馃攳
Enterprise Risk Management (ERM) presented by NACD and McGladrey - BoardVision - YouTube
Channel: NACD Online
[0]
welcome to nacd boardvision where
[2]
leading boardroom advisors
[3]
governance professionals and seasoned
[5]
directors discuss critical issues
[7]
related to your responsibilities in the
[14]
boardroom
[17]
welcome to nacd boardvision i'm steve
[19]
kalan
[20]
associate publisher of nacd directorship
[23]
i'm joined today by john brackett
[25]
mcgladrey's national leader for
[27]
enterprise risk management
[29]
welcome john thank you for having me
[31]
steve
[32]
risk oversight versus risk management
[35]
this is where these conversations often
[36]
start
[37]
with a reminder that boards provide
[39]
oversight not management
[42]
directors oversee the risk management
[44]
practices and procedures that the
[46]
company has in place
[47]
john start us off today with some
[50]
clarity on where boards and management
[52]
draw the line between oversight and
[53]
management
[54]
sure steve having the board focus on
[57]
oversight means they need to make sure
[59]
that management has in place an
[60]
effective risk management program
[62]
management needs to own the process as
[64]
part of the internal control environment
[66]
but boards can play a role in helping
[68]
management identify
[70]
assess prioritize and monitor risks
[73]
for one thing boards can ask if a
[75]
company has an erm program
[77]
about half of companies do not according
[79]
to your own 2011 corporate governance
[82]
survey
[82]
for public companies when managers
[85]
provide credible plans based on credible
[87]
information
[88]
directors step back and manage by
[90]
exception
[92]
that is they don't get involved until
[93]
surprises happen but clearly that's not
[96]
a good way to oversee risk management
[98]
how do boards get out in front of
[99]
pending or potential risks
[101]
this is where director's experience is
[103]
invaluable
[104]
and we can offer three examples boards
[107]
can review
[108]
some of the key assumptions management
[109]
makes as they build their risk
[111]
management models
[112]
certain directors can identify exposure
[114]
to risk
[115]
and areas that might be new to the
[117]
company but familiar to that director
[119]
and collectively a group of directors
[121]
may offer a different prioritization of
[123]
risk management activities based on
[125]
their experiences
[126]
interestingly this year's public company
[129]
governance survey
[130]
showed that specific industry experience
[132]
is the second most
[133]
important attribute when recruiting new
[135]
directors that's correct
[137]
our survey also shows that risk
[139]
assessment itself is a key attribute in
[141]
potential new directors
[144]
steve we'd like to know what nacd is
[146]
hearing from its members regarding risk
[148]
committees
[149]
many companies are considering risk
[151]
committees in our recent corporate
[152]
governance survey for public companies
[154]
mentioned earlier we show 12 and a half
[157]
percent of them already have risk
[158]
committees
[159]
there are pros and cons to this but any
[161]
city's position is similar to yours
[163]
every board member has responsibility
[165]
for risk oversight
[166]
that's right if a risk committee exists
[169]
it should have accountability to the
[170]
overall board
[171]
for the execution of their duties at the
[173]
committee level
[175]
in fact the main value of a risk
[176]
committee is to gather up the
[178]
risk-related work of all the committees
[180]
and report to the board in a holistic
[182]
way really to help the board see the big
[184]
picture
[186]
we've seen an increase in the naming of
[188]
chief risk officers
[189]
first in heavily regulated industries
[191]
like financial services and utilities
[194]
but now spreading to companies of all
[195]
types do most companies
[198]
need chief risk officers and if so who
[200]
should they report to internally
[202]
we think they should and we think the
[204]
chief risk officer
[205]
should be responsible for ensuring
[207]
management is on task
[209]
regarding risk identification assessment
[212]
mitigation and monitoring in most cases
[215]
the chief risk officer should report to
[217]
the executive management team
[219]
and the board are there ways to allow
[221]
them to present independently to the
[223]
board
[224]
to avoid filtering of data can this be
[226]
done through the audit committee
[228]
i'm a strong believer in the cro having
[230]
a direct relationship to the board
[232]
or a designated committee such as audit
[234]
or risk
[235]
this level of independence can boost
[237]
board confidence in the erm
[239]
program obviously there should be no
[241]
surprises to management
[243]
so it's the responsibility of the cro to
[245]
coordinate and communicate within all
[247]
levels of the organization
[249]
in addition to boards focusing on key
[251]
risks to the organization
[253]
what else do you think boards should do
[254]
to optimize their involvement in risk
[256]
oversight
[257]
it's critical to know the top risks but
[260]
it's even more important to understand
[261]
the impact each key risk can have on the
[264]
organization
[265]
and the interdependency of risks how
[267]
other risks are impacted when one risk
[269]
event is triggered
[271]
understanding counterparty risk is a
[272]
great example of effective risk
[274]
oversight
[275]
two conclusions we seem to always draw
[277]
about risk in erm
[279]
are one that it's a team sport need the
[281]
full board's attention
[283]
as it is inherently tied to strategy and
[285]
two
[286]
risk oversight needs to be woven into
[288]
all discussions
[289]
as opposed to being set aside and
[291]
discussed separately we agree with you
[293]
on these conclusions
[294]
i'll close with a few more one in
[297]
developing and monitoring strategy
[299]
management and the board need to work
[301]
together to identify and monitor risks
[304]
two everyone in the company is
[306]
responsible for practicing appropriate
[308]
risk mitigation including the board
[311]
and senior management which sets tone at
[313]
the top
[314]
and finally a robust erm program
[318]
ensures the discipline needed to achieve
[320]
all of these goals
[322]
john with only a little more than half
[324]
of the directors claiming their
[325]
companies have an erm program
[327]
we expect much discussion the next few
[329]
years on enterprise risk management
[332]
thanks so much for your time today and
[333]
we hope to revisit this topic with you
[335]
again soon
[337]
until next time i'm steve kalan with
[349]
nacd
Most Recent Videos:
You can go back to the homepage right here: Homepage