Risk Management committees have gained immensely in importance as the LODR focuses on their constitution and remit in a constructive and persuasive manner. Having led many such committees, i reflect on the constructs that will promote effectiveness.
- A strictly implemented charter must be established clearly specifying the Constitution with a significant number of Independent Directors and the leadership that can deliver optimal risk. Risk appetite must be clearly articulated in terms of tolerable value at risk. Parameters to measure severity of risk and likelihood of occurrence need to be established and reviewed continually. Dashboarding strategy and criteria that will reflect critical, moderate and tolerable risks may be specified. The constitution of the committee must be kept fluid so that many Board members, particularly the Independents get a chance to participate
- The Committee must support, empower and elevate the role of the Chief Risk Officer whilst also setting a tone of risk culture over risk compliance. The CRO should be allowed to develop risk champions in each department and also build a strong core team of ERM certified professionals. A strong relationship with the leading ‘Enterprise Risk Management’ professional body i.e. IRM would prove crucial in the long run i.e. for recruitment, trainings, developing certified risk champions, motivating the CRO in getting the certified fellowship status in ERM from IRM, attending global webinars, reading thought leadership and publications, etc.
- The committee must interact continually with the operating management to identify both risks and opportunities. The idea is to maximise risk adjusted returns. Frequency of meetings should be once a quarter. Choice of frameworks and computation methodologies must be extensively debated before implementation. While in house skills must be developed, external help may prove valuable.
- The committee must report its outcomes to the Audit committee and to the Board whilst also ensuring the disclosures in the Annual Report are not a replica of the previous year. The quality of reporting must be transformed with more transparency and qualitative disclosures thereby creating an aspirational value for other companies.
- The Committee must have a dedicated meeting every year to scan the environment, to create scenarios and to operationalise the actions on a prioritised basis. This will build a strong foundation for Horizon Scanning and Scenario Planning and motivate the CRO focus on Emerging Risks (Black Swans and Gray Rhinos) that may require a separate risk register, risk rating mechanism and heatmap.
- The committee may embrace new topics that are unfamiliar to the organisation and work out trainings and awareness programmes to initiate the innovations. Topics like Block Chain, Cybersecurity and Sustainability come readily to mind in this context.
- The committee must avail of external expertise where necessary and valuable to make a very reasoned set of recommendations particularly when there are large capital allocation, M&A or restructuring proposals, proposals involving huge reputational stakes, capital market issues or recommendations on capital evolution.
- A self appraisal and a submission to the Lead Director or NRC chair is very useful in continually improving committee performance.
The important learnings have been: Deep engagement, continuous interaction with the internal and external worlds, a reliance on robust processes and a desire to continually improve, and developing competence to Global standards are critical choices to embrace.
Blog Author: Shailesh Haribhakti, Governance Board Member, Institute of Risk Management (IRM, HQ:UK) – India Affiliate