Articles: Boards, Audit Committee, and ERM

  • Confronting Risk Culture at the Board Level

    October 01, 2012

    Tackling risk culture head-on – that is, the collective way in which personnel within an organization think about, communicate about, and behave in relation to risk – may be one of the most overlooked critical elements of an organization’s risk management processes. A recent thought paper by the Institute of Risk Management (IRM) tackles the topic of risk culture, arguing that a healthy risk culture is critical to successful risk management because it forms the foundation upon which all risk management practices are built. The thought paper highlights several approaches and tools for boards to use in fulfilling this important function in governing risk management, given that boards are ultimately responsible for understanding and guiding an organization’s risk culture.

  • The Importance of Board Support for Enterprise Risk Management: Part 3

    August 03, 2012

    A critical element for the success of any ERM effort is the involvement and "buy-in" of the board of directors. Michael Somich, Executive Director of Internal Audit at Duke University, discusses the involvement of the board at Duke and how they have bought into the ERM process and how they see the value it brings to the table when discussing risks on a macro-level.

  • Beasley Moderates Discussion Between Senator Sarbanes and Representative Oxley

    July 30, 2012

    Mark Beasley, Deloitte Professor of ERM at NC State, moderated a live discussion between former Senator Paul Sarbanes and Representative Mike Oxley on July 30, 2012, which marked the 10th anniversary to the day of the signing by President Bush of the Sarbanes-Oxley Act of 2002. Senator Sarbanes and Representative Oxley provided insights about the legislation and their assessments of the effectiveness of the Act, and they shared thoughts about visions for the future.

  • The Importance of Board Support for Enterprise Risk Management: Part 2

    July 06, 2012

    A critical element for the success of any ERM effort is the involvement and "buy-in" of the board of directors. Michael Somich, Executive Director of Internal Audit at Duke University, discusses the involvement of the board at Duke and how they have bought into the ERM process and how they see the value it brings to the table when discussing risks on a macro-level.

  • The Importance of Board Support for Enterprise Risk Management: Part 1

    June 04, 2012

    A critical element for the success of any ERM effort is the involvement and "buy-in" of the board of directors. Michael Somich, Executive Director of Internal Audit at Duke University, discusses the involvement of the board at Duke and how they have bought into the ERM process and how they see the value it brings to the table when discussing risks on a macro-level.

  • Risk Appetite: A Conversation of Governance

    June 01, 2012

    Managers often view risk appetite as a highly theoretical concept: one that is determined instead of discussed, irrelevant instead of practical, or static instead of adaptive. This paradigm is due to the notion that risk appetite reflects a short term risk philosophy of the company, and the frequency of which risk appetite is viewed as being congruent with risk tolerance. The authors of this Protiviti white paper discuss the importance of developing and maintaining a risk appetite statement as well as using it to spur conversation between management and the board of directors in the governance process.

  • Preparing for a Corporate Crisis Before Significant Risks Materialize

    June 01, 2012

    A recent article from Practical Law The Journal offers boards guidance on preparing and responding to a corporate crisis. A lack of proper planning can make both managing crisis situations more difficult and possibly lead to more damage. The article discusses five steps the board and management can adopt to better prepare for a crisis once a significant risk materializes. A strong board culture is also highlighted as an important factor in responding to a crisis. Strategies are offered for promoting an effective board culture.

  • Allegations of Risk Management Overrides Swirl at JPMorgan Chase

    May 15, 2012

    The turmoil surrounding recent announcements of over $2 billion in trading losses at JPMorgan Chase is now shining a spotlight on risk management failures at the bank. A front-page story in The New York Times (May 15, 2012) reveals that in the years leading up to the bank’s trading loss, risk managers and some senior investment bankers raised concerns that the bank was making increasingly large investments in complex trades, but their concerns were ignored and dismissed. Some allege that the senior executives failed to respond to concerns from internal risk officers, who were largely side-lined. This unfolding story is highlighting the critical importance of the tone at the top regarding maintaining and enforcing an appropriate risk management culture and continues to support the call for direct lines of reporting from chief risk officers to independent members of the board of directors.

  • Leading a Risk Team

    April 01, 2012

    Despite the attempts by many organizations to strengthen their risk oversight efforts, many organizations’ approach to strengthen their corporate risk management are still missing the mark. Unfortunately, many attack the challenge by focusing on pockets of risks, such as insurance, compliance, and fraud prevention, and they fail to focus on those risks most likely to impact the value of the business – strategic risks. Furthermore, some organizations have over-complicated their risk oversight processes by focusing on a form-over-substance approach to what they are trying to achieve. A recent article in CFO.com highlights ways to increase the relevance of a risk management program.

