CANDIDATES
Candidate Toolkit |
THE BOARDSPAN LIBRARY
The Boardspan staff reviews and selects the most informative articles from business news sources, including:





We categorize articles to make them easier for you to find.
- Exec. evaluation & comp
- Critical information about evaluating and compensating the executive team.
How to Talk to Your Board About Risk

Board members and company managers today need to have a clear and informed view of risk. The business world is fraught with risks to strategy that emerge more quickly and pack a bigger punch than ever before. Moreover, there are new sources of risk—for example, fast-moving innovations in technology (think: Blackberry versus the iPhone), scientific breakthroughs, and the ever-evolving realm of social media.
The quality of conversations about strategic risk among business leaders and operating mangers makes all the difference. New research from the American Productivity and Quality Center (APQC) on enterprise risk management (ERM) shows that the more mature organizations—those with well-established risk assessment, reporting, and training processes—have been taking steps to boost the quality of such conversations, especially those involving boards of directors or board committees. For example, their leaders take care to structure the agenda of board-level risk discussions so that there is ample time to focus on the question of “what’s not visible now that could hit us?” Spending adequate time on that sort of inquiry uncovers overly confident strategic assumptions.
“The point is to kick off creative brainstorms,” one ERM leader told us. This leader has developed an exercise that prompts company managers to have practical discussions. “We…talk about the resiliency of [managers’] strategic plans,” he says. “We can ask, ‘What have you done to fold the risks that have been identified into your plan in a way that allows you to win the must-win battles?’” In contrast, a board-level conversation at a far less-mature company would involve a rote recitation of risks that surprise nobody—for example, what do we do if the price of energy rises next year?
Smart managers also work to educate board members on the concepts and language of ERM. When everybody shares a common understanding, people can easily come to consensus about what issues deserve deeper examination or highest priority. They can then proceed to prioritize their strategic responses given a risk’s likelihood of occurring and its speed of change.
For example, at one best-practice organization, leaders and operating managers alike are trained to use a risk prioritization model (which is shared with the board). The slow-moving risks with a low likelihood of happening get parked (but not forgotten). The slow risks with high likelihood are items the managers will have to adapt to. Then there are risks with low likelihood that would nonetheless quickly become a big challenge if they materialized. These need contingency planning and careful monitoring. Finally, there are the emerging risks that are most likely to materialize and that can accelerate quickly. These are risks that that have the potential to seriously disrupt the business unit’s strategy.
Finally, when conversations about risk are well structured and meaningful, managers gain a clearer sense of the board’s appetite for risk and ability to tolerate it. Board members, meanwhile, get a good feel for the organization’s level of ERM maturity.
At some companies however, board members don’t recognize the value of such conversations. They want to do what they’ve always done: sort risks into neat categories (financial, operational, compliance) and dictate that more rules be drawn up for employees to follow. Such boards look at company managers and say, “We pay you to worry about risk. We worry about ROI!”
Indeed, APQC research indicates that ERM is still in its nascent stages at many firms. Survey findings from nearly 100 large global companies point to a worrisome process weakness: 43 percent do not have an ERM process owner who updates the board regularly about the evolving mix of risks and efforts to address them. In contrast, the 57% that do have such a person and process in place feel confident in their ability to identify new types of risks that could send strategic initiatives careening. The confidence comes from steady exposure to the board’s evolving views on risk versus reward. And when an ERM leader can say to other managers, “Well, here’s what the board thinks about that,” the board’s clout is in the room. Operating managers tend to perk up and engage in truly thorough discussions about potential risks.
The first step in having meaningful conversations with the board about risk is collecting the right information to share. At best-practice companies, gaining risk intelligence starts with some version of this mantra: “Everybody’s a risk manager. The business decision makers own the strategy; therefore, they own the risks.” When leaders set the tone that risk management is everyone’s business and put structures in place to support it, the data emerges effectively.
An example comes from Exxaro, the large South Africa–based diversified resources group, with interests in the coal, mineral sands, ferrous, and energy commodities. Exxaro has a highly structured ERM reporting process. Business units meet quarterly to go over their risk profiles, as does the operations committee. The board then receives a quarterly operational risk profile, and the ERM team has an annual process with the board wherein board members use the business units and operations committee’s risk profiles as input to compile their own risk profile.
The point is not for the board to re-rank or develop their own views on specific risks. Rather, it is to ensure that risk owners throughout the organization participate in risk management in a genuine manner—one that fully engages the board in conversation.
