NACD Blue Ribbon Report on Risk Governance: Balancing Risk and Reward came out in October of 2009 and speaks of the Board of Directors’ risk management oversight responsibilities. The report recommends ten principles to guide directors in their efforts to provide effective oversight of risk:
1) Understand the company’s key drivers of success
2) Assess the risk in the company’s strategy
3) Define the role of the full board and its standing committees with regard to risk oversight
4) Consider whether the company’s risk management system-including people and processes-is appropriate and has sufficient resources
5) Work with management to understand and agree on the types of risk information the board requires
6) Encourage a dynamic and constructive risk dialogue between management and the board, including a willingness to challenge assumptions
7) Closely monitor the potential risks in the company’s culture and its incentive structure
8) Monitor critical alignments-of strategy, risk, controls, compliance, incentives, and people
9) Consider emerging and interrelated risks
10) Periodically assess the board’s risk oversight processes: do they enable the board to achieve its risk oversight objectives?
The report goes on and talks about consulting with management to agree on the appropriate level of risk that is acceptable with regards to the company’s strategic plan. Directors must be familiar with shareholder expectations, management skills, and strategic alternatives in order to make this decision. Board of Directors need to understand the organization’s risk appetite and level of risk tolerance. The assessment of the company’s risk appetite should be an ongoing process, considering that risks facing the company are constantly changing.