This is “Questions Boards Should Ask About Risk Management”, section 3.1 (from appendix 3) from the book Governing Corporations (v. 1.0). For details on it (including licensing), click here.
This book is licensed under a Creative Commons by-nc-sa 3.0 license. See the license for more details, but that basically means you can share this book as long as you credit the author (but see below), don't make money from it, and do make it available to everyone else under the same terms.
This content was accessible as of December 29, 2012, and it was downloaded then by Andy Schmitz in an effort to preserve the availability of this book.
Normally, the author and publisher would be credited here. However, the publisher has asked for the customary Creative Commons attribution to the original publisher, authors, title, and book URI to be removed. Additionally, per the publisher's request, their name has been removed in some passages. More information is available on this project's attribution page.
For more information on the source of this book, or why it is available for free, please see the project's home page. You can browse or download additional books there. To download a .zip file containing this book to use offline, simply click here.
Has this book helped you? Consider passing it on:
Creative Commons supports free culture from music to education. Their licenses helped make this book available to you.
DonorsChoose.org helps people like you help teachers fund their classroom projects, from art supplies to books to calculators.
14.1 Questions Boards Should Ask About Risk Management
The NYSE listing requirements specify that, when addressing the audit committee’s duties and responsibilities, the committee charter should state that the committee must discuss management’s policies with respect to risk assessment and management. The ERM framework provides a context for such a discussion. Examples of questions the committee should ask include
with respect to strategy,
- Is the board effectively engaged in strategic discussion of the company’s appetite for risk taking?
- Does management involve the board when making decisions to accept or reject significant risks?
- Is the company taking risks the board does not understand?
- Are the risks inherent to the company’s business model fully understood? Managed capably? Monitored in a timely fashion?
with respect to policy,
- How does management reward growth and innovation without creating unacceptable exposure to risk? Are there defined boundaries and limits that clearly specify behaviors that are off-limits?
- Is there a proper balance between entrepreneurial and control activities? Are the risks associated with opportunity seeking clearly understood and managed?
with respect to execution,
- Does management understand the uncertainties inherent in its strategies for the business?
- Are there assurances that risk controls function properly?
- Does the company have effective contingency plans to respond in event of a crisis?
- What system of “early warning” signals does the company have?
- Are there effective processes in place for identifying, measuring, and evaluating risk-management capabilities?
- Has a risk officer or risk-management team been appointed?
with respect to transparency,
- Is there an effective process for reliable reporting on risks and risk-management performance?
- Does the company have an organizational structure in place to support enterprise-wide risk management?