  • Responding to Shifting Global Risk Trends

    March 01, 2012

    The experiences associated with natural disasters and political events that occurred in 2011 are have implications for the kinds of risks organizations may need to consider in the near future. Lessons learned from prior events help challenge boards and senior executives as they think about the need to restructure their approach to risk management and their design of responses to these types of risks, according to a recent report by PricewaterhouseCoopers (PwC), Risk in Review: Rethinking risk management for new market realities. This report is based on the results of PwC’s 15th annual Global CEO Survey, in which more than 1,000 executives and risk management leaders responded on which risks are most significant to their company and how they plan to mitigate those risks.

  • Is it Necessary to Have a Separate Risk Committee?

    February 01, 2012

    A hot topic in risk management discussions within organizations is the debate about whether a separate risk committee is necessary for a company to have effective enterprise risk management processes. The authors of this Conference Board article believe“It depends.” The risk management process is a very individualized process. Organizations need to take a long look in the mirror to ensure that a separate risk committee would not create more unnecessary bureaucracy. By learning the business and its strategies more intimately, the organization can determine the risk environment of the firm at a higher level, which in turn will give insights into the necessity/requirement of having a separate risk committee.

  • Compiling and Presenting Interview Data from Risk Interviews

    January 10, 2012

    After conducting 80-90 interviews seeking the identification of major risk exposures facing the company, David Hughes, Assistant VP of ERM and Business Continuity Planning at Hospital Corporation of America (HCA) has a massive amount of data to compile and disseminate. During our interview of David, he speaks about how HCA breaks down the top ten risks by the type of risk and by level of management who identifies a risk to be a major risk. Hughes also tells how HCA informs its board members about what the top risks that the corporation faces as a whole.

  • Risk Management in Deloitte’s 2011 Board Practices Report

    January 01, 2012

    Deloitte’s 2011 Board Practices Report provides current information on topics of corporate governance. The report is based on the results of a survey distributed to the members of the Society of Corporate Secretaries and Governance Professionals, Inc. This summary highlights the findings related to strategy and risk management. Questions relating to strategy included the level of board involvement and how strategy is developed. The risk management discussion focused on risk oversight as well as how well it aligns with the company’s strategy.

  • Risk Committees

    January 01, 2012

    While most often the board of directors delegates risk oversight to the audit committee, increasingly boards of creating separate board level risk committees charged with that responsibility. This is particularly true for financial services firms, given requirements imposed by the Dodd-Frank legislation for larger banks to form separate risk committees. In an effort to assist companies who are considering the establishment of a board risk committee, Deloitte has organized a resource guide of ideas, recommendations, and specific tools. This resource will help assist those entities that will need to be in compliance with the Federal Reserve’s requirements developed to implement the provisions of Dodd-Frank. Although the guide is helpful for companies that must comply with the new Dodd-Frank regulations, it can be useful for any company that wishes to obtain more information on risk governance and oversight.

  • Annual Corporate Director Survey Focuses on Risk Management

    October 01, 2011

    PwC’s 2011 Annual Corporate Director Survey report summarizes the responses of 834 corporate directors concerning stakeholder concerns. Critical areas highlighted in the findings were executive compensation, succession planning, and risk management. Given that expectations of governance oversight have reached unprecedented levels, boards are working to adapt their risk oversight role to the shifting risk landscape. See what directors say about their risk oversight maturity.

  • Audit Committees Concerns About IT Risks

    October 01, 2011

    KPMG’s Audit Committee Institute recently published its 2011 Public Company Audit Committee Member Survey Report. This report covers the most prevalent issues audit committees would like allocate more attention to over the coming year. One of the concerns that are at the top of their list is the oversight of IT risks and emerging technologies. There is a strong desire among audit committees to improve the quality of information concerning these risks.

  • Audit Committees Call for Better Risk Management

    October 01, 2011

    Risk management was named as a priority issue for audit committees in the 2011 Public Company Audit Committee Member Survey Report recently released by KPMG’s Audit Committee Institute. This report, which summarizes top issues audit committees will be devoting more attention to over the next year, identified the oversight of risk management as being only second to the audit committee’s specific focus on IT risk. Heightened uncertainty and complexity in business continue to demand that companies have more effective risk management programs and risk oversight, and the audit committee is feeling pressure to have a good understanding of those issues.

