Board independence needed in enterprise risk programs

CHICAGO—Risk identification and other enterprise risk management processes should remain a function of management and independent of an organization's board of directors, a speaker said during the annual Enterprise Risk Management Conference in Chicago.

Clearly defined expectations and responsibilities for an organization's stakeholders, board and management are essential to successfully managing risks and opportunities, said Kenneth Ledger, vp of enterprise risk management at Pason Systems Corp., a Calgary, Alberta, company that provides data management systems for land-based and offshore well drilling operations.

“The board of directors... needs to be an independent party. They're there to balance what management's self-interests are with the self-interest of the stakeholders,” Mr. Ledger said during a session at last week's conference.

While CEOs, who typically are with a company for three to six years, may not have a long-term view of risk, the board needs to maintain a long-term view, he said.

While the board often seeks to understand the organization's risk appetite and risk tolerance, they often are inexperienced in risk management—something risk managers should expect, he said.

The board should ask risk managers about the organization's risks and, in turn, provide risk managers with a balanced view of what stakeholders expect and make critical decisions regarding warnings about various risks, he said.

“Keep the risks relevant to the board,” he said, noting that organizations face hundreds of risks and boards of directors are concerned with those that may significantly alter the business or stakeholders' perceptions of the organization.

For in-depth coverage of this topic and related issues, visit our Solution Arc on Identifying and Measuring Enterprise Risks: Taking the First Steps Toward ERM