There is an assumption in too many boardrooms that, as long as one of the board committees has looked into a particular issue, the directors can be discharged of their responsibilities for critically appraising the risks associated with achieving the business plan.
There is anecdotal evidence that the only attention given by some boards to risk is a passing nod when the audit committee gives its review of the effectiveness of the company’s internal control systems.
The 1999 Turnbull Guidance noted the correlation between profits and successful, controlled risk-taking. Directors should concern themselves with the company’s appetite for risk. The risks to be considered include financial, operational, macro-economic, environmental, legal and regulatory, and product-obsolescence risks, among others.
The situation has come about partly as a result of the Combined Code’s emphasis on board committees, which has created the impression that the responsibility of the board can be discharged by its committees. In some matters it cannot. Even the Turnbull Guidance said that the use of board committees in the process depends on a number of factors, including “the nature of the significant risks that the company faces”.
The Combined Code should encourage the embedding of risk analysis within business objectives and strategy. On the basis of appropriate advice from the company’s risk manager and, where necessary, external professional assistance, the board should be responsible for agreeing the risk parameters within which the company should operate. This is a matter for the board acting collectively: it is not one that can be delegated to a board committee. This does not mean that the Code should in any way discourage risk taking per se, rather that the extent of the risks should be agreed by the board, as stewards of the owners’ assets. The board should not only review the matter of risk on a regular basis but also should set out its policy clearly so that this can be implemented on a day-to-day basis.
Advertisement
In the light of recent events in the banking sector, it is essential that establishing the company’s risk appetite should be considered a primary function of the full board. Risk needs to be given a higher profile at board level and directors need to be aware that it is their responsibility to be alert to new and emerging risks. To achieve this requires a change in the definition of corporate governance in the preamble to the Combined Code. The sentence which states, “Good governance should facilitate efficient, effective and entrepreneurial management that can deliver shareholder value over the longer term” should be extended to include the phrase “within appropriate risk parameters established by the board”.
— David Wilson is Policy and Strategy Director at the Institute of Chartered Secretaries and Administrators. He was also a member of the Turnbull Committee on Internal Control for Listed Companies.