slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
2nd National Conference on CORPORATE COMPLIANCE & ROLE OF INDEPENDENT DIRECTORS February 15, 2013 PowerPoint Presentation
Download Presentation
2nd National Conference on CORPORATE COMPLIANCE & ROLE OF INDEPENDENT DIRECTORS February 15, 2013

Loading in 2 Seconds...

play fullscreen
1 / 27

2nd National Conference on CORPORATE COMPLIANCE & ROLE OF INDEPENDENT DIRECTORS February 15, 2013 - PowerPoint PPT Presentation

  • Uploaded on

Board Oversight in Risk Management. 2nd National Conference on CORPORATE COMPLIANCE & ROLE OF INDEPENDENT DIRECTORS February 15, 2013. “.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '2nd National Conference on CORPORATE COMPLIANCE & ROLE OF INDEPENDENT DIRECTORS February 15, 2013' - shona

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Board Oversight in Risk Management

2nd National Conference




February 15, 2013


Effectively integrated with strategy-setting, risk management should invigorate opportunity-seeking behavior by helping managers develop the confidence that they truly understand the risks and have the capabilities within the organization to manage those risks.

The result: management and the board fully understand the downside and how much it might hurt. They also know what to watch over time.

Everret Gibbs & Jim DeLoach, Protiviti Managing Directors

“Which Comes First…. Managing Risk or Strategy Setting? Both!”

Financial ExecutiveMagazine

board risk oversight coso protiviti survey
Board Risk Oversight – COSO & Protiviti Survey
  • The Committee of Sponsoring Organizations of the Treadway Commission (COSO) commissioned Protiviti to conduct a survey to develop a deeper knowledge of the current state of the risk oversight process and the desired future state
  • The results of the survey provides valuable insights into:
    • How boards are fulfilling their risk oversight obligations;
    • The maturity of their processes; and
    • The key areas offering opportunities for improvement of the risk oversight process.

Given the intensive regulatory environment across countries, risk oversight has become a high priority on the agenda of most board directors. Boards are taking a fresh look at the qualifications of their members, how they operate and their expertise to understand and manage the enterprise’s risks.

board risk oversight general outcomes 1 2
Board Risk Oversight – General Outcomes (1/2)

Boards are not formally executing mature and robust risk oversight processes, although the risk oversight responsibility generally resides with the board

Overall dissatisfaction in the way risk is considered in the context of the organization’s overall strategy and there are one or more obstacles inhibiting the risk oversight process

Risk Reports not received annually by most boards are generally received on a need / ad-hoc basis or not at all

In the absence of routine risk appetite dialogue, risk appetite may not always get driven down into the business to set risk tolerances and operating limits

board risk oversight general outcomes 2 2
Board Risk Oversight – General Outcomes (2/2)

Action plans to address deviations from risk tolerance parameters require improvement

Monitoring of the organization’s risk management process isn’t done at all or is executed ad hoc

Many companies have a process to apprise the board of the most significant risks and how those risks are managed.

However, in relatively few organizations is the process is well defined and rigorous

role of the board in the risk oversight process
Role of the Board in the Risk Oversight Process

Over 74% respondents indicated that their boards are not formally executing mature, quantifiable and robust risk oversight processes

Source: COSO-Protiviti Risk Oversight Survey 2010

board s involvement in the risk oversight process
Board’s Involvement in the Risk Oversight Process
  • Findings suggest that the boards are gaining valuable support by assigning aspects of their risk oversight responsibilities to their various standing committees
  • The risks inherent in the scope of each delegated committees activities are set forth in the respective committee charter. For e.g.
  • Audit committees typically oversee financial reporting risks and certain compliance risks that have financial reporting implications
  • Governance committees oversee governance risks as board leadership and composition, board structure, etc.

Source: COSO-Protiviti Risk Oversight Survey 2010


To enhance the transparency of the oversight process, organizations may want to consider documenting formally, the roles and responsibilities related to the risk oversight in the board or committee charters

does your board
Does Your Board:

Provide ‘active oversight’ in developing the overall strategy?

