Dr. Earl R. Smith II
Managing Partner, The Federal Circle
DrSmith@Dr-Smith.com
Dr-Smith.com
Some of my work with boards focuses on risk management. This attention to risk has intensified and diversified since the passage of Sarbanes-Oxley. Directors are now assessing both corporate and personal risks and sometimes the calculations become complex and conflicting. Some recent court cases have highlighted the increased exposure of directors – particularly if they are less than diligent in fulfilling their responsibilities to the shareholders. Directors who align too closely with the interests of management now do not have the effective cover that they once did. D&O insurance is no longer adequate as carriers decide on the risks that they will and will not cover. I always counsel prudence and the development of a risk management strategy that will serve the shareholders and protect the directors.
Developing an effective risk management strategy requires the board of directors to have an understanding of how risk management works. Risk management also involves much more than crisis management, and should include goals, objectives, and incentives for safe work. The process of developing a risk management strategy is often foreign to directors. In addition, directors may be too close to the trees to see the forest. In order to counter these deficiencies, boards employ outside advisers to assist with risk assessments and recommendations. When this is the case, the boards still need an understanding of the risk management process. Some of the basic concepts include
- Probability: How likely is an event to occur? If the probability is low and the impact is small companies may not develop an in depth, detailed plan to deal with the issue
- Event: An occurrence, with and impact, good or bad
- Impact: What will the consequence be of the even?
- Mitigation: What will reduce the probability of an event occurring?
- Contingency: What will reduce the negative impact of an event?
New directors or new senior corporate managers often misunderstand risk management as an exercise dealing with large-scale catastrophes. While solid strategies will consider catastrophes, much of risk management deals with daily operational issues of corporate activities and customer and supplier interactions. Professional governance of risk will also involve a leadership assessment of corporate culture and ethics to ensure the strategy fits the corporate code of values.
Too often, only corporate management and a board member assigned to risk management ‘write’ the official risk management strategy. Directors and senior corporate management should be involved in developing and vetting the strategic plan, but the employees ‘turning the wrenches’ should have significant input as well. When management involves employees in determining policies morale improves and generally all employees more readily accept the policies. In addition, involving the ‘wrench turners’ usually creates more realistic safety practices. Management should have a thorough understanding of the jobs employees are being asked to perform, often times the actually performance of the tasks are more involved than what management thinks.
An effective governance model for risk management involves starting at the bottom and working strategies up through each department or division. Risk management at the lowest levels when finished should become a written manual. As the company’s management signs off on the manual and sends it to senior corporate management, the manual should be boiled down to reflect the company’s core values regarding its human resources.
The process does not end once the board of directors has adopted a strategic plan; it really begins. Corporate management audits the strategy on a regular basis by. The audit is in accordance with policies developed by the audit committee. The audit committee reviews the assessments of corporate management and insures that the findings are a fair and accurate reflection of what is actually happening in the workplace.
The audit committee should report regularly at the boards of directors meetings on the results of the risk management audit and note any findings the members believe may not be fair assessments of actual practices. The findings of the committee delivered to the compensation committee along with the results of the risk management audits conducted by senior corporate management. The succession committee should also review the risk management assessments and include its results as part of its review of corporate management’s performance.
Developing and enforcing a risk management strategy is an essential function of any board of directors. Risk, broadly defined, includes a very wide range of exposures – from employee accidents to financial risks. Management of risks is an essential part of protecting and extending shareholder value. A board that ignores risk management does it at its own risk and the exposure of individual directors.
If you want to know more about risk management, send me an e-mail and we will arrange a time to talk.
© Dr. Earl R. Smith II
~~~~~~~~~~
Related Articles:
- Good Governance – The Compensation Committee
- Sound Audit Committee Governance
- Corporate Risk Management
- Board Assessment – A Critical Part of Good Governance
- The Succession Committee – Selecting Leadership for the Future
- Corporate Board Dangers
- Lessons of Complacent Boards
~~~~~~~~~~
Sorry, the comment form is closed at this time.