Risk Oversight and the Board
Fourth Quarter 2013
Corporate Board Member
This fall, Thomson Reuters and NYSE Governance Services, Corporate Board Member collaborated on the 2013 Risk Oversight Survey to determine the quality and scope of information directors of publicly traded companies receive prior to board meetings and the ways in which they work with members of management to analyze and oversee risk throughout the organization. Through an analysis of this data, Corporate Board Member and Thomson Reuters sought to better understand how information can be disseminated more efficiently, to determine any gaps in focus and concentration that may exist, and to use this data to address solutions that create improved information flow and more effective organizational risk oversight.
The survey results demonstrate that while the vast majority (86%) of boards of publicly traded companies report they are very engaged in enterprise risk management, there are gaps in the ability to keep up with several emerging risk areas. Specifically, more traditional risk arenas, such as compliance, compensation, fraud, and M&A received much higher adequacy ratings than did newer, less formulaic areas such as IT security, social media, crisis management, and global business risk. These findings indicate that additional levels of information, focus, and expertise may be necessary at the board level to provide a greater comfort level with risk oversight in those areas.
The following are some additional research highlights:
A quarter of boards say there is a gap in risk oversight. Fully twenty-six percent (26%) of directors surveyed say they do not always receive information in enough time to thoroughly review it and prepare for board meetings. Of those, nearly the same amount also responded that they do not believe there is appropriate focus or concentration given to discussions of risk. Risk is necessary for success. Slightly more than half (51%) realize that some level of calculated risk is needed to spur innovation and growth; another 14% accept greater risk to maintain a leading competitive position.
Setting the tone for risk. While three quarters of respondents say they work together on setting the appetite and tone for risk, another 21% say management sets the risk tolerance levels, demonstrating that management at the majority of public companies is fully engaged in setting the tone for risk.
Still not enough time. Although most directors gave themselves passing marks with regard to spending the appropriate amount of time on risk, about a third say board agendas are so crowded its hard to drill down to the necessary details to do an even better job.
Smart devices for board information delivery are pervasive. Eight out of 10 directors receive their pre-board meeting packets on some type of smart device, and 90% rate such devices highly for security, portability, timeliness, and ease of flow.
Directors need more information on emerging risk areas. The majority of directors are comfortable they are receiving adequate information to make good decisions related to compliance, compensation, and internal fraud risk—all traditional board oversight areas. But information related to risk is lacking in emerging areas for board oversight: IT security and social media risk, as well as sustainability/ CSR and crisis management.