Risk in the Boardroom

As the world very slowly and painstakingly emerges from one of the
worst financial crises in almost a century, core assumptions about both
markets and organizations have been turned on their head. The general
consensus is that the failure to understand the true nature of enterprise-
wide risk exposures was one of the core reasons behind the collective
downfall of organizations.
Responding to this systemic failure, regulators have implemented a
slew of regulations and mandates in the hope of avoiding a repeat
of a similar financial crisis. Investor behavior over the last few years
has also changed, with markets and shareholders seeking a thorough
understanding of the risks involved in strategic decision making.
Whats more, markets have gotten more difficult to navigate, with
a shortage of growth opportunities and liquidity. This has forced
organizations to stretch beyond their comfort zones in search of growth
opportunities. Given the significant reduction in the margin for error,
organizations cannot afford to make a wrong move. Therefore, the need
for them to understand and effectively manage their risk profiles is no
longer just a good practice but a necessity for survival.
Faced with this scenario, boards have undergone a paradigm shift in
their approach to decision making. Decisions are no longer based solely
on point estimates of expected financial outcomes, but also on the
associated risks.
Balancing Risks and Rewards
As an intermediary between management and stakeholders, the board
plays a critical role in risk management -- especially in terms of defining
the organizations risk appetite and overseeing its actions in relation
to this risk appetite. Being an independent entity, the board has the
perspective to spot emerging risks and areas of concern that may
be missed by risk managers immersed in the daily functioning of the
organization.
The challenge that most boards face today is in trying to understand and
control a growing range of risks that include reputation risks, cyber-
security risks, ethical risks, environmental risks, social risks and supply-
chain risks.
The common tendency may be to take the safe path and veer toward
risk avoidance. But as visionary boards know, there can be no rewards
without risk. These boards are able to distinguish, successfully, between
risks that need to be mitigated and risks that can be capitalized on or
optimized. Instead of trying to manage all risks at once, they know the
ones on which to focus their maximum time and effort. What gives
them this advantage is, to a large extent, the quality of risk intelligence/
information that they receive.
The Importance of Risk Intelligence
Risk-related intelligence is now an essential requirement for the board and
executive management. Organizations are spending considerable time
generating and unitizing risk-related intelligence, while also deciding their
risk appetite based on reasonable assumptions of downside outcomes.
This approval of the risk appetite is now prominent in boardrooms, as
every decision -- be it on the launch of a new product or expansion into
a new market -- is being evaluated by management with respect to this
predefined risk appetite.
The additional interest in risk intelligence is being driven by the fact that
markets today are well aware of the benefits of risk intelligence, while
shareholders are appreciative of companies with strong risk management
practices. Boards realize that they need to speak consistently about their
organizations largest risks, and also present facts that facilitate dialogue
and questions about the assumptions that drive expected financial
outcomes.
Organizations with a thorough understanding of their risk profiles are
better suited to make wiser decisions in the long run. They are more likely
to attempt to free up more capital for profit-generating activities, rather
than remaining strictly focused on risk reduction.
Effective risk intelligence and risk management also hedges organizations
against market volatility, providing a sustainable competitive advantage.
Boards, for companies large and small, today should spend significant
time analyzing each move with respect to the change it would cause in
their companys risk profile.
Toward a More Robust Risk Management Program
Even though the need for risk intelligence in strategic decision making
is critical, the actual practice of providing relevant, timely and forward-
looking risk information to the board requires meticulous planning
and seamless execution of an integrated and enterprise-wide risk
management program.
To develop a risk program that is efficient and effective in providing
information to the board, organizations should consider taking the
following steps:
ARTI CLE
MetricStream
Brenda Boultwood
Vice President of Industry Solutions
MetricStream
ARTI CLE
1. Define a single risk taxonomy across the organizations, such that
everyone understands and reports risks in a common language. This
would help in board level comparative analyses across products,
processes, business lines and other organizational elements.
2. Break down organizational silos to create an integrated risk
information repository. This would aid in the sharing of information
across the organization, increasing its capability to aggregate risk
information and ensure that this information is representative of
every part of the organization.
3. Automate the risk management processes to ensure that all risk
efforts are conducted in a timely manner and with sufficient rigor.
As an efficient risk management program brings together reams of
information, automation helps in rationalizing efforts, thus reducing
cost.
4. Develop a strong risk awareness program to supplement the risk
management process. This will help build a risk culture within the
organization.
A risk management program with the above characteristics would be
capable of catering to the risk intelligence needs of the board. In addition,
risk management programs need to provide strong and flexible reporting
capabilities, as the board needs risk-related information aggregated at
multiple levels of the organization. Strategic decisions are never very
simple; therefore, the need to provide simple and clear risk information
becomes paramount for quick decision making.
Executive dashboards are very powerful tools for visualization. The ability
to view risk data from multiple perspectives is also very important, since
all decisions at the board level will involve more than one organizational
unit.
Though boards need to view aggregated information, there are many
occasions on which they will need to drill down further into the specific
details to gain a clearer understanding. Consequently, a risk management
program is only as good as its capability to provide varied and intuitive
visualization of the risk information.
As we emerge from the financial crisis, risk intelligence within
boardrooms will play a major role in deciding the fate of organizations.
Boards have the perspective necessary to leverage this risk intelligence
to craft long-term risk management strategies which, in turn, are critical
for sustainable and profitable growth. They have the power to ensure
that their organizations are not only protected against risks but are able
to thrive on risks. Therefore, boards must actively participate in and
collaborate on risk management, realizing that risk-related conversations
in the boardrooms are here to stay.
Brenda Boultwood is the vice president of industry solutions at
MetricStream. She is responsible for a portfolio of key industry verticals,
including energy and utilities, federal agencies, strategic banking and
financial services. She has had a rich career in risk management, and
has held several key operating roles at some of the largest global
organizations.
Most recently, prior to joining MetricStream, she served as senior vice
president and chief risk officer at Constellation Energy. Prior to that, she
served as global head of strategy, Alternative Investment Services, at
J.P. Morgan Chase, where she developed the strategy for the companys
hedge fund services, private equity fund services, leveraged loan services
and global derivative services. During her tenure at J.P. Morgan Chase,
Brenda also served as global head of strategic risk management for its
Treasury Services group. Earlier in her career, at Bank One Corporation,
she worked as the head of corporate market risk management and
counterparty credit, and head of corporate operational risk management,
before advancing to head of global risk management for the companys
Global Treasury Services group. She has also been a board member of the
Global Association of Risk Professionals (GARP), and currently serves on
the board of the Committee of Chief Risk Officers (CCRO).
This article was originally published in the December 2012 issue of
GARPs Risk News and Resources newsletter.
MetricStream
MetricStream, Inc.
2600 E. Bayshore Road
Palo Alto, CA 94303
Phone: 650-620-2900
Fax: 650-632-1953
info@metricstream.com
2012 MetricStream Inc. All rights reserved.
For More Information about
MetricStream GRC and Quality Management Solutions
please visit www.metricstream.com