Possess a good understanding of the risks to the strategy – those that may limit value creation and even cause the strategy to fail?

Ask probing questions – including those that challenge assumptions of the strategy?

Have an understanding of the key risk indicators in place to alert decision makers to a strategic risk?

Assess potential new risks the strategy can create?

Prepare for if the strategy fails?


Where does this take us?

What Does This Mean For Us?

enterprise wide challenges in risk management
Enterprise-Wide Challenges In Risk Management

Chief Risk Officer (CRO)

Chief Compliance Officer (CCO)


CFO / VP Finance

  • Balancing the range of enterprise risks
  • Evaluating business requirements and technical risk capabilities
  • Reducing organizational cost of risk exposure and cost of mitigation or acceptance
  • Increasing efficiency & consistency of compliance processes
  • Reducing regulatory actions by reducing compliance violations
  • Planning and oversight of compliance management resources
  • Identifying and implementing optimal detective & preventative controls
  • Timely notification of control issues, material weaknesses and violations
  • Reducing the total cost of Governance and Risk Management
  • Accurate and comprehensive information on financial exposure, compliance and audit
  • Ensuring Auditable secure information
  • Automating risk management process
  • Eliminating multiple internal governance and risk management solutions
  • Implementing IT platform for standardization, simplification & security
where should our focus be
Where Should Our Focus Be?


Governance Risks

Risks related to director’s decisions regarding board leadership, composition and structure, director and CEO selection, and other governance matters


Critical Enterprise Risks

The top five to ten risks that can threaten the company’s strategy, business model or viability


Board Approval Risks

The risks related to decisions the board must make with respect to important policy areas, such as major strategic initiatives, acquisitions or divestitures, major investments, entry into new markets etc.


Business Management Risks

Risks associated with ongoing day–to–day business operations


Emerging Risks

Emerging risks outside the scope of categories (1) through (4)

Most organizations today focus on the Business Management Risks only, which may end up creating ‘Blind Spots’ with respect some key existing and emerging risks

why is it important today more than ever 1 2
Why Is It Important Today More Than Ever? (1/2)

Ten Major Challenges Facing Businesses

Regulatory changes and increased regulatory scrutiny which may affect operations

Economic conditions in current markets may not present significant growth opportunities

Volatile global economic and political conditions

Succession challenges and the ability to attract /retain top talent may constrain efforts to achieve operational targets

Organic growth through existing customers presents a significant challenge

Source: Protiviti Bulletin: Setting the 2013 Audit Committee Agenda

why is it important today more than ever 2 2
Why Is It Important Today More Than Ever? (2/2)

Ten Major Challenges Facing Businesses

Ensuring identity management and information security protection could require resources which the organization may not have

Resistance to change could restrict the organization from making necessary adjustments to the business models and core operations

Organizations may not be able to meet performance expectations as well as competitors

An unexpected crisis could likely have a significant impact on reputation

Inability to use data analytics and big data to obtain the needed market intelligence

Source: Protiviti Bulletin: Setting the 2013 Audit Committee Agenda

gaps observed in the indian scenario
Gaps Observed In the Indian Scenario


Board acts as a ‘Paper’ board

Composed of family & insiders

Lack of Financial & Risk ‘literacy’

Board of Directors

Informal working procedures

Narrow focus on financials only




(Nom, Remun.,etc)

