Boards of directors must, through their risk oversight role, ensure the risk management policies and procedures designed and implemented by the company’s senior executives and risk managers are effective at identifying all risks and demonstrating assurance over the most material ones. Board members have a fiduciary responsibility to shareholders, and a moral responsibility to their customers, to do so.
As I exposed in my blog series and interviews in Financial Times Agenda and other publications, failures in risk management indicate negligence in the board’s duties to provide risk management oversight, and a breakdown in the audit risk management assurance process has deservedly resulted in the removal of board members. It is the Board’s fiduciary duty to ensure an effective systematic process supported by infrastructure, such as designated ERM software, in place that organizes, prioritizes and “connects the dots” between risk management activities that reach out to the front lines, across all silos.
Organizations must engage all areas of the business to receive the full benefits of enterprise risk management. This cannot be accomplished without support from the board of directors and the engagement of senior leadership.