  • Risk Oversight Improving: 2011 Proxy Disclosures

    August 30, 2011

    After conducting a second analysis of risk-related proxy disclosures of S&P 200 companies, Deloitte found that overall risk practices improved between 2010 and 2011. There were percentage increases in 11 out of the 12 considerations used in the research. In 2011, more companies disclosed that their risk oversight/management processes were aligned with the corporate strategy. In addition, more companies disclosed that other board committees, than solely the audit committee, are involved in risk oversight.

  • Does Reliance on Board Subcommittees Lead to Silo-Risk Management?

    June 14, 2011

    Most boards of directors create subcommittees to manage certain types of board oversight responsibilities. Most boards have audit committees to oversee the financial reporting process and compensation committees to oversee senior executive compensation plans. Other committees might include nominating committees, compliance committees, and in certain industries, risk committees. As responsibilities for boards continue to increase, the agendas of both the full board and their subcommittees are becoming increasingly large and complex. A recent article in Directorship raises the concern that the creation of subcommittees and their related committee charters are leading to more silo-ed oversight of risks whereby certain categories of risks are managed by specific committees leaving little opportunity for the board as a whole to obtain an enterprise-wide or aggregate view of the entity’s most significant risks. The author encourages boards to engage in “risk mapping” to ensure the board has a sufficiently comprehensive view of the entity’s most significant risk exposures.

  • Assessing ERM Programs

    June 01, 2011

    An effective enterprise risk management (ERM) program can significantly help an organization see and take action on risks that may be affecting the achievement of their core strategic objectives. Organizations are increasingly realizing the benefits of strengthening their processes for managing the multitude of risks it faces and boards are holding management more accountable for the effectiveness of those processes. As these processes are designed and implemented, questions often arise as to whether those processes are the correct ones and whether they are consistent with emerging best practices. With growing frequency, the board and senior management are turning to internal audit to provide an objective assessment of their ERM processes. The June 2011 cover story article in Internal Auditor, highlights the role of internal audit in providing those assessment for the board.

  • A Comprehensive Guide to Risk Appetite and Risk Tolerance

    May 01, 2011

    With the scarcity of useful guidance to help organizations determine risk appetite and risk tolerance, the Institute of Risk Management (IRM) is seeking to clarify and produce guidance to more effectively communicate an understanding of risk appetite. As a result, IRM released a consultation paper with detailed approaches for developing and using risk appetite and risk tolerance in risk management. In addition to the guidance provided, questions are listed throughout the document with the suggestion that they be asked in the boardroom to ensure that risk appetite and risk tolerance are being adequately addressed.

  • Five Categories for Focusing Risk Oversight

    April 26, 2011

    A whitepaper published by Protiviti explores five categories the board may want to consider in determining whether to adopt a risk language specific to the organization for risk oversight.

  • Webinar Featuring Insights from Two COSO Risk Oversight Reports

    February 09, 2011

    Listen to a one-hour webinar, ERM and Board Risk Oversight – A Tale of Two Surveys from COSO, that highlights key findings and insights from two recent COSO released survey reports on the current state of enterprise risk management. The webinar features Dave Landsittel, Chairman, COSO, Mark Beasley, Director of the ERM Initiative at NC State, and Jim DeLoach, Protivi Managing Director. Click here to listen to the webinar and click here to view the presentation.

  • Improving Board Risk Oversight

    February 03, 2011

    The spotlight has turned to boards and the result is boards are trying to assess how they should strengthen their own processes to enhance their effectiveness in risk oversight. While some boards seem to be on top of their oversight of the major risk exposures facing the organization, other boards are struggling to understand their role in risk oversight and finding difficulty in pinpointing effective processes to help them. This article highlights two overarching board risk oversight responsibilities and suggests several questions for the board to consider as it assesses its ability to assume those responsibilities.

  • A Survey of Global Risk Management in a Changing Environment

    February 01, 2011

    After the recent global financial crisis, many economies and financial markets around the world appear to be strengthening. However, serious concerns still exist as organizations are not returning to the same environment, but rather one that is constantly changing. That reality is causing many organizations to change their risk management approach. Deloitte recently conducted a survey of financial institutions in an effort to understand the state of risk management in this new environment. Though the survey analyzes the financial industry, this white paper is applicable to many different types of organizations.

