Risk oversight is a high priority on the agenda of most boards of directors. Recently, the importance of this responsibility has become more evident in the wake of a historic global financial crisis, which disclosed perceived risk management weaknesses across financial services and other organizations worldwide. Based on numerous legislative and regulatory actions in the United States and other countries as well as initiatives in the private sector, it is clear that expectations for more effective risk oversight are being raised not just for financial services companies, but broadly across all types of businesses. Boards are taking a fresh look at the qualifications of their members, how they operate and the extent to which they avail themselves of the appropriate officers of the organization and other experts to understand the enterprise’s risk and how those risks are being managed. Directors are also looking into whether their board’s committee structure and the information to which each committee has access are conducive to effective risk oversight.
To develop deeper knowledge of the risk oversight process as it is applied by today’s boards of directors and to understand both the current state and desired future state of board risk oversight as viewed by directors, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) commissioned Protiviti to conduct a survey regarding the risk oversight responsibilities of the board of directors and how those responsibilities are being performed. As detailed in this report, the results shed new light on how boards are fulfilling their risk oversight obligations, the maturity of their processes for meeting these responsibilities and key areas offering opportunities for improvement as the risk oversight playbook evolves.
We found there are mixed signals about the effectiveness of board risk oversight across organizations. While many boards of directors believe they are performing their oversight responsibilities diligently and achieving a high level of effectiveness, a strong majority indicate that their boards are not formally executing mature and robust risk oversight processes. Just over half of the respondents rate the risk oversight process in their organizations as effective or highly effective.
The results were somewhat better among respondents from public companies, particularly large ones; these organizations continue to believe they are proactive in their risk oversight efforts. However, responses to several questions about key elements of risk oversight suggest the board’s risk oversight is not always supported by underlying processes and there is overall dissatisfaction among a significant number of directors in several areas, including how risks are considered in the context of the organization’s strategy. Notable variations in results exist across various organizations, including differences across the nature of the entity (i.e., publically traded privately held, not-for-profit), size of entity and industry represented.
The results of this study reveal a number of areas for improving board risk oversight. These improvements enable boards to advance the maturity of the risk oversight process.
Respondents included more than 200 current and past board members from a broad range of industries and organization sizes.
Download the entire report:
