks.3
|Other key issues
Learn what PwC has to say about risk management:
1 Through the Investor Lens: Perspectives on Risk Governance, PwC’s Investor Survey, 2013
2 Trends shaping governance and the board of the future, PwC’s Annual Corporate Directors Survey, 2014, pg. 37