Business First May-June 2017 Business First May 2017 - Page 21

Managing risk – the board’s role By IoD Chartered Director, Joy Allen ver the years, the governance failures we’ve seen on the news may have seemed remote. Surely it couldn’t happen to us? Yet every week, we see more and more boards who seem to have been sleeping on the job. So can we learn from their errors? One key aspect of corporate governance that we need to reflect on is Risk Management. Some of the boards I meet are just now beginning to develop a risk register. Their board meetings have talked about risks, and operational risks are considered on a daily basis – Health and Safety risks, Data Protection risks, Cyber Security risks, and others. There is recognition that a bit more formality may be useful, so higher level risks are being added to documents, and scoring mechanisms are seeking to estimate what the impact and likelihood of the risks may be. O Roads to ruin A fascinating report by Cass Business School (on behalf of Airmic), entitled ‘Roads to Ruin – the Analysis’ may contain some very valuable learning for our boards, specifically in relation to the thinking they need to do about potential risks. The report seeks to identify the origins and impact of over twenty major corporate crises in firms including Coca­Cola, Firestone, Shell, BP, Cadbury Schweppes, Northern Rock, Enron, Arthur Andersen, as well as some smaller firms. It provides detailed case studies analysing the impact of critical events on those enterprises, and on others around them, and offers learning about how we need to identify and manage risk. 7 Areas of Risk The weaknesses they found arose from seven key areas of risk that may be inherent in all firms and could pose serious threats if not dealt with. The key areas they identified were: 1. Board skill and NED control risks: less than optimal board competence and limited ability of Non­Executive Directors to monitor performance and, if necessary, to control the behaviours of Executive Directors. The Institute of Directors has recently published a Director Competency Framework that can support development in this area. 2. Board risk blindness: where boards engage more fully in matters of reward and opportunity than important risks, including reputational risk. In our experience, the annual Board Away Day should invest board thinking time to spot potential major risks. 3. Poor leadership on ethos and culture: there is a key role for boards in defining the desired culture for the organisation, articulating the values and behaviours that can drive that culture, identifying the gap between the optimal and the current culture, and investing in people development to close the gap effectively. 4.Defective communication: the flow of information, accurately presented, from the ‘coal face’ to the boardroom is key. A ‘no blame’ culture should enable performance reports to come ‘warts and all’ to the directors if effective decision making is to happen. 5. Risks arising from excessive complexity: directors need to be confident enough, and engaged enough, to challenge reports that bring lots of data but insufficient clarity about what’s going well and what’s not. 6. Risks arising from inappropriate incentives, whether explicit or implicit: the UK government’s recent consultation on corporate governance reform sought views on executive pay as one of its key areas. 7. Risk ‘Glass Ceilings’: the report highlights the danger of board level risks not being identified or articulated by risk managers, who are often at a lower level of management. Boards have a key role in doing the highest level of thinking about risk, and should invest in an independent review of governance to ensure that risks in the boardroom (including lack of director competence) are brought to light and addressed. Leading from the top There is a key role for the chairman of the board to lead board thinking in this area. They should ensure that people at all levels of the organisation, beginning with the board, are expected and supported to spot risks. As its better to learn from the mistakes of others before we make our own, perhaps we should be asking our company secr etary to provide regular briefings to our board about failures in other boardrooms and the lessons we can draw from them. The annual Board Away Day is vital to QUOTABLEQUOTE The chairman should ensure that there is real focus of the board’s thinking on areas of key risk. We mustn’t leave such vital work to middle managers in our companies. The boards that did are the ones we’ve been reading about in the headlines on governance failures. enable ‘clean sheet thinking’ about potential high level risks. Changes in our high level risk register should influence the planning of the agenda for board meetings. The chairman should ensure that there is real focus of the board’s thinking on areas of key risk. We mustn’t leave such vital work to middle managers in our companies. The boards that did are the ones we’ve been reading about in the headlines on governance failures. Joy Allen CDir is Managing Director of Leading Governance Ltd, and Lead Tutor for the Institute of Directors, delivering two modules of the Chartered Director Programme – ‘The Role of the Company Director and the Board’ and ‘The Director’s Role in Leading the Organisation’. She currently chairs the board of Morrow Communications Ltd and is a trustee for Alzheimer’s Society. The views expressed in this article are her personal views 19