High-profile failures in risk management are raising alarms among regulators and investors, putting boards of directors under scrutiny. As operational losses and damage to reputation become more common, oversight bodies are increasingly held accountable for governance failures.
Despite significant investments in risk management across various industries, many organizations still struggle with effective board-level oversight. Mark Sexton, a Senior Managing Director at FTI Consulting, recently shared insights on how boards can better meet growing expectations.
Sexton noted that while management actions are often blamed for operational issues, boards are now facing criticism for their oversight failures. He highlighted that boards are being cited for serious shortcomings in their governance practices.
In recent years, organizations have poured resources into improving risk management structures. This includes establishing dedicated risk committees, creating risk appetite statements, enhancing reporting processes, and requiring board members to undergo risk training. While the financial services sector has led these initiatives, similar efforts are appearing in other industries.
However, many boards still fall short in providing strong oversight. Sexton pointed out that common issues include a lack of focus on the most critical risks, gaps in skills, and poor-quality management information. Boards often receive extensive data that does not prioritize the most urgent concerns, making it challenging to take appropriate action.
To improve this situation, Sexton urged boards to demand high-quality executive summaries that clearly outline the key issues needing attention. He emphasized the importance of maintaining an up-to-date understanding of the organization’s risk exposure, which should reflect both internal changes and external pressures.
Sexton also stressed the need for boards to actively challenge management’s views on risk. He pointed out that boards should not simply accept management’s assessments but should question their understanding of risks and the steps being taken to mitigate them. Proper documentation of these discussions in meeting minutes is crucial.
Current reporting practices often rely on lengthy presentations from chief risk officers, which can obscure important information. Sexton suggested that executive summaries should focus on key details such as adherence to risk appetite and emerging risks.
Moreover, boards must take ownership of their informational needs. Sexton noted that many boards assume that risk committee reports are comprehensive without assessing whether they actually meet their needs. Identifying gaps or biases in management’s perspective is essential.
To enhance independence, Sexton recommended that audit committees collaborate closely with risk management teams to ensure that risk issues are thoroughly addressed. Aligning the activities of the audit committee with risk management functions is vital for effective oversight.
Looking ahead, Sexton believes that increasing demands from investors and regulators will shape how boards approach risk management. He concluded that boards must provide diligent oversight and challenge risk management practices while ensuring they understand the organization’s risk profile, either through acquiring knowledge or consulting external experts.
As the landscape of risk management evolves, boards will need to adapt to meet these new expectations and ensure robust governance.