  • Shareholders Push Boards to Manage Social and Environmental Risks

    January 01, 2011

    Shareholders are increasingly focusing on how boards of directors are overseeing risks and exploring opportunities related to social responsibility and environmental issues. Investors are particularly interested in how social and environmental factors might have a significant impact on an organization’s business. A whitepaper released by Ernst & Young discusses how the number of shareholder proposals with a particular focus on the growth and traction of corporate social responsibility are noticeably increasing over prior years. The thought paper provides suggestions to help boards and senior executives improve corporate social responsibility and to respond and anticipate shareholder concerns.

  • 2010 Report on ERM

    December 21, 2010

    COSO commissioned the ERM Initiative at North Carolina State University to survey senior management executives about the current state of enterprise-wide risk oversight. This report summarizes key findings from the analysis of responses from 460 senior executives about key elements of how they oversee their organization’s most significant risks. Findings suggest that there is room for improvement in enterprise risk management processes across most organizations, with almost 60 percent of respondents admitting that their risk management processes are ad hoc and informal and almost half (42.4 percent) describing their organization’s level of functioning of ERM processes as “very immature” or “somewhat mature”. The report also noted that most organizations turn to COSO’s 2004 Enterprise Risk Management – Integrated Framework as a guide to help them strengthen their risk oversight processes.

  • Board Risk Oversight – A Progress Report

    December 21, 2010

    COSO, in partnership with Protiviti, surveyed over 200 individuals currently serving on corporate boards of directors about the current state of enterprise risk management. Board members were divided on the effectiveness and maturity of their processes and efforts, according to the survey. While 53 percent of participants rated the risk oversight process in their organizations as “effective” or “highly effective,” more than 70 percent indicated that their boards are not formally executing mature and robust risk oversight processes. This report summarizes insights based on the results of this survey, including Protiviti’s insights and recommendations for improvement.

  • Corporate Directors Survey Clarifies Current Board Risk Management Practices

    December 02, 2010

    PricewaterhouseCooper’s 2010 Annual Corporate Directors Survey resulted in responses from 1,110 corporate board members, representing 819 separate boards. Key findings shed insights on corporate directors’ experience and opinions with current risk management practices.

  • Avoid Being Blindsided by Risks: Focus on Key Assumptions

    December 01, 2010

    Strategic risks and opportunities are constantly changing in the business environment, especially in the current volatile economic climate. The roller coaster of uncertainty often results in organizational leaders being blindsided by unexpected emerging risks that they did not consider in strategic planning. Sometimes that surprise is a result of management’s incomplete understanding of key assumptions underlying their strategic risks and opportunities. This Deloitte thought paper discusses some common reasons for this blind spot and presents a risk intelligent strategy to address this issue.

  • Board Risk Oversight: Insights from Recent Proxy Disclosures

    December 01, 2010

    Deloitte & Touche LLP analyzed a sample of approximately 400 organizations’ proxy disclosures about the board’s role in risk oversight that were new in 2010 for public companies. Several observations were obtained from this review that Deloitte summarized in their report, including insights as to how boards are approaching their risk oversight responsibilities. The report noted that there are vast improvements that still need to be made moving forward.

  • Intensifying Dialogue on Risk and Strategy: A Banking Perspective

    November 15, 2010

    Technologies, products, and institutions are constantly becoming more complex, which ultimately increases the risks that organizations face. During recent economic crisis, the banking industry has experienced this first-hand. This white paper provides an analysis of how banks are improving their risk governance through enhanced dialogue of risk and strategy between the Board of Directors and management. Though this white paper contains a research study conducted on the banking industry, it is still applicable to other types of organizations.

  • Guidelines for Effective Risk Oversight

    October 01, 2010

    The International Corporate Governance Network (ICGN) recently released Guidelines, designed to assess institutional investors in their evaluation of the board of directors’ effectiveness in risk oversight in organizations across the globe. The board, management, and shareholders each have distinctive roles and responsibilities over the risk management process. These guidelines assist investors in further defining these roles and responsibilities, which ultimately lead an organization to possessing a strong risk oversight program.

  • Strengthening the Risk Oversight Process

    September 30, 2010

    The board of directors should continue to participate in the risk oversight process and consider going above and beyond reviewing risk assessments on an annual basis. A whitepaper released by Protiviti lists elements of the risk oversight process that boards may want to consider when refining the process and aligning it with the organization’s strategy.

