Risk Management and Compliance identified as top five risk by boards in 2019

The Governance Evaluator 2019 Benchmark Report analysed evaluations from 92 boards comprising of 777 members across a range of sectors, with Risk Management and Compliance being identified as one of the top five risks for boards. 

Boards noted their areas for capability building related to the following: 

• understanding what the organisation’s top risks were and noted the need for being assured about these risks through insightful data-driven, trended and benchmarked reports 
• the setting of a clear risk appetite statement relating to their strategy 
• desire by all directors to know how to lead a culture of continuous review and development 

Directors stated that more training about Risk Management and gaining sector-specific knowledge and discussing the relevant associated risks were of high importance to them. 

There has never been a more important time to focus on having the right systems, processes and behaviours in place for assuring boards and directors of their governance risks. The revised ASX Corporate Governance Principles and Recommendations state that boards are to monitor the adequacy of their organisation’s risk management strategy, for both financial and non–financial risks. 

This includes ensuring risk strategies deal adequately with contemporary, emerging or unforeseen risks such as conduct risk, digital disruption, cybersecurity, privacy and data breaches, sustainability and climate change. 

One of the key roles of the board is to monitor the adequacy of the entity's risk management framework and satisfy itself that the entity is operating with due regard to the risk appetite set by the board. This is to instil and continually reinforce a culture across the organisation of acting lawfully, ethically and responsibly. 

Following are some effective strategies that Governance Evaluator has observed boards using to maintain their assurance for their governance risks: 

Leading a culture of continuous review and development from the top 

Following the recent Royal Commissions and Prudential enquiries, ASX revised their Corporate Governance Principles Guidelines and have increased focus on the following aimed at supporting a strong culture and governance: 

• annual whole board and individual director governance capability assessments 
• implementation and ongoing review of resulting board action plans and individual director development requirements 

Governance Evaluator has seen high growth in board and director evaluation and development programs and through this role modelling they are strengthening their culture for quality improvement across the organisation. This has been even more successful in the board’s that then utilised both group and individual director development action plans.  

Directors skills and capabilities for their governance risk oversight role: 

1. Understanding directors skills and experience before building governance risk oversight capabilities 

Over 50% of Governance Evaluator clients who undertake annual Board Evaluation also commenced a Director Development and Skills Matrix review culminating in Individual Director Induction and Development Plans. This resulted in:  

• assisting directors to understand their attributes and gaps, therefore focusing on developing skills for having a high-level knowledge of the nuances and risks relating to the organisation they govern 
• organisations developing relevant education plans 
• quarterly development plan reporting in board papers generating important discussion and accountability 

2. Becoming an expert on the organisation’s top risks, not just a subject expert 

It is not possible as a director to simply become a subject expert in order to have the right capabilities for oversight of sector and organisation specific risks. Rather, Governance Evaluator clients who have developed these capabilities specifically in the organisation’s top risks have:  

• included education about the organisation’s top risks as part of their director induction 
• invited their executives/managers to explain to them what are the top issues that keep them awake at night and what have they done to address such risks 

Directors receiving the right information to be assured of their Governance Risks 

1. Building the capabilities of Board Sub Committees: 

As over 60% of directors reported not feeling assured for their governance risks it is also important to discuss how organisations have improved their risk reporting to the boards. Focus on building the capabilities of Board Sub Committees for providing governance risk assurance has been successfully achieved through the following:  

• ensuring the structure, number and Terms of Reference of the committees reflect what’s required to support risk management and achievement of the organisation’s strategy 
• ensuring the right directors are on the relevant committees based on their skills with the executives and other experts on the committees 
• Sub Committees are reviewed annually and not afraid to discontinue if not required or serving purpose, and their structure is reviewed tri-annually in line with strategy 
• organisational accreditation and legislative requirements, for example responding to Standard 8 in Single Aged Care Quality Framework, are addressed by committee/s 
• all other organisational risks are divided across the committees 
• Terms of Reference containing:  
  1. Clear purpose 
  2. Skills for leadership and membership 
  3. Identified risks to monitor 
  4. Reporting to the board via dashboards and recommendations 

2. Reducing the volume and increasing sophistication of board papers and agendas through investing in governance risk reporting dashboard

Boards have significantly improved their Board Agendas and Papers through reducing the volume of their reports and increasing the sophistication of their papers. A key element of this has been:  

• creating risk reporting dashboards that come from the Board Sub Committees in relation to the risks they are tasked to have oversight for. This is more helpful for directors being assured than receiving just the minutes from the Board Sub Committees 
• ensuring that reports are insightful, data-driven, trended, benchmarked and contain relevant commentary. 
• ensuring the dashboards and reports are high level, reflecting the top risks and allow the directors to drill down into the detail if they wish or there is a red flag 

If you would like to talk to an expert for building your governance risk capabilities please book in for a free consultation with our governance expert, Fi Mercer.