|
 |
|||||||
|
|
|
|
|||||||||||||||||
|
|||||||||||||||||||
|
|
||||
|
Feature
The Risky Business of Creating a Risk Committee It would be among the worst outcomes to create a risk committee only to find it ineffective. By W. Neil Eggleston and David C. Ware The benefits of a successful risk committee are obvious: improved board oversight of management and of company operations; an ability to anticipate and react to events and trends that might otherwise be inscrutable; and, not least, the projection of a sober and responsible corporate culture that will impress employees and regulators alike. But before rushing to establish a risk committee, it is worth noting that the creation of such a committee can itself create risk. The board, in delegating responsibility of monitoring risk to the new committee, will need to stay focused on the fact that managing risks, especially systemic and existential risks, is one of the core functions of the board itself. Furthermore, to the extent that other committees, especially the audit committee, maintain some role in risk management, a new risk committee could lead to uncertainty about where one committee’s responsibility ends and another’s begins. The result of such confusion could be overlapping efforts or, in the worst-case scenario, a failure to manage a certain category of risk entirely. At Least Ask the Question Whatever the level of risk a company faces and however well it currently manages that risk, it would probably do well in this political, economic, and regulatory environment to at least ask the question whether a risk committee will benefit the company. The answer to that question, however, is often unknowable in advance, and it would be among the worst outcomes for a company to create a risk committee only to find it ineffective, forcing the board to dissolve it and reallocate committee responsibilities. This is especially true if the dissolution of a risk committee is followed by an event whose occurrence arguably could have been prevented by that committee, at least in the eyes of a plaintiff or regulator who makes the committee’s demise Exhibit A in its claim of corporate malfeasance. To avoid such an outcome, it may be wise for companies addressing the question to be proactive in their approach. Companies should not only conduct a survey of industry practice, but they should also dedicate time at a board meeting to discuss whether a risk committee is the right approach. An Ad Hoc Tactic In addition, boards may want to consider creating an ad hoc committee whose charge is to spend several months examining the question of whether the company’s risk profile, organization, and historical performance warrant a risk committee. The ad hoc group could even go further and act as a de facto risk committee in its early stages, engaging with the risk function in management to oversee the initial identification and assessment of the company’s most critical risks. Once that identification and assessment process is complete, the ad hoc group could then report on its work to the board, allowing the board to determine whether, going forward, to constitute the ad hoc group as a full-fledged committee. The board may decide that, as risk identification and assessment give way to risk management and periodic reporting, the existing board structures will provide effective oversight. It might, on the other hand, determine that management’s risk capabilities are not strong enough to warrant a reduction of dedicated attention at the board level. A Worthy Consideration Whatever the ultimate outcome of the board’s decision, the creation of a risk committee is a step that a company, once it has begun to consider it, should take very seriously. Whether the result is a new committee or not, directors should walk away satisfied that they understand both the principal risks facing the company and how the company will address them in the future. |
||||
W. Neil Eggleston is a partner at Debevoise & Plimpton LLP who focuses on defense of SEC and grand jury investigations of companies and individuals accused of securities fraud. He also regularly represents audit committees in internal investigations, restatements, and disclosure issues. David C. Ware is an associate with Debevoise & Plimpton who focuses on SEC and securities fraud matters. Both work in the firm’s Washington, D.C. A longer version of this article appeared in the Second Quarter 2009 edition of Directors & Boards. The authors can be contacted at wneggleston@debevoise.com and dcware@debevoise.com. Copyright © 2009 Directors & Boards, P.O. Box 41966 Philadelphia, PA 19101-1966. All rights reserved. Contact the webmaster. < Privacy Notice > |
|||||