  • Current state of the Internal Audit Profession and Risk Oversight

    June 11, 2010

    The fallout from the recent financial crisis has quickly changed the way many companies operate. Internal audit is the one branch of an organization that has the authority, knowledge and reach to identify and address significant challenges faced. This report is the 6th annual assessment of the Internal Audit profession by PwC and indicates that while companies recognize the priorities of internal audit, there is a gap in achieving these key attributes.

  • Organizations are Currently Focusing on Strategy and Growth, While Audit Committees Focus on Risks

    May 03, 2010

    As the road to economic recovery lies ahead for organizations, boards and audit committees are focusing on their organizations’ strategies to achieve growth. However, audit committees are also evaluating the risks created by these new strategies to ensure these risks are managed in order for their strategies to be successful. This KPMG white-paper highlights key issues for boards and audit committees to consider as they strategically lead their organizations through the uncertain future.

  • A Survey of Recent Proxy Statement Disclosures

    April 01, 2010

    The recent additions to the list of SEC mandated disclosures require companies to provide descriptions of the board of director’s role in risk management oversight. This article has surveyed a random sample of 50 proxy statements of S&P 500 companies since February 28, 2010 in order to assess how companies are approaching these new requirements. Among the most common themes was the increasing use of an enterprise-wide approach to risk management.

  • Managing Risks with Sustainable Practices

    March 01, 2010

    On March 11, 2010, the Coalition for Environmentally Responsible Economics (Ceres) issued its report The 21st Century Corporation: The Ceres Roadmap for Sustainability. Ceres hopes to target boards of directors of corporations with this report, encouraging them to take advantage of sustainability opportunities with relation to managing risks. The report contains twenty key expectations related to governance, stakeholder engagement, disclosure and performance. Through focusing on setting new standards and expectations for business leadership, Ceres hopes to guide companies on their journey to comprehensive sustainability.

  • Report on the Current State of Enterprise Risk Oversight: 2nd Edition

    February 01, 2010

    This second edition report from the ERM Initiative at NC State University and the AICPA provides insight on how boards and senior management teams are responding the challenges of risk oversight in the current economic state. Increased pressures to strengthen risk oversight have pushed some management teams to implement an enterprise-wide approach to risk management while other organizations have maintained their traditional risk management procedures. The report indicates that over 76% of respondents indicated that key risks are being communicated on an ad hoc basis at management meetings, and that almost 70% noted that management does not report the entity’s top risk exposures to the board of directors. About half (48%) admit that they are “Not at All Satisfied” or are “Minimally” satisfied with the nature and extent of reporting to senior executives of key risk indicators.

  • Where are the Directors?!?

    January 01, 2010

    This article describes behavioral problems within boards of directors that can lead to unnecessary risks being taken and CEOs dominating board decisions and involvement. According to this Conference Board Review article, board members are often bombarded by CEOs individually and conquered before they are able to meet and make a decision as a group. Due to certain attitudes directors possess about their job descriptions, they forget about their responsibility to shareholders and allow the CEO to influence their decisions to an extreme extent. David Zweig, the author of the article, compares directors to ornaments on a Christmas tree. According to him, the only way to change the current relationship between the board of directors and their corporations is to alter their beliefs and ways of thinking while on the job.

  • Board Risk Oversight: Adapting to Regulatory Developments and Emerging Practices

    November 01, 2009

    The increased focus on corporate risk management practices in all U.S. listed companies has placed greater pressure on boards of directors and senior executives to evaluate their risk management structures. This Conference Board report provides valuable information for directors and senior executives including emerging risk management trends and an overview of the regulations related to risk management efforts.

  • Risk Governance: Balancing Risk and Reward

    October 01, 2009

    In October 2009, the National Association of Corporate Directors (NACD) issued a Blue Ribbon Commission report containing guidance for board members regarding how to strengthen their risk oversight practices. The report describes the importance of risk governance and strategic risk alignment, and highlights that the board should be fully responsible for risk oversight, only delegating tasks that might need a more specialized focus. At the end of the day, the board as a whole should be in charge of ensuring that management has aligned their strategy and risk appetite for the company.

