Board Perspectives: Risk Oversight | Protiviti - United States

Board Perspectives: Risk Oversight

Protiviti Board Perspectives
Hero Image Title: 
Board Perspectives: Risk Oversight
View or Download Title: 
View Board Perspectives: Risk Oversight
The digital revolution currently taking place is transforming our world. Over the next few years, many organizations will need to undertake radical change programs and, in some cases, completely reinvent themselves to remain relevant and competitive. Is disruptive innovation sufficiently emphasized on the board agenda? Ask executives and directors about their biggest concerns, and chances are their answer will include being on the wrong side of disruptive change. As the results of our latest top risks survey indicate, the rapid speed of disruptive innovation and new technologies, as well as...
The recent breach of a major credit bureau has raised serious questions about whether boards of directors and senior management are asking the right questions about actions their organizations are taking to protect themselves from cyberthreats. Are boards probing to discover what they don’t know? In September, Equifax announced a massive breach exposing the personal information of over 40 percent of the U.S. population. The company’s stock declined almost 14 percent after the announcement, and heads rolled over the ensuing three weeks — first the CIO and CISO and then the CEO. The pervasive...
Assumptions about the geopolitical and regulatory environments are critical inputs into strategy-setting. If one or more assumptions prove invalid, the strategy and business model may require adjustment. The timing—whether the organization is proactive or reactive—is often a function of the effectiveness of its monitoring process. In June 2017, Protiviti met with 22 active directors during a dinner roundtable at a National Association of Corporate Directors (NACD) event to discuss geopolitical and regulatory shifts on the organization and its strategy and business model, and the board’s role...
Now that the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has released its updated framework on enterprise risk management (ERM),[1] it’s time for companies to take another look at their risk management practices. In this issue, we summarize our views on how organizations should approach this process. While the concepts in the update aren’t new, the emphasis is markedly different, with a focus on what’s really important in maximizing the value of ERM. Since the 2007-2008 financial crisis, many ERM implementations have been oriented around answering three questions:...
There is no better time to prepare for an economic downturn than when times are good. With the memory of the severity of the 2007-2008 financial crisis still fresh in the minds of many directors and executives, how should companies prepare for a downturn in the cool of the day, rather than reacting in crisis mode? At this time, an economic downturn is not anticipated by most established business plans. However, as the last downturn had severe consequences for many organizations, a contingency plan makes good business sense because it positions companies to act decisively when recessionary...
Every business, whether it handles financial contracts, natural resources, raw materials or components, is dependent upon a well-functioning, cost-effective supply chain. The board, therefore, should consider its oversight of supply chain risks. Operational risk is the risk that one or more future events will impair the effectiveness or viability of the business model in achieving expected financial results and creating sustainable value for customers and stake-holders. It relates to various activities along the value chain within which the organization’s business model operates. One...
An effective board of directors is a champion of strong governance for the organization it serves. All aspects of its oversight role are germane to mergers and acquisitions (M&A) — with some oversight activities specific to M&A. The board’s oversight with respect to M&A mirrors its overall focus on advising the CEO — including offering a contrarian voice when necessary — regarding strategic matters, policy approval, enterprise performance monitoring, reporting transparency and enterprise risk management. Our discussion below is from the acquirer’s perspective. In 2016 and 2015, M...
Short-termism is not a new concept by any means, but it has become a hot topic of discussion for many boards of directors in recent years. In this article, we explore the implications of short-termism to the board’s risk oversight process and how the board can ensure its oversight is not compromised. Short-termism can mean many things, but it typically refers to an environment in which the focus on short-term results is so myopic that it results in the neglect of important longer-term interests. In a recent survey of more than 600 public company directors and governance professionals, 75...
Boards remain concerned with the security and availability of information systems and the protection of confidential, sensitive data from the commercial cyber war in which their organizations are engaged. Many executives think their risk tolerance is low, yet act as though it is relatively high, thus necessitating board engagement with cybersecurity A top five risk for many organizations across many industries, cyber risk presents a moving target as organizations undergo major IT transformations, accelerate cloud computing adoption, increase digitization investments, advance data and...
An effective risk assessment is fundamental to risk management and the board’s risk oversight process. Successful risk assessments help directors and executive management identify emerging risks and face the future confidently. An enterprise risk assessment (ERA) is a systematic and forward-looking analysis of the impact and likelihood of potential future events and scenarios on the achievement of an organization’s business objectives within a stated time horizon. In many organizations, the process begins with an articulation of the governing business objectives and a common risk language to...