These are not good answers if we are hoping board members will serve shareholders, employees and other stakeholders. To keep the job, a director may have to curry favor with the CEO, which might include supporting management without due diligence. Many boards traditionally have accepted management explanations while ignoring risks.

Are boards learning about ERM? Everyone knows about ERM. They also know about Chinese, but this does not mean they understand either ERM or Chinese. An old joke is that you can ask 10 economists to define an economics term and you will get 12 definitions. The same is true of ERM. Virtually all organizations promoting ERM also define it. This does not mean they get it. The problem is boards often do not see the value. Within a few minutes of discussing ERM, explanations become opaque. Questions are asked and answers do not seem either responsive or believable.

We can do better. We can make ERM operational by focusing on the largest risks being addressed or missed by the CEO and top management team. Next comes identification. Can the board rely solely upon the senior management team? Clearly, the answer is no. We have story after story where organizations failed to scan the horizon and their internal culture with disastrous outcomes. One such story involves the hedge fund Long-Term Capital Management. This was set up by one of the most confident and successful investment bankers, yet it stumbled in 1998. The firm anticipated the possibility of collapse in a financial market. It did not see the collapse of the Russian and Asian markets at the same time. LTCM was gone in early 2000.

Just as LTCM was collapsing, the U.S. government decided banks should expand the American dream. People should be able to buy homes they could not afford. Banks should make loans and sell them off. After the loans were gone, the banks could make more loans.

If LTCM got it wrong, at least it was analysts who failed--people trying to understand risk. Under the new guidelines, analysts passed the baton to traders who had no concern about risk. Their goal was volume: Create and trade securities; collect commissions; repeat the process.

This led to real abuses. The breakdown in lending standards was the tip of a massive iceberg. Greed set in. If it was profitable to trade mortgages, it could be an avalanche of money to create new securities, trade them for profits and hold them without supporting them with capital or assessing the market exposure. This is the piece called systematic risk. More and more securities, more and more exposure.

Enter the accountants. In 2007, they changed the accounting rules with the implementation of FAS 157. Financial institutions had to adjust the balance-sheet value of their securities to the likely cash they would receive if the securities had to be sold. This sounds just fine if we consider that investors have a right to know about fluctuations in their assets. It was a disaster from a financial viewpoint in 2008 when liquidity considerations caused a panic.

History is history. What does the board do now?

Maurice "Hank" Greenberg, chairman and CEO of C.V. Starr & Co. Inc., spoke at Business Insurance's Risk Manager of the Year awards event during RIMS. He made the sound suggestion that companies create a board-level committee to meet once a quarter to discuss risk. It should be composed of individuals who, in the words of Mr. Greenberg, "have the intellectual capacity to understand enterprise risk management."

Let me say wow! Maybe ERM was not a failure in the financial crisis. Instead, maybe the failure was failing to understand ERM. Boards need to take Mr. Greenberg's advice seriously, but two additional steps are needed:

In a nutshell, the remaining components of ERM will begin to fall into line.

John J. Hampton is the KPMG Professor of Business and Dean of the School of Professional and Continuing Studies and Graduate Business Programs at St. Peter's College in New Jersey.