  • Key Concerns of Boards

    October 01, 2009

    The trend towards greater scrutiny over boards of directors continues and some argue that proposed changes to board governance could dramatically reshape the corporate landscape. As one of the world’s leading executive research firms, Spencer Stuart, has extensive industry knowledge and talent to advise firms on leadership decisions. This 24th edition of the Spencer Stuart Board Index, compiles several benchmarking statistics regarding boards of directors for organizations in the S&P 500 and it provides some perspectives about what changes might be in store for boards in the near future.

  • Integrating Risks and Strategies to Foster Stakeholder Value Growth

    October 01, 2009

    Every strategy that an organization undertakes in order to grow stakeholder value has risks and opportunities associated with it. There can be opportunity encompassed in a strategic plan that will increase stakeholder value, but the pursuit for this opportunity also brings risks that may decrease stakeholder value. Unfortunately, most organizations today do not integrate these two aspects into their strategic planning process. This white paper outlines tools that will help boards maximize stakeholder value by incorporating opportunities and risks into the strategic planning process.

  • Corporate Governance Update:  Boards Play a Leading Role in Risk Management Oversight

    September 24, 2009

    The topic of risk management has become increasingly popular in corporate governance as a result of the financial meltdown and credit crisis. An organization’s risk culture, awareness and appetite should be investigated and communicated at all levels through the enterprise. It is important that not only management, but the board of directors as well, understand their roles within risk management in order for implementation to be effective and efficient.

  • Risk Intelligent Governance: A Practical Guide for Boards

    August 20, 2009

    A recent whitepaper issued by Deloitte LLP provides practical guidance for boards of directors to follow when enabling and executing “risk intelligent” governance. This whitepaper provides approaches to create value by implementing effective risk governance and to integrate different organizational sectors so that risks can be communicated and addressed at an entity level. Rather than being a comprehensive framework or set of risk management rules, this guidance provides a means to provoke thought on risk governance and provide the board with a reference point for implementing the appropriate risk oversight and governance procedures.

  • A New Landscape for Risk Management and Oversight

    August 01, 2009

    In response to the current economic crisis, company boards and audit committees are looking for ways to improve their approach to risk oversight. Risk management perspectives are becoming more focused on external versus internal factors and are being broadened to a long-term approach. The board of directors and audit committee should give more attention to the entity’s risk appetite to ensure that the risks being taken are in alignment with the entity’s strategic objectives. The approach to risk management should be broadened, dynamic, and long-term. This whitepaper discusses how to evaluate the quality of a risk management system and how to ensure that a risk oversight strategy is appropriate.

  • Internal Audit and Risk Oversight

    August 01, 2009

    The Institute of Internal Auditors recently issued two new practice advisories related to risk management. The first practice advisory, titled “Using the Risk Management Process in Internal Audit Planning”, deals with coordinating internal audit activity with risk management. The second practice advisory, titled “Assurance Maps”, centers on identifying and addressing any gaps in the risk management process.

  • Walker Review on Corporate Governance in the UK Banking Industry

    July 16, 2009

    Governance failures contributed materially to the excessive risk taking leading to the financial crisis, and improved governance is key to decreasing the chance of these events recurring. The Walker Review examines corporate governance in the UK banking industry and many of its conclusions and recommendations center on increasing risk focus and discussions at the board level. The review provides 39 recommendations covering topics such as board size, composition and qualification; functioning of the board and evaluation of performance; the role of institutional shareholders related to communication and engagement; governance of risk; and remuneration.

  • Shifting of Internal Audit Strategy and Focus

    July 01, 2009

    Findings from a survey and roundtable of internal audit executives, service providers, and regulators show that internal audit is changing its risk priorities and audit coverage in response to changing stakeholder expectations in the current economic crisis. Internal audit is taking on a more strategic role in the organization and focusing more on ERM processes and recession-related risks.

  • How Risk Management Is Changing in Response to the Economic Crisis

    July 01, 2009

    The economic crisis is changing the risk management landscape in various ways. The government bailouts enacted in response to the economic crisis will have many effects, with the greatest potential effect on risk appetites of organizations. The magnitude and frequency of bailouts could encourage increased risk appetites or there could be increased risk aversion in response to what is currently perceived as a high-risk environment. Another way in which the economic crisis is shaping risk management is that increased security risks and decreased security budgets are encouraging an enterprise risk perspective to better enable organizations to track, quantify, and analyze shifting thresholds of risk. This enhanced perspective can then be used to address concerns such as insider threats, information risk, and product protection.

