Ensuring the board assesses risk management in relation to top strategic business goals the company has set rather than in a vacuum is critical
Understanding the deeper significance that board oversight of a company’s framework for managing risk plays is critical for corporate secretaries, who are tasked with helping set the agenda of discussion topics for board meetings.
That was one of the takeaways from a panel discussion on enterprise risk management at the Society of Corporate Secretaries and Governance Professionals’ Essentials conference held in Orlando from January 29 through 31.
It’s critical that the corporate secretary, as a member of the management team, fully grasp the difference between the SEC’s view of risk factors and ERM, according to Kevin McMahon, chief compliance officer at Calpine.
He referred attendees to the January 2014 issue of The Conference Board’s Director Notes, titled ‘Risk oversight: evolving expectations for boards,’ which mentions rules the SEC recently adopted that require more rigorous disclosure of board involvement in the risk management process, including whether its oversight function is administered through the entire board or through a separate risk or audit committee.
That’s useful for a corporate secretary to understand insofar as he or she has some responsibility for proxy disclosures. But more critically, the corporate secretary has to help ensure that directors are able to assess the company’s risk management in connection with the company key strategic business goals.
‘[O]nly a minority of risk management frameworks in use today require formal risk assessments of the organization’s top strategic business objectives, and they often lack a formal process to identify business objectives that have been statistically shown to have a high likelihood of significantly eroding shareholder value,’ the Directors Notes article said.
The article cites survey results showing that currently linkages between strategic planning, compensation systems and formal risk assessment processes remain low worldwide.
McMahon told the audience that they, as corporate secretaries, need to interact with all the company’s business divisions so they can explain the risks in a unit far away that the board may not be familiar with. ‘You need to translate it into why it’s important for me as a director,’ he said.
When speaking with managers of individual business units about risks they’re confronting, corporate secretaries needs to be on alert for any filtering out of negative information. ‘Think of yourself as a deputized auditor,’ McMahon said. ‘People in the departments may not want to tell you about something because they haven’t figured out how to handle it yet.’
He advised that corporate secretaries take an inventory of all the events over the past year that impacted the company and assess whether or not the management team was prepared for each event. That should include product launches by strategic competitors and all FCPA-related events.
‘Then do the same thing for the board. Walk them through the last year’s events so they can understand the recommendations [for risk oversight] you’re making,’ he said.
Fostering a risk intelligent culture is one of six actions that panelist Maureen Bujno, a director in Deloitte’s Center for Corporate Governance, cited as helpful in assisting boards to better understand their risk governance role. Advising management on the development of a strategy that aligns with the organization’s mission and the short- and long-range visions of its stakeholders is one of the board’s primary roles, she said. Another action the board can take is to help the C-suite evaluate the level and kinds of risk the company is willing to take.
‘Some organizations do risk cultural surveys to assess what the appropriate risk to accept is,’ Bujno said. She recommended that corporate secretaries help ensure that discussion occurs in the boardroom about the level of strategic risk that management is comfortable with in deciding to pursue new business opportunities or markets.
‘Pull out the risk aspect of each topic discussion such as with financials,’ she suggested. ‘[Risk] should be addressed at every meeting every day.’
In addition, scheduling an occasional one-day retreat at an offsite location where the board can focus on risk strategy can be useful, she said.
The company’s governance team needs to think in advance about the story it wants to tell about the company’s risk management process, and use that to clarify the steps the board must take in order to be able to tell that story, panelist James Brashear, general counsel and corporate secretary at Zix Corp., told the audience. The corporate secretary’s input in that process is much needed, he added.
