Risk management continues to be an integral part of boardroom conversations. While the board isn’t required to manage day-to-day risks, it is responsible for ensuring that effective risk governance frameworks are in place to keep the organization’s risks in check.
With that in mind, Agenda asked Shellye Archambeau to identify the five questions that boards should be asking about risk management. Archambeau is CEO of MetricStream, a governance, risk and compliance software provider. She also serves on the boards of Nordstrom and Verizon Communications.
1. What are the top risks that need to be tackled as a priority?
Across industries, many believe that today’s No. 1 risk is cyber security, particularly in the aftermath of the recent Sony and Target breaches. Regulatory compliance risk is another top area of concern, given record-high fines issued for non-compliant behavior. Third-party risks have also become critical, as companies realize that a single disruption in vendor services or an incident of vendor non-compliance can affect the organization’s reputation and profitability. There are also geopolitical risks and reputational issues to consider. Each organization’s top risks are different, and it’s important for boards to understand what those top risk areas are, so they can respond in a targeted, focused and proactive manner.
2. What should management be doing to keep risks in check?
Management needs to look ahead to anticipate emerging risks, define risk thresholds and establish early warning mechanisms. The board looks to management to have the right people, processes and systems in place that can help leverage risk information to identify trends and predict future scenarios. From the board’s perspective, they need to ensure that information on risk is reported in a language and format that makes sense to them. When the board has actionable risk information, they can provide better strategic counsel and support.
Read the complete article at MetricStream