Risk oversight

July 2013

On June 4–5, 2013, members of the North American Audit Committee Leadership Network (ACLN) and the Lead Director Network (LDN) met jointly in New York to discuss the board’s oversight of risk, among other topics.

This document summarizes the key points that ACLN and LDN members raised in the discussion, along with background information and perspectives that members shared before the meeting. The discussion among ACLN and LDN members and other participants in the meeting brought forth three major points:

  • Boards are worried about long-term strategic risks
    While boards pay attention to many aspects of risk, an important priority is to help management understand and manage the most strategically important risks. Members mentioned the potential impact of disruptive innovation, which may be both difficult to anticipate and devastating. The board must push management to identify these types of risks, and it must assist in the process by discussing strategic risks frequently and seeking the input of outsiders.

  • All board directors should engage in risk oversight
    Members said that all board directors should contribute their expertise and judgment to the board’s efforts to oversee risk. Many members noted that the full board is ultimately in charge of risk oversight. At the same time, various committees of the board, especially the audit committee and the risk committee (if there is one), are likely to play important roles, by overseeing the overall process and/or by taking responsibility for the oversight of specific risks.

  • Risk disclosures should reflect the board’s discussion of risk
    Disclosures about risk, risk management, and the board’s oversight role are increasingly important elements of reporting to regulators, shareholders, and the wider public. One member suggested that companies may be wary of divulging competitive information in risk disclosures. However, Michael Smith, a partner at King & Spalding, noted that disclosures should reflect the board’s concerns regarding risk. The board should review the risk factors disclosed by the company to assure they are aligned with the boards’ view of risks.