In partnership with Women Corporate Directors, The Santa Fe Group (managing entity of Shared Assessments) has explored the need for Board Risk Committees through a two-part webinar series. This blogpost describes the case for Board Risk Committees (BRC) and summarizes the best practices for BRCs offered by webinar panelists fromThe Santa Fe Group, The Cambridge Group, KPMG and The UK Risk Coalition.
The value Board Risk Committees bring is best seen in times of unpredictability. Presently, across society and within our organizations, we are experiencing social unrest, acceleration of digital transformation driven by a remote workforce, and devastation due to wildfires, hurricanes and other climate change results as well as dealing with health and economic issues related to the COVID-19 pandemic.
In this chaotic time, Board Risk Committees offer a forum for in-depth on increasingly important operational risk issues. The expertise, experience and knowledge shared within these groups is not as readily available elsewhere – such as on audit committees, where financial expertise is properly focused.. BRCs facilitate learning between board directors and senior management and provide a natural home for an in depth focus on emerging risks and technologies. Board risk committees facilitate the development of risk profiles and the monitoring of risk metrics in a timely manner.
Forming Board Risk Committees
Curate the views of senior management and expertise on Board Risk Committees. Address a wide range of existing and emerging risks by recruiting executives with backgrounds in cybersecurity, privacy, communications, technology, healthcare, compliance, and legal and regulatory backgrounds to serve on your BRC.
Keep The Big Picture In Sight
Realize that strategy and risk go hand in hand and direct the board’s focus toward appropriate risk profiles for the businesses themselves. Keep the big picture in sight at all times. Strive to understand cultural risks within the company and use tone-at-the-top, incentives and other tools to drive behavior. Approach risk oversight as a team sport while being mindful that ERM, crisis readiness and resilience are closely linked.
Board Risk Committees should maintain a strong focus on organizational strategy and what their firm is trying to achieve. To do this, BRCs should develop an understanding of what needs to go right (opportunities) and what might go wrong (risks). The use of scenarios, including “thinking of the unthinkable,” is a useful exercise to model how dynamic risks could potentially evolve. (Dynamic risks are risks, such as liquidity, that have the propensity to go slide downhill quickly.) Climate change and pandemics are others.
Get Comfortable With Uncertainty
Avoid paralysis by analysis! Enterprise risk management is an art, not a science. Keep in mind that any forecast could be wrong.
Review Risk From An Objective Perspective
Risks MUST be presented in context of the objectives to which they relate. Board Risk Committees should work with management to define a framework of strategic objectives so that risks can be viewed in the appropriate context. .
Risk is a board responsibility, not just the responsibility of BRCs; occasional joint meetings of the audit and risk committees are an effective means of developing a bigger picture, drawing on the diversity of expertise in these two groups.
A recording of the webinar, which reviews these best practices and fields related questions from board members, can be accessed via https://www.santa-fe-group.com/brc/ under “Podcasts & Recordings.”
Thank you to Chris Burt of the UK Risk Coalition, Jackie Daylor of KPMG, Agnes Bundy Scanlan of The Cambridge Group, and finally, Cathy Allen of The Santa Fe Group (firstname.lastname@example.org) for sharing best practices from their years of experience and depth of knowledge. To be in touch with any of these thought leaders in Board Risk Committees, contact email@example.com.