  • Getting Executive Compensation Right

    July 01, 2009

    Executive compensation systems are often criticized for rewarding the wrong things, ignoring shareholder objections, focusing on short-term results, and being too opaque. Finding the appropriate level and type of compensation is an important first step to improving effectiveness of pay packages. There are also several actions that boards and shareholders can take in working towards improved executive compensation systems.

  • Culture of Candor

    June 01, 2009

    Performance of leaders is increasingly being measured based on the extent to which they create economically, ethically, and socially sustainable organizations. Increased transparency is an important step for leaders making this shift. An improved culture of candor can benefit organizational performance and there are several steps outlined for leaders seeking to create increased transparency. There is no easy way to institutionalize candor. Positive steps towards increased transparency are described but true transparency will require ongoing effort, sustained attention, and constant vigilance.

  • Increasing Oversight by Audit Committees

    May 01, 2009

    Audit committees are responding to the recent financial crisis by refocusing and increasing their oversight efforts. Committees report a renewed focus on the “basics” of oversight that include better education by management, closer connections with management teams, exercising skepticism and testing information, and an increased focus on accountability. Audit committees are now prioritizing their focus on ensuring they receive quality information about the company’s business activities and risks and oversight of the company’s risk management processes.

  • Risk Culture of Companies

    April 15, 2009

    Risk culture is an area of risk management that has become a recent focus for many boards. Risk culture is the system of values and behaviors present in an organization that shapes risk decisions of management and employees. A first step to addressing the risk culture of an organization is a conversation among management and the board involving topics such as “tone at the top”, effective communication, and appropriate incentives. A strong risk culture will take time to develop in an organization and its presence will mean that employees know what a company stands for, the boundaries within which it can operate, and that they can openly discuss which risks should be taken in order to achieve the company’s long-term strategic goals.

  • Effects of Economic Crisis on Corporate Governance

    March 31, 2009

    The economic crisis is impacting the future of corporate governance. With boards being one of the players blamed for the crisis, their roles are shifting and growing in importance, with increasing focus on board oversight of risk, redefined roles between boards and management, and reassessments of executive compensation policies. As the concept of corporate governance evolves, a positive outcome may be that the focus will shift from short-term performance measures to the long-term sustainability of businesses.

  • Audit Committee Member Survey

    March 01, 2009

    The 4th Annual Public Company Audit Committee Member Survey was sponsored by KPMG’s Audit Committee Institute and the National Association of Corporate Directors (NACD). Between November 2008 and February 2009, 280 audit committee members serving on the board of at least one U.S. public company were surveyed. Key survey findings are highlighted such as the ways in which the economic crisis is changing how audit committees function, top agenda priorities for committees in 2009, and areas in which committee oversight processes could be more effective.

  • Key Areas of Concern in Corporate Governance

    March 01, 2009

    Strong corporate governance is essential for boards as they are positioned to lead the way in implementing measures that contribute to economic growth and sustainability. There are four areas of corporate governance the National Association of Corporate Directors (NACD) has identified as being the most important and of immediate concern: risk oversight, corporate strategy, executive compensation, and transparency. Within each area of concern, the NACD provides recommendations from their Key Agreed Principles to Strengthen Corporate Governance for U.S. Publicly Traded Companies document as well as addresses future challenges boards will face in improving governance practices in each area.

  • Boards Emphasize Risk Management to Survive Current Economic Crisis

    February 01, 2009

    KPMG’s Audit Committee Institute hosted a national conference with the goal of discussing the current challenges, practices and priorities facing audit committees and boards. Among the results, the professionals in attendance identified a company’s ability to assess and manage their risk profile as one of three main issues essential to surviving the next 18 months. They also compiled a list of five top concerns faced by today’s audit committee; risk management came in at number two, and alignment of business strategy with risk was number five.

  • Boards of Directors and Risk Management in 2009

    December 08, 2008

    There will be many pressures on boards of directors in 2009 given the current economic climate, and several of these pressures revolve around the issue of risk management. This “white-paper” memorandum examines risk management in the context of key issues facing boards in 2009, roles and duties of the board, and board committees and procedures. Boards will need to focus on oversight of risk management, possibly establishing a dedicated risk management committee at the board level. Boards should also ensure executive and director compensation policies are aligned with stakeholder interests and that those policies do not promote excessive risk-taking. Another key focus for boards will be balancing short-term and long-term interests, resisting undue pressure for positive short-term results and positioning their companies for long-term growth.