Republished with permission from strategy+business, a publication of PwC Strategy& LLC. ©PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see pwc.com/structure for further details. strategy-business.com
MORE ARTICLES
Refreshing Your Board of Directors
Patrick R. Dailey, Ph.D. and Joel M. KoblentzMore Female Board Directors Add Up to Improved Sustainability Performance
U.C. Berkeley, Haas School StaffBoard Governance Depends On Where You Sit
William GeorgeBattle For the Boardroom
Ludo Van der Heyden and Chris HowellsNight of the Living Board
Matt PalmquistThe "Third Team" Approach to Board Effectiveness
Denis Mowbray and Coral Ingley (both from Auckland University of Technology)Tapping The Strategic Potential of Boards
Chinta Bhagat, Martin Hirt, and Conor KehoeLean Strategy Not Just For Start-Ups
Carmen NobelInvolving the Board in Strategic Planning
Jean-Daniel BrissonBest Practices: Non Profit Governance
McDermott Will & EmeryValue-Focused Corporate Governance
Christian Orglmeister, Marcos Aguiar, and Daniel AzevedoTen Key Dimensions of Effective CEO Succession
Thomas J. SaporitoThe Trouble With Too Much Board Oversight
Olubunmi Faleye, Rani Hoitash and Udi HoitashPurpose, Vision, Mission, Values
Graham KennyRunning More Effective Board Meetings
Mark SusterA More Effective Board of Directors
Ana DutraCulture & Business Performance: What’s the relationship?
Method Frameworks StaffCorporate Culture, Not Lip Service, Counts
Luigi Guiso, Paola Sapienza and Luigi ZingalesBuilding a Forward-looking Board
Christian Casal and Christian CasparWhen Best Practice Isn't Enough
Simon C. Y. WongCollaborate Better
Leigh ThompsonThree Critical Talent Conversations For Every Board of Directors
Jean Martin and Michael GriffinOutgoing CEOs Shouldn't Pick Their Replacements
David F. Larcker, Stephen A. Miles, and Brian TayanFive Things Every CEO Must Do in the Next Era of Globalization
Hans-Paul Bürkner, Arindam Bhattacharya, and Jorge BecerraWhy Directors Should Thank Dodd & Frank
Eleanor BloxhamD&O Liability Insurance: An Overview
Priya Cherian HuskinsBest Practices in Compliance
Stefanie MoscaWhy Every Company Needs a Board of Directors
Brian HamiltonWhy Leadership Isn't Just For Leaders
Sally Helgesen10 Principles of Leading Change Management
DeAnne Aguire and Micah AlpernThe Double-Edged Sword of CEO Activism
David F. Larcker, Stephen A. Miles, Brian Tayan, and Kim Wright-ViolichDecoding Leadership: What Really Matters
Claudio Feser, Fernanda Mayol, and Ramesh SrinivasanThe Buck Stops and Starts at the Top
Cathy L. Reese, John Michael Farrell & Jose SierraBeware Financial Mishaps at Nonprofits
Kate Barr4 Ideas for Improving Effectiveness & Reducing Risk
Stuart M. AltmanHow to Talk to Your Board About Risk
Mary DriscollThe Economic Case for Soaring CEO Pay
Anup SrivastavaSurviving the Sophomore Slump: Moves That Matter The Most
Roselinde Torres, Judy Johnson, James M. Citrin, and Susan S. HartLeapfrog Succession: Trend in Appointing CEOs
Roselinde Torres, Gerry Hansell, Kaye Foster, and David BaronCan Cutting CEO Pay Help a Faltering Company Rebound?
Emily AyshfordWhy Clawback Provisions Are a Must: Present and Future Risks in Financial Services
Brian Jebb and Sarah HenchozWhy Senior Leaders Are On The Front Line Against Cyberattacks
Tucker Bailey, James Kaplan, and Chris RezekCorporate Data Privacy: Time To Grow Up
Dan CurrellAre You In the Dark about Shadow IT?
Ryan Shadle and Brian TurleyCorporate Governance in the Age of Cyber Risks
In collaboration with RANE (Risk Assistance Network and Exchange)Planning Ahead – The Board’s Role in Crisis Management
M. Hill Jeffries, Kyle G. Healy, Marshall M. ChalmersHiring For Cultural Fit At The Top
Eric J. McNultyAgitators and Reformers: How to Respond to Activist Investors
Josh Hinkel, Henrik Poppe, Martin Toner and Chuck WhittenAudit: Radical Change on the Horizon?
Stephen DavisYour library is currently empty. Browse the Boardspan Library to get started.