A white paper by Deloitte & Touche LLP, entitled “Risk Intelligence Governance – A Practical Guide for Boards”, laid out six general principles to help guide Boards in the area of risk governance. These six areas can be summarized as follows:
- Define the Board’s role. There must be a mutual understanding between the Board, CEO and senior management of the Board’s responsibilities.
- Foster a culture of risk management. All stakeholders should understand the risks involved and manage such risks accordingly.
- Incorporate risk management directly into a strategy. Oversee the design and implementation of risk evaluation and analysis.
- Help define the company’s appetite for risk. All stakeholders need to understand the company’s appetite or lack thereof for risk.
- How to execute the risk management process. Maintain an approach that is continually monitored and has continuing accountability.
- How to benchmark and evaluate the process. Systems need to be installed which allow for evaluation and modifying the risk management process as more information becomes available or facts or assumptions change.
All of these factors can be easily adapted to compliance and ethics risk management oversight. Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue.
Three key takeaways:
- The Board’s role is to keep really bad things from happening to a company.
- There are six general areas the point can inquire into and lead from.
- A Board should have direct access to information on the company’s compliance program.