No or ineffective sub-committees

Unclear on oversight role for Risk & Control

No clear division between Board & Mgt

Uninformed board – poor Mgt information







Financial & Admin Management

Risk Management

Internal Control

companies bill 2012 an attempt to address some gaps
Companies Bill 2012 – An Attempt to Address Some Gaps
  • Crisper definition of ‘Independent Director’ which limits their relationship with promoters, management and Directors, as well as with auditors and other stakeholders
  • Limiting the number of memberships as Directors so as to improve the overall time and attention dedicated to the role as a Director
  • Requirement for attendance at Board Meetings to bring more seriousness to the responsibilities and role expected from a Director
  • Requiring the presence of a minimum number of Independent Directors on the Board of Directors
  • Limiting the tenure of Independent Directors so as to not compromise the ‘independence’ of the Board of Directors owing to longer tenures
  • The bill seeks to address gaps in terms of ‘COMPENTENCIES’ and ‘PARTICIPATION’ of Directors to do justice to the roles and responsibilities of Directors
shaping the 2013 risk oversight agenda
Shaping The 2013 Risk Oversight Agenda

The complexity and velocity of change in an increasingly interdependent world are altering the dynamics of doing business.

Such changing markets and circumstances spawn new risks, alter risk profiles, and reduce the effectiveness of established risk management capabilities.

Protiviti’s Risk Oversight Agenda ensures companies take such changes into account.

2013 risk oversight agenda key considerations 1 5
2013 Risk Oversight Agenda – Key Considerations (1/5)

With the beginning of the new year, it is imperative to check if the 2013 agenda for Board risk oversight is appropriately focused. This can be done by considering the following questions as reminders:


  • How often are matters other than ‘financials’ on the Audit Committee agenda?
  • Does the board discuss strategy, risks to strategy, sustainability initiatives and areas other than financials?
  • Has the company’s risk profile changed?
  • Has management updated the assessment of the organization’s most critical enterprise risks? Is the update consistent with the Board’s view?


2013 risk oversight agenda key considerations 5 5
2013 Risk Oversight Agenda – Key Considerations (5/5)


  • Does the Board periodically assess performance of Independent Directors?
  • Performance could be linked to the time they spend in discussions on strategy and issues facing the your company, past experiences they may have had, and other active involvements they may have currently
  • How robust and frequent is your audit committee’s evaluation of the external auditor?
  • Consider the evaluation criteria/metrics the board might want to set so as to evaluate them at the time of change in auditors


2013 risk oversight agenda key considerations 2 5
2013 Risk Oversight Agenda – Key Considerations (2/5)


  • Is the Board satisfied with the identification process in place for emerging risks?
  • Are risk assessments providing directors with insights they didn’t previously have?
  • Is the Board giving appropriate consideration to technology-related risks?
  • Rapid technological innovation is creating new risks in return for faster and more accessible data, making companies rethink as to how they can create value for customers


2013 risk oversight agenda key considerations 3 5
2013 Risk Oversight Agenda – Key Considerations (3/5)


  • Is the Board satisfied with the risk reporting it receives?
  • Risk reporting provides information about the critical enterprise risks and summarizes how those risks are managed. It is the responsibility of the Board to communicate additional information to the management
  • Does the Board understand key assumptions underlying the organization’s strategy?
  • The Board must check if these assumptions are being used to identify risk indicators to provide early warning of critical strategic assumptions becoming invalid as the company executes its strategy in a changing environment


2013 risk oversight agenda key considerations 4 5
2013 Risk Oversight Agenda – Key Considerations (4/5)


  • Does the Board periodically check for potential issues in company's culture and incentive compensation structure?
  • Lack of transparency, conflicts of interest and unbalanced compensation structures are warning signs for the Board, that have the potential of undermining the effectiveness of risk management
  • Is the Board satisfied with the sufficiency of resources within the company’s risk management?
  • Directors should inquire whether appropriate policies, processes, people, reporting, tools and incentives, along with a supportive culture are in place to mitigate key risks


2013 risk oversight agenda key considerations 5 51
2013 Risk Oversight Agenda – Key Considerations (5/5)


  • Does the Board periodically assess its risk oversight processes?
  • With an ever-changing business, technology and industry environment, an important question to ask is whether the Board has the requisite expertise to provide effective risk oversight
  • Is the company prepared to respond to extreme events?
  • Does the company have response plans for unlikely extreme events (These are events no one can predict or see coming)?