Press Releases

Press Releases


New Findings and Recommendations Issued on The Board’s Role in Effective Risk Management

Shared Assessments and Experts With 12 Financial Services, Risk Management and Cybersecurity Companies Offer Eight Actionable Recommendations.

SANTA FE, NM, October 1, 2019 – The Shared Assessments Program, the member-driven leader in third party risk assurance, today released “The Board’s Role in Realizing Effective Risk Management” – a new set of findings and recommendations developed with C-level executives and risk experts from a dozen organizations.

The briefing paper provides boards of directors and C-level executives with:

  • new findings on the role of and increasingly crucial importance of Board oversight; and
  • specific high-profile case study examples of the opportunity for the Board to play a role in robust risk monitoring to achieve organizational goals and preserve brand reputation, and the real-world consequences of failing to do so.

The report also provides specific actionable recommendations for effectively engaging the Board in strategic risk-related processes to protect business continuity, safeguard revenue streams and assure positive organizational reputation.

“Recent high-profile incidents such as those at Equifax and Facebook should serve as a stark reminder to every company of the important role that the Board must play in proactive oversight,” said Catherine A. Allen, Chair and CEO of Shared Assessments. “The stakes have never been so high; the sophistication and potential consequences of cyber threats and non-cyber risks increase daily, while non-compliance penalties of regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can impede an organization’s ability to operate. Oversight and legal responsibility sit with its Board members. This report provides clear, concise guidance Board members need in this new and dynamic threat landscape.”

With the Federal Trade Commission (FTC) now holding organizations accountable for privacy practices, industry experts say that the FTC’s 20-year settlement order with Facebook will emerge as the new model for future offenders. “The Board’s Role in Realizing Effective Risk Management” helps Boards engage and ensure that their organizations’ risk monitoring strategies, structures and tactics are appropriate to protect the organization. Guidance includes:

  • Raising awareness of the Board’s role in risk management processes and the advantages of appointing a designated risk-aware member.
  • Advocating for the appointment of and understanding the responsibilities of a Chief Risk Officer.
  • Understanding recent Federal rulings and their potential implications for organizations.
  • Gaining the potential benefits of board-directed third party assessments
  • Following eight specific actions that Boards can take to ensure effective risk management oversight, such as:
    • approving enterprise risk monitoring processes and codifying the organization’s risk appetite and risk management framework; and
    • maintaining direct communications channels with specific key functions in risk-related matters – including who should have unimpeded Board access and why
  • Adopting the five key steps Boards should take to help their organizations be more responsive to real-time risk developments and maintain a higher level of resiliency.


The report was developed by experts with The Santa Fe Group, The Shared Assessments Program and subject matter experts from: Alvarez & Marsal Dispute Analysis & Forensics, LLC; Annie Searle & Associates; CopyTalk, LLC; Early Warning Services, LLC; Lynx Technology Partners, Inc.; MUFG Union Bank, N.A. (formerly Bank of Tokyo); Neo Group; NormShield, Inc.; Secure Digital Solutions, Inc.; Security Diligence, LLC; Solem Risk Partners, LLC; and Synovus Financial Corporation.


The report is available for download here:

Media Requests

Media Relations
(505) 466-6434

Media Kit to request a media kit.