David Tate
Norman's blog:
-
Because of the increasing complexity of
risk , the threat and reality of new regulation, heightened public interest, and the Internet-enabled speed at which issues can turn into crises, boards are fundamentally reassessing this aspect of their work. They are demanding additional resources, improved data, and sharpening boundaries around oversight. They are looking more critically at themselves, asking how they can best support the business, in part, by challenging risk issues. They are seeking to exploit their knowledge and understanding of risk to enhance strategic debate and decision-making and gain commercial advantage. - If you are risk averse, you don’t go anywhere. The profit of tomorrow comes from the risk you take today.
- Risk oversight is how boards put the appropriate risk appetite in place and ensure it is informing decision-making on a multitude of issues.
- Risk is both necessary and good – up to a point. The continual challenge is to identify the tipping point between opportunity and peril, and set the risk appetite dial accordingly.
- Risk must be the responsibility of the whole board, prepared by the audit committee. There is a danger in multiplying committees and losing focus.
- Risk metrics are important to a board’s oversight of risk. But beware of people who bring you simple solutions to complex problems.
- Many board members express skepticism about the risk reports they receive. They offer little opportunity for directors to dig into the assumptions and interrogate the data. Even when the data capture is sufficiently rigorous, interviewees say, risk reports are often triumphs of advocacy, victims of over-refinement, or simply over-aggregated. Directors say they require less refined, more granular data, and they want it earlier in the business cycle. They need more leading indicators and predictive data in order to help with forward-looking risk assessments.
- There’s only one way we’re going to find out what’s really going on, and that’s by bringing the right people within the company to our board discussions and generating the right kind of dialogue with them.
- The real evolution and value will come when risk finds its way into day-to-day behavior and culture. It will become one of the things that people pay attention to. It will become part of what people do implicitly.
- You don’t get a better system by adding more controls. Instead you should focus on the values and cultures within the company. That’s the most important thing.
- Boards should be particularly alert to poor management style and behavior in the organization, as these will tend to be replicated at the front-line.
- Boards should push for the integration of risk sensitivity and consciousness into performance management.