Boards remain concerned with the security and availability of information systems and the protection of confidential, sensitive data from the commercial cyber war in which their organizations are engaged. Many executives think their risk tolerance is low, yet act as though it is relatively high, thus necessitating board engagement with cybersecurity A top five risk for many organizations across many industries, cyber risk presents a moving target as organizations undergo major IT transformations, accelerate cloud computing adoption, increase digitization investments, advance data and...
Board Perspectives: Risk Oversight
Hero Image Title:
Board Perspectives: Risk Oversight
View or Download Title:
View Board Perspectives: Risk Oversight
An effective risk assessment is fundamental to risk management and the board’s risk oversight process. Successful risk assessments help directors and executive management identify emerging risks and face the future confidently. An enterprise risk assessment (ERA) is a systematic and forward-looking analysis of the impact and likelihood of potential future events and scenarios on the achievement of an organization’s business objectives within a stated time horizon. In many organizations, the process begins with an articulation of the governing business objectives and a common risk language to...
We’ve always believed that boards should ensure that their organizations maximize the full potential of internal audit. There are four C’s directors should consider when evaluating the sufficiency of any risk-based audit plan: culture, competitiveness, compliance and cybersecurity. In 2016, The Institute of Internal Auditors (The IIA) and Protiviti conducted the world’s largest ongoing study of the internal audit profession — the Global Internal Audit Common Body of Knowledge (CBOK) — to ascertain expectations from key stakeholders, including board members, regarding internal audit...
North Carolina State University’s ERM Initiative and Protiviti have completed the latest survey of C-level executives and directors regarding the macroeconomic, strategic and operational risks their organizations face. The top risks for 2017 provide insight as to what issues are currently top of mind for leaders around the globe. A recent survey conducted by the National Association of Corporate Directors (NACD) reported that, according to the vast majority (96 percent) of directors, “big picture” risks are overseen at the full board level. This view of risks includes those with broad...
A strong brand has a significant impact when it comes to driving shareholder value. What role should the board play in overseeing management’s stewardship of the company’s brand and/or brand portfolio? Branding is the process by which a company establishes a significant and differentiated presence in the marketplace that attracts and retains loyal, long-term customers. A brand is a non-generic name, logo, messaging and/or packaging used by a company to identify, source and differentiate its product and service offerings from competitors’ offerings. A strong, well-known brand is revealing, as...
In many organizations, board risk oversight is enhanced when the board and executive management are supported by an effective independent risk management function. Positioning the chief risk officer (or equivalent executive) and the independent risk management function – which we refer to collectively as “CRO” in this publication – to deliver to expectations requires an understanding of how the CRO role can succeed. The ultimate advocate for risk management in any enterprise is arguably the CEO. However, CROs are unique in that they are often expected to provide a voice that champions the...
Many companies and industries are facing uncertainty when looking to the future. But how confident are organizations in executing their strategies successfully? More specifically, how can the board help the companies they oversee to face future uncertainty confidently? Confidence is neither a cliché nor an assertion of mere optimism. Rather, it is a quality of the human spirit that drives leaders and their companies forward. Confidence in human endeavors is important, especially in today’s rapidly changing environment. Below, we explore the attributes of confidence that executives and...
Reputation risk is the current and prospective impact on earnings and enterprise value arising from negative stakeholder opinion. To one author, it is “the loss of the value of a brand or the ability of an organization to persuade.” To our right, we explore 10 essential keys for managing reputation risk. While reputation is hard to define in terms of exactly what it really is, everyone agrees it’s a precious enterprise asset and recognizes when a reputation has been damaged beyond repair. Reputation is fragile. What takes decades to build can be lost in a matter of days. Key...
Is internal audit meeting stakeholder expectations? Is the board doing what it can to ensure that internal audit is appropriately resourced so it can meet expectations? Below, we share input from active directors in a global survey regarding their expectations of, and the implications of those expectations for, internal audit. A year ago, Protiviti released an issue of Board Perspectives: Risk Oversight that introduced to the board community what we described as the “future auditor” vision.1 It called for chief audit executives (CAEs) and their functions to strive to become more anticipatory...
Board Perspectives: Risk Oversight, Issue 81 Recently, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated enterprise risk management (ERM) framework for public exposure and comment. Why is this updated framework important to boards of directors? Below, we summarize a few important takeaways. COSO’s recently issued exposure draft of Enterprise Risk Management: Aligning Risk with Strategy and Performance addresses important lessons from the financial crisis of 2008. As we look back, it’s still hard to believe that an entire industry was culpable in...