Questions Every Board Should Ask About Risk Management

Board oversight is key to ensuring that management is accountable for risks facing the organization and is designing a strategy that aligns the appropriate degrees of acceptable risk with organizational goals and objectives. Risk conversations, as a dedicated part of every board meeting agenda, should consider the following questions:

Risk Environment

Common risk language iconIs there a common risk language spoken and understood throughout the organization and is the organization’s risk appetite reflective of the expectations of shareholders, regulators and other stakeholders?
Management responsibilities iconAre risk governance and management responsibilities clearly defined at all levels?
Process iconIs there a process in place for identifying, collecting information about, and providing timely alerts for emerging or changing risks?
Leadership managing risksHow well is leadership managing risks to growth, margin, assets, and purpose?  How do you know? 
Risk communications iconAre risk communications, training, and reporting insightful and engaging enough to be valued by leadership, management, and employees?

Risk Assessment

Risk Assessment Framework iconHas a risk assessment framework been customized to consider risk characteristics that are most critical across the organization?
Business Strategy iconAre risk identification and assessment linked to the business strategy?
Existing Controls and Process iconDo existing controls and processes adequately mitigate identified risks?
Responsibility iconHas risk oversight responsibility been appropriately allocated within the board and its committees?
Expertise iconDo our directors have the right level of expertise to oversee risks to the organization?
Risk Significance iconIs capital allocation aligned with and appropriate to assessed risk significance and magnitude?

Risk Monitoring

Strategy objectives iconAre all identified risk metrics properly aligned with strategy objectives to serve as indicators of potential problems?
Performance Evaluations iconIs accountability for risk reflective in executive and key management performance evaluations?
Risk Information iconIs risk management embedded in planning, communications, and training activities across all functions to ensure that we receive adequate and timely risk information?
Reporting of Risk iconIs the dialogue and reporting of risk throughout all levels, including the boardroom, open and ongoing?
Risk Disclosures iconAre our risk disclosures transparent and relevant to stakeholders?
Board iconHow do we as directors get comfortable that management is operating within risk, compliance, and ethics standards agreed to with the Board?
Failure iconIf the organization had a catastrophic failure, what assessments, testing, or validation could the Board rely on to demonstrate its oversight?